WO2013126430A1 - Systems and methods involving virtual machine host isolation over a network - Google Patents

Systems and methods involving virtual machine host isolation over a network Download PDF

Info

Publication number
WO2013126430A1
WO2013126430A1 PCT/US2013/026907 US2013026907W WO2013126430A1 WO 2013126430 A1 WO2013126430 A1 WO 2013126430A1 US 2013026907 W US2013026907 W US 2013026907W WO 2013126430 A1 WO2013126430 A1 WO 2013126430A1
Authority
WO
WIPO (PCT)
Prior art keywords
cluster
downstream
compute node
manager component
component
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2013/026907
Other languages
French (fr)
Inventor
Derek Anderson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Virtustream Canada Holdings Inc
Original Assignee
Virtustream Canada Holdings Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Virtustream Canada Holdings Inc filed Critical Virtustream Canada Holdings Inc
Priority to EP13751256.2A priority Critical patent/EP2817726A4/en
Priority to CN201380010077.0A priority patent/CN104246743B/en
Publication of WO2013126430A1 publication Critical patent/WO2013126430A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Definitions

  • the present disclosure is directed generally to systems and methods involving virtual machine host isolation.
  • Figure 1 is a block diagram of an illustrative system, according to a disclosed implementation.
  • Figure 2 is a flow chart depicting an illustrative method related to virtual machine host isolation, according to a disclosed implementation.
  • Figure 3 is a flow chart depicting another illustrative method related to virtual machine host isolation, according to a disclosed implementation.
  • Figure 4 is a flow chart depicting a further illustrative method related to virtual machine host isolation, according to a disclosed implementation.
  • Figure 5 is a flow chart depicting still another illustrative method related to virtual machine host isolation, according to a disclosed implementation.
  • Figure 6 is a flow diagram depicting an illustrative method of operation for isolating virtual machine host(s), according to an implementation.
  • a system may include a first compute node configured to be operatively coupled to (1) a second compute node via a first application server such as an extensible messaging and presence protocol (XMPP) server, and (2) a third compute node via a second application server such as another XMPP server.
  • XMPP extensible messaging and presence protocol
  • the first compute node may be configured to be included within a federated cluster that includes the third compute node.
  • the first compute node may be configured to receive an instruction from the second compute node via the first server to define a virtual machine.
  • the first compute node may be configured to send an instruction to the third compute node via the second server to define the virtual machine.
  • the first XMPP server can be the same as the second XMPP server.
  • FIG. 1 depicts a block diagram of an illustrative system that may be involved with isolating virtual machine hosts ("system") 100, according to an embodiment.
  • System 100 includes a federated cluster 110 including a compute node 102 and a compute node 104, an application server cluster 120 such as a jabber cluster, a compute node 106, and a network 140.
  • compute node 102 of federated cluster 110 includes a downstream manager 112
  • compute node 104 of federated cluster 110 includes a downstream agent component 114
  • compute node 106 includes an upstream manager component 130.
  • the application server cluster 120 is described as a jabber cluster that includes one or more extensible messaging and presence protocol (XMPP) servers logically connected and configured to support XMPP communication between upstream manager component 130 and downstream manager component 112, and between downstream manager component 112 and downstream agent component 114.
  • XMPP extensible messaging and presence protocol
  • various other processing components and messaging/communication protocols other than, or in conjunction with, XMPP may be utilized to process the command and control for the cluster(s), including but not limited to AMQP, ZeroMQ, and HTTP, among others.
  • processing and communication may also take place via hybrid protocols, such as combination(s) of HTTP and XMPP.
  • system 100 may describe system 100 as including a jabber cluster, in some embodiments system 100 may comprise other application server(s) and/or protocols.
  • application server(s) and/or protocols For instance, in certain embodiments, a variety of processing components and/or protocols may be utilized, provided that features such as topology, isolation and message content set forth in the detailed implementations shown and described herein are achieved.
  • application servers may utilize or include messaging or communication protocol(s) that require low processing and memory resources, are standardized, are customizable, are point-to-point, and/or are configured to send and receive state and/or provisioning messages.
  • FIG. 1 may describe system 100 as including a single cluster or jabber cluster, in other embodiments, system 100 can include more than one cluster or jabber cluster. In such plural jabber cluster
  • a first jabber cluster can include one or more servers logically connected and configured to support communication between the upstream manager 130 and the downstream manager 112
  • a second jabber cluster can include one or more servers logically connected and configured to support communication between the downstream manager 112 and the downstream agent 114.
  • communication between downstream manager 112 and downstream agent 114 may be secured separately from communication between upstream manager 130 and downstream manager 112, and may continue in the event of a failure of any portion of the first jabber cluster.
  • upstream manager component 130, downstream manager component 112, and downstream agent component 114 can be a software and/or hardware module(s) located at compute nodes, such as, for example, at compute nodes 102, 104, and/or 106.
  • a compute node can be any type of device configured to send data to one or more devices within system 100 and to devices outside of system 100 via network 140, and/or receive data from devices included in network 140 and/or from devices outside of system 100 via network 140.
  • the compute node can be configured to function as, for example, virtual machine host, a server device (e.g., a web server device), a network management device, a data repository and/or the like.
  • the compute node can be configured to define and send provision and/or action instructions, and/or add, remove, lock, revise and/or edit a virtual machine.
  • the compute nodes may include one or more memory 136 and/or processor 138 devices or components.
  • the memory 136 can be, for example, a random access memory (RAM), a memory buffer, a hard drive, a database, an erasable programmable read-only memory (EPROM), an electrically erasable read-only memory (EEPROM), a read-only memory (ROM) and/or so forth.
  • the memory 136 of the compute node includes data used to define, send, and receive, instructions, messages, poll requests and results, etc.
  • the memory 136 stores instructions to cause the processor 138 to execute modules, processes and/or functions associated with such a system 100.
  • the processor(s) 138 of the compute nodes can be any suitable processing device configured to run and/or execute within system 100.
  • the processor can be a general purpose processor, a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), and/or the like.
  • the processor can be configured to execute modules, functions and/or processes to operate system 100.
  • the upstream manager component 130 may be a software and/or hardware module(s) located at compute node 106, and may be configured to logically connect federated cluster 110 to network 140 via the application server cluster 130, such as a jabber cluster. Upstream manager component 130 may also be configured to receive hypertext transport protocol (HTTP) instructions from a device 145 of a user, for example, a customer or network administrator 150, via network 140. In some embodiments, the upstream manager component 130 may be configured to receive instructions via network 140 in other protocols, for example, representative state transfer (REST). Additionally, upstream manager component 130 may be configured to define an X PP instruction(s) to downstream manager 112 via the application server cluster 120. In some embodiments, an XMPP instruction can include a provision instruction for defining a virtual machine.
  • HTTP hypertext transport protocol
  • REST representative state transfer
  • the upstream manager component 130 may be configured to receive provision results from downstream manager 112, may store those results, and may send status updates and/or results to the user etc. via network 140. Further, the upstream manager component 130 may be configured to logically interact with federated cluster 110 as a single compute node.
  • the upstream manager component may be configured to treat a first federated cluster including a single downstream manager and a one or more downstream agents as a single compute node having a first amount of computing capacity, and may treat a second federated cluster including a single downstream manager and ten downstream agents as a single compute node have a second amount of computing capacity distinct from the other compute node.
  • upstream manager component 130 need not store state and other information for each individual downstream agent, but instead may only store state and other information for each federated cluster.
  • Upstream manager component 130 may also be configured to include customer data, such as available capacity, virtual machine quotas, and the like. In this manner, upstream manager component may accept or decline a request to provision a virtual machine, and/or can determine provisioning option based on that customer information.
  • compute node 106 may include one or more repositories 144A and/or one or more databases 146A, in addition to the memory 136A to store system and/or customer data, provisioning rules, etc.
  • federated cluster 110 may be a cluster of compute nodes or multiple cooperating compute nodes that may not be centrally managed.
  • federating the cluster of compute nodes can include designating one of the compute nodes as the location for a downstream manager and the remaining compute nodes as the location for downstream agents.
  • the compute node designated as the location for the downstream manager can operate an agent emulation module to couple the federated cluster to an upstream manager via an jabber cluster, and can present the federated cluster to the upstream manager as a single downstream agent including the available capacity of the whole cluster of compute nodes.
  • federated cluster 110 includes downstream manager component 112 and downstream agent component 114. While shown in FIG. 1 as including a single downstream agent component 114, in some embodiments, federated cluster 110 can include any number of downstream agent components 114. Federated cluster 110 may be configured to communicate with the upstream manager 130 via application sever cluster and may be configured to logically appear to upstream manager 130 as a single compute node.
  • Federated cluster 110 may further include or operate with local storage locations 136B, 136C and/or remote storage locations 136A, 136E for virtual machine, one or more local or remote databases 144A, 144D, 144E, and/or one or more local or remote repositories 146A, 146D, 146E, where such local databases and/or repositories may also or instead be located within specific compute nodes 102, 104.
  • such one or more local repositories 146D can be synced to an upstream repository 146A.
  • downstream manager component 112 of federated cluster 110 may be a software and/or hardware module(s) located at compute node 102 and may be configured to be logically connected to the compute node 106 and upstream manager component 130 via the application server cluster 120 and logically connected to downstream agent component 114 via the application server cluster 120. In this manner all traffic between downstream manager component 112 and upstream manager component 130, and all traffic between downstream manager component 112 and downstream agent component 114 may be sent and received via the application server cluster 120.
  • Downstream manager component 112 can be configured to receive an instruction, such as an XMPP instruction(s), from upstream manager component 130.
  • Downstream manager component 112 may also be configured to (1) define a provision request associated with downstream agent component 114, and (2) send that request to downstream agent component 14 via the application server cluster 120.
  • the provision request can include a request to instantiate a virtual machine.
  • the provision request refers to requests to both instantiate and provision a virtual machine.
  • Downstream manager component 112 may be configured to receive an indication from downstream agent 114 indicating whether the provisioning was successful, and may also be configured to send a message indicating the provision result to the upstream manager 130 via jabber cluster 120.
  • Downstream agent component 114 of federated cluster 110 may be a software and/or hardware module(s) located at compute node 104 and may be configured to be logically connected to compute node 102 and downstream manager component 112 via the application server cluster 120. In this manner, all traffic between downstream manager component 112 and downstream agent component 114 may be sent and received via the application server cluster 120.
