Patent Grant
8881279
1. Technical Field
Some embodiments of the disclosure relate to the management of cloud-based computing environments. Systems, methods, and media provided herein may be utilized for zone-based intrusion detection in a cloud computing environment.
2. Description of Related Art
A cloud is a resource that typically combines the computational power of a large grouping of processors and/or that combines the storage capacity of a large grouping of computer memories or storage devices. For example, systems that provide a cloud resource may be utilized exclusively by their owners, such as Google™ or Yahoo! ™, or such systems may be accessible to outside users who deploy applications within the computing infrastructure to obtain the benefit of large computational or storage resources.
The cloud may be formed, for example, by a network of web servers with each server (or at least a plurality thereof) providing processor and/or storage resources. These servers may manage workloads provided by multiple users (e.g., cloud resource customers or other users). Typically, each user places workload demands upon the cloud that vary in real-time, sometimes dramatically. The nature and extent of these variations may depend on the type of business associated with the user. Hackers sometimes try to compromise computer systems, including cloud-based systems. It would be desirable to provide security and prevent this from occurring.
According to some embodiments, the present technology may be directed to system and methods for zone-based intrusion detection. The system may comprise a multi-tenant system; a server communicatively coupled with the multi-tenant system; a zone-based intrusion detection module running on the server; a zone within the server, the zone being a tenant and including at least one process running on it; and a debugger module that examines the process in real-time. The system may comprise a multi-tenant system; a server communicatively coupled with the multi-tenant system; a zone-based intrusion detection system (ZIDS) module running on the same server (or system) as a target tenant and residing in a global zone and immune from compromise by a target tenant, the ZIDS module directly inspects a target tenant running one or more processes; a zone within the server, the zone being a tenant and including at least one process running on it; and a debugger module that examines the process in real-time.
Before explaining the presently disclosed and claimed inventive concept(s) in detail by way of exemplary embodiments, drawings, and appended claims, it is to be understood that the present disclosure is not limited in its application to the details of construction and the arrangement of the components set forth in the following description or illustrated in the drawings. The present disclosure is capable of other embodiments or of being practiced or carried out in various ways. As such, the language used herein is intended to be given the broadest possible scope and meaning; and the embodiments are meant to be exemplary—not exhaustive. It is to be understood that the phraseology and terminology employed herein is for the purpose of description and should not be regarded as limiting. Unless otherwise required by context, singular terms may include pluralities and plural terms may include the singular.
It is desirable to be able to detect that a cloud instance has been compromised by hackers (crackers). It is important to identify suspicious activity. For example, a site could be being used for something nefarious. This should be identified and checked. Once a system is compromised, it may be used for piracy, dissemination of credit card numbers, or numerous other illegal activities.
In HIDS system 100, one runs software on the server that monitors for malicious activity and inspects processes. If a server is compromised, an attacker can then interfere with the HIDS monitoring software. If a hacker performs a privilege escalation attack and become a “super user,” he could modify the HIDS software so that it does not record his illegal activities. The hacker could delete the log or change the log etc.
This becomes a problem when one is trying to use this as evidence in a court of law because an individual cannot guarantee nonrepudiation. For HIDS, an exemplary known good quantity is a separate read-only CD ROM. There is not a known good quality within the server—the whole server may be compromised. After a detection of illegal activity, law enforcement should present evidence that one knows is not tainted. In some other systems one cannot say tools have not been compromised unless one produces an evidence bag with the CD ROM used for analysis.
Generally, HIDS can be more effective at identifying malicious activity than a network-based intrusion detection system (NIDS; discussed herein). This is software one runs on one's system to identify suspicious activity. This is better because one has the context of the applications. In other words, one may monitor what the applications are doing with respect to the operating system, their running software, as well as the network to identify suspicious activity. NIDS falls victim to the problem that hackers encrypt traffic/packets often. However, on the host HIDS can detect this encryption, and can examine activity after decryption. One problem with HIDS, and what the present technology (ZIDS, discussed herein) solves, is that the HIDS software is vulnerable to being compromised. Hackers call this “root kits”—when one installs software on a system with nefarious versions that lie to you. One then cannot run commands on a system because the commands themselves may be compromised. Law enforcement has the problem that evidence may be tainted. Thus, law enforcement uses what is called a “known to be good” CD ROM containing trusted analysis tools, boots a server from this CD ROM and runs software from it to examine the hard disks. This is providing what is known in the art as nonrepudiation.
