Patent Grant
8707422
The invention relates to systems and processes for enforcing and monitoring a configuration management process for configurable elements in configurable computational systems.
Mechanisms currently exist for the management of configurable systems. These systems, referred to as Change/Configuration Management System (CMS) or Ticketing Systems define a business process or rules for making configuration changes. The configuration changes at issue are changes to configurable computation systems (CCS), which can be coupled together over a network or through other communication means. These CCSs can include but are not limited to servers, desktop system, personal computers, directory servers, database servers, work stations, programmable factory equipment, PDAs, cell phones, microchip, software, network devices, and virtual machines. Configuration change includes but not limited to content changes for files, permission changes on files, file creation, file deletion, registry key creation, registry key deletion, registry value changes, environment variable creation, environment variable deletion, environment variable value changes, virtual machine creation, virtual machine deletion, virtual machine restart, virtual machine settings changes, network configuration change, database settings changes and database data changes. With a CCS, a configuration change may effect one or more configurable elements (CEs). These CEs include but are not limited to files within a file system, registry settings, environment variables, databases, virtual machine settings, networked device configuration parameters, computationally controlled mechanical switches, and electronically controlled valve settings.
While using a CMS system defines a business process for making and managing changes to CCSs and the corresponding CEs, the CMS system does not automatically enforce, control, or monitor such changes. Human discipline, monitoring, encouragement, and other incentives have to be used to enforce a configuration management process. Thus, a system enforced by human implementation is subject to human nature and human imperfection. People will work around the system. Alternatively, due to human nature, error, or misunderstanding changes are made outside of the defined process, such as making changes at inappropriate times, or making other improper changes.
What is need is method and apparatus for automatically enforcing a defined process for making changes to a CE within a CCS, or monitoring the changes in a CCSs or CEs in relations to a define configuration management processes.
The invention allows for the enforcement and monitoring of a configuration management process as applied to configurable elements (CEs) within a configurable computing system (CCSs). Changes to CEs within CCSs are controlled by a selectable lock that only enable changes to the CEs when the rules for the change management process is met. Also, the invention provides a less restrictive configuration management process where changes are monitored and reconciled against configuration change requests and change authorization rules.
In a first aspect of the invention, a method of automatically enforcing a configuration change process for one or more configuration change requests to one or more configurable elements within a single or multiple configurable computational elements is disclosed. The method involves the steps of accessing the change process rules, analyzing the configuration change requests utilizing the rules, selectively authorizing the configuration changes to the configurable elements for the configurable elements that comply with the change process rules for the respective change request, and selectively enabling a lock to allow configuration changes on a configurable computational system containing the configurable elements. The analysis of the configuration change request can be based on the state of the configuration change request which can include external authorizations. The state of the external authorizations can be evaluated with the accessed change process rules. The selective authorization is based on the state of the configuration change request being evaluated utilizing the accessed change process rules.
In one embodiment, the analyzing of the configuration change request further utilizes current conditions in the determination of the selective authorization of configuration changes of CEs. These current conditions can include but are not limited to the current time, date, day of the week, and any electronically retrievable value representing a level or quantity such as an inventory value, and the mechanical state of a switch or valve.
In another embodiment of the invention, the configuration of the selective locks involves the authenticating the selective authorization of the configuration change of the configurable elements. Preferable, the authentication can be performed by an SSL key exchange.
In a further embodiment of the invention, the selective locks generate status information related to configuration changes in the CEs for the corresponding CCSs. The status information can include but is not limited to the status of the CE configuration change, whether the changes succeed or failed, and information relating to the failure of the configuration change.
In another embodiment of the present invention the status information is associated with configuration change request. The status change request can further be associated with the corresponding CEs. Further, an association can be made with the CCS, successful configuration changes, failed configuration changes, or the information regarding the failure of the configuration change.
In a further embodiment, the associated information is used to generate reports of at least the status of the configuration change requests, the changes to the CE, the configuration changes to the CCS.
In a second aspect of the present invention, a system for automatically enforcing a configuration change process for one or more configurable element (CE) within a configurable computation system (CCS) is disclosed. The system is comprised of means for managing a configuration change process for CEs within CCSs, means for generating a configuration change request, means for applying one or more configuration change rules to a configuration change request to generate a selective configuration change authorization of the one or more CEs, and means for selectively locking configuration changes in a CCS wherein the means for locking can selectively enable configuration changes to the one or more CE based on the selective configuration authorization. The means for managing a configuration change process can include standard configuration management systems (CMSs) which can also be referred to as ticketing systems. These CMS systems receive requests for a configuration change which then generate a configuration change ticket. Before a fully authorized ticket is generated, various authorization inputs are required. These inputs define a configuration management process to be followed. The means for applying authorization rules generates selective configuration authorization for one or more CEs based on configuration change authorization.
In one embodiment, wherein the means for applying the one or more configuration change rules further includes utilizing current conditions in the determination of the selective authorization of configuration changes of CEs. These current conditions can include but are not limited to the current time, date, day of the week, any electronically retrievable value representing a level or quantity such as an inventory value, and mechanical state of a switch or valve.
In another embodiment of the invention, the means for locking and unlocking the configuration includes authenticating the selective authorization of the configuration change of the CE. Preferable, the authentication can be performed by an SSL key exchange.
In a further embodiment of the invention, the means for selectively locking configuration changes in a CCS generates status information related to configuration changes in the configurable elements for the corresponding CCSs. The status information can include but is not limited to a change of configuration status of a CE, whether the change succeed or failed, and information relating to the failure cause of the configuration change.
In another embodiment of the present invention further comprises means for associating the status information with the configuration change request. The status information and change request can further be associated with the corresponding CEs. Further, associations can be made with elements including the CCSs, successful configuration changes, failed configuration changes, or the information regarding the failure of the configuration change.
In a further embodiment, the means for applying the one or more authorization rules generates reports comprising the associated status information, the configuration change requests, the configuration changes to the CE, the configuration changes to the CCS.
In another aspect of the present invention, a system for automatically monitoring a configuration change process for one or more CE within a CCS. The system is comprised of a means for selectively monitoring configuration changes to one or more CEs within a CCS, a means for managing a configuration change, and a means for processing the configuration change status information. The means for selectively monitoring configuration changes generates configuration change status information. The means for managing a configuration change process generates one or more configuration change requests. Further, the means for processing utilizes the configuration change status information, the one or more configuration change requests, and the one or more configuration change rules for the CEs. The processing associates the configuration changes with the configuration change requests and determines if the configuration changes complied with the one or more associated configuration change rules.
In one embodiment of the invention, the means for processing can include current conditions as part of the analysis. In another embodiment, the invention further comprises a means for generating reports where the configuration change status information is associated with at least one of the CE and the CCS.
In another aspect of the invention, a method of automatically monitoring a configuration change process for one or more configuration change requests to one or more CEs within at least one CCS is disclosed. The steps are comprised of generation configuration stat change information from a CCS and corresponding to on or more CEs, accessing one or more configuration change rules where the rules are associated with a configuration change to one or more CEs within a CCS. In one embodiment of the invention, the means for processing can include one or more current conditions as part of the analysis.
The invention is better understood by reading the following detailed description of an exemplary embodiments in conjunction with the accompanying drawings.
The following description of the invention is provided as an enabling teaching of the invention in its best, currently known embodiment. Those skilled in the relevant art will recognize that many changes can be made to the embodiment described, while still obtaining the beneficial results of the present invention. It will also be apparent that some of the desired benefits of the present invention can be obtained by selecting some of the features of the present invention without utilizing other features. Accordingly, those who work in the art will recognize that many modifications and adaptations to the present inventions are possible and can even be desirable in certain circumstances, and are a part of the present invention. Thus, the following description is provided as illustrative of the principles of the present invention and not in limitation thereof, since the scope of the present invention is defined by the claims.