  • Downstream agent component 112 may be configured to receive a provision request from downstream manager component 112 via the application server cluster 120.
  • the provision request may include a request to instantiate a virtual machine. In such embodiments, the provision request refers to requests to both instantiate and provision a virtual machine.
  • Downstream agent component 114 may be configured to send an indication to downstream manager component 112 indicating whether the provisioning was successful. Downstream agent component 114 may be configured to define a virtual machine in response to an instruction from downstream manager component 112. In some embodiment, defining a virtual machine may include unarchiving files, templates, etc.
  • network 140 may be any type of network (e.g., a local area network (LAN), a wide area network (WAN), a virtual network, a telecommunications network) implemented as a wired network and/or wireless network.
  • LAN local area network
  • WAN wide area network
  • virtual network e.g., a virtual network, a telecommunications network
  • a user may communicate with system 100 via network 140.
  • a user devices 145 may send data to and/or receive data from the compute node 106 using one or more
  • communication modes e.g., email, text messages, instant messages, optical pattern transmissions, using a mobile device application, via a website, using a personal computer (PC) application, an interactive advertisement, an ITV, TCP/IP transmissions, interactive voice response (e.g., via touch tones and/or voice recognition), etc.) that may be transmitted to the compute node 106 using a common network.
  • communication modes e.g., email, text messages, instant messages, optical pattern transmissions, using a mobile device application, via a website, using a personal computer (PC) application, an interactive advertisement, an ITV, TCP/IP transmissions, interactive voice response (e.g., via touch tones and/or voice recognition), etc.
  • PC personal computer
  • system 100 may be configured such that state information of federated cluster 110 is sent, using, for example, an XMPP message, to upstream manager component 130.
  • upstream manager component 130 may have access to much of the computing capacity of the federated cluster 110 while only updating state information when a state change within federated cluster 110 occurs.
  • This allows federated cluster 110 to operate with less administrative overhead, making system 100 and federated cluster 110 more scalable.
  • any compute node and/or associated downstream agent of federated cluster 110 may act as a service endpoint, for example, a location to instantiate a virtual machine.
  • upstream manager component 130 may send a provision request to another location, may reboot an offline virtual machine in another location, and/or may migrate a virtual machine to another location.
  • System 100 may be configured such that downstream manager component 112 receives commands and requests from upstream manager component 130, but need not be controlled by upstream manager component 130.
  • upstream manager component 130, and associated users may have access to federated cluster 110's computing capacity without having complete control of federated cluster 110's compute capacity.
  • federated cluster 110, via downstream manager component 112 may be configured to limit, via quotas, permissions, etc., the computing capacity available to upstream manager component 130.
  • isolating control of the federated cluster 110 from upstream manager component 130 may prevent upstream manager component 130, or a user of upstream manager component 130, from monopolizing the compute capacity of federated cluster 110.
  • system 100 may be configured such that compute node 106 may be operatively coupled to federated cluster 110 via an application server cluster 120 using lower quality links, for example, wireless area network (WAN) link, or internet links.
  • system 100 may be configured such that compute node 102 and compute node 104, within federated cluster 110, may be operatively coupled to federated cluster 110 via application server cluster 120 using lower quality links.
  • System 100 may be configured such that if a link through the cluster 120 fails, either between upstream manager component 130 and downstream manager component 112, or between downstream manager component 112 and downstream agent component 114, system 100 may failover to a new link.
  • a waiting period may pass before a new link is initiated, for example, to prevent premature failover.
  • upstream manager component 130 may detect that a communication link to downstream manager 112 has failed. Upstream manager component 130 may wait a predetermined amount of time, and may then establish a new link to downstream manager component 112 through jabber cluster 120. This allows system 100 to have improved reliability and fault recovery.
  • FIG. 2 depicts a flow chart of an illustrative method 200 of operating a system for isolating virtual machine hosts, according to an embodiment, and with reference to the system 100 depicted in FIG. 1.
  • processing related to performance of the method steps may be
  • an illustrative method may comprise a first, optional step of federating a cluster of compute nodes including designating a compute nodes as the location for a downstream manager and remaining compute nodes as the location for downstream agents 202.
  • federation may occur prior to the processing described in more detail below, for example, by another entity.
  • Method 200 may then proceed to and includes receiving, at a first compute node, an instruction from the second compute node (e.g., via a first X PP server) to define a virtual machine, at 204.
  • downstream manager component 112 may receive an instruction from the upstream manager component 130 via an application server cluster 20 to define a virtual machine.
  • An instruction is sent from the first compute node to a third compute node via the second XMPP server to define the virtual machine, at 206.
  • Downstream manager component 112 may then send an instruction to downstream
  • agent component 114 via the cluster 120 to define a virtual machine.
  • Figure 3 is a flow chart depicting another method of processing information related to isolating virtual machine hosts, according to a disclosed implementation. The processing of FIG. 3 may be performed by or among one or more of the various entities in the system 100, as explained above.
  • the illustrative method 300 of FIG 3 may begin with the steps of FIG 2, namely receiving, at a first compute node, an instruction from the second compute node (e.g., via a first XMPP server) to define a virtual machine, at 302. Further, an instruction may be sent from the first compute node to a third compute node via the second XMPP server to define the virtual machine, at 304.
  • the method 300 may comprise, at 306, receiving an indication from the downstream agent component indicating whether the provisioning was successful, and, at 308, sending a message indicating the provision result to the upstream manager component.
  • FIG. 4 is a flow chart depicting a further method for virtual machine isolation, according to a disclosed implementation.
  • processing related to performance of the method steps may be performed by among one or more of the various entities within the system.
  • the method steps or processing related thereto may be performed by one or more processing elements in the system, such as via the federated cluster 110, one or more compute nodes, including but not limited to those within the federated cluster, one or more network administrator
  • an illustrative method may comprise, at 402, processing information, related to defining and/or sending a provisioning request to an upstream manager component 130. Then, at 404, processing information related to defining a message, via the upstream manager component 130, including the provision request, and sending the
  • the method may comprise, at 406, processing information related to receipt, at the downstream manager
  • the illustrative method of FIG. 4 may comprise, at 410, processing information related to accepting, via the downstream agent component 114, the provision request and instantiating/provisioning/configuring the virtual machine.
  • FIG. 5 is a flow chart depicting still another method for virtual machine isolation, according to a disclosed implementation.
  • the processing of the exemplary method of FIG. 5 may be performed by the components and/or distributed components set forth above.
  • another illustrative method may comprise, at 502, processing information regarding transmission, via the downstream agent component 114, of a provision result to the downstream manager component 112.
  • the method may comprise, at 504, processing information regarding polling the upstream manager component 130 for a provision result.
  • the method may comprise, at 506, processing information regarding transmission, via the upstream manager component 130, of a polling result, such as to a user 145, an administrator 150 and/or a management component 160.
  • the method may comprise processing information regarding defining a provision result and transmitting a message, via the downstream manager component 112, indicative of the provision result to the upstream manager component 130 via the application server/jabber cluster 120.
  • the method may comprise processing information regarding storing and/or updating records, via the upstream manager component 130.
  • FIG. 6 depicts a flow diagram depicting an illustrative method 600 of operating a system for isolating virtual machine hosts, according to a disclosed implementation.
  • Method 600 flows along arrow AA from BB to CC.
  • a user accesses a network with a user device, defines a provision request (e.g. instantiating, provisioning, and/or configuring a virtual machine), and sends a provision request via HTTP or REST to the upstream manager, at 602.
  • the upstream manager defines an XMPP message including the provision request, and sends the XMPP provision request to downstream manager via jabber cluster, at 604.
  • the upstream manager may validate the configuration, including verifying that the request does not violate any user permissions or constraints. Downstream manager then receives the X PP provision request and selects a downstream agent to host the virtual machine at 606, and sends the provision request to downstream agent via jabber cluster, at 608. Downstream agent may then accept the provision request and instantiate, provision, and/or configure the virtual machine, at 610. In some embodiments, instantiating, provisioning, and/or configuring the virtual machine may include, for example, unarchiving files, templates, etc. In some
  • downstream agent may decline the provision request.
  • downstream agent may send a decline response to downstream manager, and downstream manager may select an alternative downstream agent.
  • Downstream agent sends a provision result to downstream manager, at 612.
  • the user device polls the upstream manager for a provision result, at 614.
  • the upstream device may then send a polling result to the user device.
  • the polling result may indicate that the provisioning is in-progress, has failed, or is complete, at 616.
  • Downstream manager defines a provision result, at 618, and sends a message indicative of the provision result to the upstream manager via jabber cluster, at 620.
  • the upstream manager stores the result of the provision request and updates user records, for example, virtual machine quotas etc., at 622.
  • the user device may then poll the upstream manager for a provision result, at 624.
  • the upstream device may send a polling result to the user device, for example, the polling result may indicate that the provisioning is in-progress, has failed, or is complete, at 626.
  • Some embodiments described herein relate to a computer storage product with a computer-readable medium (also may be referred to as a processor-readable medium) having instructions or computer code thereon for performing various computer-implemented operations.
  • the media and computer code may be those designed and constructed for the specific purpose or purposes. Examples of computer-readable media include, but are not limited to: magnetic storage media such as hard disks, floppy disks, and magnetic tape; optical storage media such as Compact
  • CD/DVDs Compact Disc-Read Only Memories
  • CD-ROMs Compact Disc-Read Only Memories
  • holographic devices magneto-optical storage media such as optical disks
  • magneto-optical storage media such as optical disks
  • hardware devices that are specially configured to store and execute program code such as Application-Specific Integrated Circuits (ASICs),
  • PLDs Programmable Logic Devices
  • ROM Read-Only Memory
  • RAM Random-Access Memory
  • Examples of computer code include, but are not limited to, micro-code or micro-instructions, machine instructions, such as produced by a compiler, code used to produce a web service, and files containing higher-level
  • embodiments may be implemented using Java, C++, or other programming languages (e.g., object-oriented programming languages) and development tools.
  • Additional examples of computer code include, but are not limited to, control signals, encrypted code, and compressed code.
  • FIG. 1 depicts a single federated cluster 110 having a single downstream agent 114
  • the system 100 may include two or more federated clusters 110 each having one or more downstream agents 114.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multi Processors (AREA)
  • Computer And Data Communications (AREA)
  • Hardware Redundancy (AREA)

