Abstract: A method and apparatus for efficiently executing guest programs in a virtualized computing environment are presented. The method includes executing a virtual machine on a computing hardware; executing a single hypervisor in a first security ring on the virtual machine; executing a single guest program on the virtual machine, wherein the single guest program includes a single kernel being executed in the first security ring and at least one application being executed in a second security ring; and executing at least an instruction issued by the at least one application without trapping the single hypervisor.

Abstract: A proxy and method for performing source destination network address translation are presented. The method includes receiving a first message from a node communicatively connected to a first network to access a resource communicatively connected to a second network, wherein the first message contains at least a source address and a destination address used within the first network; translating the destination address designated in the first message to an address of the resource; generating a unique address for the destination address designated in the first message, wherein the unique address is an address not in use on the second network; providing a translated message including the translated destination address and the unique address; and forwarding the translated message to the resource communicatively connected to the second network.

Abstract: A proxy and method for performing source destination network address translation are presented. The method includes receiving a first message from a node communicatively connected to a first network to access a resource communicatively connected to a second network, wherein the first message contains at least a source address and a destination address used within the first network; translating the destination address designated in the first message to an address of the resource; generating a unique address for the destination address designated in the first message, wherein the unique address is an address not in use on the second network; providing a translated message including the translated destination address and the unique address; and forwarding the translated message to the resource communicatively connected to the second network.

Abstract: A method and apparatus for virtual address mapping are provided. The method includes determining an offset value respective of at least a first portion of code stored on a code memory unit, generating a first virtual code respective of the first portion of code and a second virtual code respective of a second portion of code stored on the code memory unit; mapping the first virtual code to a first virtual code address and the second virtual code to a second virtual code address; generating a first virtual data respective of the first portion of data and a second virtual data respective of the second portion of data; and mapping the first virtual data to a first virtual data address and the second virtual data to a second virtual data address.

Abstract: A proxy and method for performing source destination network address translation are presented. The method includes receiving a first message from a node communicatively connected to a first network to access a resource communicatively connected to a second network, wherein the first message contains at least a source address and a destination address used within the first network; translating the destination address designated in the first message to an address of the resource; generating a unique address for the destination address designated in the first message, wherein the unique address is an address not in use on the second network; providing a translated message including the translated destination address and the unique address; and forwarding the translated message to the resource communicatively connected to the second network.

Abstract: An independent overlay and a method for creating an independent overlay of a virtualized network for virtualized hosts over a physical network to allow access between a first virtualized guest and a second virtualized guest over the physical network. The independent overlay includes a physical network; a first virtualized host instantiating thereon a first guest; a second virtualized host instantiating thereon a second guest, wherein a first communication port and a second communication port are communicatively connected to constitute a distributed communication element that enables a virtualized network for communication between the first guest and the second guest via the first communication port and the second communication port, respectively; and a media access (MAC) discovery mechanism.

Abstract: A method and apparatus for virtual address mapping are provided. The method includes determining an offset value respective of at least a first portion of code stored on a code memory unit, generating a first virtual code respective of the first portion of code and a second virtual code respective of a second portion of code stored on the code memory unit; mapping the first virtual code to a first virtual code address and the second virtual code to a second virtual code address; generating a first virtual data respective of the first portion of data and a second virtual data respective of the second portion of data; and mapping the first virtual data to a first virtual data address and the second virtual data to a second virtual data address.

Abstract: An independent overlay and a method for creating an independent overlay of a virtualized network for virtualized hosts over a physical network to allow access between a first virtualized guest and a second virtualized guest over the physical network. The independent overlay includes a physical network; a first virtualized host instantiating thereon a first guest; a second virtualized host instantiating thereon a second guest, wherein a first communication port and a second communication port are communicatively connected to constitute a distributed communication element that enables a virtualized network for communication between the first guest and the second guest via the first communication port and the second communication port, respectively; and a media access (MAC) discovery mechanism.

Abstract: A method for operating a virtualized network that communicatively connects between a plurality of communication ports, instantiated for a plurality of guest operating systems executed over a plurality of hosts. The method comprises instantiating a communication port for each of the plurality of guests; performing a discovery media access control (MAC) address process of at least one destination guest of the plurality of guests by a source guest; sending a ping request from the source request to the at least one destination guest; and creating the virtualized network to allow communication between the source guest with the at least one destination guest, wherein the virtualized network is created over the physical network.