The illustrative embodiments of the invention provide the means for enforcing, monitoring and reconciling a business management process for making configuration changes to configurable systems. The benefits of such a system are numerous. First, in the enforcement mode, configuration changes to configurable system such as servers, factory controllers, office automation systems can be controlled to prevent problems not limited to, loss of productivity because of down time at inappropriate times, and quality and performance issues caused by operations running with an improper configuration. Further, with Sarbanes-Oxley the regulatory environment demands stronger control over financial systems. Thus, being able to control changes to financial systems such as software packages and databases gives an organization higher confidence that business critical process are being followed and unauthorized changes are not made.
An illustrative embodiment of the present invention is shown in
The CMS 110 is used for generating a configuration change(s) authorization for one or more CEs 135 within one or more CCSs 130 according to a specific business process. Preferably the CMS 110 is configured with the change authorization requirements. For example, to authorize a change can require the authorization by two senior officers of a company. Input to the CCS 110 is a configuration change request 112 preferably corresponding to a configuration change to one or more CEs 135 within one or more CCSs 130. The change request 112 preferably generates a change ticket that requires authorizations before authorized implementation. Preferably, the change ticket is stored in the change ticket database 116. The change ticket database 116 stores information related to the authorization and completion of the configuration change request. The ticket can include authorization fields, and implementation status fields. Preferably, authorizations for the change ticket can be provided by an operator input(s) 114 or other automated means such as electronic inputs from other electronic devices (not shown) coupled to the CMS 110. If all of the configuration change rules are met, the change ticket is authorized notification is given to the analytics module 120. Preferably, the change tickets are stored in a change ticket database 116 contained within or coupled to the CMS 110. Thus, the CMS 110 and change ticket database 116 may contain a number of configuration change requests, in varying stages of authorization and implementation. The CMS 110 can be a separate server, a process running on a server with other applications, or running an application on a personal computer. The change ticket data 116 base can be networked and can be directly or indirectly accessible by the analytics module 120 over the network.
An analytics module 120 is coupled to the CMS 110. The analytics module 120 enforces the configuration change process of the CMS 11.0 by configuring the selectable configuration locks 132 on the CCSs 130 to selectively enable or disable configuration changes to the CEs 135. The analytics module 120 receives configuration change rules. These configuration change rules are associated with the one or more CCSs 130 and the one or more CEs 135 within a CCS 130. The configuration change rules are configured through the rule input 112, which is preferably coupled to the analytics module 120. Also, contemplated are configuration rules received from other sources. Alternatively, the configuration change rules can be read directly from the CMS 110, derived from information retrieved from the CMS 110, or through another source (not shown) coupled to the analytics module 120. The analytics module 120, receives configuration change ticket information from the CMS 110. Preferably, the configuration change ticket information can be either requested from the CMS 110. However, the information can automatically be sent by the CMS 110 to the analytics module 120. Also contemplated by the invention is the analytics module 120 directly accessing the change ticket database 116. The configuration change ticket is preferably processed according to rules specified during the rule input 122 to determine if all the criteria for the configuration change process for an associated CEs 135 or an associated CCS 130 are being met. Also contemplated are one or more subsets of the CEs 135 meeting the configuration change process rules and the configuration change authorization being limited to these CEs 135. Preferably, the subset of CEs meeting the configuration change rule criteria will be authorized for making the configuration change. If all the criteria of the rules are met, then the analytics module 120 authorizes configuration changes the CEs 135. Also contemplated is a means to bypass the rules for generation an authorization in emergency situations.
Optionally, the configuration authorizing rules used by the analytics module 120 can include current conditions 126 in the determination for the authorization for the configuration changes to the CE. Exemplary of a current condition is the current time, date, and the day of the week. Preferably, if the authorizing rules criteria are met but the current conditions are not met, the authorization of the configuration change can be delayed until the time, day of the week, or date condition is met. Also, contemplated is the sending of a message to the selective configuration lock 132 containing a time window during which configuration changes are enabled. Another illustrative use of current conditions is the checking an inventory and requiring that a specified inventory level be available before authorizing a configuration change that would increase the production rate of an item.
When the configuration change authorization for all or some of the CEs 135 is met, the analytics module 120 will send a selective authorization message to a selective configuration lock 132 on the corresponding CCS 130 for the CEs 135 to be changed. The message will cause the selective configuration lock 132 to enable changes to the selective CEs. The message can be sent over a network where the analytics module 120 and the CCS 130 are located on separate systems remote from one another. The disabling of configuration changes to the CEs can be based on time, the completion of the configuration change to the CE, or by a message from the analytics module 120. Alternatively, the analytics module 120 can be a process or subroutine operating within the same processing system as the CCS 130 where the configuration authorization message is sent through inter-process communication means.
The analytics module 120 can receive status information from the selective configuration locks 132 regarding the occurrence of the success or failure of a configuration change, and the reasons for failure. This status information is stored in a change database 125. The change database 125 can later be used to generate reports regarding the status of the success configuration changes and change tickets. The analytics module 120 can associate status changes into groups based on type of configuration change, failed changes, and failure status information. Further the analytics module 120 can associate the changes with the configuration ticket database 116 to reconcile configuration change requests. As part of the reconciliation, information can be passed from the analytics module 120 to the CMS 110 to automatically update the status information for the associated change ticket indicating the final result of the configuration change.
The CCS 130 is coupled with the analytics module 120 preferably through a network. The CCS 130 contains one or more CEs 135. The CCS 130 also includes a selective lock 132 which is configured to prevent changes to the CEs 135 unless enabled by the analytics module 120. Preferably, the selective enabling of the selective configuration lock 132 contains a time window during which the enabled configuration changes can be made. The time window can vary by each configuration change for each CE 135. It can be desirable that the configuration changes to the CEs 135 are performed in a specific order. Having non-overlapping time windows for each enabled CE 135 configuration change can enforce such a sequence. Further information regarding the operation of the selective configuration locks 132 can be found in the co-owned application Ser. No. 11/346,741 titled “Enforcing Automatic Opening and Closing of an Existing Workflow” which is incorporated by reference. In general, the selective configuration lock 132 can be a hook into the file system driver of the CCS 130 to monitor and control changes to files associated with the CEs 135 and further associated with the configuration change ticket resulting from a change request 112. The selective configuration lock 132 can also include catching and monitoring triggers caused by a database modification. The selective configuration lock 132 can generate information regarding the status of a configuration change to a CE 135. This information can include whether the configuration change succeeded or failed. Further, the information can include information regarding why the change failed. This can include but is not limited to, incompatible operating system, insufficient memory to do the change, and insufficient permission to access a file. Preferably, information generated by the selective lock 132 is sent to the analytics module 120 but alternatively can be sent directly to the change database 125 for later processing, reference, and report generation. Configuration changes 140 to the CEs 135 preferably do not come from the analytics module 120 but are made directly to the CCS 130 or alternatively over a network. Exemplary of this process would be the loading of an updated application where the application files are the CEs 135 to be changed.
To prevent monitoring or unauthorized control over the selective configuration locks 132, the communication between the analytics module 120 and the selective configuration locks 132 can be encrypted and authenticated. Any authentication and encryption techniques can be used. Preferably the authentication and encryption technique uses a secure socket layer (SSL) using SSL key exchange to authenticate the selective enabling of the selective configuration lock.
The information generated by the selectable configuration lock 132, preferably stored in the change database 125, can be used to generate a variety of reports. First, the information can be used to reconcile the change ticket database 116 with the changes made to the CEs 135 and thus generating change compliance reports. Further, compliance reports can be organized by but not limited to user, CCS 130, CE 135, time, and type of change.
