What technology area does this patent fall under?

Primary CPC classification G06F21/6281. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Aug 24 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Enforcing restrictions related to a virtualized computer environment

US11100253B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11100253-B2
Application number	US-201916285160-A
Country	US
Kind code	B2
Filing date	Feb 25, 2019
Priority date	Sep 19, 2005
Publication date	Aug 24, 2021
Grant date	Aug 24, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

An administrator may set restrictions related to the operation of a virtual machine (VM), and virtualization software enforces such restrictions. There may be restrictions related to the general use of the VM, such as who may use the VM, when the VM may be used, and on what physical computers the VM may be used. There may be similar restrictions related to a general ability to modify a VM, such as who may modify the VM. There may also be restrictions related to what modifications may be made to a VM, such as whether the VM may be modified to enable access to various devices or other resources. There may also be restrictions related to how the VM may be used and what may be done with the VM. Information related to the VM and any restrictions placed on the operation of the VM may be encrypted to inhibit a user from circumventing the restrictions.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for creating a virtual machine (VM) on an administrator physical computing system and distributing the VM to a user physical computing system, comprising: via a VM manager executing on the administrator computing system, receiving specifications for virtual system hardware to emulate for the VM and generating a configuration file based on the specifications; creating the VM on the administrator physical computing system; generating, by the VM manager, a VM folder containing a set of files that include the configuration file and a virtual disk file for the VM; encrypting the configuration file and the virtual disk file by cryptographic software, wherein the cryptographic software encrypts data written by the VM manager to the configuration file and the virtual disk file and decrypts data read from the configuration file and the virtual disk file by the VM manager; distributing the VM folder generated on the administrator physical computing system and the cryptographic software to the user physical computing system; installing, on the user physical computing system, the VM created on the administrator physical computing system and the cryptographic software; configuring the VM installed on the user physical computing system based on the configuration file from the distributed VM folder, wherein virtualization software on the user physical computing system accesses contents of the configuration file via the cryptographic software to determine the virtual system hardware to emulate for the VM; and using the virtual disk file from the distributed VM folder to emulate a virtual disk in the installed VM, wherein the cryptographic software installed on the user physical computing system decrypts data read from the virtual disk during operation of the VM and encrypts data written to the virtual disk during operation of the VM. 2. The method of claim 1 , further comprising: receiving, via the VM manager, one or more restrictions on the operation of the VM and writing the one or more restrictions in a policy file; and storing the policy file in the VM folder distributed to the user physical computing system, wherein all of the files of the VM folder are cryptographically bound together. 3. The method of claim 2 , further comprising: installing enforcer software on the user physical computing system, the enforcer software configured to restrict actions relating to operation of the VM on the user physical computing system that violate the restrictions in the policy file. 4. The method of claim 3 , wherein the enforcer software executes on the user physical computing system but not in the VM. 5. The method of claim 1 , wherein the configuration file specifies at least one of the following for the VM: a number of virtual CPUs, an amount of virtual system memory, a size of a virtual disk, and a number and a type of virtual devices. 6. The method of claim 1 , further comprising: receiving restrictions via the VM manager specifying what changes to the configuration of the VM are allowed on the user physical computing system; and restricting the user from making changes to the configuration of the VM that are not allowed on the user physical computing system. 7. A computing device for creating a virtual machine (VM) on an administrator physical computing system and distributing the VM to a user physical computing system, comprising: at least one processor; and memory including instructions that, when executed by the at least one processor, cause the computing device to perform a method comprising: via a VM manager executing on the administrator computing system, receiving specifications for virtual system hardware to emulate for the VM and generating a configuration file based on the specifications; creating the VM on the administrator physical computing system; generating, by the VM manager, a VM folder containing a set of files that include the configuration file and a virtual disk file for the VM; encrypting the configuration file and the virtual disk file by cryptographic software, wherein the cryptographic software encrypts data written by the VM manager to the configuration file and the virtual disk file and decrypts data read from the configuration file and the virtual disk file by the VM manager; distributing the VM folder generated on the administrator physical computing system and the cryptographic software to the user physical computing system; installing, on the user physical computing system, the VM created on the administrator physical computing system and the cryptographic software; configuring the VM installed on the user physical computing system based on the configuration file from the distributed VM folder, wherein virtualization software on the user physical computing system accesses contents of the configuration file via the cryptographic software to determine the virtual system hardware to emulate for the VM; and using the virtual disk file from the distributed VM folder to emulate a virtual disk in the installed VM, wherein the cryptographic software installed on the user physical computing system decrypts data read from the virtual disk during operation of the VM and encrypts data written to the virtual disk during operation of the VM. 8. The computing device of claim 7 , wherein the memory further includes instructions that, when executed by the at least one processor, cause the computing device to perform the steps of: receiving, via the VM manager, one or more restrictions on the operation of the VM and writing the one or more restrictions in a policy file; and storing the policy file in the VM folder distributed to the user physical computing system, wherein all of the files of the VM folder are cryptographically bound together. 9. The computing device of claim 8 , wherein the memory further includes instructions that, when executed by the at least one processor, cause the computing device to perform the steps of: installing enforcer software on the user physical computing system, the enforcer software configured to restrict actions relating to operation of the VM on the user physical computing system that violate the restrictions in the policy file. 10. The computing device of claim 9 , wherein the enforcer software executes on the user physical computing system but not in the VM. 11. The computing device of claim 7 , wherein the configuration file specifies at least one of the following for the VM: a number of virtual CPUs, an amount of virtual system memory, a size of a virtual disk, and a number and a type of virtual devices. 12. The computing device of claim 7 , wherein the memory further includes instructions that, when executed by the at least one processor, cause the computing device to perform the steps of: receiving restrictions via the VM manager specifying what changes to the configuration of the VM are allowed on the user physical computing system; and restricting the user from making changes to the configuration of the VM that are not allowed on the user physical computing system. 13. A non-transitory computer readable storage medium for creating a virtual machine (VM) on an administrator physical computing system and distributing the VM to a user physical computing system, comprising one or more sequences of instructions, the instructions, when executed by one or more processors, causing the one or more processors to execute the operations of: via a VM manager executing on the administrator computing system, receiving specifications for virtual system hardware to emulate for the VM and generating a configuration file based on the specifications; creating the VM on the

Assignees

Vmware Inc

Inventors

Classifications

G06F9/45558
Hypervisor-specific management and integration aspects · CPC title
G06F21/6281Primary
at program execution time, where the protection is within the operating system · CPC title
G06F2009/45587
Isolation or security of virtual machine instances · CPC title
G06F2221/2107
File encryption · CPC title
H04L63/0236
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title

Patent family

Related publications grouped by family.

View patent family 49034843

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11100253B2 cover?: An administrator may set restrictions related to the operation of a virtual machine (VM), and virtualization software enforces such restrictions. There may be restrictions related to the general use of the VM, such as who may use the VM, when the VM may be used, and on what physical computers the VM may be used. There may be similar restrictions related to a general ability to modify a VM, such…
Who is the assignee on this patent?: Vmware Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/6281. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Aug 24 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).