Abstract: A method and apparatus for efficiently executing guest programs in a virtualized computing environment are presented. The method includes executing a virtual machine on a computing hardware; executing a single hypervisor in a first security ring on the virtual machine; executing a single guest program on the virtual machine, wherein the single guest program includes a single kernel being executed in the first security ring and at least one application being executed in a second security ring; and executing at least an instruction issued by the at least one application without trapping the single hypervisor.

Abstract: A proxy and method for performing source destination network address translation are presented. The method includes receiving a first message from a node communicatively connected to a first network to access a resource communicatively connected to a second network, wherein the first message contains at least a source address and a destination address used within the first network; translating the destination address designated in the first message to an address of the resource; generating a unique address for the destination address designated in the first message, wherein the unique address is an address not in use on the second network; providing a translated message including the translated destination address and the unique address; and forwarding the translated message to the resource communicatively connected to the second network.

Abstract: A method for efficient execution of a guest in a virtualized computing environment is provided. The method comprises causing an execution of at least one virtual machine on a computing hardware, the virtual machine executes a hypervisor in a first security ring; and causing an execution of a single guest program on one of the at least one virtual machines, the single guest program comprises a kernel being executed in the first security ring and at least one application being executed in a second security ring.

Abstract: A method and apparatus for virtual address mapping are provided. The method includes determining an offset value respective of at least a first portion of code stored on a code memory unit, generating a first virtual code respective of the first portion of code and a second virtual code respective of a second portion of code stored on the code memory unit; mapping the first virtual code to a first virtual code address and the second virtual code to a second virtual code address; generating a first virtual data respective of the first portion of data and a second virtual data respective of the second portion of data; and mapping the first virtual data to a first virtual data address and the second virtual data to a second virtual data address.

Abstract: In a computing system where a plurality of processing units may execute a shared code independently, it is necessary to address data issues related to execution of the shared code and separate data. According to various embodiments disclosed herein, the per-processing unit data can be efficiently addressed in a program counter relative mode where data is accessed using a data offset value for each processing unit when the data blocks are positioned at spaces of a predetermined offset value. Further, the per-processing unit of common code in different virtual addresses is mapped to a common physical address. As a result, while each of the processing units access the exact same instruction code in physical memory it accesses a different area in memory for manipulation of data.

Abstract: A computerized method for efficient handling of a privileged instruction executed by a virtual machine (VM). The method comprises identifying when the privileged instruction causes a VM executed on a computing hardware to perform a VM exit; replacing a first virtual-to-physical address mapping to a second virtual-to-physical address mapping respective of a virtual pointer associated with the privileged instruction; and invalidating at least a cache entry in a cache memory allocated to the VM, thereby causing a new translation for the virtual pointer to the second virtual-to-physical address, wherein the second virtual-to-physical address provides a pointer to a physical address in a physical memory in the computing hardware allocated to the VM.

Abstract: A method for operating a virtualized network that communicatively connects between a plurality of communication ports, instantiated for a plurality of guest operating systems executed over a plurality of hosts. The method comprises instantiating a communication port for each of the plurality of guests; performing a discovery media access control (MAC) address process of at least one destination guest of the plurality of guests by a source guest; sending a ping request from the source request to the at least one destination guest; and creating the virtualized network to allow communication between the source guest with the at least one destination guest, wherein the virtualized network is created over the physical network.

Abstract: In a computing system where a plurality of processing units may execute a shared code independently, it is necessary to address data issues related to execution of the shared code and separate data. According to various embodiments disclosed herein, the per-processing unit data can be efficiently addressed in a program counter relative mode where data is accessed using a data offset value for each processing unit when the data blocks are positioned at spaces of a predetermined offset value. Further, the per-processing unit of common code in different virtual addresses is mapped to a common physical address. As a result, while each of the processing units access the exact same instruction code in physical memory it accesses a different area in memory for manipulation of data.

Abstract: An apparatus and method of operation in a para-virtualized environment. The method includes executing a first hypervisor on a hardware platform of a computing device; and executing a second hypervisor over the first hypervisor, the second hypervisor is configured to capture at least a privileged instruction called by an unmodified guest program executed over the second hypervisor and cause the first hypervisor to execute an instruction corresponding to the captured privileged instruction, wherein the unmodified guest program and the second hypervisor operate in a user space protection domain, e.g., Ring 3, and the at least privileged instruction should be executed in a kernel space protection domain, e.g., Ring 0.

Abstract: A method for efficient execution of a guest in a virtualized computing environment is provided. The method comprises causing an execution of at least one virtual machine on a computing hardware, the virtual machine executes a hypervisor in a first security ring; and causing an execution of a single guest program on one of the at least one virtual machines, the single guest program comprises a kernel being executed in the first security ring and at least one application being executed in a second security ring.