A second illustrative embodiment of the present invention is shown in
The CMS 110 is used for generating an configuration changes(s) authorization for one or more CEs 135 within one or more CCSs 130 according to a specific business process. The operation of the CMS 110, the configuration change request 112 input to the CMS 110, the operator input 114, and the storage of the change request in the change ticket database 116, is the same as previously described for
An analytics module 220 is coupled to the CMS 110. The analytics module 220 is a post configuration change analysis tool that analyzes changes in the change ticket database 116 according to configuration change rules input into the analytics module 220, and determines at least which configuration changes complied with the change process rules, which changes did not comply with the rules, configuration change made without an associated configuration change request, which change tickets were not completed, and reasons that the configuration changes failed. The configuration change rules preferably can be configured into the analytics module 220 from the rule input 122 but can be received from other sources. Alternatively, the configuration change rules can be acquired directly from the CMS 110, derived from information retrieved from the CMS 110, or through a source (not shown) coupled to the analytics module 220. The analytics module 220, can receive configuration change request information from the CMS 110. Preferably, the analytics module 220 directly accesses the change ticket database 116. The CMS 110 can signal the analytics module 220 when a change has occurred to the change ticket database 116.
Also contemplated by the invention is a report 124 interface for an operator requesting and receiving reports related to, reconciling the change ticket database 116 and the information in the change database 125 to determine what configuration changes were made, determining which changes were made conforming to within the configuration change process, and which changes were made outside the configuration change process. Preferably, the configuration change ticket information is requested directly from the change ticket database 116 or from the CMS 110 alternatively after the configuration changes are made to the CEs 135 within a CCS 130. However, the change ticket information can automatically be sent by the CMS 110 to the analytics module 220, stored and processed when reconciliation reports are generated. During analysis of the change ticket database 116 and the change database 125, the configuration change ticket is preferably processed according to rules input by the rules input 122 to determine if all the criteria for configuration change process for the associated CEs 135 are met. Also contemplated is analysis and reporting on an individual CE 135 basis or on a CCS basis.
Optionally, the configuration authorizing rules used by the analytics module 120 can include current conditions 126 in analyzing the configuration changes to the CEs. Exemplary of a current condition is the current time and the day of the week. If the analytics module 220 are to use the current conditions, then the change information stored in the change database 125 must include current condition information. It is contemplated that the current condition information is provided by the analytics module 220 or that the configuration change monitor 232 provides this information.
Information sent between the analytics module 220 and the CMS 110, the configuration change monitor 232 and the CMS 110 can be sent over a network. Alternatively, the analytics module 220 can be a process or subroutine operating within the same processing system as the CCS 130 where communication is provided through inter-process or processor communication means.
The analytics module 220 is configured to receive status information from the CCS 130 sent by the configuration change monitor 232 regarding the occurrence of a configuration change, status regarding a failure of an attempted configuration changes, and status regarding a successful configuration change. This information can be stored in a change database 125. The change database 125 can later be utilized to generate reports reconciling the change ticket database 116 and the change database 125. As discussed for
The CCS 130 is coupled with the analytics module 220, preferably through a network. The CCS 130 contains one or more CEs 135. The CCS 130 also includes a configuration change monitor 232 which is configured to monitor changes to the CEs 135. Preferably, the change monitor 232 has access to the current conditions, such as date and time so that this information can be tagged to the status information generated. The status information which is generated can be sent as generated to the analytics module 220 or preferably directly to the change database 125. Also, contemplated is the ability of the change monitor 232 to store change information for later transfer to the analytics module 220 or change database 125. In general, the change monitor 232 can be a driver that is coupled to the file system of the CCS 130 to monitor and control changes to files associated with the CEs 135. The change monitor 232 can also include but is not limited to monitoring triggers generated by a database modification. The change monitor 232 can generate information regarding the status of a configuration change to a CE 135. This information can include whether the configuration change succeeded or failed. Further, when the change fails the information can include information regarding why the change failed. This can include but is not limited to, incompatible operating system, insufficient memory to do the change, and insufficient permission to access a file. Preferably, information generated by the selective lock 132 is sent to the analytics module 120 but alternatively or additionally can be sent directly to the change database 125 for later processing, reference, and report generation. Configuration changes 140 to the CEs 135 preferably do not come from the analytics module 120 but are made directly to the CCS 130 or over the network. Exemplary of this process is loading of an updated application where the application files are the CEs 135 to be changed.
A secure and authenticate channel can be used to communicated between the analytics module 220 and the change monitor 232. Any authentication and securing method can be implemented. Preferably the authentication scheme uses SSL (secure socket layer) using SSL key exchange to authenticate the analytic module 130.
The information generated by the change monitor 232, preferably stored in the change database 125, can be used to generate a variety of reports. First, the information can be used to reconcile the change ticket database with the changes made to the CEs 135 and thus generating change compliance reports. Further, compliance reports can be organized by user, system, type of configurable element, time, and type of change.
In a step 320, the information associated with the configuration change request is analyzed using the rules associated with the CEs and CCS effected by the configuration change request. As part of the analysis, external conditions can be utilized. These include conditions like the current time of day, the date, and the day of the week. The analysis can find that some, none, or all of the associated CE have conformed to the rules for a configuration change.
In a step 330, configuration changes are selectively authorized for the CEs within the CCSs corresponding to the configuration change request. The authorization is based on analysis of the configuration change request and the configuration change rules. The authorization is communicated to at least one selective-lock which is used to provide selective enabling of configuration changes to the associated CEs. The communication is preferably over a network but other means are contemplated. Also, contemplated are secure authenticated communications. SSL (secure socket layer) can be used to secure encrypted the communications and authenticated by the use of SSL keys exchange.
In a step 340, one or more selective locks corresponding to one or more CCSs are configured to selectively allow configuration changes to the selectively authorized CEs. The selective enabling of CE configuration changes is based upon the selective authorizations generated in the step 330.
In a step 350, the selective locks generate status information regarding configuration changes made to enabled CEs. This status information can include information about but not limited to when the change was made, whether the change succeeded or failed, and reasons for the success or failure. This information can be stored for later transmission to a central collection point, such as a database for later analysis and report generation. Also contemplated by the invention is the transmission of the status information over a network and through other processing elements before storage.
In a step 360, reports are generated based on the stored status information and the configuration change requests. The report generation can associate the status information with the associated configuration change request. Further, the report generation can associate the status information with the CE, CCS, or a combination of these.
In the step 420, the change configuration rules associated with the CEs corresponding to the status information generated in step 410 are identified. The one or more configuration change rules associated with a CE can be a subset of a larger set of rules. An exemplary embodiment of these rules is the requirement for authorization by specific people, the availability of inventory, and performing a configuration change in a specified time window and on a specified day or day of the week.
In a step 430, the information associated with the state of a configuration change request, the change ticket, is analyzed using the identified rules associated with the CEs and CCS and the associated status information generated in step 410. The change request state information or change ticket status information can be stored in a change ticket database. Part of the analysis, external conditions can be used. These include conditions like the current time of day, the date, and the day of the week. The analysis can determine that some, none, or all of the associated CE have conformed to the configuration change rules. Further, the processing determines whether there was a change configuration request. The results of such an analysis is saved in a form and structure such that the data can be used in the generation of reports associating status information with configuration change requests, CEs and CCSs.
In a step 440, reports are generated based on the stored status information and the configuration change requests. The report generation can associate status information with the associated configuration change. Further, the report generation can associate the status information with the CE, CCS, or a combination of these.