Description

SYSTEMS AND METHODS INVOLVING VIRTUAL MACHINE
HOST ISOLATION OVER A NETWORK
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application is based on and derives the benefit of the filing date of United States Provisional Patent Application No. 61/600,888, filed February 20, 2012. The entire content of this application is herein incorporated by reference in its entirety.
FIELD
[0002] The present disclosure is directed generally to systems and methods involving virtual machine host isolation.
BRIEF DESCRIPTION OF THE FIGURES
[0003] The accompanying drawings, which constitute a part of this
specification, illustrate various implementations and aspects of the innovations herein and, together with the description, help illustrate the principles of the present inventions. In the drawings:
[0004] Figure 1 is a block diagram of an illustrative system, according to a disclosed implementation.
[0005] Figure 2 is a flow chart depicting an illustrative method related to virtual machine host isolation, according to a disclosed implementation.
[0006] Figure 3 is a flow chart depicting another illustrative method related to virtual machine host isolation, according to a disclosed implementation. [0007] Figure 4 is a flow chart depicting a further illustrative method related to virtual machine host isolation, according to a disclosed implementation.
[0008] Figure 5 is a flow chart depicting still another illustrative method related to virtual machine host isolation, according to a disclosed implementation.
[0009] Figure 6 is a flow diagram depicting an illustrative method of operation for isolating virtual machine host(s), according to an implementation.
DETAILED DESCRIPTION OF ILLUSTRATIVE IMPLEMENTATIONS
[00010] Reference will now be made in detail to the inventions herein, examples of which are illustrated in the accompanying drawings. The implementations set forth in the following description do not represent all implementations consistent with the claimed inventions. Instead, they are merely some examples consistent with certain aspects related to the present innovations. Wherever possible, the same reference numbers will be used throughout the drawings to refer to the same or like parts.
[00011] According to some aspects of the present innovations, implementations may relate to a system for isolating virtual machine hosts over a network using a federated downstream cluster. In one illustrative embodiment, a system may include a first compute node configured to be operatively coupled to (1) a second compute node via a first application server such as an extensible messaging and presence protocol (XMPP) server, and (2) a third compute node via a second application server such as another XMPP server. Here, for example, the first compute node may be configured to be included within a federated cluster that includes the third compute node. In operation, the first compute node may be configured to receive an instruction from the second compute node via the first server to define a virtual machine. Further, the first compute node may be configured to send an instruction to the third compute node via the second server to define the virtual machine. In some embodiments, the first XMPP server can be the same as the second XMPP server.
[00012] With regard to the discussions below, a system using federated downstream clusters to isolate virtual machine hosts can be used to
geographically and/or logically isolate virtual machine hosts. FIG. 1 depicts a block diagram of an illustrative system that may be involved with isolating virtual machine hosts ("system") 100, according to an embodiment. System 100 includes a federated cluster 110 including a compute node 102 and a compute node 104, an application server cluster 120 such as a jabber cluster, a compute node 106, and a network 140. In some implementations, compute node 102 of federated cluster 110 includes a downstream manager 112, compute node 104 of federated cluster 110 includes a downstream agent component 114, and compute node 106 includes an upstream manager component 130.
[00013] In some implementations detailed below, the application server cluster 120 is described as a jabber cluster that includes one or more extensible messaging and presence protocol (XMPP) servers logically connected and configured to support XMPP communication between upstream manager component 130 and downstream manager component 112, and between downstream manager component 112 and downstream agent component 114. However, various other processing components and messaging/communication protocols other than, or in conjunction with, XMPP may be utilized to process the command and control for the cluster(s), including but not limited to AMQP, ZeroMQ, and HTTP, among others. Here, for example, processing and communication may also take place via hybrid protocols, such as combination(s) of HTTP and XMPP. Thus, while some discussions of FIG. 1 may describe system 100 as including a jabber cluster, in some embodiments system 100 may comprise other application server(s) and/or protocols. For instance, in certain embodiments, a variety of processing components and/or protocols may be utilized, provided that features such as topology, isolation and message content set forth in the detailed implementations shown and described herein are achieved. Here, for example, such application servers may utilize or include messaging or communication protocol(s) that require low processing and memory resources, are standardized, are customizable, are point-to-point, and/or are configured to send and receive state and/or provisioning messages.
[00014] Additionally, while FIG. 1 may describe system 100 as including a single cluster or jabber cluster, in other embodiments, system 100 can include more than one cluster or jabber cluster. In such plural jabber cluster
embodiments, for example, a first jabber cluster can include one or more servers logically connected and configured to support communication between the upstream manager 130 and the downstream manager 112, and a second jabber cluster can include one or more servers logically connected and configured to support communication between the downstream manager 112 and the downstream agent 114. In this manner, communication between downstream manager 112 and downstream agent 114 may be secured separately from communication between upstream manager 130 and downstream manager 112, and may continue in the event of a failure of any portion of the first jabber cluster.
[00015] According to implementations herein, upstream manager component 130, downstream manager component 112, and downstream agent component 114 can be a software and/or hardware module(s) located at compute nodes, such as, for example, at compute nodes 102, 104, and/or 106. A compute node can be any type of device configured to send data to one or more devices within system 100 and to devices outside of system 100 via network 140, and/or receive data from devices included in network 140 and/or from devices outside of system 100 via network 140. In some embodiments, the compute node can be configured to function as, for example, virtual machine host, a server device (e.g., a web server device), a network management device, a data repository and/or the like. The compute node can be configured to define and send provision and/or action instructions, and/or add, remove, lock, revise and/or edit a virtual machine.
[00016] In some implementations, the compute nodes may include one or more memory 136 and/or processor 138 devices or components. The memory 136 can be, for example, a random access memory (RAM), a memory buffer, a hard drive, a database, an erasable programmable read-only memory (EPROM), an electrically erasable read-only memory (EEPROM), a read-only memory (ROM) and/or so forth. In some embodiments, the memory 136 of the compute node includes data used to define, send, and receive, instructions, messages, poll requests and results, etc. In some embodiments, the memory 136 stores instructions to cause the processor 138 to execute modules, processes and/or functions associated with such a system 100.
[00017] The processor(s) 138 of the compute nodes, such as, for example, compute nodes 102, 104, and/or 106, can be any suitable processing device configured to run and/or execute within system 100. In some embodiments, the processor can be a general purpose processor, a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), and/or the like. The processor can be configured to execute modules, functions and/or processes to operate system 100.
[00018] According to some implementations, the upstream manager component 130 may be a software and/or hardware module(s) located at compute node 106, and may be configured to logically connect federated cluster 110 to network 140 via the application server cluster 130, such as a jabber cluster. Upstream manager component 130 may also be configured to receive hypertext transport protocol (HTTP) instructions from a device 145 of a user, for example, a customer or network administrator 150, via network 140. In some embodiments, the upstream manager component 130 may be configured to receive instructions via network 140 in other protocols, for example, representative state transfer (REST). Additionally, upstream manager component 130 may be configured to define an X PP instruction(s) to downstream manager 112 via the application server cluster 120. In some embodiments, an XMPP instruction can include a provision instruction for defining a virtual machine.
