公开(公告)号：WO2014207581A3

公开(公告)日：2015-04-09

申请号：PCT/IB2014059780

申请日：2014-03-14

Applicant: IBM ,  IBM CHINA INVEST CO LTD ,  IBM DEUTSCHLAND MAN & BUSINESS SUPPORT GMBH

Inventor： BACHER UTZ ,  BUENDGEN REINHARD ,  LUECK EINAR

IPC: G06F9/44

CPC classification number: G06F21/602 ,  G06F9/45558 ,  G06F9/542 ,  G06F21/57 ,  G06F2009/45587

Abstract: A method for processing a guest event in a hypervisor-controlled system (10), comprising the steps: (i) the guest event triggering a first firmware service being specific for the guest event in a firmware (70), the guest event being associated with a guest (20) and with a guest state (52) and a guest memory (22) encrypted with a guest key (24); (ii) the firmware (70) processing information associated with the guest event, comprising information of the guest state (52) and the guest memory (22), and presenting only a subset of the information of the guest state (52) and the guest memory (22) in decrypted form to a hypervisor (30), wherein the subset of the information is selected to suffice for the hypervisor (30) to process the guest event; (iii) the firmware (70) retaining a part of the information of the guest state (52) and the guest memory (22) that is not being sent to the hypervisor (30); (iv) the hypervisor (30) processing the guest event based on the received subset of the information of the guest state (52) and the guest memory (22) and sending a process result to the firmware (70) triggering a second firmware service being specific for the guest event; (v) the firmware (70) processing the received process result together with the part of the information of the guest state (52) and the guest memory (22) that was not sent to the hypervisor (30), generating a state and/or memory modification;(vi) the firmware (70) performing the state and/or memory modification associated with the guest event at the guest memory (22) in encrypted form.

Abstract translation: 一种用于处理管理程序控制系统（10）中的客户事件的方法，包括以下步骤：（i）客户事件触发在固件（70）中特定于访客事件的第一固件服务，客户事件被关联 与宾客（20）以及宾客状态（52）和客人记忆体（22）用客人键（24）加密; （ii）所述固件（70）处理与所述客户事件相关联的信息，包括所述访客状态（52）和所述访客存储器（22）的信息，以及仅呈现所述访客状态（52）的信息的子集和 客户机存储器（22）以解密的形式发送到管理程序（30），其中所述信息的子集被选择为足以管理程序（30）处理客人事件; （iii）保持未被发送到管理程序（30）的客户状态信息（52）和客户机存储器（22）的一部分的固件（70）; （iv）所述虚拟机管理程序（30）基于接收到的状态信息（52）和来宾存储器（22）的所接收的子集来处理客体事件，并将处理结果发送到固件（70），以触发第二固件服务 特定于客人活动; （v）固件（70）与未发送到管理程序（30）的访客状态（52）和来宾存储器（22）的部分信息一起处理接收的处理结果，生成状态和/ 或存储器修改;（vi）固件（70）以加密形式执行与访客存储器（22）处的客户事件相关联的状态和/或存储器修改。

公开(公告)号：JP2009169950A

公开(公告)日：2009-07-30

申请号：JP2009000995

申请日：2009-01-06

Applicant: Internatl Business Mach Corp ,  インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation

Inventor： BOLIK CHRISTIAN ,  LUECK EINAR ,  HAUSTEIN NILS ,  NOLL DIETMAR

IPC: G06Q10/00

CPC classification number: G06Q10/00

Abstract: PROBLEM TO BE SOLVED: To manage an appropriate storage infrastructure having a plurality of storage components in accordance with consumer service level objectives (SLOs). SOLUTION: The storage components for storing consumer data are identified under consideration of specified service level objectives, and consumer SLO policies are mapped to the storage components to select available storage components for specified data classes to configure the storage components. The storage infrastructure comprises a management instance which automatically ensures that consumer data is stored on appropriate storage components satisfying the corresponding SLO policies, a consumer service level interface for providing SLO policies to the management instance, a component discovery and classification module (CDC module) for identifying storage components for storing consumer data, and a repository for storing metadata associated with the storing of consumer data under consideration of SLO policies. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：根据消费者服务水平目标（SLO）管理具有多个存储部件的适当的存储基础设施。

解决方案：用于存储消费者数据的存储组件在考虑到指定的服务级别目标的情况下被识别，消费者SLO策略被映射到存储组件，以为指定的数据类选择可用的存储组件来配置存储组件。 存储基础设施包括管理实例，其自动确保消费者数据存储在满足相应SLO策略的适当存储组件上，用于向管理实例提供SLO策略的消费者服务级接口，组件发现和分类模块（CDC模块） 识别用于存储消费者数据的存储组件，以及用于存储与考虑到SLO策略的消费者数据的存储相关联的元数据的存储库。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：GB2530225A

