WO2011149326A1 - System and method for virtual on-demand application - Google Patents

System and method for virtual on-demand application Download PDF

Info

Publication number
WO2011149326A1
WO2011149326A1 PCT/MY2010/000266 MY2010000266W WO2011149326A1 WO 2011149326 A1 WO2011149326 A1 WO 2011149326A1 MY 2010000266 W MY2010000266 W MY 2010000266W WO 2011149326 A1 WO2011149326 A1 WO 2011149326A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
virtual machine
client
server
virtual
Prior art date
Application number
PCT/MY2010/000266
Other languages
French (fr)
Inventor
Mohd Azuddin Parman
Zharfan Hamdan
Wira Zanoramy Ansiry Zakaria
Mohd Saufy Rohmad
Mohd Anuar Mat Isa
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2011149326A1 publication Critical patent/WO2011149326A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors

Definitions

  • the present invention relates in general to computer application and management, and more particularly to a system and method for virtual on-demand application which incorporates integrated virtualization and Trusted Computing technology.
  • the present invention proposes a system and method for on-demand application to cater the mentioned problems with integrated virtualization and Trusted Computing technology.
  • the virtualization technology will isolate the process into specific task and job function. This could be exemplified in a finance function wherein the system for payroll and accounting will be stored in a virtual machine (VM).
  • VM virtual machine
  • Trusted computing is applied to protect the virtual resources from digital threats. Each virtual resource will be measured and sealed with PCR (Platform Configuration Register) or unique platform key.
  • One example of virtualization application has been disclosed in patent no US200725781 1 B2 which entitled system, method and program to migrate a virtual machine.
  • the patent explains a system, method and program product for migrating a first virtual machine from a real computer to a second real computer or from a first LPAR to a second LPAR in a same real computer.
  • the first virtual machine comprises an operating system and an application in a first private memory private to the first virtual machine.
  • a communication queue of the first virtual machine resides in a shared memory shared by the first and second computers or the first and second LPARS.
  • the operating system and the application are copied from the shared memory to a second private memory private to the first virtual machine in the second computer or second LPAR.
  • Patent number US2009276772 discloses a data processing system that enables configuration of a virtual connect functioning in combination with a virtualization platform.
  • the data processing system is used with a virtualization platform which is configured to run multiple operating systems simultaneously on one or more physical servers and a virtual connect device which is communicatively coupled to the virtualization platform.
  • the virtual connect device virtualizes connections between the physical server and a network infrastructure.
  • Said prior art integrates migration and failover of virtual machines in the virtualization platform.
  • the present invention uses push application whereby the virtual resources is being pushed from the server to the client and the application will run locally in the form of virtual machine.
  • the present invention's system and method is much more interactive as compared to said prior art.
  • the present invention aims to provide a virtual on-demand application and more particularly to a system and method for virtual on-demand application which incorporates integrated virtualization and Trusted Computing technology.
  • a system for virtual on-demand application comprising of a Secured Application Server for attestation and secure application services, a virtual storage server for memory location, a Virtual Machine Monitor storage for holding Virtual Machine Monitor engine, a Secure Application and Image Storage for storing application and operating system, and a client's information database for authentication and attestation.
  • said Secured Application Server further includes utilizing Attestation Manager, Virtual Machine Monitor Service Manager and Resource Manager to provide attestation service to clients, server and resource database.
  • said Virtual Storage Server further includes storing client defined virtual disks.
  • said Virtual Storage Server further allocates disk storage independently to each registered clients and for each Virtual Machine loading, disk images are loaded with Virtual Machine Images.
  • said Virtual Machine Monitor Storage Server sends the Virtual Machine Monitor engine on each client authentication request.
  • said Secure Application and Image Storage further includes pushing the application and operating system on clients' request.
  • said application and operating system inside virtual machine and compartments are measured and tied to client's profile and client's platform integrity.
  • said client's information database further includes multiple profiles for each client based on client's authentications and attestations.
  • said system further comprising the method of providing administrator's particulars into an application, authorizing successful or unsuccessful registration, launching server monitor dashboard and registration panel upon successful registration, registering new client's particulars, saving Virtual Machine Image, browsing dedicated location for said Virtual Machine Image, saving successful operation of Virtual Machine Image and terminating application upon administrator's request.
  • the method of providing administrator's particulars further includes providing username and password login.
  • said application further includes termination upon unsuccessful registration.
