Automatic provisioning and onboarding of offline or disconnected machines
US-12182236-B2 · Dec 31, 2024 · US
Securing live migration of a virtual machine from a secure virtualized computing environment, over an unsecured network, to a different virtualized computing environment
US9715401B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9715401-B2 |
| Application number | US-21024908-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 15, 2008 |
| Priority date | Sep 15, 2008 |
| Publication date | Jul 25, 2017 |
| Grant date | Jul 25, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM can be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.
First claim
Opening claim text (preview).
We claim: 1. A method for secure live migration of a virtual machine (VM) in a virtualized computing environment, the method comprising: selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment coupled to the secure virtualized environment over an unsecured computer communications network and blocking data communications between the selected VM and other VMs in the secure virtualized computing environment; live migrating the selected VM to the different virtualized computing environment and restarting the selected VM in the different virtualized computing environment; establishing a secure communicative link between the different virtualized computing environment and the secure virtualized computing environment; and, enabling data communications between the restarted VM and the other VMs over the secure communicative link. 2. The method of claim 1 , further comprising: adding a tunnel between a routing core of the secure virtualized computing environment and the different virtualized computing environment; and, responsive to an update to the routing core permitting routing of data packets from the other VMs in the secure virtualized computing environment to the restarted VM, removing the tunnel. 3. The method of claim 1 , wherein establishing a secure communicative link between the different virtualized computing environment and the secure virtualized computing environment comprises: configuring an Internet protocol (IP) Security (IPSec) policy for secure communications between the different virtualized computing environment and the secure virtualized computing environment; and establishing an IPSec conformant communicative link between the different virtualized computing environment and the secure virtualized computing environment according to the configured IPSec policy. 4. The method of claim 1 , wherein enabling data communications between the restarted VM and other the VMs over the secure communicative link further comprises: determining non-managed connections persisting between the restarted VM and other communicative entities; identifying unsecured ones of the non-managed connections; and resetting the identified unsecured ones of the non-managed connections as secured connections and re-establishing the unsecured ones of the non-managed connections as secured connections. 5. A virtualized computing data processing system comprising: a secure virtualized computing environment comprising a host server including a hypervisor managing a plurality of virtual machines (VMs) within the secure virtualized computing environment; a different virtualized computing environment coupled to the secure virtualized environment over an unsecured computer communications network, the different virtualized computing environment comprising a host server including a hypervisor managing a plurality of VMs within the different virtualized computing environment; and live migration logic executing in a computer and communicating with each of the secure virtualized computing environment and the different virtualized computing environment, the logic comprising program code enabled to select one of the VMs in the secure virtualized computing environment for live migration to the different virtualized computing environment and to block data communications between the selected VM and other VMs in the secure virtualized computing environment, to live migrate the selected VM to the different virtualized computing environment and to restart the selected VM in the different virtualized computing environment, to establish a secure communicative link between the different virtualized computing environment and the secure virtualized computing environment, and to enable data communications between the restarted VM and the other VMs in the secure virtualized computing environment over the secure communicative link. 6. The system of claim 5 , wherein the secure communicative link is an Internet protocol (IP) Security (IPSec) conformant secure communicative link.
Assignees
Inventors
Classifications
resumption being on a different machine, e.g. task migration, virtual machine migration (G06F9/5088 takes precedence) · CPC title
Distribution of virtual machine instances; Migration and load balancing · CPC title
- G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
- G06F9/45558Primary
Hypervisor-specific management and integration aspects · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9715401B2 cover?
- In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The …
- Who is the assignee on this patent?
- Devine Wesley M, Gottimukkala Sivaram, Huynh Lap T, and 4 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/53. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 25 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).