公开(公告)号：US20130151681A1

公开(公告)日：2013-06-13

申请号：US13323213

申请日：2011-12-12

Applicant: PAVEL DOURNOV ,  LUIS IRUN-BRIZ ,  MAXIM KHUTORNENKO ,  COREY SANDERS ,  GAURAV GUPTA ,  AKRAM HASSAN ,  IVAN SANTA MARIA FILHO ,  ASHISH SHAH ,  TODD PFLEIGER ,  SAAD SYED ,  SUSHANT REWASKAR ,  UMER AZAD

Inventor： PAVEL DOURNOV ,  LUIS IRUN-BRIZ ,  MAXIM KHUTORNENKO ,  COREY SANDERS ,  GAURAV GUPTA ,  AKRAM HASSAN ,  IVAN SANTA MARIA FILHO ,  ASHISH SHAH ,  TODD PFLEIGER ,  SAAD SYED ,  SUSHANT REWASKAR ,  UMER AZAD

IPC: G06F15/173 ,  G06F9/46

CPC classification number: G06F8/656

Abstract: Methods, systems, and computer-readable media for facilitating coordination between a fabric controller of a cloud-computing network and a service application running in the cloud-computing network are provided. Initially, an update domain (UD) that includes role instance(s) of the service application is selected, where the service application represents a stateful application is targeted for receiving a tenant job executed thereon. The process of coordination involves preparing the UD for execution of the tenant job, disabling the role instance(s) of the UD to an offline condition, allowing the tenant job to execute, and restoring the role instance(s) to an online condition upon completing execution of the tenant job. Preparing the UD includes notifying a management role established within the service application of the fabric controller's intent to execute the tenant job and receiving a management-role response communicating a presence of replications of internal state(s) of the role instance(s) affected by the tenant job.

Abstract translation: 提供了用于促进云计算网络的结构控制器和在云计算网络中运行的服务应用之间的协调的方法，系统和计算机可读介质。 最初，选择包括服务应用程序的角色实例的更新域（UD），其中服务应用程序代表有状态应用程序的目标是接收在其上执行的租户作业。 协调过程包括准备UD以执行租户作业，禁用UD的角色实例到脱机状态，允许租户作业执行，并将角色实例恢复到在线状态 完成租户工作的执行。 准备UD包括通知在服务应用程序中建立的管理角色的结构控制器意图执行承租人作业并且接收管理角色响应来传达对受到影响的角色实例的内部状态的复制的存在 租户工作。

公开(公告)号：US08990562B2

公开(公告)日：2015-03-24

申请号：US12901445

申请日：2010-10-08

Applicant: Ian Jirka ,  Kahren Tevosyan ,  Corey Sanders ,  George M. Moore ,  Mohit Srivastava ,  Mark Eugene Russinovich

Inventor： Ian Jirka ,  Kahren Tevosyan ,  Corey Sanders ,  George M. Moore ,  Mohit Srivastava ,  Mark Eugene Russinovich

IPC: H04L9/32 ,  G06F21/00 ,  G06F7/04 ,  G06F21/33 ,  H04L29/06 ,  G06F21/57

CPC classification number: H04L9/3228 ,  G06F9/45558 ,  G06F21/33 ,  G06F21/57 ,  G06F2009/45562 ,  G06F2009/45595 ,  H04L63/0823

Abstract: An invention is described for securely deploying a provable identity for virtual machines (VMs) in a dynamic environment. In an embodiment, a fabric controller instructs a VM host to create a VM and sends that VM a secret. The fabric controller sends that same secret (or a second secret, such as the private key of a public/private key pair) to the security token service along with an instruction to make an account for the VM. The VM presents proof that it possesses the secret to the security token service and in return receives a full token. When a client connects to the deployment, it receives the public key from the security token service, which it trusts, and the full token from the VM. It validates the full token with the public key to determine that the VM has the identity that it purports to have.

Abstract translation: 描述了用于在动态环境中安全地部署用于虚拟机（VM）的可证明身份的发明。 在一个实施例中，结构控制器指示VM主机创建VM并将该VM发送给机密。 结构控制器向安全令牌服务器发送相同的秘密（或第二个密钥，例如公共/私人密钥对的私有密钥）以及为VM进行帐户的指令。 VM提供证明它拥有安全令牌服务的秘密，并且返回接收到完整的令牌。 当客户端连接到部署时，它从安全令牌服务（它信任的）接收公钥，并从VM接收完整的令牌。 它使用公钥验证完整的令牌，以确定虚拟机具有其所声称的身份。

公开(公告)号：US08935375B2

公开(公告)日：2015-01-13

申请号：US13323213

申请日：2011-12-12

Applicant: Pavel Dournov ,  Luis Irun-Briz ,  Maxim Khutomenko ,  Corey Sanders ,  Gaurav Gupta ,  Akram Hassan ,  Ivan Santa Maria Filho ,  Ashish Shah ,  Todd Pfleiger ,  Saad Syed ,  Sushant Rewaskar ,  Umer Azad

Inventor： Pavel Dournov ,  Luis Irun-Briz ,  Maxim Khutomenko ,  Corey Sanders ,  Gaurav Gupta ,  Akram Hassan ,  Ivan Santa Maria Filho ,  Ashish Shah ,  Todd Pfleiger ,  Saad Syed ,  Sushant Rewaskar ,  Umer Azad

IPC: G06F15/173 ,  G06F15/16 ,  G06F9/46

CPC classification number: G06F8/656

Abstract: Methods, systems, and computer-readable media for facilitating coordination between a fabric controller of a cloud-computing network and a service application running in the cloud-computing network are provided. Initially, an update domain (UD) that includes role instance(s) of the service application is selected, where the service application represents a stateful application is targeted for receiving a tenant job executed thereon. The process of coordination involves preparing the UD for execution of the tenant job, disabling the role instance(s) of the UD to an offline condition, allowing the tenant job to execute, and restoring the role instance(s) to an online condition upon completing execution of the tenant job. Preparing the UD includes notifying a management role established within the service application of the fabric controller's intent to execute the tenant job and receiving a management-role response communicating a presence of replications of internal state(s) of the role instance(s) affected by the tenant job.