公开(公告)日：2016-03-16

申请号：GB201600172

申请日：2014-03-14

Applicant: IBM

Inventor： BACHER UTZ ,  BUENDGEN REINHARD ,  LUECK EINAR

IPC: G06F9/455 ,  G06F21/57

Abstract: The invention relates to a method for processing a guest event in a hypervisor- controlled system (10), comprising the steps: (i) the guest event triggering a first firmware service being specific for the guest event in a firmware (70), the guest event being associated with a guest (20) and with a guest state (52) and a guest memory (22) encrypted with a guest key (24); (ii) the firmware (70) processing information associated with the guest event, comprising information of the guest state (52) and the guest memory (22), and presenting only a subset of the information of the guest state (52) and the guest memory (22) in decrypted form to a hypervisor (30), wherein the subset of the information is selected to suffice for the hypervisor (30) to process the guest event; (iii) the firmware (70) retaining a part of the information of the guest state (52) and the guest memory (22) that is not being sent to the hypervisor (30); (iv) the hypervisor (30) processing the guest event based on the received subset of the information of the guest state (52) and the guest memory (22) and sending a process result to the firmware (70) triggering a second firmware service being specific for the guest event; (v) the firmware (70) processing the received process result together with the part of the information of the guest state (52) and the guest memory (22) that was not sent to the hypervisor (30), generating a state and/or memory modification; (vi) the firmware (70) performing the state and/or memory modification associated with the guest event at the guest memory (22) in encrypted form.

公开(公告)号：DE102014110804A1

公开(公告)日：2015-02-12

申请号：DE102014110804

申请日：2014-07-30

Applicant: IBM

Inventor： NUNEZ MENCIAS ANGEL ,  LUECK EINAR ,  JUNG MICHAEL ,  AMANN STEFAN

IPC: G06F9/44 ,  G06F9/455 ,  G06F9/50

Abstract: Eine virtuelle Maschine soll migriert werden. Um der virtuellen Maschine zu ermöglichen, eine Peripheriefunktion ohne lange Unterbrechung zu verwenden, wird eine Migrationsunterstützungseinheit (1705) bereitgestellt, wobei die Migrationsunterstützungseinheit (1705) dazu eingerichtet ist, eine Quellschreibanforderung zu empfangen, die durch eine Peripheriefunktion erzeugt worden ist, und eine Zielschreibanforderung zu erzeugen, die dieselben Schreibdaten aufweist wie die Quellschreibanforderung und an den Zielspeicherbereich der virtuellen Maschine gerichtet ist.

公开(公告)号：CA2753747A1

公开(公告)日：2012-06-14

申请号：CA2753747

申请日：2011-09-30

Applicant: IBM

Inventor： BACHER UTZ ,  LUECK EINAR ,  MIHAJLOVSKI VIKTOR

IPC: H04L12/24

Abstract: The invention relates to a method for operating a node cluster system with a plurality of nodes in a network, wherein the cluster system (100) appears to be a single node with only one specific network address (IP, MAC) to its network environment. The method comprising the steps: providing a shared socket database for linking network connection port identifications of a common set of network connection port identifications to the individual nodes, assigning a master function to one of the nodes, sending incoming traffic to all nodes of the cluster system, wherein each node verifies its responsibility for this traffic individually, exclusive assignment of a network connection port to the responsible node for the duration of a connection of the corresponding application process by means of the corresponding network connection port identification and the link established by the shared socket database, and processing of the traffic by the responsible node or otherwise by the node having the master function. Further, the invention relates to a corresponding computer-readable medium, to a corresponding computer program product and to a corresponding node cluster system.

公开(公告)号：DE102021125630A1

公开(公告)日：2022-05-19

申请号：DE102021125630

申请日：2021-10-04

Applicant: IBM

Inventor： BEIER FELIX ,  BUTTERSTEIN DENNIS ,  PERATHONER-TSCHAFFLER SABINE ,  LUECK EINAR

IPC: G06F16/27 ,  G06F16/23

Abstract: Ein durch einen Computer implementiertes Verfahren weist ein Empfangen von mindestens einem Protokollsatz auf. Auf der Grundlage des Protokollsatzes kann ein Typ von Vorgang ermittelt werden, der in einem Quelldatenbanksystem ausgeführt wird. Auf der Grundlage des Typs von Vorgang kann eine Aktualisierungsstrategie aus einem Satz von vordefinierten Aktualisierungsstrategien ausgewählt werden, wobei die Aktualisierungsstrategie eine Folge von Replikationsvorgängen angibt, die auszuführen sind, um in dem mindestens einen Protokollsatz beschriebene Änderungen auf ein Zieldatenbanksystem anzuwenden.