This application is a divisional (and claims the benefit of priority under 35 U.S.C. §120 and §121) of U.S. application Ser. No. 12/008,274, filed Jan. 9, 2008 now U.S. Pat. No. 8,332,929, entitled “METHOD AND APPARATUS FOR PROCESS ENFORCED CONFIGURATION MANAGEMENT,” Inventor(s) Rishi Bhargava, et al., which is a non-provisional which claims priority under 35 U.S.C. §119(e) of the co-pending, co-owned U.S. Provisional Patent Application, Ser. No. 60/879,826, filed Jan. 10, 2007, and entitled “SOFTWARE THAT MESSAGES CHANGE CONTROL.” The disclosure of the prior applications is considered part of (and is incorporated by reference in) the disclosure of this application.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4688169 | Joshi | Aug 1987 | A |
| 4982430 | Frezza et al. | Jan 1991 | A |
| 5155847 | Kirouac et al. | Oct 1992 | A |
| 5222134 | Waite et al. | Jun 1993 | A |
| 5390314 | Swanson | Feb 1995 | A |
| 5521849 | Adelson et al. | May 1996 | A |
| 5560008 | Johnson et al. | Sep 1996 | A |
| 5699513 | Feigen et al. | Dec 1997 | A |
| 5778226 | Adams et al. | Jul 1998 | A |
| 5778349 | Okonogi | Jul 1998 | A |
| 5787427 | Benantar et al. | Jul 1998 | A |
| 5842017 | Hookway et al. | Nov 1998 | A |
| 5907709 | Cantey et al. | May 1999 | A |
| 5907860 | Garibay et al. | May 1999 | A |
| 5926832 | Wing et al. | Jul 1999 | A |
| 5944839 | Isenberg | Aug 1999 | A |
| 5974149 | Leppek | Oct 1999 | A |
| 5987610 | Franczek et al. | Nov 1999 | A |
| 5987611 | Freund | Nov 1999 | A |
| 5991881 | Conklin et al. | Nov 1999 | A |
| 6064815 | Hohensee et al. | May 2000 | A |
| 6073142 | Geiger et al. | Jun 2000 | A |
| 6141698 | Krishnan et al. | Oct 2000 | A |
| 6192401 | Modiri et al. | Feb 2001 | B1 |
| 6192475 | Wallace | Feb 2001 | B1 |
| 6256773 | Bowman-Amuah | Jul 2001 | B1 |
| 6275938 | Bond et al. | Aug 2001 | B1 |
| 6321267 | Donaldson | Nov 2001 | B1 |
| 6338149 | Ciccone, Jr. et al. | Jan 2002 | B1 |
| 6356957 | Sanchez, II et al. | Mar 2002 | B2 |
| 6393465 | Leeds | May 2002 | B2 |
| 6442686 | McArdle et al. | Aug 2002 | B1 |
| 6449040 | Fujita | Sep 2002 | B1 |
| 6453468 | D'Souza | Sep 2002 | B1 |
| 6460050 | Pace et al. | Oct 2002 | B1 |
| 6496477 | Perkins et al. | Dec 2002 | B1 |
| 6587877 | Douglis et al. | Jul 2003 | B1 |
| 6611925 | Spear | Aug 2003 | B1 |
| 6662219 | Nishanov et al. | Dec 2003 | B1 |
| 6748534 | Gryaznov et al. | Jun 2004 | B1 |
| 6769008 | Kumar et al. | Jul 2004 | B1 |
| 6769115 | Oldman | Jul 2004 | B1 |
| 6795966 | Lim et al. | Sep 2004 | B1 |
| 6832227 | Seki et al. | Dec 2004 | B2 |
| 6834301 | Hanchett | Dec 2004 | B1 |
| 6847993 | Novaes et al. | Jan 2005 | B1 |
| 6907600 | Neiger et al. | Jun 2005 | B2 |
| 6918110 | Hundt et al. | Jul 2005 | B2 |
| 6930985 | Rathi et al. | Aug 2005 | B1 |
| 6934755 | Saulpaugh et al. | Aug 2005 | B1 |
| 6988101 | Ham et al. | Jan 2006 | B2 |
| 6988124 | Douceur et al. | Jan 2006 | B2 |
| 7007302 | Jagger et al. | Feb 2006 | B1 |
| 7010796 | Strom et al. | Mar 2006 | B1 |
| 7024548 | O'Toole, Jr. | Apr 2006 | B1 |
| 7039949 | Cartmell et al. | May 2006 | B2 |
| 7054930 | Cheriton | May 2006 | B1 |
| 7065767 | Kambhammettu et al. | Jun 2006 | B2 |
| 7069330 | McArdle et al. | Jun 2006 | B1 |
| 7082456 | Mani-Meitav et al. | Jul 2006 | B2 |
| 7093239 | van der Made | Aug 2006 | B1 |
| 7124409 | Davis et al. | Oct 2006 | B2 |
| 7139916 | Billingsley et al. | Nov 2006 | B2 |
| 7152148 | Williams et al. | Dec 2006 | B2 |
| 7159036 | Hinchliffe et al. | Jan 2007 | B2 |
| 7177267 | Oliver et al. | Feb 2007 | B2 |
| 7203864 | Goin et al. | Apr 2007 | B2 |
| 7251655 | Kaler et al. | Jul 2007 | B2 |
| 7290266 | Gladstone et al. | Oct 2007 | B2 |
| 7302558 | Campbell et al. | Nov 2007 | B2 |
| 7330849 | Gerasoulis et al. | Feb 2008 | B2 |
| 7346781 | Cowle et al. | Mar 2008 | B2 |
| 7349931 | Horne | Mar 2008 | B2 |
| 7350204 | Lambert et al. | Mar 2008 | B2 |
| 7353501 | Tang et al. | Apr 2008 | B2 |
| 7363022 | Whelan et al. | Apr 2008 | B2 |
| 7370360 | van der Made | May 2008 | B2 |
| 7385938 | Beckett et al. | Jun 2008 | B1 |
| 7406517 | Hunt et al. | Jul 2008 | B2 |
| 7441265 | Staamann et al. | Oct 2008 | B2 |
| 7464408 | Shah et al. | Dec 2008 | B1 |
| 7506155 | Stewart et al. | Mar 2009 | B1 |
| 7506170 | Finnegan | Mar 2009 | B2 |
| 7506364 | Vayman | Mar 2009 | B2 |
| 7546333 | Alon et al. | Jun 2009 | B2 |
| 7546594 | McGuire et al. | Jun 2009 | B2 |
| 7552479 | Conover et al. | Jun 2009 | B1 |
| 7577995 | Chebolu et al. | Aug 2009 | B2 |
| 7603552 | Sebes et al. | Oct 2009 | B1 |
| 7607170 | Chesla | Oct 2009 | B2 |
| 7657599 | Smith | Feb 2010 | B2 |
| 7669195 | Qumei | Feb 2010 | B1 |
| 7685635 | Vega et al. | Mar 2010 | B2 |
| 7698744 | Fanton et al. | Apr 2010 | B2 |
| 7703090 | Napier et al. | Apr 2010 | B2 |
| 7739497 | Fink et al. | Jun 2010 | B1 |
| 7757269 | Roy-Chowdhury et al. | Jul 2010 | B1 |
| 7765538 | Zweifel et al. | Jul 2010 | B2 |
| 7783735 | Sebes et al. | Aug 2010 | B1 |
| 7809704 | Surendran et al. | Oct 2010 | B2 |
| 7818377 | Whitney et al. | Oct 2010 | B2 |
| 7823148 | Deshpande et al. | Oct 2010 | B2 |
| 7836504 | Ray et al. | Nov 2010 | B2 |
| 7840968 | Sharma et al. | Nov 2010 | B1 |
| 7849507 | Bloch et al. | Dec 2010 | B1 |
| 7856661 | Sebes et al. | Dec 2010 | B1 |
| 7865931 | Stone et al. | Jan 2011 | B1 |
| 7870387 | Bhargava et al. | Jan 2011 | B1 |
| 7873955 | Sebes et al. | Jan 2011 | B1 |
| 7895573 | Bhargava et al. | Feb 2011 | B1 |
| 7908653 | Brickell et al. | Mar 2011 | B2 |
| 7937455 | Saha et al. | May 2011 | B2 |
| 7950056 | Satish et al. | May 2011 | B1 |
| 7966659 | Wilkinson et al. | Jun 2011 | B1 |
| 7996836 | McCorkendale et al. | Aug 2011 | B1 |
| 8015388 | Rihan et al. | Sep 2011 | B1 |
| 8015563 | Araujo et al. | Sep 2011 | B2 |
| 8028340 | Sebes et al. | Sep 2011 | B2 |
| 8195931 | Sharma et al. | Jun 2012 | B1 |