Abstract translation: 提供了用于促进云计算网络的结构控制器和在云计算网络中运行的服务应用之间的协调的方法，系统和计算机可读介质。 最初，选择包括服务应用程序的角色实例的更新域（UD），其中服务应用程序代表有状态应用程序的目标是接收在其上执行的租户作业。 协调过程包括准备UD以执行租户作业，禁用UD的角色实例到脱机状态，允许租户作业执行，并将角色实例恢复到在线状态 完成租户工作的执行。 准备UD包括通知在服务应用程序中建立的管理角色的结构控制器意图执行承租人作业并且接收管理角色响应来传达对受到影响的角色实例的内部状态的复制的存在 租户工作。

公开(公告)号：US20120089833A1

公开(公告)日：2012-04-12

申请号：US12901445

申请日：2010-10-08

Applicant: Ian Jirka ,  Kahren Tevosyan ,  Corey Sanders ,  George M. Moore ,  Mohit Srivastava ,  Mark Eugene Russinovich

Inventor： Ian Jirka ,  Kahren Tevosyan ,  Corey Sanders ,  George M. Moore ,  Mohit Srivastava ,  Mark Eugene Russinovich

IPC: H04L9/32

CPC classification number: H04L9/3228 ,  G06F9/45558 ,  G06F21/33 ,  G06F21/57 ,  G06F2009/45562 ,  G06F2009/45595 ,  H04L63/0823

Abstract: An invention is described for securely deploying a provable identity for virtual machines (VMs) in a dynamic environment. In an embodiment, a fabric controller instructs a VM host to create a VM and sends that VM a secret. The fabric controller sends that same secret (or a second secret, such as the private key of a public/private key pair) to the security token service along with an instruction to make an account for the VM. The VM presents proof that it possesses the secret to the security token service and in return receives a full token. When a client connects to the deployment, it receives the public key from the security token service, which it trusts, and the full token from the VM. It validates the full token with the public key to determine that the VM has the identity that it purports to have.

Abstract translation: 描述了用于在动态环境中安全地部署用于虚拟机（VM）的可证明身份的发明。 在一个实施例中，结构控制器指示VM主机创建VM并将该VM发送给机密。 结构控制器向安全令牌服务器发送相同的秘密（或第二个密钥，例如公共/私人密钥对的私钥）以及为VM建立帐户的指令。 VM提供证明它拥有安全令牌服务的秘密，并且返回接收到完整的令牌。 当客户端连接到部署时，它从安全令牌服务（它信任的）接收公钥，并从VM接收完整的令牌。 它使用公钥验证完整的令牌，以确定虚拟机具有其所声称的身份。

公开(公告)号：US20130159487A1

公开(公告)日：2013-06-20

申请号：US13415844

申请日：2012-03-09

Applicant: Parveen Kumar Patel ,  David A. Dion ,  Corey Sanders ,  Santosh Balasubramanian ,  Deepak Bansal ,  Vladimir Petter ,  Daniel Brown Benediktson

Inventor： Parveen Kumar Patel ,  David A. Dion ,  Corey Sanders ,  Santosh Balasubramanian ,  Deepak Bansal ,  Vladimir Petter ,  Daniel Brown Benediktson

IPC: G06F15/173

CPC classification number: H04L67/1031 ,  G06F2209/503 ,  H04L61/103 ,  H04L61/2007 ,  H04L67/1034

Abstract: The movement of a Virtual IP (VIP) address from cluster node to cluster node is coordinated via a load balancer. All or a subset of the nodes in a load balancer cluster may be configured as possible hosts for the VIP. The load balancer directs VIP traffic to the Dedicated IP (DIP) address for the cluster node that responds affirmatively to periodic health probe messages. In this way, a VIP failover is executed when a first node stops responding to probe messages, and a second node starts to respond to the periodic health probe messages. In response to an affirmative probe response from a new node, the load balancer immediately directs the VIP traffic to the new node's DIP. The probe messages may be configured to identify which nodes are currently responding affirmatively to probes to assist the nodes in determining when to execute a failover.

Abstract translation: 从集群节点到集群节点的虚拟IP（VIP）地址的移动通过负载平衡器进行协调。 负载平衡器集群中的所有或一部分节点可能被配置为VIP的可能主机。 负载平衡器将VIP流量引导到针对周期性健康探测消息做出肯定响应的群集节点的专用IP（DIP）地址。 以这种方式，当第一节点停止响应探测消息时，执行VIP故障切换，并且第二节点开始响应周期性健康探测消息。 响应来自新节点的肯定的探测响应，负载平衡器立即将VIP流量引导到新节点的DIP。 探测消息可以被配置为识别哪些节点当前正确地响应于探测器来帮助节点确定何时执行故障转移。