NIDS is usually a separate dedicated server that connects to the network. This makes the NIDS secure, because if someone compromises a target server, and uses what is known in the art as a privilege escalation attack, they have no direct access to compromise the NIDS system itself, which is separate. However, since NIDS can only look at network packets, it misses out on a lot of context. One does not get to see what processes are doing, and one does not get to see plaintext (the decrypted/decompressed version of the data packets/traffic). Therefore, as a means for defeating NIDS, hackers tend to encrypt their malware on the network to make it more difficult to identify—because the NIDS cannot decrypt the encrypted packets. NIDS is secure but it has limited observability.
The present technology may employ a software virtualized solution within a cloud platform, wherein each tenant is a container built into the underlying operating system of the cloud. The present technology may provision a tenant (also known as a zone) for each customer, and this architecture grants the system additional flexibility when allocating resources to individual tenants. The present technology may observe the activity of all tenants, and can coordinate with the kernel of the cloud to optimize resource management between tenants.
The system 300 may include a multi-tenant system 305 that may include a cloud-based computing environment. As stated herein, a cloud-based computing environment is a resource that typically combines the computational power of a large grouping of processors and/or that combines the storage capacity of a large grouping of computer memories or storage devices. For example, systems that provide a cloud resource may be utilized exclusively by their owners, such as Google™ or Yahoo! ™; or such systems may be accessible to outside users who deploy applications within the computing infrastructure to obtain the benefit of large computational or storage resources.
The cloud may be formed, for example, by a network of web servers, with each web server (or at least a plurality thereof) providing processor and/or storage resources. These servers may manage workloads provided by multiple users (e.g., cloud resource customers or other users). Typically, each user places workload demands upon the cloud that vary in real-time, sometimes dramatically. The nature and extent of these variations typically depend on the type of business associated with the user.
In some embodiments, the cloud includes a plurality of tenants 310A-N (e.g., zones), where each tenant may represent a virtual computing system for a customer. Each tenant may be configured to perform one or more computing operations such as hosting a web page, enabling a web-based application, facilitating data storage, and so forth.
In other embodiments, the multi-tenant system 305 may include a distributed group of computing devices such as web servers that do not share computing resources or workload. Additionally, the multi-tenant system 305 may include a single computing device that has been provisioned with a plurality of programs that each produce instances of event data.
The multi-tenant system 305 may provide the tenants 310A-N with a plurality of computing resources, which may be either virtual or physical components, for example system memory 325. For the purposes of brevity, the following description may specifically describe a computing resource 330 that includes a physical storage media such as a hard disk.
Customers or system administrators may utilize client devices 315 to access their tenant within the multi-tenant system 305. Additionally, the individual parts of the system 300 may be communicatively coupled with one another via a network connection 320. The network connection may include any number or combination of private and/or public communications media, such as the Internet.
A global zone with visibility exists for the tenants within ZIDS. One may use debugger tools like DTrace to look at system events. With ZIDS, a tenant may be compromised, but the hacker will have no means to escalate to the global zone and compromise the tools that one uses to inspect. Therefore, one has a live (one may examine an application while it is still running) known to be good (known to be uncompromised) environment (global zone) from which to inspect the tenants. One is not required to power down the system and then boot from a CD ROM with use “known to be good” tools. One has non-repudiation with ZIDS, while the system is still running. The tenant may be infected but the hacker cannot install a root kit in the global zone. A kernel has no means to escalate from the tenant to the global zone. There is a known to be good area. One is running one's known good observability in a good area with ZIDS.
In a normal system of the prior art, one cannot say tools were not compromised unless one has evidence bag with a CD ROM, as mentioned herein. With ZIDS, however, one can say the tools were definitively in the global zone. One can assure the global zone tools were not compromised. There is no path to them provided by the operating system from the tenant context.
If one were to boot of a CD ROM and perform forensics, it would be a static process. Advantageously ZIDS watches processes live as they make network connections. HIDS can watch live traffic but can be compromised.
ZIDS is the first known good nonrepudiation environment that can monitor live traffic from within the server. This is important because if one tries to do this from the network, packets/traffic may be encrypted. DTrace (dynamic tracing—not static) allows one to inspect software in real time without stopping the software. One may trace the execution of the software's functions, etc. When a hacker encrypts malware to evade detection, it ultimately has to be decrypted or decompressed before running, and DTrace can detect it. Advantages include real-time analysis (e.g., process inspection), non-repudiation because you are known to be in a good global zone, deep visibility (e.g., using DTrace to look at plaintext of malware and doing this from a real-time nonrepudiation environment), and the fact that zones have one-way access (once in a zone there is no breaking out).