| 8234713 | Roy-Chowdhury et al. | Jul 2012 | B2 |
| 8307437 | Sebes et al. | Nov 2012 | B2 |
| 8321932 | Bhargava et al. | Nov 2012 | B2 |
| 8332929 | Bhargava et al. | Dec 2012 | B1 |
| 8352930 | Sebes et al. | Jan 2013 | B1 |
| 8381284 | Dang et al. | Feb 2013 | B2 |
| 8515075 | Saraf et al. | Aug 2013 | B1 |
| 8539063 | Sharma et al. | Sep 2013 | B1 |
| 8544003 | Sawhney et al. | Sep 2013 | B1 |
| 8549003 | Bhargava et al. | Oct 2013 | B1 |
| 8549546 | Sharma et al. | Oct 2013 | B2 |
| 8555404 | Sebes et al. | Oct 2013 | B1 |
| 8561051 | Sebes et al. | Oct 2013 | B2 |
| 8561082 | Sharma et al. | Oct 2013 | B2 |
| 20020056076 | van der Made | May 2002 | A1 |
| 20020069367 | Tindal et al. | Jun 2002 | A1 |
| 20020083175 | Afek et al. | Jun 2002 | A1 |
| 20020099671 | Mastin et al. | Jul 2002 | A1 |
| 20020114319 | Liu et al. | Aug 2002 | A1 |
| 20030014667 | Kolichtchak | Jan 2003 | A1 |
| 20030023736 | Abkemeier | Jan 2003 | A1 |
| 20030033510 | Dice | Feb 2003 | A1 |
| 20030065945 | Lingafelt et al. | Apr 2003 | A1 |
| 20030073894 | Chiang et al. | Apr 2003 | A1 |
| 20030074552 | Olkin et al. | Apr 2003 | A1 |
| 20030115222 | Oashi et al. | Jun 2003 | A1 |
| 20030120601 | Ouye et al. | Jun 2003 | A1 |
| 20030120811 | Hanson et al. | Jun 2003 | A1 |
| 20030120935 | Teal et al. | Jun 2003 | A1 |
| 20030145232 | Poletto et al. | Jul 2003 | A1 |
| 20030163718 | Johnson et al. | Aug 2003 | A1 |
| 20030167292 | Ross | Sep 2003 | A1 |
| 20030167399 | Audebert et al. | Sep 2003 | A1 |
| 20030200332 | Gupta et al. | Oct 2003 | A1 |
| 20030212902 | van der Made | Nov 2003 | A1 |
| 20030220944 | Schottland et al. | Nov 2003 | A1 |
| 20030221190 | Deshpande et al. | Nov 2003 | A1 |
| 20040003258 | Billingsley et al. | Jan 2004 | A1 |
| 20040015554 | Wilson | Jan 2004 | A1 |
| 20040051736 | Daniell | Mar 2004 | A1 |
| 20040054928 | Hall | Mar 2004 | A1 |
| 20040088398 | Barlow | May 2004 | A1 |
| 20040143749 | Tajali et al. | Jul 2004 | A1 |
| 20040167906 | Smith et al. | Aug 2004 | A1 |
| 20040172551 | Fielding et al. | Sep 2004 | A1 |
| 20040230963 | Rothman et al. | Nov 2004 | A1 |
| 20040243678 | Smith et al. | Dec 2004 | A1 |
| 20040255161 | Cavanaugh | Dec 2004 | A1 |
| 20040268149 | Aaron | Dec 2004 | A1 |
| 20050005006 | Chauffour et al. | Jan 2005 | A1 |
| 20050018651 | Yan et al. | Jan 2005 | A1 |
| 20050086047 | Uchimoto et al. | Apr 2005 | A1 |
| 20050091321 | Daniell et al. | Apr 2005 | A1 |
| 20050108516 | Balzer et al. | May 2005 | A1 |
| 20050108562 | Khazan et al. | May 2005 | A1 |
| 20050114672 | Duncan et al. | May 2005 | A1 |
| 20050132346 | Tsantilis | Jun 2005 | A1 |
| 20050198519 | Tamura et al. | Sep 2005 | A1 |
| 20050228990 | Kato et al. | Oct 2005 | A1 |
| 20050235360 | Pearson | Oct 2005 | A1 |
| 20050257207 | Blumfield et al. | Nov 2005 | A1 |
| 20050257265 | Cook et al. | Nov 2005 | A1 |
| 20050260996 | Groenendaal | Nov 2005 | A1 |
| 20050262558 | Usov | Nov 2005 | A1 |
| 20050273858 | Zadok et al. | Dec 2005 | A1 |
| 20050283823 | Okajo et al. | Dec 2005 | A1 |
| 20050289538 | Black-Ziegelbein et al. | Dec 2005 | A1 |
| 20060004875 | Baron et al. | Jan 2006 | A1 |
| 20060015501 | Sanamrad et al. | Jan 2006 | A1 |
| 20060037016 | Saha et al. | Feb 2006 | A1 |
| 20060072451 | Ross | Apr 2006 | A1 |
| 20060075478 | Hyndman et al. | Apr 2006 | A1 |
| 20060080656 | Cain et al. | Apr 2006 | A1 |
| 20060085785 | Garrett | Apr 2006 | A1 |
| 20060101277 | Meenan et al. | May 2006 | A1 |
| 20060133223 | Nakamura et al. | Jun 2006 | A1 |
| 20060136910 | Brickell et al. | Jun 2006 | A1 |
| 20060136911 | Robinson et al. | Jun 2006 | A1 |
| 20060143713 | Challener et al. | Jun 2006 | A1 |
| 20060195906 | Jin et al. | Aug 2006 | A1 |
| 20060200863 | Ray et al. | Sep 2006 | A1 |
| 20060230314 | Sanjar et al. | Oct 2006 | A1 |
| 20060236398 | Trakic et al. | Oct 2006 | A1 |
| 20060259734 | Sheu et al. | Nov 2006 | A1 |
| 20060277603 | Kelso et al. | Dec 2006 | A1 |
| 20070011746 | Malpani et al. | Jan 2007 | A1 |
| 20070028303 | Brennan | Feb 2007 | A1 |
| 20070033645 | Jones | Feb 2007 | A1 |
| 20070039049 | Kupferman et al. | Feb 2007 | A1 |
| 20070050579 | Hall et al. | Mar 2007 | A1 |
| 20070050764 | Traut | Mar 2007 | A1 |
| 20070074199 | Schoenberg | Mar 2007 | A1 |
| 20070083522 | Nord et al. | Apr 2007 | A1 |
| 20070101435 | Konanka et al. | May 2007 | A1 |
| 20070136579 | Levy et al. | Jun 2007 | A1 |
| 20070143851 | Nicodemus et al. | Jun 2007 | A1 |
| 20070157303 | Pankratov | Jul 2007 | A1 |
| 20070169079 | Keller et al. | Jul 2007 | A1 |
| 20070192329 | Croft et al. | Aug 2007 | A1 |
| 20070220061 | Tirosh et al. | Sep 2007 | A1 |
| 20070220507 | Back et al. | Sep 2007 | A1 |
| 20070253430 | Minami et al. | Nov 2007 | A1 |
| 20070256138 | Gadea et al. | Nov 2007 | A1 |
| 20070271561 | Winner et al. | Nov 2007 | A1 |
| 20070300215 | Bardsley | Dec 2007 | A1 |
| 20080005737 | Saha et al. | Jan 2008 | A1 |
| 20080005798 | Ross | Jan 2008 | A1 |
| 20080010304 | Vempala et al. | Jan 2008 | A1 |
| 20080022384 | Yee et al. | Jan 2008 | A1 |
| 20080034416 | Kumar et al. | Feb 2008 | A1 |
| 20080034418 | Venkatraman et al. | Feb 2008 | A1 |
| 20080052468 | Speirs et al. | Feb 2008 | A1 |
| 20080082977 | Araujo et al. | Apr 2008 | A1 |
| 20080120499 | Zimmer et al. | May 2008 | A1 |
| 20080141371 | Bradicich et al. | Jun 2008 | A1 |
| 20080163207 | Reumann et al. | Jul 2008 | A1 |
| 20080163210 | Bowman et al. | Jul 2008 | A1 |
| 20080165952 | Smith et al. | Jul 2008 | A1 |
| 20080184373 | Traut et al. | Jul 2008 | A1 |
| 20080235534 | Schunter et al. | Sep 2008 | A1 |
| 20080282080 | Hyndman et al. | Nov 2008 | A1 |
| 20080294703 | Craft et al. | Nov 2008 | A1 |
| 20080301770 | Kinder | Dec 2008 | A1 |
| 20090007100 | Field et al. | Jan 2009 | A1 |
| 20090038017 | Durham et al. | Feb 2009 | A1 |
| 20090043993 | Ford et al. | Feb 2009 | A1 |
