Patent Grant
8307405
IBM® is a registered trademark of International Business Machines Corporation, Armonk, N.Y., U.S.A. Other names used herein may be registered trademarks, trademarks or product names of International Business Machines Corporation or other companies.
1. Field of the Invention
This invention relates generally to workload management in a computing environment and, more particularly, to methods, devices, and computer program products for implementing a zero-trust policy in storage reports.
2. Description of Background
Many modem computing environments include load balancers or workload managers that monitor the resource consumption of a plurality of machines in a management pool. These resources include memory and storage devices that are accessed by one or more of the machines. In most cases, instrumentation is placed on one or more participating machines that are to be managed. If a participating machine is compromised, there exist potential attack vectors for all machines participating in the management pool. Moreover, a participating machine may report erroneous information indicating that the participating machine requires extensive resources whereas, in fact, the resource needs of the participating machine are relatively modest. Accordingly, what is needed is a technique for monitoring memory or storage utilization that does not rely upon information reported by a participating machine. A solution that addresses, at least in part, the above and other shortcomings is desired.
Embodiments of the invention include methods for implementing a zero-trust policy in storage reports. Introspection of a guest memory having a guest memory layout is performed. An operating system (OS) memory map is accepted. The guest memory layout is compared with the OS memory map. When the guest memory layout matches the OS memory map, the OS memory map is used to obtain one or more interested memory segments. Data processing is performed using an OS corresponding to the OS memory map and using the one or more interested memory segments.
Hardware products and computer program products corresponding to the above-summarized methods are also described and claimed herein. Other methods, hardware products, and computer program products according to embodiments will be or become apparent to one with skill in the art upon review of the following drawings and detailed description. It is intended that all such additional methods, hardware products, and computer program products be included within this description, be within the scope of the present invention, and be protected by the accompanying claims.
Referring now to the drawings, wherein like elements are numbered alike in the several FIGURES:
The detailed description explains the preferred embodiments of the invention, together with advantages and features, by way of example with reference to the drawings.
In the following description, details are set forth to provide an understanding of the invention. In some instances, certain software, circuits, structures and methods have not been described or shown in detail in order not to obscure the invention. The term “data processing system” is used herein to refer to any machine for processing data, including the client/server computer systems and network arrangements described herein. The present invention may be implemented in any computer programming language provided that the operating system of the data processing system provides the facilities that may support the requirements of the present invention. The invention may be implemented with software, firmware, or hardware, or any of various combinations thereof.
If the test performed at block 106 indicates that the guest memory layout does not match the OS memory map accepted at block 102, a test is performed at block 110 to ascertain whether or not there is another OS memory map in addition to the OS memory map of block 102 that has been previously accepted, and that can be compared to the guest memory layout. The affirmative branch from block 110 leads back to block 104, whereas the negative branch from block 110 leads to block 114 where the procedure is aborted.
The procedure of
Because an OS is often used to run a particular application or set of applications in a dedicated hardware server, use of the hypervisor 201 makes it possible to run multiple OS's (and their applications) in a single server, reducing overall hardware costs. Thus, a plurality of production and test systems can run at the same time in the same hardware. In addition, with the hypervisor 201, different operating systems such as Windows and Linux can share the same server.
Optionally, the data processing system 3100 may be linked to other data processing systems over the network 3103. These other data processing systems may, but need not, include an application for implementing a zero-trust policy in storage reports. Of course, the data processing system 3100 may contain additional software and hardware, a description of which is not necessary for understanding the invention.
The data processing system 3100 has stored therein data representing sequences of instructions which, when executed, cause the methods described in connection with
The capabilities of the present invention can be implemented in software, firmware, hardware or some combination thereof. As one example, one or more aspects of the present invention can be included in an article of manufacture (e.g., one or more computer program products) having, for instance, computer usable media. The media has embodied therein, for instance, computer readable program code means for providing and facilitating the capabilities of the present invention. The article of manufacture can be included as a part of a computer system or sold separately.
Additionally, at least one program storage device readable by a machine, tangibly embodying at least one program of instructions executable by the machine to perform the capabilities of the present invention can be provided.
The flow diagrams depicted herein are just examples. There may be many variations to these diagrams or the steps (or operations) described therein without departing from the spirit of the invention. For instance, the steps may be performed in a differing order, or steps may be added, deleted or modified. All of these variations are considered a part of the claimed invention.
While the preferred embodiment to the invention has been described, it will be understood that those skilled in the art, both now and in the future, may make various improvements and enhancements which fall within the scope of the claims which follow. These claims should be construed to maintain the proper protection for the invention first described.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6026462 | George et al. | Feb 2000 | A |
| 6735666 | Koning | May 2004 | B1 |
| 7089377 | Chen | Aug 2006 | B1 |
| 7257811 | Hunt et al. | Aug 2007 | B2 |
| 7340777 | Szor | Mar 2008 | B1 |
| 7814287 | Pratt | Oct 2010 | B2 |
| 20050086523 | Zimmer et al. | Apr 2005 | A1 |
| 20050160151 | Rawson, III | Jul 2005 | A1 |
| 20060005189 | Vega et al. | Jan 2006 | A1 |
| 20060070065 | Zimmer et al. | Mar 2006 | A1 |
| 20060294519 | Hattori et al. | Dec 2006 | A1 |
| 20070006218 | Vinberg et al. | Jan 2007 | A1 |
| 20070050764 | Traut | Mar 2007 | A1 |
| 20070061441 | Landis et al. | Mar 2007 | A1 |
| 20070061492 | van Riel | Mar 2007 | A1 |
| 20070130366 | O'Connell et al. | Jun 2007 | A1 |
| 20070244972 | Fan | Oct 2007 | A1 |
| 20070266383 | White | Nov 2007 | A1 |
| 20070271559 | Easton et al. | Nov 2007 | A1 |
| 20080005297 | Kjos et al. | Jan 2008 | A1 |
| 20080028124 | Tago | Jan 2008 | A1 |
| 20080235793 | Schunter et al. | Sep 2008 | A1 |
| 20080263658 | Michael et al. | Oct 2008 | A1 |
| 20090063749 | Dow | Mar 2009 | A1 |
| 20090204964 | Foley et al. | Aug 2009 | A1 |
| 20090241109 | Vandegrift et al. | Sep 2009 | A1 |
| 20090300605 | Edwards et al. | Dec 2009 | A1 |
| 20100017800 | Dow et al. | Jan 2010 | A1 |
| Number | Date | Country | |
|---|---|---|---|
| 20090271841 A1 | Oct 2009 | US |