  • the method of registering new client's particulars further includes notifying administrator if there is an error and re-launch server monitor dashboard and registration panel.
  • the method of browsing dedicated location for said Virtual Machine Image further includes selecting image display in a list box.
  • FIG.1 illustrates the architecture of the system for virtual on-demand application (100).
  • FIG. 2a and 2b show process flow of method for virtual on-demand application (200).
  • FIG.3 depicts the process flow occurs in the server (300).
  • FIG. 1 the figure depicts a client (75) and Secure Application Server (10) applications.
  • the Secure Application Server (10) provides a list of commodity applications in a form of secured virtual machine images.
  • Client Information Database 15
  • Device storage 20
  • Application and Operating System Image storage 25
  • Virtual Machine Monitor Storage (30)
  • Virtual Storage 35
  • platform checking the checking process is conducted via attestation manager (50) located in the Secured Application Server (10). Once satisfied, the client's information will be authenticated (65) via resource manager (45) wherein connected to the Client's Information database (15).
  • the server (10) When a user (client) (75) opens a client interface and request an application from the server (10), the server (10) will push the application and operating system Image from the Application and Operating System Image Storage (25) or virtual resources from Virtual Machine Monitor Storage (30) and Virtual Storage (35) directly to the client through the network.
  • the administrator's request is managed by a Virtual Machine Monitor Service Manager (40).
  • the application will run locally on the client machine in the form of virtual machine via services selection (60).
  • the user (75) has finished executing services (55) of push application, and securely saved the created data or files locally, the application will remove itself when the user closes the application.
  • the process flow depicts the method for virtual on-demand application wherein it starts off (100) with platform attestation process (101 ).
  • the platform attestation (101 ) takes place between client and server, to confirm the level of trust between each platform before any interaction can start.
  • Client's front end application will launch (104) the application if the attestation process (101 ) found no tampered programs (102). However, if tampered programs (102) are found during the attestation (101 ), the process will stop the application (103) and end the process (120).
  • the web page will request identification verification via client's username and password login (105).
  • the client provides unique login information e.g. username and password to the front end application for verification.
  • the server verifies and authorizes (106) the login information whether to let the client proceed to the system or not.
  • the server will return an error notification response, in the form of informative web page, to the client.
  • the web page will ask the client to register (121 ) their particulars and login again (107).
  • the server will use the client's login information to search the database (108) for that particular client's profile.
  • the server After the server found the client's profile, the server will use it to find the available services (109) for instance, a virtual machine, a task oriented application, a commodity application, storage, devices and etc, that are related to that profile.
  • the available services for instance, a virtual machine, a task oriented application, a commodity application, storage, devices and etc, that are related to that profile.
  • the server will be acknowledged about the current availability (1 10) of the particular services that available for the particular client.
  • the server will then acknowledge this information to client (1 1 1 ).
  • Available services will appear on client's front end application via the delivery of list of available services (1 12) for.
  • the available services appear on the client's screen and the client selects the intended service to be utilized (1 13) in the form of clickable buttons.
  • the server captures this selection and immediately attests (1 14) the selected service, and push the service to the client's platform (1 15).
  • Client use the pushed services (1 16) to carry out task e.g. completing specific task and saving data (1 17).
  • all of the pushed services will be deleted (1 19) from client's platform.
  • the process ends (120) if the clients requested to terminate the process. However, if the client refuse to quit the process and plans to continue with the current task, the client will re-utilize the pushed service (1 16).
  • the process in the server starts off (200) with an administrator keyed in their login ID (username and password) for authentication process (201 ).
  • the server Upon successful verification (202), the server will launch the server application which contains server monitoring dashboard, server information and registration panel (203).
  • Administrator needs to fill all detail (208) needed to register a new client (204).
  • the administrator thereafter saves (209) the data and the application will return notification whether the registration is successful or not successful (210).
  • the process will notify the administrator if there is an error (21 1 ) and re-launch server monitor dashboard and registration panel (203).
  • the administrator browses (212) the dedicated location for the image in the list of image (213). All selected image will be displayed in the list box (213).
  • Successful save operation will save (215) image or application to specific folder and list it at save VM list (214). From thereon, the application has completed its task. The application will be terminated when the administrator closes the application (206).