| 20090055693 | Budko et al. | Feb 2009 | A1 |
| 20090063665 | Bagepalli et al. | Mar 2009 | A1 |
| 20090113110 | Chen et al. | Apr 2009 | A1 |
| 20090144300 | Chatley et al. | Jun 2009 | A1 |
| 20090150639 | Ohata | Jun 2009 | A1 |
| 20090249053 | Zimmer et al. | Oct 2009 | A1 |
| 20090249438 | Litvin et al. | Oct 2009 | A1 |
| 20090328185 | van den Berg et al. | Dec 2009 | A1 |
| 20100049973 | Chen | Feb 2010 | A1 |
| 20100071035 | Budko et al. | Mar 2010 | A1 |
| 20100114825 | Siddegowda | May 2010 | A1 |
| 20100188976 | Rahman et al. | Jul 2010 | A1 |
| 20100250895 | Adams et al. | Sep 2010 | A1 |
| 20100281133 | Brendel | Nov 2010 | A1 |
| 20100293225 | Sebes et al. | Nov 2010 | A1 |
| 20100332910 | Ali et al. | Dec 2010 | A1 |
| 20110029772 | Fanton et al. | Feb 2011 | A1 |
| 20110035423 | Kobayashi et al. | Feb 2011 | A1 |
| 20110047542 | Dang et al. | Feb 2011 | A1 |
| 20110047543 | Mohinder | Feb 2011 | A1 |
| 20110077948 | Sharma et al. | Mar 2011 | A1 |
| 20110078550 | Nabutovsky | Mar 2011 | A1 |
| 20110093842 | Sebes | Apr 2011 | A1 |
| 20110093950 | Bhargava et al. | Apr 2011 | A1 |
| 20110113467 | Agarwal et al. | May 2011 | A1 |
| 20110119760 | Sebes et al. | May 2011 | A1 |
| 20110138461 | Bhargava et al. | Jun 2011 | A1 |
| 20110302647 | Bhattacharya et al. | Dec 2011 | A1 |
| 20120030731 | Bhargava et al. | Feb 2012 | A1 |
| 20120030750 | Bhargava et al. | Feb 2012 | A1 |
| 20120216271 | Cooper et al. | Aug 2012 | A1 |
| 20120278853 | Chowdhury et al. | Nov 2012 | A1 |
| 20120290827 | Bhargava et al. | Nov 2012 | A1 |
| 20120290828 | Bhargava et al. | Nov 2012 | A1 |
| 20120297176 | Bhargava et al. | Nov 2012 | A1 |
| 20130024934 | Sebes et al. | Jan 2013 | A1 |
| 20130091318 | Bhattacharjee et al. | Apr 2013 | A1 |
| 20130097355 | Dang et al. | Apr 2013 | A1 |
| 20130097356 | Dang et al. | Apr 2013 | A1 |
| 20130097658 | Cooper et al. | Apr 2013 | A1 |
| 20130097692 | Lichtenstadt et al. | Apr 2013 | A1 |
| 20130117823 | Dang et al. | May 2013 | A1 |
| 20130246044 | Sharma et al. | Sep 2013 | A1 |
| 20130246393 | Saraf et al. | Sep 2013 | A1 |
| 20130246423 | Bhargava et al. | Sep 2013 | A1 |
| 20130246685 | Bhargava et al. | Sep 2013 | A1 |
| 20130247016 | Sharma et al. | Sep 2013 | A1 |
| 20130247027 | Shah et al. | Sep 2013 | A1 |
| 20130247032 | Bhargava et al. | Sep 2013 | A1 |
| 20130247181 | Saraf et al. | Sep 2013 | A1 |
| 20130247192 | Krasser et al. | Sep 2013 | A1 |
| 20130247226 | Sebes et al. | Sep 2013 | A1 |
| Number | Date | Country |
|---|---|---|
| 1383295 | Dec 2002 | CN |
| 103283202 | Sep 2013 | CN |
| 1 482 394 | Dec 2004 | EP |
| 2 037 657 | Sep 2009 | EP |
| 2599026 | Jun 2013 | EP |
| 2599276 | Jun 2013 | EP |
| 2004524598 | Aug 2004 | JP |
| WO 9844404 | Oct 1998 | WO |
| WO 0184285 | Nov 2001 | WO |
| WO 2006012197 | Feb 2006 | WO |
| WO 2006124832 | Nov 2006 | WO |
| WO 2008054997 | May 2008 | WO |
| WO 2011059877 | May 2011 | WO |
| WO 2012015485 | Feb 2012 | WO |
| WO 2012015489 | Feb 2012 | WO |
| WO 2012116098 | Aug 2012 | WO |
| WO 2013058940 | Apr 2013 | WO |
| WO 2013058944 | Apr 2013 | WO |
| Entry |
|---|
| Citrix, CTX 115813—FAX: XenMotion, Live Migration—Citrix Knowledge Center, copyright 1999-2012 Citrix Systems, Inc., retrieved from http://support/citrix.com/article/CTX115813 on Aug. 7, 2012, 2 pages. |
| Citrix®, Citrix Synchronizer™ 1.0 RC Administrator Guide, Published May 11, 2010, copyright 2009 Citrix, 32 pages. |
| U.S. Appl. No. 13/229,502, filed Sep. 9, 2011, entitled System and Method for Passive Threat Detection Using Memory Inspection, Inventor(s) Rishi Bhargava et al. |
| U.S. Appl. No. 13/558,181, entitled “Method and Apparatus for Process Enforced Configuration Management,” filed Jul. 25, 2012, Inventor(s) Rishi Bhargava et al. |
| U.S. Appl. No. 13/558,277, entitled “Method and Apparatus for Process Enforced Configuration Management,” filed Jul. 25, 2012, Inventor(s) Rishi Bhargava et al. |
| VMware VMotion Product Datasheet, How is VMware VMotion Used in the Enterprise?, copyright 2009 VMware, Inc., retrieved from http://www.vmware.com/files/pfd/VMware-VMotion-DS-EN.pdf, printed Aug. 7, 2012, 2 pages. |
| VMware vSphere™ Experience Game-changing Virtual Machine Mobility, copyright 2012 VMware, Inc., retrieved from website: http://www.vmware.com/products/vmotion/overview.html, printed Aug. 7, 2012, 2 pages. |
| VMware vSphere™ Features of VMware vMotion for Live Migration of Virtual Machines, copyright 2012 VMware, Inc., retrieved from http://www.vmware.com/products/vmotion/features.html, printed Aug. 7, 2012, 2 pages. |
| “Xen Architecture Overview,” Xen, dated Feb. 13, 2008, Version 1.2, http://wiki.xensource.com/xenwiki/XenArchitecture?action=AttachFile&do=get&target=Xen+architecture—Q1+2008.pdf, printed Aug. 18, 2009 (9 pages). |
| Eli M. Dow, et al., “The Xen Hypervisor,” INFORMIT, dated Apr. 10, 2008, http://www.informit.com/articles/printerfriendly.aspx?p=1187966, printed Aug. 11, 2009 (13 pages). |
| Kurt Gutzmann, “Access Control and Session Management in the HTTP Environment,” Jan./Feb. 2001, pp. 26-35, IEEE Internet Computing. |
| U.S. Appl. No. 10/651,591, entitled “Method and System for Containment of Networked Application Client Software by Explicit Human Input,” filed Aug. 29, 2003 Inventor(s): Rosen Sharma et al. |
| U.S. Appl. No. 11/060,683, entitled “Distribution and Installation of Solidified Software on a Computer,” filed Feb. 16, 2005, Inventor(s): Bakul Shah et al. |
| U.S. Appl. No. 11/379,953, entitled “Software Modification by Group to Minimize Breakage,” filed Apr. 24, 2006, Inventor(s): E. John Sebes et al. |
| U.S. Appl. No. 11/437,317, entitled “Connectivity-Based Authorization,” filed May 18, 2006, Inventor(s): E. John Sebes et al. |
| U.S. Appl. No. 12/008,274, entitled Method and Apparatus for Process Enforced Configuration Management, filed Jan. 9, 2008, Inventor(s) Rishi Bhargava et al. |