ZIDS embodies the best of both worlds. With ZIDS, one can see exactly what the process is doing, see plaintext, and can also have security since there are only a few code paths that change authorization. Processes within a zone are basically within their own isolated jail. If you break out of the process, you find out you are in a secure jail. The ZIDS for which one may use DTrace cannot be interfered with because it is in its own secure environment and so it provides nonrepudiation, it is secure, and it provides all the context and deep details.
It is noteworthy that in the various figures that show IDS components, there may be a local log (“local” meaning it is on the same server as the IDS software). An important point is whether the IDS could be compromised by an attacker (as is the case with HIDS, but not NIDS or ZIDS), and a secondary point is whether the log could also be compromised (again, it can be with HIDS, but it cannot be with NIDS or ZIDS). It should be mentioned that a local log is only one of multiple means of reporting for IDS. The system may also send alerts (e.g., e-mail or SMS), or, write to a remote log on another system, some of which solve the HIDS local log problem.
As used herein, the term “compromised” means the attacker is compromising the target system, which is running the application (e.g., database) of interest. Obviously, if that same system is running a HIDS, then the attacker can interfere with the HIDS software. With NIDS and ZIDS, the target system has no access to the IDS software, so there is no path from a compromised target system to compromising the IDS. However, it should be noted that attacking the NIDS system or the ZIDS global zone directly is much more difficult for the attacker (both NIDS and ZIDS can be made much more secure than the application systems; for example, they usually do not need an Internet address, so there is no publicly facing target to begin with; another point is that many attacks exploit vulnerabilities in the applications, like databases, which are not running on the NIDS or ZIDS systems).
Referring now to
The system 500 of
The components shown in
The storage system 515 may include a mass storage device and portable storage medium drive(s). The mass storage device may be implemented with a magnetic disk drive or an optical disk drive, which may be a non-volatile storage device for storing data and instructions for use by the processor 505. The mass storage device can store system software for implementing embodiments according to the present technology for purposes of loading that software into the memory 510. Some examples of the memory 510 may include RAM and ROM.
A portable storage device, as part of the storage system 515, may operate in conjunction with a portable non-volatile storage medium, such as a floppy disk, compact disk or digital video disc (DVD), to input and output data and code to and from the system 500 of
The memory and storage system of the system 500 may include a non-transitory computer-readable storage medium having stored thereon instructions executable by a processor to perform a method for determining a reduced-risk word price. The instructions may include software used to implement modules discussed herein, and other modules.
I/O interfaces 530 may provide a portion of a user interface, receive audio input (via a microphone), and provide audio output (via a speaker). The I/O interfaces 530 may include an alpha-numeric keypad, such as a keyboard, for inputting alpha-numeric and other information, or a pointing device, such as a mouse, trackball, stylus, or cursor direction keys.
The display interface 535 may include a liquid crystal display (LCD) or other suitable display device. The display interface 535 may receive textual and graphical information, and process the information for output to the display interface 535.
Some of the above-described functions may be composed of instructions that are stored on storage media (e.g., computer-readable medium). The instructions may be retrieved and executed by the processor. Some examples of storage media are memory devices, tapes, disks, and the like. The instructions are operational when executed by the processor to direct the processor to operate in accord with the invention. Those skilled in the art are familiar with instructions, processor(s), and storage media.
It is noteworthy that any hardware platform suitable for performing the processing described herein is suitable for use with the invention. The terms “non-transitory computer-readable storage medium” and “non-transitory computer-readable storage media” as used herein refer to any medium or media that participate in providing instructions to a CPU for execution. Such media can take many forms, including, but not limited to, non-volatile media, volatile media and transmission media. Non-volatile media include, for example, optical or magnetic disks, such as a fixed disk. Volatile media include dynamic memory, such as system RAM. Transmission media include coaxial cables, copper wire and fiber optics, among others, including the wires that comprise one embodiment of a bus. Transmission media can also take the form of acoustic or light waves, such as those generated during radio frequency (RF) and infrared (IR) data communications. Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, a hard disk, magnetic tape, any other magnetic medium, a CD-ROM disk, DVD, any other optical medium, any other physical medium with patterns of marks or holes, a RAM, a PROM, an EPROM, an EEPROM, a flash EEPROM, a non-flash EEPROM, any other memory chip or cartridge, or any other medium from which a computer can read.