Abstract

A system for virtual on-demand application (100) comprising of a Secured Application Server (10) for attestation and secure application services, a Virtual Storage Server (35) for memory location, a Virtual Machine Monitor storage (30) for holding Virtual Machine Monitor engine, a Secure Application and Operating System Image Storage (25) for storing application and operating system and a Client's Information Database (15) for authentication and attestation.

Description

SYSTEM AND METHOD FOR VIRTUAL ON-DEMAND APPLICATION
TECHNICAL FIELD The present invention relates in general to computer application and management, and more particularly to a system and method for virtual on-demand application which incorporates integrated virtualization and Trusted Computing technology.
BACKGROUND ART
Electronic communication plays an important role for business of all sizes; make it small-size enterprises or multinational corporations. Wide use of such technology has contributed to a rapid growth of IT human capital together with the expansion of the IT department itself. The IT department is responsible for all computing equipment which includes configuration for network access, setting up and making changes to existing workstations and assigning access rights for various levels. Rapid evolution of new computing devices resulted in the IT department facing complex problem due to trying to keep up with the latest system and technology. The IT personnel faces challenges in maintaining, deploying and protecting computer operation and data processing due to the factors of system and application dependant and open to vulnerable attacks.
In system dependency, the existing applications in a particular IT department depend on specific operating system and libraries in order to be operable. This is therefore, the system and application needs to be up-to-date to ensure that a particular process is working on efficiently. Vulnerability to computer attacks is also another challenge that needs to be faced by these IT departments whereby computer technologies and system software are exposed to attacks for instance viruses, worms, spam, email bombs, exploits, bugs and information leakage through corporate espionage.
In order to protect and improve the IT departments' services, the present invention proposes a system and method for on-demand application to cater the mentioned problems with integrated virtualization and Trusted Computing technology. The virtualization technology will isolate the process into specific task and job function. This could be exemplified in a finance function wherein the system for payroll and accounting will be stored in a virtual machine (VM). Trusted computing is applied to protect the virtual resources from digital threats. Each virtual resource will be measured and sealed with PCR (Platform Configuration Register) or unique platform key.
One example of virtualization application has been disclosed in patent no US200725781 1 B2 which entitled system, method and program to migrate a virtual machine. The patent explains a system, method and program product for migrating a first virtual machine from a real computer to a second real computer or from a first LPAR to a second LPAR in a same real computer. Before migration, the first virtual machine comprises an operating system and an application in a first private memory private to the first virtual machine. A communication queue of the first virtual machine resides in a shared memory shared by the first and second computers or the first and second LPARS. The operating system and the application are copied from the shared memory to a second private memory private to the first virtual machine in the second computer or second LPAR. Thereafter, the first virtual machine is resumed in the second computer or second LPAR. Said prior art is distinguished by having a virtual machine transaction that occurs in side of client- server environment. Furthermore, the present invention comprises of virtual machine deletion that happens at the destination computing machine but not on the source computing machine. In the present invention, only the destination machine implements hypervisor. Therefore, more efficient application is introduced in the present invention. In another prior art, Patent number US2009276772 discloses a data processing system that enables configuration of a virtual connect functioning in combination with a virtualization platform. The data processing system is used with a virtualization platform which is configured to run multiple operating systems simultaneously on one or more physical servers and a virtual connect device which is communicatively coupled to the virtualization platform. The virtual connect device virtualizes connections between the physical server and a network infrastructure. Said prior art integrates migration and failover of virtual machines in the virtualization platform. On the other hand, the present invention uses push application whereby the virtual resources is being pushed from the server to the client and the application will run locally in the form of virtual machine. The present invention's system and method is much more interactive as compared to said prior art.