| U.S. Appl. No. 12/291,232, entitled “Method of and System for Computer System State Checks,” filed Nov. 7, 2008, inventor(s) Rishi Bhargava et al. |
| U.S. Appl. No. 12/426,859, entitled “Method of and System for Reverse Mapping Vnode Pointers,” filed Apr. 20, 2009, Inventor(s): Suman Saraf et al. |
| U.S. Appl. No. 12/322,220, entitled “Method of and System for Malicious Software Detection Using Critical Address Space Protection,” filed Jan. 29, 2009, Inventor(s): Suman Saraf et al. |
| Desktop Management and Control, Website: http://www.vmware.com/solutions/desktop/, printed Oct. 12, 2009, 1 page. |
| Secure Mobile Computing, Website: http://www.vmware.com/solutions/desktop/mobile.html, printed Oct. 12, 2009, 2 pages. |
| U.S. Appl. No. 12/636,414, entitled “System and Method for Managing Virtual Machine Configurations,” filed Dec. 11, 2009, Inventor(s) Harvinder Singh Sawhney, et al. |
| Barrantes et al., “Randomized Instruction Set Emulation to Dispurt Binary Code Injection Attacks,” Oct. 27-31, 2003, ACM, pp. 281-289. |
| Check Point Software Technologies Ltd.: “ZoneAlarm Security Software User Guide Version 9”, Aug. 24, 2009, XP002634548, 259 pages, retrieved from Internet: URL:http://download.zonealarm.com/bin/media/pdf/zaclient91—user—manual.pdf. |
| Gaurav et al., “Countering Code-Injection Attacks with Instruction-Set Randomization,” Oct. 27-31, 2003, ACM, pp. 272-280. |
| Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority (1 page), International Search Report (4 pages), and Written Opinion (3 pages), mailed Mar. 2, 2011, International Application No. PCT/US2010/055520. |
| Notification of Transmittal of the International Search Report and the Written Opinion of the International Searching Authority, or the Declaration (1 page), International Search Report (6 pages), and Written Opinion of the International Searching Authority (10 pages) for International Application No. PCT/US2011/020677 mailed Jul. 22, 2011. |
| Notification of Transmittal of the International Search Report and Written Opinion of the International Searching Authority, or the Declaration (1 page), International Search Report (3 pages), and Written Opinion of the International Search Authority (6 pages) for International Application No. PCT/US2011/024869 mailed Jul. 14, 2011. |
| Tal Garfinkel, et al., “Terra: A Virtual Machine-Based Platform for Trusted Computing,” XP-002340992, SOSP'03, Oct. 19-22, 2003, 14 pages. |
| U.S. Appl. No. 12/880,125, entitled “System and Method for Clustering Host Inventories,” filed Sep. 12, 2010, Inventor(s) Rishi Bhargava et al. |
| U.S. Appl. No. 12/903,993, entitled “Method and System for Containment of Usage of Language Interfaces,” filed Oct. 13, 2010, Inventor(s) Rosen Sharma, et al. |
| U.S. Appl. No. 12/946,344, entitled “Method and System for Containment of Usage of Language Interfaces,” filed Nov. 15, 2010, Inventor(s) Rosen Sharma, et al. |
| U.S. Appl. No. 13/012,138, entitled “System and Method for Selectively Grouping and Managing Program Files,” filed Jan. 24, 2011, Inventor(s) Rishi Bhargava et al. |
| U.S. Appl. No. 13/037,988, entitled “System and Method for Botnet Detection by Comprehensive Email Behavioral Analysis,” filed Mar. 1, 2011, Inventor(s) Sven Krasser, et al. |
| U.S. Appl. No. 12/322,321, entitled “Method of and System for Computer System Denial-of-Service Protection,” filed Jan. 29, 2009, Inventor(s): Suman Saraf et al. |
| IA-32 Intel® Architecture Software Developer's Manual, vol. 3B; Jun. 2006; pp. 13, 15, 22 and 145-146. |
| Notification of International Preliminary Report on Patentability and Written Opinion mailed May 24, 2012 for International Application No. PCT/US2010/055520, 5 pages. |
| Sailer et al., sHype: Secure Hypervisor Approach to Trusted Virtualized Systems, IBM research Report, Feb. 2, 2005, 13 pages. |
| Myung-Sup Kim et al., “A load cluster management system using SNMP and web”, [Online], May 2002, pp. 367-378, [Retrieved from Internet on Oct. 24, 2012], <http://onlinelibrary.wiley.com/doi/10.1002/nem.453/pdf>. |
| G. Pruett et al., “BladeCenter systems management software”, [Online], Nov. 2005, pp. 963-975, [Retrieved from Internet on Oct. 24, 2012], <http://citeseerx.lst.psu.edu/viewdoc/download?doi=10.1.1.91.5091&rep=rep1&type=pdf>. |
| Philip M. Papadopoulos et al., “NPACI Rocks: tools and techniques for easily deploying manageable Linux clusters” [Online], Aug. 2002, pp. 707-725, [Retrieved from internet on Oct. 24, 2012], <http://onlinelibrary.wiley.com/doi/10.1002/cpe.722/pdf>. |
| Thomas Staub et al., “Secure Remote Management and Software Distribution for Wireless Mesh Networks”, [Online], Sep. 2007, pp. 1-8, [Retrieved from Internet on Oct. 24, 2012], <http://cds.unibe.ch/research/pub—files/B07.pdf>. |
| “What's New: McAfee VirusScan Enterprise, 8.8,” copyright 2010, retrieved on Nov. 23, 2012 at https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT—DOCUMENTATION/22000/PD22973/en—US/VSE%208.8%20-%20What's%20New.pdf, 4 pages. |
| “McAfee Management for Optimized Virtual Environments,” copyright 2012, retrieved on Nov. 26, 2012 at AntiVirushttp://www.mcafee.com/us/resources/data-sheets/ds-move-anti-virus.pdf, 2 pages. |
| Rivest, R., “The MD5 Message-Digest Algorithm”, RFC 1321, Apr. 1992, retrieved on Dec. 14, 2012 from http://www.ietf.org/rfc/rfc1321.txt, 21 pages. |
| Hinden, R. And B. Haberman, “Unique Local IPv6 Unicast Addresses”, RFC 4193, Oct. 2005, retrieved on Nov. 20, 2012 from http://tools.ietf.org/pdf/rfc4193.pdf, 17 pages. |
| “Secure Hash Standard (SHS)”, Federal Information Processing Standards Publication, FIPS PUB 180-4, Mar. 2012, retrieved on Dec. 14, 2012 from http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf, 35 pages. |