Various forms of computer-readable media may be involved in carrying one or more sequences of one or more instructions to a CPU for execution. A bus carries the data to system RAM, from which a CPU retrieves and executes the instructions. The instructions received by system RAM can optionally be stored on a fixed disk either before or after execution by a CPU.
An exemplary computing system may be used to implement various embodiments of the systems and methods disclosed herein. The computing system may include one or more processors and memory. The memory may include a computer-readable storage medium. Common forms of computer-readable storage media include, for example, a floppy disk, a flexible disk, a hard disk, magnetic tape, any other magnetic medium, a CD-ROM disk, DVD, various forms of volatile memory, non-volatile memory that can be electrically erased and rewritten. Examples of such non-volatile memory include NAND flash and NOR flash and any other optical medium, the memory is described in the context of. The memory can also comprise various other memory technologies as they become available in the future.
Main memory stores, in part, instructions and data for execution by a processor to cause the computing system to control the operation of the various elements in the systems described herein to provide the functionality of certain embodiments. Main memory may include a number of memories including a main random access memory (RAM) for storage of instructions and data during program execution and a read only memory (ROM) in which fixed instructions are stored. Main memory may store executable code when in operation. The system further may include a mass storage device, portable storage medium drive(s), output devices, user input devices, a graphics display, and peripheral devices. The components may be connected via a single bus. Alternatively, the components may be connected via multiple buses. The components may be connected through one or more data transport means. Processor unit and main memory may be connected via a local microprocessor bus, and the mass storage device, peripheral device(s), portable storage device, and display system may be connected via one or more input/output (I/O) buses.
Mass storage device, which may be implemented with a magnetic disk drive or an optical disk drive, may be a non-volatile storage device for storing data and instructions for use by the processor unit. Mass storage device may store the system software for implementing various embodiments of the disclosed systems and methods for purposes of loading that software into the main memory. Portable storage devices may operate in conjunction with a portable non-volatile storage medium, such as a floppy disk, compact disk or DVD, to input and output data and code to and from the computing system. The system software for implementing various embodiments of the systems and methods disclosed herein may be stored on such a portable medium and input to the computing system via the portable storage device.
Input devices may provide a portion of a user interface. Input devices may include an alpha-numeric keypad, such as a keyboard, for inputting alpha-numeric and other information, or a pointing device, such as a mouse, a trackball, stylus, or cursor direction keys. In general, the term input device is intended to include all possible types of devices and ways to input information into the computing system. Additionally, the system may include output devices. Suitable output devices include speakers, printers, network interfaces, and monitors. Display system may include a liquid crystal display (LCD) or other suitable display device. Display system may receive textual and graphical information, and processes the information for output to the display device. In general, use of the term output device is intended to include all possible types of devices and ways to output information from the computing system to the user or to another machine or computing system.
Peripherals may include any type of computer support device to add additional functionality to the computing system. Peripheral device(s) may include a modem or a router or other type of component to provide an interface to a communication network. The communication network may comprise many interconnected computing systems and communication links. The communication links may be wireline links, optical links, wireless links, or any other mechanisms for communication of information. The components contained in the computing system may be those typically found in computing systems that may be suitable for use with embodiments of the systems and methods disclosed herein and are intended to represent a broad category of such computing components that are well known in the art. Thus, the computing system may be a personal computer, hand held computing device, telephone, mobile computing device, workstation, server, minicomputer, mainframe computer, or any other computing device. The computer may also include different bus configurations, networked platforms, multi-processor platforms, etc.
Various operating systems may be used including SmartOS, Unix, Linux, Windows, Macintosh OS, Palm OS, and other suitable operating systems. Due to the ever changing nature of computers and networks, the description of the computing system is intended only as a specific example for purposes of describing embodiments. Many other configurations of the computing system are possible having more or fewer components.
It is noteworthy that various modules and engines may be located in different places in various embodiments. Modules and engines mentioned herein can be stored as software, firmware, hardware, as a combination, or in various other ways. It is contemplated that various modules and engines can be removed or included in other suitable locations besides those locations specifically disclosed herein. In various embodiments, additional modules and engines can be included in the exemplary embodiments described herein.