Therefore, there exists a need for a system and method for virtual on-demand application which is more efficient and interactive for the use in IT departments operations. SUMMARY OF THE INVENTION
The present invention aims to provide a virtual on-demand application and more particularly to a system and method for virtual on-demand application which incorporates integrated virtualization and Trusted Computing technology.
In a preferred embodiment of the present invention, a system for virtual on-demand application comprising of a Secured Application Server for attestation and secure application services, a virtual storage server for memory location, a Virtual Machine Monitor storage for holding Virtual Machine Monitor engine, a Secure Application and Image Storage for storing application and operating system, and a client's information database for authentication and attestation.
In another preferred embodiment of the present invention, said Secured Application Server further includes utilizing Attestation Manager, Virtual Machine Monitor Service Manager and Resource Manager to provide attestation service to clients, server and resource database.
In another preferred embodiment of the present invention, said Virtual Storage Server further includes storing client defined virtual disks.
In another preferred embodiment of the present invention, said Virtual Storage Server further allocates disk storage independently to each registered clients and for each Virtual Machine loading, disk images are loaded with Virtual Machine Images. In another preferred embodiment of the present invention, said Virtual Machine Monitor Storage Server sends the Virtual Machine Monitor engine on each client authentication request. In another preferred embodiment of the present invention, said Secure Application and Image Storage further includes pushing the application and operating system on clients' request.
In another preferred embodiment of the present invention, said application and operating system inside virtual machine and compartments are measured and tied to client's profile and client's platform integrity.
In another preferred embodiment of the present invention, said client's information database further includes multiple profiles for each client based on client's authentications and attestations.
In another preferred embodiment of the present invention, said system further comprising the method of providing administrator's particulars into an application, authorizing successful or unsuccessful registration, launching server monitor dashboard and registration panel upon successful registration, registering new client's particulars, saving Virtual Machine Image, browsing dedicated location for said Virtual Machine Image, saving successful operation of Virtual Machine Image and terminating application upon administrator's request. In another preferred embodiment of the present invention, the method of providing administrator's particulars further includes providing username and password login.
In another preferred embodiment of the present invention, said application further includes termination upon unsuccessful registration.
In another preferred embodiment of the present invention, the method of registering new client's particulars further includes notifying administrator if there is an error and re-launch server monitor dashboard and registration panel.
In another preferred embodiment of the present invention, the method of browsing dedicated location for said Virtual Machine Image further includes selecting image display in a list box. The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention. BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS
To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated, in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG.1 illustrates the architecture of the system for virtual on-demand application (100).
FIG. 2a and 2b show process flow of method for virtual on-demand application (200). FIG.3 depicts the process flow occurs in the server (300).
DETAILED DESCRIPTION OF THE PREFFERED EMBODIMENTS
Now referring to FIG. 1 , the figure depicts a client (75) and Secure Application Server (10) applications. The Secure Application Server (10) provides a list of commodity applications in a form of secured virtual machine images. There are a plurality of storages available within the Secured Application Server (10) namely Client Information Database (15), Device storage (20), Application and Operating System Image storage (25), Virtual Machine Monitor Storage (30) and Virtual Storage (35). During platform checking (70), the checking process is conducted via attestation manager (50) located in the Secured Application Server (10). Once satisfied, the client's information will be authenticated (65) via resource manager (45) wherein connected to the Client's Information database (15). When a user (client) (75) opens a client interface and request an application from the server (10), the server (10) will push the application and operating system Image from the Application and Operating System Image Storage (25) or virtual resources from Virtual Machine Monitor Storage (30) and Virtual Storage (35) directly to