| U.S. Appl. No. 13/728,705, filed Dec. 27, 2012, entitled “Herd Based Scan Avoidance System in a Network Environment,”, Inventors Venkata Ramanan, et al. |
| An Analysis of Address Space Layout Randomization on Windows Vista™, Symantec Advanced Threat Research, copyright 2007 Symantec Corporation, available at http://www.symantec.com/avcenter/reference/Address—Space—Layout—Randomization.pdf, 19 pages. |
| Bhatkar, et al., “Efficient Techniques for Comprehensive Protection from Memory Error Exploits,” USENIX Association, 14th USENIX Security Symposium, Aug. 1-5, 2005, Baltimore, MD, 16 pages. |
| Dewan, et al., “A Hypervisor-Based System for Protecting Software Runtime Memory and Persistent Storage,” Spring Simulation Multiconference 2008, Apr. 14-17, 2008, Ottawa, Canada, (available at website: www.vodun.org/papers/2008—secure—locker—submit—v1-1.pdf, printed Oct. 11, 2011), 8 pages. |
| Shacham, et al., “On the Effectiveness of Address-Space Randomization,” CCS'04, Oct. 25-29, 2004, Washington, D.C., Copyright 2004, 10 pages. |
| International Search Report and Written Opinion mailed Dec. 14, 2012 for International Application No. PCT/US2012/055674, 9 pages. |
| International Preliminary Report on Patentability and Written Opinion issued Jan. 29, 2013 for International Application No. PCT/US2011/020677 (9 pages). |
| International Preliminary Report on Patentability and Written Opinion issued Jan. 29, 2013 for International Application No. PCT/US2011/024869 (6 pages). |
| Datagram Transport Layer Security Request for Comments 4347, E. Rescorla, et al., Stanford University, Apr. 2006, retrieved and printed on Oct. 17, 2011 from http://tools.ietf.org/pdf/rfc4347.pdf, 26 pages. |
| Internet Control Message Protocol Request for Comments 792, J. Postel, ISI, Sep. 1981, retrieved and printed on Oct. 17, 2011 from http://tools.ietf.org/html/rfc792, 22 pages. |
| Mathew J. Schwartz, “Palo Alto Introduces Security for Cloud, Mobile Users,” retrieved Feb. 9, 2011 from http://www.informationweek.com/news/security/perimeter/showArticle.jhtml?articleID-22, 4 pages. |
| Requirements for IV Version 4 Routers Request for Comments 1812, F. Baker, Cisco Systems, Jun. 1995, retrieved and printed on Oct. 17, 2011 from http://tools.ietf.org/pdf/rfc1812.pdf, 176 pages. |
| The Keyed-Hash Message Authentication Code (HMAC), FIPS PUB 198, Issued Mar. 6, 2002, Federal Information Processing Standards Publication, retrieved and printed on Oct. 17, 2011 from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf, 20 pages. |
| Zhen Chen et al., “Application Level Network Access Control System Based on TNC Architecture for Enterprise Network,” In: Wireless communications Networking and Information Security (WCNIS), 2010 IEEE International Conference, Jun. 25-27, 2010 (5 pages). |
| International Search Report and Written Opinion, International Application No. PCT/US2012/026169, mailed Jun. 18, 2012, 11 pages. |
| International Search Report and Written Opinion, International Application No. PCT/US2012/057312, mailed Jan. 31, 2013, 10 pages. |
| International Search Report and Written Opinion, International Application No. PCT/US2012/057153, mailed Dec. 26, 2012, 8 pages. |
| U.S. Appl. No. 13/437,900, filed Apr. 2, 2012, entitled “System and Method for Interlocking a Host and a Gateway,”, Inventors: Geoffrey Howard Cooper, et al. |
| Narten et al., RFC 4861, “Neighbor Discovery for IP version 6 (IPv6)”, Sep. 2007, retrieved from http://tools.ietf.org/html/rfc4861, 194 pages [Parts 1, 2 and 3]. |
| International Preliminary Report on Patentability, International Application No. PCT/US2012/026169, issued Aug. 27, 2013, 8 pages. |
| USPTO Aug. 14, 2013 Notice of Allowance from U.S. Appl. No. 13/540,448. |
| U.S. Appl. No. 14/045,208, filed Oct. 3, 2013, entitled “Execution Environment File Inventory,”, Inventors Rishi Bhargava, et al. |
| USPTO Terminal Disclaimer of 7,757,269 from U.S. Appl. No. 13/540,448, filed Jul. 10, 2013, 1 page. |
| USPTO Response to Office Action received for U.S. Appl. No. 13/540,448, filed Jul. 10, 2013, 13 pages. |
| USPTO Terminal Disclaimer of 8,234,713 from U.S. Appl. No. 13/540,448, filed Jul. 10, 2013, 1 page. |
| USPTO Office Action received for U.S. Appl. No. 13/540,448, mailed on Apr. 10, 2013, 20 pages. |
| USPTO Response to Office Action received for U.S. Appl. No. 13/558,181, filed Oct. 24, 2013, 11 pages. |
| USPTO Office Action received for U.S. Appl. No. 13/558,181, mailed on Aug. 7, 2013, 13 pages. |
| USPTO Response to Office Action received for U.S. Appl. No. 13/558,181, filed Jul. 22, 2013, 12 pages. |
| USPTO Office Action received for U.S. Appl. No. 13/558,181, mailed on May 8, 2013, 13 pages. |
| USPTO Office Action received for U.S. Appl. No. 13/558,277, mailed on Oct. 3, 2013, 11 pages. |
| USPTO Response to Office Action received for U.S. Appl. No. 13/558,277, filed Sep. 10, 2013, 17 pages. |
| USTPO Office Action received for U.S. Appl. No. 13/558,277, mailed on May 10, 2013, 22 pages. |
| USPTO Response to Office Action received for U.S. Appl. No. 12/291,232, filed Jan. 18, 2012, 14 pages. |
| USPTO Office Action received for U.S. Appl. No. 12/291,232, mailed on Oct. 18, 2011, 17 pages. |
| USPTO Response to Office Action received for U.S. Appl. No. 12/291,232, filed Jul. 25, 2011, 13 pages. |
| USPTO Office Action received for U.S. Appl. No. 12/291,232, mailed on Apr. 25, 2011, 23 pages. |
| PCT Application Serial No. PCT/US13/66690, filed Oct. 24, 2013, entitled “Agent Assisted Malicious Application Blocking in a Network Environment,” 67 pages. |
| Patent Examination Report No. 1, Australian Application No. 2011283160, mailed Oct. 30, 2013. |
| Number | Date | Country | |
|---|---|---|---|
| 20120290827 A1 | Nov 2012 | US |
| Number | Date | Country | |
|---|---|---|---|
| 60879826 | Jan 2007 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 12008274 | Jan 2008 | US |
| Child | 13558227 | US |