[00019] In certain implementations, the upstream manager component 130 may be configured to receive provision results from downstream manager 112, may store those results, and may send status updates and/or results to the user etc. via network 140. Further, the upstream manager component 130 may be configured to logically interact with federated cluster 110 as a single compute node. Here, for example, the upstream manager component may be configured to treat a first federated cluster including a single downstream manager and a one or more downstream agents as a single compute node having a first amount of computing capacity, and may treat a second federated cluster including a single downstream manager and ten downstream agents as a single compute node have a second amount of computing capacity distinct from the other compute node. In this manner, upstream manager component 130 need not store state and other information for each individual downstream agent, but instead may only store state and other information for each federated cluster. Upstream manager component 130 may also be configured to include customer data, such as available capacity, virtual machine quotas, and the like. In this manner, upstream manager component may accept or decline a request to provision a virtual machine, and/or can determine provisioning option based on that customer information. With regard to an associated compute node, compute node 106 may include one or more repositories 144A and/or one or more databases 146A, in addition to the memory 136A to store system and/or customer data, provisioning rules, etc.
[00020] As set forth herein, federated cluster 110 may be a cluster of compute nodes or multiple cooperating compute nodes that may not be centrally managed. In some implementations, federating the cluster of compute nodes can include designating one of the compute nodes as the location for a downstream manager and the remaining compute nodes as the location for downstream agents. The compute node designated as the location for the downstream manager can operate an agent emulation module to couple the federated cluster to an upstream manager via an jabber cluster, and can present the federated cluster to the upstream manager as a single downstream agent including the available capacity of the whole cluster of compute nodes.
[00021] In the illustrative system shown in FIG. 1, federated cluster 110 includes downstream manager component 112 and downstream agent component 114. While shown in FIG. 1 as including a single downstream agent component 114, in some embodiments, federated cluster 110 can include any number of downstream agent components 114. Federated cluster 110 may be configured to communicate with the upstream manager 130 via application sever cluster and may be configured to logically appear to upstream manager 130 as a single compute node. Federated cluster 110 may further include or operate with local storage locations 136B, 136C and/or remote storage locations 136A, 136E for virtual machine, one or more local or remote databases 144A, 144D, 144E, and/or one or more local or remote repositories 146A, 146D, 146E, where such local databases and/or repositories may also or instead be located within specific compute nodes 102, 104. In embodiments, here, for example, such one or more local repositories 146D can be synced to an upstream repository 146A.
[00022] In some implementations, downstream manager component 112 of federated cluster 110 may be a software and/or hardware module(s) located at compute node 102 and may be configured to be logically connected to the compute node 106 and upstream manager component 130 via the application server cluster 120 and logically connected to downstream agent component 114 via the application server cluster 120. In this manner all traffic between downstream manager component 112 and upstream manager component 130, and all traffic between downstream manager component 112 and downstream agent component 114 may be sent and received via the application server cluster 120. Downstream manager component 112 can be configured to receive an instruction, such as an XMPP instruction(s), from upstream manager component 130. Downstream manager component 112 may also be configured to (1) define a provision request associated with downstream agent component 114, and (2) send that request to downstream agent component 14 via the application server cluster 120. In some embodiments, the provision request can include a request to instantiate a virtual machine. In such embodiments, the provision request refers to requests to both instantiate and provision a virtual machine. Downstream manager component 112 may be configured to receive an indication from downstream agent 114 indicating whether the provisioning was successful, and may also be configured to send a message indicating the provision result to the upstream manager 130 via jabber cluster 120.
[00023] Downstream agent component 114 of federated cluster 110 may be a software and/or hardware module(s) located at compute node 104 and may be configured to be logically connected to compute node 102 and downstream manager component 112 via the application server cluster 120. In this manner, all traffic between downstream manager component 112 and downstream agent component 114 may be sent and received via the application server cluster 120. Downstream agent component 112 may be configured to receive a provision request from downstream manager component 112 via the application server cluster 120. In some embodiments, the provision request may include a request to instantiate a virtual machine. In such embodiments, the provision request refers to requests to both instantiate and provision a virtual machine.
Downstream agent component 114 may be configured to send an indication to downstream manager component 112 indicating whether the provisioning was successful. Downstream agent component 114 may be configured to define a virtual machine in response to an instruction from downstream manager component 112. In some embodiment, defining a virtual machine may include unarchiving files, templates, etc. [00024] According to various implementations herein, network 140 may be any type of network (e.g., a local area network (LAN), a wide area network (WAN), a virtual network, a telecommunications network) implemented as a wired network and/or wireless network. A user may communicate with system 100 via network 140. As such, in some embodiments, a user devices 145 may send data to and/or receive data from the compute node 106 using one or more
communication modes (e.g., email, text messages, instant messages, optical pattern transmissions, using a mobile device application, via a website, using a personal computer (PC) application, an interactive advertisement, an ITV, TCP/IP transmissions, interactive voice response (e.g., via touch tones and/or voice recognition), etc.) that may be transmitted to the compute node 106 using a common network.
[00025] Consistent with present implementations, system 100 may be configured such that state information of federated cluster 110 is sent, using, for example, an XMPP message, to upstream manager component 130. In this manner, upstream manager component 130 may have access to much of the computing capacity of the federated cluster 110 while only updating state information when a state change within federated cluster 110 occurs. This allows federated cluster 110 to operate with less administrative overhead, making system 100 and federated cluster 110 more scalable. Furthermore, because the application server cluster 120 sees federated cluster 110 as a single downstream agent, any compute node and/or associated downstream agent of federated cluster 110 may act as a service endpoint, for example, a location to instantiate a virtual machine. In this manner, if any portion of federated cluster 110, for example, a portion of compute node 104 and/or downstream manager 114 becomes unavailable, upstream manager component 130 may send a provision request to another location, may reboot an offline virtual machine in another location, and/or may migrate a virtual machine to another location.
[00026] System 100 may be configured such that downstream manager component 112 receives commands and requests from upstream manager component 130, but need not be controlled by upstream manager component 130. In such embodiments, upstream manager component 130, and associated users, may have access to federated cluster 110's computing capacity without having complete control of federated cluster 110's compute capacity. In this manner, federated cluster 110, via downstream manager component 112, may be configured to limit, via quotas, permissions, etc., the computing capacity available to upstream manager component 130. Indeed, here, isolating control of the federated cluster 110 from upstream manager component 130 may prevent upstream manager component 130, or a user of upstream manager component 130, from monopolizing the compute capacity of federated cluster 110.
[00027] In implementations herein, system 100 may be configured such that compute node 106 may be operatively coupled to federated cluster 110 via an application server cluster 120 using lower quality links, for example, wireless area network (WAN) link, or internet links. Similarly, system 100 may be configured such that compute node 102 and compute node 104, within federated cluster 110, may be operatively coupled to federated cluster 110 via application server cluster 120 using lower quality links. System 100 may be configured such that if a link through the cluster 120 fails, either between upstream manager component 130 and downstream manager component 112, or between downstream manager component 112 and downstream agent component 114, system 100 may failover to a new link. In some embodiments, a waiting period may pass before a new link is initiated, for example, to prevent premature failover. By way of example, upstream manager component 130 may detect that a communication link to downstream manager 112 has failed. Upstream manager component 130 may wait a predetermined amount of time, and may then establish a new link to downstream manager component 112 through jabber cluster 120. This allows system 100 to have improved reliability and fault recovery.
[00028] FIG. 2 depicts a flow chart of an illustrative method 200 of operating a system for isolating virtual machine hosts, according to an embodiment, and with reference to the system 100 depicted in FIG. 1. In FIG. 2, as with other methods herein, processing related to performance of the method steps may be