the client through the network. The administrator's request is managed by a Virtual Machine Monitor Service Manager (40). Then, the application will run locally on the client machine in the form of virtual machine via services selection (60). When the user (75), has finished executing services (55) of push application, and securely saved the created data or files locally, the application will remove itself when the user closes the application. According to FIG.2, the process flow depicts the method for virtual on-demand application wherein it starts off (100) with platform attestation process (101 ). The platform attestation (101 ) takes place between client and server, to confirm the level of trust between each platform before any interaction can start. Client's front end application will launch (104) the application if the attestation process (101 ) found no tampered programs (102). However, if tampered programs (102) are found during the attestation (101 ), the process will stop the application (103) and end the process (120).
Once the application has been launched (104), the web page will request identification verification via client's username and password login (105). The client provides unique login information e.g. username and password to the front end application for verification. Thereafter, the server verifies and authorizes (106) the login information whether to let the client proceed to the system or not. However, if the login information is not found inside the server's users list, unauthorized user notification (107) will be prompted wherein the server will return an error notification response, in the form of informative web page, to the client. The web page will ask the client to register (121 ) their particulars and login again (107). On the other hand, if the client is authorized (106), the server will use the client's login information to search the database (108) for that particular client's profile.
After the server found the client's profile, the server will use it to find the available services (109) for instance, a virtual machine, a task oriented application, a commodity application, storage, devices and etc, that are related to that profile.
Thereafter, the server will be acknowledged about the current availability (1 10) of the particular services that available for the particular client. The server will then acknowledge this information to client (1 1 1 ). Available services will appear on client's front end application via the delivery of list of available services (1 12) for. The available services appear on the client's screen and the client selects the intended service to be utilized (1 13) in the form of clickable buttons. The server captures this selection and immediately attests (1 14) the selected service, and push the service to the client's platform (1 15)..
Client use the pushed services (1 16) to carry out task e.g. completing specific task and saving data (1 17). When the client quits (1 18), all of the pushed services will be deleted (1 19) from client's platform. The process ends (120) if the clients requested to terminate the process. However, if the client refuse to quit the process and plans to continue with the current task, the client will re-utilize the pushed service (1 16). Referring to FIG. 3, the process in the server starts off (200) with an administrator keyed in their login ID (username and password) for authentication process (201 ). Upon successful verification (202), the server will launch the server application which contains server monitoring dashboard, server information and registration panel (203).
Administrator needs to fill all detail (208) needed to register a new client (204). The administrator thereafter saves (209) the data and the application will return notification whether the registration is successful or not successful (210). The process will notify the administrator if there is an error (21 1 ) and re-launch server monitor dashboard and registration panel (203). In order to save virtual machine image and/or application, thereafter, the administrator browses (212) the dedicated location for the image in the list of image (213). All selected image will be displayed in the list box (213).
Successful save operation will save (215) image or application to specific folder and list it at save VM list (214). From thereon, the application has completed its task. The application will be terminated when the administrator closes the application (206).
In the foregoing specification, specific embodiments of the present invention have been described. However, one of ordinary skill in the art will appreciate that various modifications and changes can be made without departing from the scope of the present invention as set forth in the various embodiments discussed above and the claims that follow. Accordingly, the specification and figures are to be regarded in an illustrative rather than a restrictive sense, and all such modifications are intended to be included within the scope of present invention. The benefits, advantages, solutions to problems, and any element(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, required, or essential features or elements as described herein.