The foregoing detailed description of the technology herein has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the technology to the precise form disclosed. Many modifications and variations are possible in light of the above teaching. For example, software modules and engines discussed herein may be combined, expanded into multiple modules and engines, communicate with any other software module(s) and engine(s), and otherwise may be implemented in other configurations. The described embodiments were chosen in order to best explain the principles of the technology and its practical application to thereby enable others skilled in the art to best utilize the technology in various embodiments and with various modifications as are suited to the particular use contemplated. It is intended that the scope of the technology be defined by the claims appended hereto.
While various embodiments have been described above, it should be understood that they have been presented by way of example only, and not limitation. The descriptions are not intended to limit the scope of the invention to the particular forms set forth herein. Thus, the breadth and scope of a preferred embodiment should not be limited by any of the above-described exemplary embodiments. It should be understood that the above description is illustrative and not restrictive. To the contrary, the present descriptions are intended to cover such alternatives, modifications, and equivalents as may be included within the spirit and scope of the invention as defined by the appended claims and otherwise appreciated by one of ordinary skill in the art. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the appended claims along with their full scope of equivalents.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6088694 | Burns et al. | Jul 2000 | A |
| 6393495 | Flory et al. | May 2002 | B1 |
| 6553391 | Goldring et al. | Apr 2003 | B1 |
| 6901594 | Cain et al. | May 2005 | B1 |
| 7222345 | Gray et al. | May 2007 | B2 |
| 7265754 | Brauss | Sep 2007 | B2 |
| 7379994 | Collazo | May 2008 | B2 |
| 7437730 | Goyal | Oct 2008 | B2 |
| 7529780 | Braginsky et al. | May 2009 | B1 |
| 7581219 | Neiger et al. | Aug 2009 | B2 |
| 7603671 | Liu | Oct 2009 | B2 |
| 7640547 | Neiman et al. | Dec 2009 | B2 |
| 7685148 | Engquist et al. | Mar 2010 | B2 |
| 7774457 | Talwar et al. | Aug 2010 | B1 |
| 7814465 | Liu | Oct 2010 | B2 |
| 7849111 | Huffman et al. | Dec 2010 | B2 |
| 7899901 | Njemanze et al. | Mar 2011 | B1 |
| 7904540 | Hadad et al. | Mar 2011 | B2 |
| 7917599 | Gopalan et al. | Mar 2011 | B1 |
| 7933870 | Webster | Apr 2011 | B1 |
| 7940271 | Wright et al. | May 2011 | B2 |
| 8006079 | Goodson et al. | Aug 2011 | B2 |
| 8010498 | Gounares et al. | Aug 2011 | B2 |
| 8141090 | Graupner et al. | Mar 2012 | B1 |
| 8181182 | Martin | May 2012 | B1 |
| 8244559 | Horvitz et al. | Aug 2012 | B2 |
| 8301746 | Head et al. | Oct 2012 | B2 |
| 8336051 | Gokulakannan | Dec 2012 | B2 |
| 8346935 | Mayo et al. | Jan 2013 | B2 |
| 8370936 | Zuk et al. | Feb 2013 | B2 |
| 8417673 | Stakutis et al. | Apr 2013 | B2 |
| 8417746 | Gillett, Jr. et al. | Apr 2013 | B1 |
| 8429282 | Ahuja et al. | Apr 2013 | B1 |
| 8434081 | Cervantes et al. | Apr 2013 | B2 |
| 8464251 | Sahita et al. | Jun 2013 | B2 |
| 8468251 | Pijewski et al. | Jun 2013 | B1 |