performed by or among one or more of the various entities within the system. For example, the method steps or processing related thereto may be performed by one or more processing elements in the system, such as via the federated cluster 110, one or more compute nodes, including but not limited to those within the federated cluster, one or more network administrator components 150, and/or one or more management components 160. According to the exemplary implementation shown in FIG. 2, an illustrative method may comprise a first, optional step of federating a cluster of compute nodes including designating a compute nodes as the location for a downstream manager and remaining compute nodes as the location for downstream agents 202. However, such federation may occur prior to the processing described in more detail below, for example, by another entity. Method 200 may then proceed to and includes receiving, at a first compute node, an instruction from the second compute node (e.g., via a first X PP server) to define a virtual machine, at 204. Following the details set forth in the implementation of FIG. 1, downstream manager component 112 may receive an instruction from the upstream manager component 130 via an application server cluster 20 to define a virtual machine. An instruction is sent from the first compute node to a third compute node via the second XMPP server to define the virtual machine, at 206. Downstream manager component 112 may then send an instruction to downstream
agent component 114 via the cluster 120 to define a virtual machine.
[00029] Figure 3 is a flow chart depicting another method of processing information related to isolating virtual machine hosts, according to a disclosed implementation. The processing of FIG. 3 may be performed by or among one or more of the various entities in the system 100, as explained above.
[00030] The illustrative method 300 of FIG 3 may begin with the steps of FIG 2, namely receiving, at a first compute node, an instruction from the second compute node (e.g., via a first XMPP server) to define a virtual machine, at 302. Further, an instruction may be sent from the first compute node to a third compute node via the second XMPP server to define the virtual machine, at 304. Addtionally, the method 300 may comprise, at 306, receiving an indication from the downstream agent component indicating whether the provisioning was successful, and, at 308, sending a message indicating the provision result to the upstream manager component.
[00031] Figure 4 is a flow chart depicting a further method for virtual machine isolation, according to a disclosed implementation. In FIG. 4, as with other figures and processes herein, processing related to performance of the method steps may be performed by among one or more of the various entities within the system. For example, the method steps or processing related thereto may be performed by one or more processing elements in the system, such as via the federated cluster 110, one or more compute nodes, including but not limited to those within the federated cluster, one or more network administrator
components 150, and/or one or more management components 160. According to the exemplary implementation shown in FIG. 4, an illustrative method may comprise, at 402, processing information, related to defining and/or sending a provisioning request to an upstream manager component 130. Then, at 404, processing information related to defining a message, via the upstream manager component 130, including the provision request, and sending the
message/provision request to the downstream manager component 112 via an application server/jabber cluster 120. Next, the method may comprise, at 406, processing information related to receipt, at the downstream manager
component 112, of the provision request and/or selection of a downstream agent component 114 to host the virtual machine, as well as, at 408, processing information related to transmission of the provision request to the downstream agent component 114 via the application server/jabber cluster 120. Finally, the illustrative method of FIG. 4 may comprise, at 410, processing information related to accepting, via the downstream agent component 114, the provision request and instantiating/provisioning/configuring the virtual machine.
[00032] Figure 5 is a flow chart depicting still another method for virtual machine isolation, according to a disclosed implementation. The processing of the exemplary method of FIG. 5 may be performed by the components and/or distributed components set forth above. According to the exemplary implementation shown in FIG. 5, another illustrative method may comprise, at 502, processing information regarding transmission, via the downstream agent component 114, of a provision result to the downstream manager component 112. Further, the method may comprise, at 504, processing information regarding polling the upstream manager component 130 for a provision result. Next, the method may comprise, at 506, processing information regarding transmission, via the upstream manager component 130, of a polling result, such as to a user 145, an administrator 150 and/or a management component 160. Then, the method may comprise processing information regarding defining a provision result and transmitting a message, via the downstream manager component 112, indicative of the provision result to the upstream manager component 130 via the application server/jabber cluster 120. Finally, at 510, the method may comprise processing information regarding storing and/or updating records, via the upstream manager component 130.
[00033] FIG. 6 depicts a flow diagram depicting an illustrative method 600 of operating a system for isolating virtual machine hosts, according to a disclosed implementation. Method 600 flows along arrow AA from BB to CC. As shown in method 600, a user accesses a network with a user device, defines a provision request (e.g. instantiating, provisioning, and/or configuring a virtual machine), and sends a provision request via HTTP or REST to the upstream manager, at 602. The upstream manager defines an XMPP message including the provision request, and sends the XMPP provision request to downstream manager via jabber cluster, at 604. In some embodiments, the upstream manager may validate the configuration, including verifying that the request does not violate any user permissions or constraints. Downstream manager then receives the X PP provision request and selects a downstream agent to host the virtual machine at 606, and sends the provision request to downstream agent via jabber cluster, at 608. Downstream agent may then accept the provision request and instantiate, provision, and/or configure the virtual machine, at 610. In some embodiments, instantiating, provisioning, and/or configuring the virtual machine may include, for example, unarchiving files, templates, etc. In some
embodiments, downstream agent may decline the provision request. In such embodiments, downstream agent may send a decline response to downstream manager, and downstream manager may select an alternative downstream agent. Downstream agent sends a provision result to downstream manager, at 612. The user device polls the upstream manager for a provision result, at 614. The upstream device may then send a polling result to the user device. For example, the polling result may indicate that the provisioning is in-progress, has failed, or is complete, at 616. Downstream manager defines a provision result, at 618, and sends a message indicative of the provision result to the upstream manager via jabber cluster, at 620. The upstream manager stores the result of the provision request and updates user records, for example, virtual machine quotas etc., at 622. The user device may then poll the upstream manager for a provision result, at 624. Finally, the upstream device may send a polling result to the user device, for example, the polling result may indicate that the provisioning is in-progress, has failed, or is complete, at 626.
[00034] As used in this specification, the singular forms "a," "an" and "the" include plural referents unless the context clearly dictates otherwise. Thus, for example, the term "a downstream agent" is intended to mean a single
downstream agent, or a combination of downstream agents. [00035] Some embodiments described herein relate to a computer storage product with a computer-readable medium (also may be referred to as a processor-readable medium) having instructions or computer code thereon for performing various computer-implemented operations. The media and computer code (also may be referred to as code) may be those designed and constructed for the specific purpose or purposes. Examples of computer-readable media include, but are not limited to: magnetic storage media such as hard disks, floppy disks, and magnetic tape; optical storage media such as Compact
Disc/Digital Video Discs (CD/DVDs), Compact Disc-Read Only Memories (CD- ROMs), and holographic devices; magneto-optical storage media such as optical disks; and hardware devices that are specially configured to store and execute program code, such as Application-Specific Integrated Circuits (ASICs),
Programmable Logic Devices (PLDs), and Read-Only Memory (ROM) and Random-Access Memory (RAM) devices.
[00036] Examples of computer code include, but are not limited to, micro-code or micro-instructions, machine instructions, such as produced by a compiler, code used to produce a web service, and files containing higher-level
instructions that are executed by a computer using an interpreter. For example, embodiments may be implemented using Java, C++, or other programming languages (e.g., object-oriented programming languages) and development tools. Additional examples of computer code include, but are not limited to, control signals, encrypted code, and compressed code.
[00037] While various embodiments have been described above, it should be understood that they have been presented by way of example only, not limitation, and various changes in form and details may be made. Any portion of the apparatus and/or methods described herein may be combined in any combination, except mutually exclusive combinations. The embodiments described herein may include various combinations and/or sub-combinations of the functions, components and/or features of the different embodiments described. For example, while FIG. 1 depicts a single federated cluster 110 having a single downstream agent 114, in some embodiments, the system 100 may include two or more federated clusters 110 each having one or more downstream agents 114.