Claims

1. A system for virtual on-demand application (100) comprising of:
a Secured Application Server (10) for attestation and secure application services; a Virtual Storage Server (35) for memory location;
a Virtual Machine Monitor storage (30) for holding Virtual Machine Monitor engine; a Secure Application and Operating System Image Storage (25) for storing application and operating system; and
a Client's Information Database (15) for authentication and attestation.
2. The system according to claim 1 wherein said Secured Application Server (10) further includes utilizing Attestation Manager (50), Virtual Machine Monitor Service Manager (40) and Resource Manager (45) to provide attestation service to clients, server and resource database.
3. The system according to claim 1 wherein said Virtual Storage Server (35) further includes storing client defined virtual disks.
4. The system according to claim 3 wherein said Virtual Storage Server (35) further allocates disk storage independently to each registered clients and for each Virtual Machine loading, disk images are loaded with Virtual Machine Images.
5. The system according to claim 1 wherein said Virtual Machine Monitor Storage Server (30) sends the Virtual Machine Monitor engine on each client authentication request.
6. The system according to claim 1 wherein said Secure Application and Image Storage (25) further includes pushing the application and operating system on clients' request.
7. The system according to claim 7 wherein said application and operating system inside virtual machine and compartments are measured and tied to client's profile and client's platform integrity (70).
8. The system according to claim 1 wherein said client's information database (15) further includes multiple profiles for each client based on client's authentications and attestations (65).
9. The system as according to claim 1 further comprising the method of:
providing administrator's particulars into an application (201);
authorizing successful or unsuccessful registration (202);
launching server monitor dashboard and registration panel upon successful registration (203);
registering new client's particulars (204);
saving Virtual Machine Image (205);
browsing dedicated location for said Virtual Machine Image (212);
saving successful operation of Virtual Machine Image (215); and
terminating application upon administrator's request (206).
10. The method according to claim 9 wherein providing administrator's particulars (201) further includes providing username and password login.
11. The method according to claim 9 wherein said application further includes termination (202) upon unsuccessful registration.
12. The method according to claim 9 wherein registering new client's particulars (204) further includes notifying administrator if there is an error (211) and re-launch server monitor dashboard and registration panel (203).
13. The method according to claim 9 wherein browsing dedicated location for said Virtual Machine Image (212) further includes selecting image display in a list box (213).
PCT/MY2010/000266 2010-05-25 2010-11-10 System and method for virtual on-demand application WO2011149326A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2010002427 MY150910A (en) 2010-05-25 2010-05-25 System and method for virtual on-demand application
MYPI2010002427 2010-05-25

Publications (1)

Publication Number Publication Date
WO2011149326A1 true WO2011149326A1 (en) 2011-12-01

Family

ID=45004144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2010/000266 WO2011149326A1 (en) 2010-05-25 2010-11-10 System and method for virtual on-demand application

Country Status (2)

Country Link
MY (1) MY150910A (en)
WO (1) WO2011149326A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070130566A1 (en) * 2003-07-09 2007-06-07 Van Rietschote Hans F Migrating Virtual Machines among Computer Systems to Balance Load Caused by Virtual Machines
JP2009116914A (en) * 2002-07-11 2009-05-28 Microsoft Corp Method for forking or migrating virtual machine
WO2009107351A1 (en) * 2008-02-25 2009-09-03 パナソニック株式会社 Information security device and information security system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009116914A (en) * 2002-07-11 2009-05-28 Microsoft Corp Method for forking or migrating virtual machine
US20070130566A1 (en) * 2003-07-09 2007-06-07 Van Rietschote Hans F Migrating Virtual Machines among Computer Systems to Balance Load Caused by Virtual Machines
WO2009107351A1 (en) * 2008-02-25 2009-09-03 パナソニック株式会社 Information security device and information security system

Also Published As

Publication number Publication date
MY150910A (en) 2014-03-14

Similar Documents

Publication Publication Date Title
US10181037B2 (en) Secure creation of encrypted virtual machines from encrypted templates
EP2577539B1 (en) Securing customer virtual machines in a multi-tenant cloud
US9300640B2 (en) Secure virtual machine
US7543150B2 (en) Method and system for setting up hosting environments in safety
EP2791817B1 (en) Cryptographic certification of secure hosted execution environments
US9703586B2 (en) Distribution control and tracking mechanism of virtual machine appliances
EP2880589B1 (en) Trusted execution environment virtual machine cloning
EP2681689B1 (en) Protecting operating system configuration values
US7506380B2 (en) Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module
EP2965192B1 (en) Configuration and verification by trusted provider
US20110202765A1 (en) Securely move virtual machines between host servers
US20090276774A1 (en) Access control for virtual machines in an information system
US20090307705A1 (en) Secure multi-purpose computing client
EP2862119B1 (en) Network based management of protected data sets
CN107704308B (en) Virtual platform vTPM management system, trust chain construction method and device, and storage medium
JP2022522678A (en) Secure execution guest owner environment control
US20230229778A1 (en) Multi-phase secure zero touch provisioning of computing devices
WO2009018366A1 (en) Method and apparatus for lifecycle integrity verification of virtual machines
WO2011149326A1 (en) System and method for virtual on-demand application

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10852264

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10852264

Country of ref document: EP

Kind code of ref document: A1