公开(公告)号：GB2519115A

公开(公告)日：2015-04-15

申请号：GB201317907

申请日：2013-10-10

Applicant: IBM

Inventor： BACHER UTZ ,  LUECK EINAR ,  SPATZIER THOMAS ,  RASPL STEFAN

IPC: G06F9/455

Abstract: By assigning an identifier to each entropy element, these may be provided to a selected virtual machine on a hypervisor. The entropy element may be generated by the hypervisor based on triggers related to one selected virtual machine. Restricting use of the entropy elements for the selected virtual machine, reduces the risk of attack that might reduce variation in the random entropy generated for example by incoming traffic, click events or the like. Time stamps may be used in an entropy pool for the hypervisor. A quality parameter for the verification environment for register transfer may be determined.

公开(公告)号：CA2753747C

公开(公告)日：2019-08-13

申请号：CA2753747

申请日：2011-09-30

Applicant: IBM

Inventor： BACHER UTZ ,  LUECK EINAR ,  MIHAJLOVSKI VIKTOR

IPC: H04L12/24

Abstract: The invention relates to a method for operating a node cluster system with a plurality of nodes in a network, wherein the cluster system (100) appears to be a single node with only one specific network address (IP, MAC) to its network environment. The method comprising the steps: providing a shared socket database for linking network connection port identifications of a common set of network connection port identifications to the individual nodes, assigning a master function to one of the nodes, sending incoming traffic to all nodes of the cluster system, wherein each node verifies its responsibility for this traffic individually, exclusive assignment of a network connection port to the responsible node for the duration of a connection of the corresponding application process by means of the corresponding network connection port identification and the link established by the shared socket database, and processing of the traffic by the responsible node or otherwise by the node having the master function. Further, the invention relates to a corresponding computer-readable medium, to a corresponding computer program product and to a corresponding node cluster system.

公开(公告)号：GB2508231A

公开(公告)日：2014-05-28

申请号：GB201221265

申请日：2012-11-27

Applicant: IBM

Inventor： MENCIAS ANGEL NUNEZ ,  LUECK EINAR ,  BUENDGEN REINHARD ,  BACHER UTZ

IPC: G06F9/455 ,  G06F9/50 ,  G06F12/08

Abstract: A virtual machine (VM) is executed 200 on a source virtual machine monitor (VMM, e.g. hypervisor) 110 within a logical partition. The VM is allocated certain segments of hardware memory 201 assigned to the partition for exclusive data storage. When the VM is to be migrated to a destination VMM 120, the operation of the machine is suspended 202, and information relating to the configuration of the VM, including the allocated memory segments, is sent to the new VMM 203. The memory segments are then reassigned to the logical partition containing the destination VMM 206. The VM is then shut down 205 on the source VMM, with extended configuration information including descriptions of the assigned memory segments used to recreate the VM at the destination VMM, and the operation of the VM is then resumed on the new VMM 207. This allows the transfer of the data created by the virtual machine without requiring duplication of content and/or excessive processing time.

公开(公告)号：GB2507339A

公开(公告)日：2014-04-30

申请号：GB201219367

申请日：2012-10-29

Applicant: IBM

Inventor： BACHER UTZ ,  BLASCHKA FRANK ,  LUECK EINAR ,  RAISCH CHRISTOPH

IPC: G06F9/54 ,  G06F21/44

Abstract: Method comprising: associating privileged objects (socket connection, disk-device, input/output bus access) 32.1-32.2 with application 20 comprising process resources 22.1-22.2 and corresponding semi-privileged instruction; filing the association in entity (associating table) 34 of operating system kernel 30; wherein central processing unit (CPU) 40 performs authorization check 42 if semi-privileged instruction attempts accessing privileged objects; wherein CPU executes 44 the semi-privileged instruction granting access to privileged objects if the kernel issued the semi-privileged instruction; or accesses kernel-entity if resources 22.1-22.2 issued the instruction to determine their authorization to access privileged objects; upon positive authorization, CPU executes the semi-privileged instruction granting access to privileged objects; upon failure, CPU denies execution of instruction and performs 46 corresponding authorization failure handling. File descriptor is used: by semi-privileged instruction to transfer data; by user space library to block, use select, poll, epoll; by kernel to verify resource authorization to use data transfer connection if forking occurs.