Claims

Claims:
1. A method for processing information regarding virtual machine host isolation, the method comprising:
receiving, at a first compute node, an instruction from a second compute node via a first application server to define a virtual machine; and
sending, from the first compute node, an instruction to a third compute node via a second application server to define a virtual machine.
2. The method of claim 1 further comprising:
federating a cluster of compute nodes including the first compute node and the second compute node including designating the first compute node as a downstream manager and the second compute node and any remaining compute nodes as downstream agents, wherein the federated cluster is configured to logically appear to the second compute node designated as an upstream manager component as a single compute node.
3. The method of claim 1 further comprising, via the first compute node:
operating an agent emulation module adapted to couple the federated cluster to an upstream manager via an application server cluster or jabber cluster; and/or presenting the federated cluster to the upstream manager as a single downstream agent including available capacity of an entire cluster of compute nodes.
4. The method of claim 1 further comprising defining, via the first compute node, a provision request associated with one of the downstream agents, and send the provision request to the one downstream agent component.
5. The method of claim 4 wherein the provision request includes a request to instantiate and/or provision a virtual machine, and further comprising, via the first compute node:
receiving an indication from the one downstream agent indicating whether the provisioning was successful; and/or
sending a message indicating the provision result to the second compute node.
6. The method of claim 2 further comprising:
transmitting state information of the federated cluster, via an XMPP message, to the second compute node, such that the second compute node has access to the federated cluster's computing capacity while only updating state information when a state change within the federated cluster occurs, wherein the federated cluster thereby operates with less administrative overhead, making the system and the federated cluster more scalable.
7. A method for processing information regarding virtual machine host isolation, the method comprising:
processing information related to defining and/or sending a provisioning request to an upstream manager component; processing information related to defining a message, via the upstream manager component, including the provision request, and sending the
message/provision request to the downstream manager component via an application server cluster or jabber cluster;
processing information related to receipt, at the downstream manager component, of the provision request and/or selection of a downstream agent component to host the virtual machine;
processing information related to transmission of the provision request to the downstream agent component via the application server cluster or jabber cluster; and
processing information related to accepting, via the downstream agent component, the provision request and instantiating/provisioning/configuring the virtual machine.
8. The method of claim 7 wherein the instantiating/provisioning/configuring the virtual machine includes unarchiving files and/or templates.
9. The method of claim 7 further comprising processing information regarding decline, by the downstream agent component, of the provision request, wherein the downstream agent component is configured to send a decline response to the downstream manager component, and the downstream manager component is configured to select an alternative downstream agent.
10. The method of claim 7 further comprising processing information regarding validating, via the upstream manager component, the configuration, including verifying that the request does not violate any permissions or constraints.
11. The method of claim 7 further comprising:
processing information regarding transmission, via the downstream agent component, of a provision result to the downstream manager component;
processing information regarding polling the upstream manager component for a provision result;
processing information regarding transmission, via the upstream manager component, of a polling result to a user or a management component;
processing information regarding defining a provision result and transmitting a message, via the downstream manager component, indicative of the provision result to the upstream manager component via the application server cluster or jabber cluster;
processing information regarding storing and/or updating records, via the upstream manager component.
12. The method of claim 11 further comprising processing information regarding: polling, via the user or the management component, the upstream manager component for a provision result; and
transmission, via the upstream manager component, a polling result to the user or the management component.
13. A system comprising: a first compute node;
a second compute node operatively coupled to the first compute node via a first application server; and
a third compute node operatively coupled to the first compute node via a second application server;
wherein the first compute node is included within a federated cluster that includes the third compute node, and configured: to receive an instruction from the second compute node via the first application server to define a virtual machine, and to send an instruction to the third compute node via the second application server to define the virtual machine.
14. The system of claim 13 wherein the first application server and the second application server are extensible messaging and presence protocol (XMPP) servers.
15. A system comprising:
a federated cluster component including:
one or more compute nodes including a first compute node, which is connected to a second compute node outside the federated cluster, and a third compute node;
a downstream management component associated with a first compute node; and
a downstream agent component associated with a second compute node;
wherein the second compute node is operatively coupled to the first compute node via one or more application servers; wherein the first compute node is included within a federated cluster that includes the third compute node, and configured: to receive an instruction from the second compute node via a first server to define a virtual machine, and to send an instruction to the third compute node via a second server to define the virtual machine.
16. A system comprising:
a federated cluster including one or more compute nodes, a downstream management component associated with a first compute node, and a downstream agent component associated with a second compute node;
an application server cluster configured with a messaging or communication protocol that supports communication between upstream and downstream manager- agent components;
a first compute node;
a second compute node operatively coupled to the first compute node via a first application server; and
a third compute node operatively coupled to the first compute node via a second application server;
wherein the first compute node is included within a federated cluster that includes the third compute node, and configured: to receive an instruction from the second compute node via the first application server to define a virtual machine, and to send an instruction to the third compute node via the second application server to define the virtual machine.
17. The system of claim 15 or claim 16 wherein the federated cluster includes a cluster of compute nodes or multiple cooperating compute nodes that are not centrally managed, and wherein one of the compute nodes is designated as a location for the downstream manager component and any remaining compute nodes as the location for downstream agents.
18. The system of claim 15 or claim 16 wherein a compute node within the federated cluster is designated as the location for the downstream manager and is configured to:
operate an agent emulation module adapted to couple the federated cluster to an upstream manager via an application server cluster or jabber cluster; and/or
present the federated cluster to the upstream manager as a single
downstream agent including available capacity of an entire cluster of compute nodes.
19. The system of claim 15 or claim 16 wherein the messaging or communication protocol is configured to require low processing and memory resources, is
standardized, is customizable, is point-to-point, and/or is configured to send and receive state and/or provisioning messages.
20. The system of claim 15 or claim 16 wherein the application server cluster includes an XMPP application server including one or more extensible messaging and presence protocol (XMPP) servers logically connected and configured to support XMPP communication(s).
21. The system of claim 20 wherein the XMPP application server comprises at least one jabber cluster, and wherein the one or more XMPP servers are configured to support XMPP communication between an upstream manager component and a downstream manager component, and between the downstream manager component and a downstream agent component.
22. The system of claim 20 wherein the XMPP application server comprises two or more jabber clusters, including a first jabber cluster having one or more servers logically connected and configured to support communication between an upstream manager component and a downstream manager component, and a second jabber cluster having one or more servers logically connected and configured to support communication between the downstream manager component and a downstream agent component, such that communication between the downstream manager component and the downstream agent component is secured separately from communication between the upstream manager component and the downstream manager component and is configured to continue in the event of a failure of any portion of the first jabber cluster.
23. The system of claim 15 or claim 6 wherein the downstream manager component is configured to define a provision request associated with the
downstream agent component, and send the provision request to the downstream agent component.
24. The system of claim 23 wherein the provision request includes a request to instantiate and/or provision a virtual machine, and the downstream manager component is configured to:
receive an indication from the downstream agent component indicating whether the provisioning was successful; and/or
send a message indicating the provision result to the upstream manager component.
25. The system of claim 15 or claim 16 wherein the system is configured such that state information of the federated cluster is sent, such as via an XMPP message, to upstream manager component, such that the upstream manager component has access to the federated cluster's computing capacity while only updating state information when a state change within the federated cluster occurs, wherein the federated cluster thereby operates with less administrative overhead, making the system and the federated cluster more scalable.
26. The system of claim 15 or claim 16 wherein the system is configured so that the jabber cluster addresses the federated cluster as a single downstream agent, such that any compute node and/or associated downstream agent of the federated cluster can act as a service endpoint, wherein, if any portion of federated cluster becomes unavailable, the upstream manager component is configured to send a provision request to another location, reboot an offline virtual machine in another location, and/or migrate a virtual machine to another location.
27. The system of claim 15 or claim 16 wherein the system is configured in that the downstream manager component receives commands and requests from the upstream manager component, but is not controlled by the upstream manager component, wherein the upstream manager component and associated users have access to the federated cluster's computing capacity without having complete control of the federated cluster's compute capacity.
28. The system of claim 27 wherein the federated cluster, via the downstream manager component, is configured to limit, such as via quotas and/or permissions, computing capacity available to the upstream manager component, providing isolating control of the federated cluster from the upstream manager component and thereby preventing the upstream manager component, or a user of the upstream manager component, from monopolizing the compute capacity of the federated cluster.
29. The invention of any claim herein wherein the upstream manager component is configured to:
receive provision results from the downstream manager component, store those results, and/or send status updates and/or results to the user via network; and/or
logically interact with the federated cluster as a single compute node.
30. The invention of any claim herein wherein the upstream manager component is configured to process information to treat a first federated cluster including a single downstream manager and a one or more downstream agents as a single compute node having a first amount of computing capacity, and treat a second federated cluster including a single downstream manager and ten downstream agents as a single compute node have a second amount of computing capacity distinct from the other compute node, such that the upstream manager component need not store state and other information for each individual downstream agent, but instead may only store state and other information for each federated cluster.
31. The invention of any claim herein wherein the upstream manager component is configured to include customer data, such as available capacity, virtual machine quotas, and the like, such that the upstream manager component is configured to accept or decline a request to provision a virtual machine, and/or can determine provisioning option based on that customer information.
32. The invention of any claim herein wherein the upstream manager component is configured to:
receive hypertext transport protocol (HTTP) instructions from a device, a user, a customer, a network administrator, and/or other management component; and/or define an XMPP instruction(s) to the downstream manager component via the application server cluster and/or the jabber cluster.
33. The invention of any claim herein wherein a compute node within the federated cluster is designated as the location for the downstream manager and is configured to:
operate an agent emulation module adapted to couple the federated cluster to an upstream manager via an application server/jabber cluster; and/or present the federated cluster to the upstream manager as a single downstream agent including available capacity of an entire cluster of compute nodes.
PCT/US2013/026907 2012-02-20 2013-02-20 Systems and methods involving virtual machine host isolation over a network Ceased WO2013126430A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP13751256.2A EP2817726A4 (en) 2012-02-20 2013-02-20 Systems and methods involving virtual machine host isolation over a network
CN201380010077.0A CN104246743B (en) 2012-02-20 2013-02-20 Systems and methods involving isolation of virtual machine hosts on a network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201261600888P 2012-02-20 2012-02-20
US61/600,888 2012-02-20