| 8547379 | Pacheco et al. | Oct 2013 | B2 |
| 8555276 | Hoffman et al. | Oct 2013 | B2 |
| 8631131 | Kenneth et al. | Jan 2014 | B2 |
| 8677359 | Cavage et al. | Mar 2014 | B1 |
| 8775485 | Cavage et al. | Jul 2014 | B1 |
| 8782224 | Pijewski et al. | Jul 2014 | B2 |
| 8789050 | Hoffman et al. | Jul 2014 | B2 |
| 8793688 | Mustacchi et al. | Jul 2014 | B1 |
| 8826279 | Pacheco et al. | Sep 2014 | B1 |
| 20020069356 | Kim | Jun 2002 | A1 |
| 20020082856 | Gray et al. | Jun 2002 | A1 |
| 20020156767 | Costa et al. | Oct 2002 | A1 |
| 20020198995 | Liu et al. | Dec 2002 | A1 |
| 20030154112 | Neiman et al. | Aug 2003 | A1 |
| 20030163596 | Halter et al. | Aug 2003 | A1 |
| 20040088293 | Daggett | May 2004 | A1 |
| 20050097514 | Nuss | May 2005 | A1 |
| 20050108712 | Goyal | May 2005 | A1 |
| 20050188075 | Dias et al. | Aug 2005 | A1 |
| 20060107087 | Sieroka et al. | May 2006 | A1 |
| 20060153174 | Towns-von Stauber et al. | Jul 2006 | A1 |
| 20060218285 | Talwar et al. | Sep 2006 | A1 |
| 20060246879 | Miller et al. | Nov 2006 | A1 |
| 20060248294 | Nedved et al. | Nov 2006 | A1 |
| 20060294579 | Khuti et al. | Dec 2006 | A1 |
| 20070088703 | Kasiolas et al. | Apr 2007 | A1 |
| 20070118653 | Bindal | May 2007 | A1 |
| 20070168336 | Ransil et al. | Jul 2007 | A1 |
| 20070179955 | Croft et al. | Aug 2007 | A1 |
| 20070250838 | Belady et al. | Oct 2007 | A1 |
| 20070271570 | Brown et al. | Nov 2007 | A1 |
| 20080080396 | Meijer et al. | Apr 2008 | A1 |
| 20080103861 | Zhong | May 2008 | A1 |
| 20080155110 | Morris | Jun 2008 | A1 |
| 20090044188 | Kanai et al. | Feb 2009 | A1 |
| 20090077235 | Podila | Mar 2009 | A1 |
| 20090164990 | Ben-Yehuda et al. | Jun 2009 | A1 |
| 20090172051 | Huffman et al. | Jul 2009 | A1 |
| 20090193410 | Arthursson et al. | Jul 2009 | A1 |
| 20090216910 | Duchesneau | Aug 2009 | A1 |
| 20090259345 | Kato et al. | Oct 2009 | A1 |
| 20090260007 | Beaty et al. | Oct 2009 | A1 |
| 20090300210 | Ferris | Dec 2009 | A1 |
| 20100050172 | Ferris | Feb 2010 | A1 |
| 20100057913 | Dehaan | Mar 2010 | A1 |
| 20100106820 | Gulati et al. | Apr 2010 | A1 |
| 20100114825 | Siddegowda | May 2010 | A1 |
| 20100125845 | Sugumar et al. | May 2010 | A1 |
| 20100131324 | Ferris | May 2010 | A1 |
| 20100131854 | Little | May 2010 | A1 |
| 20100153958 | Richards et al. | Jun 2010 | A1 |
| 20100162259 | Koh et al. | Jun 2010 | A1 |
| 20100223383 | Salevan et al. | Sep 2010 | A1 |
| 20100223385 | Gulley et al. | Sep 2010 | A1 |
| 20100228936 | Wright et al. | Sep 2010 | A1 |
| 20100235632 | Iyengar et al. | Sep 2010 | A1 |
| 20100250744 | Hadad et al. | Sep 2010 | A1 |
| 20100262752 | Davis et al. | Oct 2010 | A1 |
| 20100268764 | Wee et al. | Oct 2010 | A1 |
| 20100299313 | Orsini et al. | Nov 2010 | A1 |
| 20100306765 | Dehaan | Dec 2010 | A1 |
| 20100306767 | Dehaan | Dec 2010 | A1 |
| 20100318609 | Lahiri et al. | Dec 2010 | A1 |
| 20100332262 | Horvitz et al. | Dec 2010 | A1 |
| 20100332629 | Cotugno et al. | Dec 2010 | A1 |
| 20100333087 | Vaidyanathan et al. | Dec 2010 | A1 |
| 20110004566 | Berkowitz et al. | Jan 2011 | A1 |
| 20110016214 | Jackson | Jan 2011 | A1 |
| 20110029969 | Venkataraja et al. | Feb 2011 | A1 |
| 20110029970 | Arasaratnam | Feb 2011 | A1 |
| 20110047315 | De Dinechin et al. | Feb 2011 | A1 |
| 20110055377 | Dehaan | Mar 2011 | A1 |
| 20110055396 | Dehaan | Mar 2011 | A1 |
