公开(公告)号：US20230102654A1

公开(公告)日：2023-03-30

申请号：US17487509

申请日：2021-09-28

Applicant: International Business Machines Corporation

Inventor： Ahilan Rajadeva ,  Constantinos Kassimis ,  Al Chakra ,  Chao Jun Wei ,  Yu Zhuo Sun

IPC: G06F9/48

Abstract: A system may include a memory and a processor in communication with the memory. The processor may be configured to perform operations. The operations may include analyzing a host system, detecting one or more specifications of the host system, and determining a displaceable capacity of the host system. The determining a displaceable capacity of the host system may include identifying a workload on the host system, establishing a workload priority for the workload, and defining a task priority of a task. The operations may include computing service metrics of the host system. The operations may include displacing a portion of the workload using the displaceable capacity.

公开(公告)号：US20220147496A1

公开(公告)日：2022-05-12

申请号：US17095867

申请日：2020-11-12

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Ahilan Rajadeva ,  Al Chakra ,  Constantinos Kassimis ,  Christopher Meyer

IPC: G06F16/188 ,  G06F16/14 ,  G06F9/455

Abstract: A method, system, and computer program product are provided for virtualizing specific values in a guest configuration based on the underlying host symbol substitution values. A symbolic link located in a traditional file system in a virtual guest is opened. Each symbol is extracted from a symbol-based file located in a symbol-based file system. The symbol-based file is accessed through a symbolic link from the traditional file system. The virtual guest issues a privileged instruction to a hypervisor for each symbol in the symbol-based file to retrieve a substitution value from a symbol table that is stored in hypervisor storage. The substitution value for each symbol is returned to the virtual guest, and it replaces the symbol in the symbol-based file. In response to a file read request for the traditional file, the substitution value is retrieved from the symbol-based file using the symbolic link from the traditional file.

公开(公告)号：US12093710B2

公开(公告)日：2024-09-17

申请号：US17128299

申请日：2020-12-21

Applicant: International Business Machines Corporation

Inventor： Ahilan Rajadeva ,  Al Chakra ,  Constantinos Kassimis ,  Christopher Meyer

IPC: G06F9/455 ,  G06F16/11 ,  G06F21/44

CPC classification number: G06F9/45558 ,  G06F16/116 ,  G06F21/44 ,  G06F2009/45587

Abstract: Techniques for integrated authentication for a container-based environment are described herein. An aspect includes accessing, by an application that is running in a container in a container environment that is hosted by a hypervisor on a host system, an authentication module that is located in the container environment. Another aspect includes invoking an authentication handler in the container environment based on the accessing of the authentication module. Another aspect includes passing control to the hypervisor from the authentication handler. Another aspect includes retrieving a security artifact from a security database of the host system by the hypervisor. Another aspect includes providing the retrieved security artifact to the application via the authentication handler. Another aspect includes performing an authentication operation by the application using the security artifact.

公开(公告)号：US11544234B2

公开(公告)日：2023-01-03

申请号：US17095867

申请日：2020-11-12

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Ahilan Rajadeva ,  Al Chakra ,  Constantinos Kassimis ,  Christopher Meyer

IPC: G06F16/188 ,  G06F16/14 ,  G06F9/455

Abstract: A method, system, and computer program product are provided for virtualizing specific values in a guest configuration based on the underlying host symbol substitution values. A symbolic link located in a traditional file system in a virtual guest is opened. Each symbol is extracted from a symbol-based file located in a symbol-based file system. The symbol-based file is accessed through a symbolic link from the traditional file system. The virtual guest issues a privileged instruction to a hypervisor for each symbol in the symbol-based file to retrieve a substitution value from a symbol table that is stored in hypervisor storage. The substitution value for each symbol is returned to the virtual guest, and it replaces the symbol in the symbol-based file. In response to a file read request for the traditional file, the substitution value is retrieved from the symbol-based file using the symbolic link from the traditional file.

公开(公告)号：US20220197680A1

公开(公告)日：2022-06-23

申请号：US17128299

申请日：2020-12-21

Applicant: International Business Machines Corporation

Inventor： Ahilan Rajadeva ,  Al Chakra ,  Constantinos Kassimis ,  Christopher Meyer

IPC: G06F9/455 ,  G06F21/44 ,  G06F16/11

Abstract: Techniques for integrated authentication for a container-based environment are described herein. An aspect includes accessing, by an application that is running in a container in a container environment that is hosted by a hypervisor on a host system, an authentication module that is located in the container environment. Another aspect includes invoking an authentication handler in the container environment based on the accessing of the authentication module. Another aspect includes passing control to the hypervisor from the authentication handler. Another aspect includes retrieving a security artifact from a security database of the host system by the hypervisor. Another aspect includes providing the retrieved security artifact to the application via the authentication handler. Another aspect includes performing an authentication operation by the application using the security artifact.