-
公开(公告)号:US11886302B1
公开(公告)日:2024-01-30
申请号:US17567693
申请日:2022-01-03
CPC分类号: G06F11/1464 , G06F9/44578 , G06F9/45558 , G06F11/1451 , G06F11/1484 , G06F2009/45575 , G06F2201/815 , G06F2201/84
摘要: Disclosed are systems and methods for execution of applications in a container. An exemplary method comprises receiving, by at least one computing device, a request to an application, wherein the application includes a set of instructions for processing the request, determining whether a state snapshot is available for the computing device, restoring state of the process from the state snapshot in a container on the computing device and processing the request based on the set of instructions by the process when the state snapshot is available, preparing at least one new process in the container on the computing device for processing the request, creating a new state snapshot for the application and processing the request based on the set of instructions by the new process when the state snapshot is not available, wherein creating the new state snapshot is performed after preparing the new process and before processing the request.
-
2.发明授权公开(公告)号:US11416155B1
公开(公告)日:2022-08-16
申请号:US17329582
申请日:2021-05-25
发明人: Pavel Emelyanov , Dmitry Monakhov , Alexey Kobets
IPC分类号: G06F3/06
摘要: Disclosed are systems and method for managing blocks of data and metadata. In an exemplary aspect, a method comprises receiving, by a first virtual block device on a computing device, a request from a file system. In response to identifying an indication that the request for a block of data, the method comprises accessing, by the first virtual block device, at least one backing block device dedicated to storing data to perform a requested operation on the block of data. In response to identifying an indication that the request for metadata, the method comprises instructing a second virtual block device to perform the requested operation on the metadata of the file system, wherein the second virtual block device accesses at least another one backing block device dedicated to storing metadata to perform the requested operation on the metadata of the file system and caches the metadata in Random Access Memory.
-
公开(公告)号:US11023318B1
公开(公告)日:2021-06-01
申请号:US16014595
申请日:2018-06-21
发明人: Oleg Volkov , Andrey Zaitsev , Alexey Kuznetzov , Pavel Emelyanov , Alexey Kobets , Kirill Korotaev
IPC分类号: G06F16/22 , G06F16/17 , G06F16/18 , G06F11/10 , G06F16/174
摘要: A system and method is provided for fast random access erasure encoded storage. An exemplary method includes writing data to an append-only data log that includes data log extents that are each associated with data that is mapped to corresponding offset range of a virtual file of a client and storing the append-only data log as a sequence of data chunks each allocated on one or more one storage disks. Moreover, the method determines an amount of useful data in one or more data chunks and, when the amount of useful data in the data chunk is less than a predetermined threshold, appending the useful data from the data chunk to an end of the append-only data log. Finally, the data log is cleaned by releasing the one or more data chunk from the append-only data log after the useful data is appended to the append-only data log.
-
公开(公告)号:US10684884B1
公开(公告)日:2020-06-16
申请号:US16371825
申请日:2019-04-01
发明人: Pavel Emelyanov , Alexey Kobets
摘要: System for launching application containers inside VMs without data duplication, includes first and second VMs on a host; a storage to which the host has access; a container generation module running on the host and configured to interface to VM-side container generation daemons in the VMs; the container generation daemons transmits to the container generation module a request to pull container layers; a host-side container generation daemon processes the request to pull the container layers from the container generation daemons running inside the VMs; and a DAX device residing on each of the VMs. The host container generation daemon sends the request for any missing container layers to a registry, and writes them onto the storage, maps the layers to the VMs as the DAX devices, maps all needed container layers to the first VM and maps any identical container layers to the second VM, without accessing the registry.
-
公开(公告)号:US11507362B1
公开(公告)日:2022-11-22
申请号:US17062743
申请日:2020-10-05
IPC分类号: G06F8/65
摘要: A system and method for executing a method generating a binary patch file for live patching of an application is disclosed. In one exemplary aspect, the method comprises creating shared object by compiling source code patch file that contains source code of a new function corresponding to an old function, a global external symbol referenced in the source code of the new function, and at least one link to a symbol in an application binary code corresponding to the global external symbol, wherein the shared object contains binary code of the new function for replacing the old function during the live patching, and the result of a compilation of the link, generating metadata usable to facilitate the live patching, creating bindings between calculated relative addresses and the global external symbol referenced by the shared object, and creating the binary patch file by adding metadata to the shared object.