| 20110055398 | Dehaan et al. | Mar 2011 | A1 |
| 20110078303 | Li et al. | Mar 2011 | A1 |
| 20110107332 | Bash | May 2011 | A1 |
| 20110131306 | Ferris et al. | Jun 2011 | A1 |
| 20110131329 | Kaplinger et al. | Jun 2011 | A1 |
| 20110131589 | Beaty et al. | Jun 2011 | A1 |
| 20110138382 | Hauser et al. | Jun 2011 | A1 |
| 20110138441 | Neystadt et al. | Jun 2011 | A1 |
| 20110145392 | Dawson et al. | Jun 2011 | A1 |
| 20110153724 | Raja et al. | Jun 2011 | A1 |
| 20110161952 | Poddar et al. | Jun 2011 | A1 |
| 20110173470 | Tran | Jul 2011 | A1 |
| 20110179132 | Mayo et al. | Jul 2011 | A1 |
| 20110179134 | Mayo et al. | Jul 2011 | A1 |
| 20110179162 | Mayo et al. | Jul 2011 | A1 |
| 20110185063 | Head et al. | Jul 2011 | A1 |
| 20110219372 | Agrawal et al. | Sep 2011 | A1 |
| 20110270968 | Salsburg et al. | Nov 2011 | A1 |
| 20110276951 | Jain | Nov 2011 | A1 |
| 20110296021 | Dorai et al. | Dec 2011 | A1 |
| 20110302378 | Siebert | Dec 2011 | A1 |
| 20110302583 | Abadi et al. | Dec 2011 | A1 |
| 20110320520 | Jain | Dec 2011 | A1 |
| 20120017210 | Huggins et al. | Jan 2012 | A1 |
| 20120054742 | Eremenko et al. | Mar 2012 | A1 |
| 20120060172 | Abouzour | Mar 2012 | A1 |
| 20120066682 | Al-Aziz et al. | Mar 2012 | A1 |
| 20120079480 | Liu | Mar 2012 | A1 |
| 20120089980 | Sharp et al. | Apr 2012 | A1 |
| 20120124211 | Kampas et al. | May 2012 | A1 |
| 20120131156 | Brandt et al. | May 2012 | A1 |
| 20120131591 | Moorthi et al. | May 2012 | A1 |
| 20120159507 | Kwon et al. | Jun 2012 | A1 |
| 20120167081 | Sedayao et al. | Jun 2012 | A1 |
| 20120173709 | Li et al. | Jul 2012 | A1 |
| 20120179874 | Chang et al. | Jul 2012 | A1 |
| 20120185913 | Martinez et al. | Jul 2012 | A1 |
| 20120198442 | Kashyap et al. | Aug 2012 | A1 |
| 20120204176 | Tian et al. | Aug 2012 | A1 |
| 20120221845 | Ferris | Aug 2012 | A1 |
| 20120233315 | Hoffman et al. | Sep 2012 | A1 |
| 20120233626 | Hoffman et al. | Sep 2012 | A1 |
| 20120246517 | Bender et al. | Sep 2012 | A1 |
| 20120266231 | Spiers et al. | Oct 2012 | A1 |
| 20120284714 | Venkitachalam et al. | Nov 2012 | A1 |
| 20120303773 | Rodrigues | Nov 2012 | A1 |
| 20120311012 | Mazhar et al. | Dec 2012 | A1 |
| 20130042115 | Sweet et al. | Feb 2013 | A1 |
| 20130060946 | Kenneth et al. | Mar 2013 | A1 |
| 20130067067 | Miri et al. | Mar 2013 | A1 |
| 20130081016 | Saito et al. | Mar 2013 | A1 |
| 20130086590 | Morris et al. | Apr 2013 | A1 |
| 20130129068 | Lawson et al. | May 2013 | A1 |
| 20130132057 | Deng et al. | May 2013 | A1 |
| 20130169666 | Pacheco et al. | Jul 2013 | A1 |
| 20130173803 | Pijewski et al. | Jul 2013 | A1 |
| 20130179881 | Calder et al. | Jul 2013 | A1 |
| 20130191835 | Araki | Jul 2013 | A1 |
| 20130191836 | Meyer; John J. | Jul 2013 | A1 |
| 20130254407 | Pijewski et al. | Sep 2013 | A1 |
| 20130318525 | Palanisamy et al. | Nov 2013 | A1 |
| 20130328909 | Pacheco et al. | Dec 2013 | A1 |
| 20130339966 | Meng et al. | Dec 2013 | A1 |
| 20130346974 | Hoffman et al. | Dec 2013 | A1 |
| 20140279955 | Cavage et al. | Sep 2014 | A1 |
| 20140280198 | Cavage et al. | Sep 2014 | A1 |
| 20140280796 | Pijewski | Sep 2014 | A1 |
| 20140280912 | Gregg | Sep 2014 | A1 |
| 20140280970 | Pijewski et al. | Sep 2014 | A1 |
| 20140281304 | Hoffman | Sep 2014 | A1 |
| 20140282512 | Pacheco et al. | Sep 2014 | A1 |