Publications (1)

Publication Number Publication Date
WO2013126430A1 true WO2013126430A1 (en) 2013-08-29

Family

ID=49004759

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2013/026907 Ceased WO2013126430A1 (en) 2012-02-20 2013-02-20 Systems and methods involving virtual machine host isolation over a network

Country Status (4)

Country Link
US (1) US9152441B2 (en)
EP (1) EP2817726A4 (en)
CN (1) CN104246743B (en)
WO (1) WO2013126430A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013126638A1 (en) * 2012-02-24 2013-08-29 Interdigital Patent Holdings, Inc. Methods, apparatus and methods for mobile cloud bursting
US10326709B1 (en) * 2014-06-30 2019-06-18 EMC IP Holding Company LLC Cluster aware container manager
US9898219B1 (en) 2014-06-30 2018-02-20 EMC IP Holding Company LLC Allocating a device to a container
US9600682B2 (en) 2015-06-08 2017-03-21 Accenture Global Services Limited Mapping process changes
US10498807B2 (en) 2015-10-19 2019-12-03 Citrix Systems, Inc. Multi-tenant multi-session catalogs with machine-level isolation
US12339979B2 (en) 2016-03-07 2025-06-24 Crowdstrike, Inc. Hypervisor-based interception of memory and register accesses
US12248560B2 (en) * 2016-03-07 2025-03-11 Crowdstrike, Inc. Hypervisor-based redirection of system calls and interrupt-based task offloading
US12014221B2 (en) 2018-04-06 2024-06-18 Schneider Electric USA, Inc. Semantic meta federation broker for cloud environments
US12190144B1 (en) 2020-06-22 2025-01-07 Amazon Technologies, Inc. Predelivering container image layers for future execution of container images
US11853807B1 (en) * 2020-12-01 2023-12-26 Amazon Technologies, Inc. Cluster scaling based on task state information
US11797287B1 (en) 2021-03-17 2023-10-24 Amazon Technologies, Inc. Automatically terminating deployment of containerized applications
US12443424B1 (en) 2021-03-30 2025-10-14 Amazon Technologies, Inc. Generational management of compute resource pools
US11989586B1 (en) 2021-06-30 2024-05-21 Amazon Technologies, Inc. Scaling up computing resource allocations for execution of containerized applications
US11995466B1 (en) 2021-06-30 2024-05-28 Amazon Technologies, Inc. Scaling down computing resource allocations for execution of containerized applications

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040006587A1 (en) * 2002-07-02 2004-01-08 Dell Products L.P. Information handling system and method for clustering with internal cross coupled storage
US20050055708A1 (en) 2003-09-04 2005-03-10 Kenneth Gould Method to block unauthorized network traffic in a cable data network
US20070055781A1 (en) * 2005-09-06 2007-03-08 Christian Fleischer Connection manager capable of supporting both distributed computing sessions and non distributed computing sessions
US20080066143A1 (en) 2006-09-07 2008-03-13 Tsung-Yuan Charles Tai Method, apparatus and system for isolating a temporary partition on a host
US20090138615A1 (en) 2007-11-28 2009-05-28 Alcatel-Lucent System and method for an improved high availability component implementation
US7653682B2 (en) * 2005-07-22 2010-01-26 Netapp, Inc. Client failure fencing mechanism for fencing network file system data in a host-cluster environment
US7890689B2 (en) * 2003-12-08 2011-02-15 The Board Of Trustees Of The Leland Stanford Junior University Virtual appliance management
US20110066672A1 (en) * 2009-09-14 2011-03-17 Red Hat, Inc. Transaction Sticky Load Balance Policies