-
公开(公告)号:US11385807B1
公开(公告)日:2022-07-12
申请号:US16731988
申请日:2019-12-31
发明人: Pavel Emelyanov , Alexey Kobets
摘要: Disclosed herein are systems and method for recovering a computing device after an intrusion is detected. In one aspect, an exemplary method comprises, by a minimalistic operating system running on the computing device, deploying a master container, wherein the deploying of the master container comprises creating and starting the master container from a container image, providing, to the master container, access to a storage area network (SAN) volume, providing, to the master container, read-only access to a Distributed Configuration Management (DCM) module domain, the domain being where a configuration of the computing device is stored, and invoking an Intrusion Detection Module (IDM) to start detecting intrusions into the master container; and upon receiving a notification from the IDM, re-deploying, by the minimalistic OS, the master container from the container image, wherein the deployed master container acts as a default runtime environment on the computing device.
-
公开(公告)号:US11113400B1
公开(公告)日:2021-09-07
申请号:US15854402
申请日:2017-12-26
摘要: A system and method is provided for providing distributed computing platform on untrusted hardware. An exemplary method includes launching a hypervisor on an untrusted computing node and receiving a request generated to provide a computing function using hardware of the untrusted computing node. Upon receiving the request, an enclave in memory of the untrusted computing node is created and a virtual machine is launched in the memory enclave. Moreover, a guest operating system of the virtual machine verifies the security of the untrusted computing node. Finally, the guest operating system performs the computing function using the hardware of the untrusted computing node upon the guest operating system verifying the security of the untrusted computing node and the hypervisor.
-
公开(公告)号:US11029869B1
公开(公告)日:2021-06-08
申请号:US16235579
申请日:2018-12-28
摘要: Systems and methods are disclosed herein for multithreaded access to cloud storage. An exemplary method comprises creating a plurality of mount points by mounting, by a hardware processor, a plurality of file systems on a computer system, creating an image file on each of the plurality of mount points, instantiating, for each of the plurality of mount points, a block device on the image file, creating a union virtual block device that creates one or more stripes from each block device, delegating a request for accessing the union virtual block device, received from a client, to one or more block devices and merging a result of the request from each of the one or more block devices and providing the result to the client.
-
公开(公告)号:US10681008B1
公开(公告)日:2020-06-09
申请号:US15838581
申请日:2017-12-12
发明人: Pavel Emelyanov , Alexey Kobets
摘要: A computer-implemented system for network socket management includes a host having a plurality of sockets and a hash table (data structure) storing data on network connections corresponding to the sockets; a firewall with a plurality of rules for routing incoming packets to the sockets; a socket image file that stores a state of each suspended socket. A network connection corresponding to the suspended socket is maintained open. A filter that monitors incoming packets and restores suspended sockets to active status when a packet for the suspended socket is received. The filter is implemented as part of the firewall, or as a hardware front end. The sockets, the firewall and the socket image file are all maintained in user space.
-
公开(公告)号:US11947495B1
公开(公告)日:2024-04-02
申请号:US16731866
申请日:2019-12-31
发明人: Pavel Emelyanov , Alexey Kobets
IPC分类号: G06F16/174 , G06F16/182
CPC分类号: G06F16/1748 , G06F16/1827
摘要: Disclosed herein are systems and method for providing a File System (FS) without redundancy for one or more services. In one aspect, an exemplary method comprises, mounting a base image of microservices to a directory, for each of the one or more services, union-mounting a service image on top of the base image, identifying all dependencies associated with the service image, and creating one or more sub-directories for each dependency associated with the service image, for each identified dependency, creating a link between the dependency and the union-mounted service image and base image, and creating, one or more micro-services.
-
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.017 秒)