| 20140282513 | Pacheco et al. | Sep 2014 | A1 |
| 20140282590 | Cavage et al. | Sep 2014 | A1 |
| 20140282615 | Cavage et al. | Sep 2014 | A1 |
| Number | Date | Country |
|---|---|---|
| 2011088224 | Jul 2011 | WO |
| WO2012125143 | Sep 2012 | WO |
| WO2012125144 | Sep 2012 | WO |
| Entry |
|---|
| Bi et al. “Dynamic Provisioning Modeling for Virtualized Multi-tier Applications in Cloud Data Center”. 2010 IEEE 3rd International Conference on Cloud Computing. pp. 370-377. |
| Chappell, David. “Introducing Windows Azure”. Microsoft Corporation. Oct. 2010. pp. 1-25. |
| Yagoubi, Belabbas et al., “Load Balancing in Grid Computing,” Asian Journal of Information Technology, vol. 5, No. 10 , pp. 1095-1103, 2006. |
| Kramer, “Advanced Message Queuing Protocol (AMQP),” Linux Journal, Nov. 2009, p. 1-3. |
| Subramoni et al., “Design and Evaluation of Benchmarks for Financial Applications Using Advanced Message Queuing Protocol (AMQP) over InfiniBand,” Nov. 2008. |
| Richardson et al., “Introduction to RabbitMQ,” Sep. 2008, p. 1-33. |
| Bernstein et al., “Using XMPP as a Transport in Intercloud Protocols,” Jun. 22, 2010, p. 1-8. |
| Bernstein et al., “Blueprint for the Intercloud—Protocols and Formats for Cloud Computing Interoperabiilty,” May 28, 2009, p. 328-336. |
| Gregg, Brendan, “Visualizing System Latency,” May 1, 2010, ACM Queue, p. 1-13, http://queue.acm.org/detail.cfm?id=1809426. |
| Gregg, Brendan, “Heat Map Analytics,” Mar. 17, 2009, Oracle, p. 1-7, https://blogs.oracle.com/brendan/entry/heat—map—analytics. |
| Mundigl, Robert, “There is More Than One Way to Heat a Map,” Feb. 10, 2009, Clearly and Simply, p. 1-12, http://www.clearlyandsimply.com/clearly—and—simply/2009/02/there-is-more-than-one-way-to-heat-a-map.html. |
| International Search Report and Written Opinion of the International Searching Authority mailed May 5, 2011 in Patent Cooperation Treaty Application No. PCT/US2011/028230, filed Mar. 12, 2011. |
| Chef Documents. Retrieved Mar. 11, 2014 from http://docs.opscode.com/. |
| Ansible Documentation. Retrieved Mar. 11, 2014 from http://docs.ansible.com/. |
| Block IO Controller. Retrieved Mar. 12, 2014 from https://www.kernel.org/doc/Documentation/cgroups/blkio-controller.txt. |
| Block Device Bio Throttling Support. Retrieved Mar. 12, 2014 from https://lwn.net/Articles/403889/. |
| I/O throttling, Michael Mesnier, 2006. |
| Bill Pijewski's Blog. Retrieved Mar. 12, 2014 from http://dtrace.org/blogs/wdp/2011/03/our-zfs-io-throttle/. |
| Brendan's Blog. Retrieved Mar. 12, 2014 from http://dtrace.org/blogs/brendan/2011/03/08/busy-week-zfs-throttling-dtrace-node-js-and-cloud-analytics/. |
| Joyent ZFS Performance Analysis and Tools. Retrieved Mar. 12, 2014 from http://www.slideshare.net/brendangregg/zfsperftools2012. |
| Gregg, Brendan. Systems Performance: Enterprise and the Cloud, Prentice Hall, 2014, pp. 557-558. |
| International Search Report and Written Opinion of the International Searching Authority mailed Sep. 1, 2011 in Patent Cooperation Treaty Application No. PCT/US2011/021157 filed Jan. 13, 2011. |
| International Search Report and Written Opinion of the International Searching Authority mailed May 19, 2011 in Patent Cooperation Treaty Application No. PCT/US2011/028234 filed Mar. 11, 2011. |
| Number | Date | Country | |
|---|---|---|---|
| 20140283053 A1 | Sep 2014 | US |