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6438576B1 (en) * 1999-03-29 2002-08-20 International Business Machines Corporation Method and apparatus of a collaborative proxy system for distributed deployment of object rendering
US6650839B1 (en) * 2000-05-23 2003-11-18 Quantum Bridge Communications, Inc. Method and apparatus for optical media access protection in a passive optical network
AU2002239391A1 (en) * 2000-11-30 2002-06-11 Message Machines, Inc. Systems and methods for routing messages to communications devices
US7080378B1 (en) * 2002-05-17 2006-07-18 Storage Technology Corporation Workload balancing using dynamically allocated virtual servers
US7539748B2 (en) * 2003-05-16 2009-05-26 Time Warner Cable, A Division Of Time Warner Entertainment Company, L.P. Data transfer application monitor and controller
US20050071453A1 (en) * 2003-09-30 2005-03-31 Nortel Networks Limited Service performance correlation (SPC) and service fault correlation (SFC) for managing services transported over circuit-oriented and connectionless networks
US7243089B2 (en) * 2003-11-25 2007-07-10 International Business Machines Corporation System, method, and service for federating and optionally migrating a local file system into a distributed file system while preserving local access to existing data
US8392564B1 (en) * 2005-06-20 2013-03-05 Oracle America, Inc. Cluster-wide resource usage monitoring
US9049205B2 (en) * 2005-12-22 2015-06-02 Genesys Telecommunications Laboratories, Inc. System and methods for locating and acquisitioning a service connection via request broadcasting over a data packet network
US8917717B2 (en) * 2007-02-13 2014-12-23 Vonage Network Llc Method and system for multi-modal communications
US8875249B2 (en) * 2006-03-01 2014-10-28 Oracle International Corporation Minimum lifespan credentials for crawling data repositories
US7519711B2 (en) * 2006-06-15 2009-04-14 International Business Machines Corporation Method for middleware assisted system integration in a federated environment
MX2009000009A (en) * 2006-06-30 2009-04-06 Vonage Holdings Corp Method and system for network path discrimination.
US7949711B2 (en) * 2007-01-24 2011-05-24 Chang Ypaul L Method, system, and program for integrating disjoined but related network components into collaborative communities
CA2645716C (en) * 2007-11-21 2017-05-30 Datagardens Inc. Adaptation of service oriented architecture
US7761579B2 (en) * 2007-11-27 2010-07-20 Verizon Patent And Licensing Inc. Packet-switched network-to-network interconnection interface
US8281307B2 (en) * 2009-06-01 2012-10-02 International Business Machines Corporation Virtual solution composition and deployment system and method
EP2234331A1 (en) * 2009-03-25 2010-09-29 BRITISH TELECOMMUNICATIONS public limited company Network topology
US20100260174A1 (en) * 2009-04-09 2010-10-14 Research In Motion Limited Relay access node with separate control and transport signaling for session-based communications
US9459936B2 (en) * 2009-05-01 2016-10-04 Kaazing Corporation Enterprise client-server system and methods of providing web application support through distributed emulation of websocket communications
US20110196925A1 (en) * 2010-02-11 2011-08-11 Martin Hans Methods and apparatus for providing presence service for contact management representation
US8443367B1 (en) * 2010-07-16 2013-05-14 Vmware, Inc. Federated management in a distributed environment
JP2012129733A (en) * 2010-12-14 2012-07-05 Fujitsu Ltd Packet transmission device and packet transmission method
US9167004B2 (en) * 2011-02-17 2015-10-20 Sable Networks, Inc. Methods and systems for detecting and mitigating a high-rate distributed denial of service (DDoS) attack
US8538926B2 (en) * 2011-03-08 2013-09-17 Rackspace Us, Inc. Massively scalable object storage system for storing object replicas
US8510267B2 (en) * 2011-03-08 2013-08-13 Rackspace Us, Inc. Synchronization of structured information repositories
US8793313B2 (en) * 2011-09-08 2014-07-29 Red 5 Studios, Inc. Systems, methods and media for distributing peer-to-peer communications
US9519520B2 (en) * 2011-10-25 2016-12-13 Viasat, Inc. Federated, policy-driven service meshes for distributed software systems
US9088584B2 (en) * 2011-12-16 2015-07-21 Cisco Technology, Inc. System and method for non-disruptive management of servers in a network environment
US8843622B1 (en) * 2011-12-19 2014-09-23 Cisco Technology, Inc. System and method to contact and maintain status of managed devices

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040006587A1 (en) * 2002-07-02 2004-01-08 Dell Products L.P. Information handling system and method for clustering with internal cross coupled storage
US20050055708A1 (en) 2003-09-04 2005-03-10 Kenneth Gould Method to block unauthorized network traffic in a cable data network
US7890689B2 (en) * 2003-12-08 2011-02-15 The Board Of Trustees Of The Leland Stanford Junior University Virtual appliance management
US7653682B2 (en) * 2005-07-22 2010-01-26 Netapp, Inc. Client failure fencing mechanism for fencing network file system data in a host-cluster environment
US20070055781A1 (en) * 2005-09-06 2007-03-08 Christian Fleischer Connection manager capable of supporting both distributed computing sessions and non distributed computing sessions
US20080066143A1 (en) 2006-09-07 2008-03-13 Tsung-Yuan Charles Tai Method, apparatus and system for isolating a temporary partition on a host
US20090138615A1 (en) 2007-11-28 2009-05-28 Alcatel-Lucent System and method for an improved high availability component implementation
US20110066672A1 (en) * 2009-09-14 2011-03-17 Red Hat, Inc. Transaction Sticky Load Balance Policies

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2817726A4

Also Published As

Publication number Publication date
CN104246743B (en) 2017-03-29
US9152441B2 (en) 2015-10-06
US20130227568A1 (en) 2013-08-29
EP2817726A4 (en) 2015-12-09
CN104246743A (en) 2014-12-24
EP2817726A1 (en) 2014-12-31

Similar Documents

Publication Publication Date Title
US9152441B2 (en) Systems and methods involving virtual machine host isolation over a network via a federated downstream cluster
CN105511805B (en) The data processing method and device of cluster file system
JP4900982B2 (en) Method for managing failover in a server cluster, failover server and computer program
US8788565B2 (en) Dynamic and distributed queueing and processing system
US9032091B2 (en) Apparatus and method for managing a network of intelligent devices
US10547693B2 (en) Security device capability discovery and device selection
CN102664909B (en) Re-establishing push notification channels via user identifiers
CN104935672B (en) Load balancing service high availability implementation method and equipment
US20080028048A1 (en) System and method for server configuration control and management
US7937716B2 (en) Managing collections of appliances
US20090063650A1 (en) Managing Collections of Appliances
US11601360B2 (en) Automated link aggregation group configuration system
CN107493199A (en) A kind of distributed type assemblies management method and system
CN100426751C (en) Method for ensuring accordant configuration information in cluster system
CN110061876A (en) The optimization method and system of O&M auditing system
US20200099788A1 (en) Context data management interface for contact center
CN106648801A (en) Automatic node adding and deleting method for Hadoop cluster
CN115589365B (en) A network topology synchronization method based on Canal
CN113824801B (en) A unified access management component system for intelligent fusion terminals
CN110290163A (en) A kind of data processing method and device
CN116016209B (en) A network automation method and apparatus
CN103957127A (en) Heterogeneous manufacturer transmission network interface adaptation method
CN104301240B (en) Data transmission method and system
CN102111783A (en) Primary subcommand rollback method and terminal
CN106961475A (en) A kind of remote disk sharing method and shared system based on NBD

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13751256

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2013751256

Country of ref document: EP