Abstract: One embodiment of the present invention provides a system that facilitates user-mode system-level virtualization in a mobile device. During operation, a hypervisor intercepts a virtual machine's attempt to access a privileged resource. The hypervisor manages the virtual machine and runs on a host system in a user mode. Furthermore, the hypervisor emulates the privileged resource using a user-mode system call provided by the host system. In addition, the hypervisor provides access to the emulated privileged resource to the virtual machine, thereby allowing the virtual machine to operate with the emulated privileged resource without directly accessing actual privileged resources on the host system.

Abstract: Methods for providing shadow page tables that virtualize processor memory protection. In one embodiment, virtualization software maintains the following: (a) a mapping ? from guest domain identifier to a set of shadow L2 page tables that back guest L1 sections marked with a domain identifier; and (b) with each such shadow L2 page table, a set ? of back-pointers to “potentially referencing” shadow L1 descriptors.

Abstract: Techniques are provided for desktop delivery in a distributed enterprise. In one embodiment, a system comprises multiple computing devices that are communicatively connected to a data center. The data center comprises a separate virtual disk for each separate computing device. A virtual disk for a computing device comprises an image that includes: an Operating system (OS) for the computing device; one or more applications for a user of the computing device; a machine profile associated with the computing device; and user data and settings that are specific for the user of the computing device.

Abstract: A method is provided to migrate a virtual machine from a source computing machine to a destination computing machine comprising: suspending transmission of requests from a request queue disposed in source computing machine memory associated with the VM from the request queue to a VF; while suspending the transmission of requests, determining when no more outstanding responses to prior requests remain to be received; in response to a determination that no more outstanding responses to prior requests remain to be received, transferring state information that is indicative of locations of requests inserted to the request queue from the VF to a PF and from the PF to a memory region associated with a virtualization intermediary of the source computing machine.

Abstract: A method for running, on a processor in non-privileged mode, different computer programs P while, in a nominal mode, using privileged instructions including running a hypervisor program in privileged mode of the processor, the hypervisor program providing the computer programs P with services substantially equivalent to those available for running in privileged mode, source codes of the computer programs P being modified beforehand for replacing the privileged instructions with calls for services supplied by the hypervisor program, and the hypervisor program creates at least two privileged submodes organized into a hierarchy within the non-privileged mode and the processor includes only two operating modes.

Abstract: Multiple computers are connected to a data storage unit that includes a file system, which further includes multiple data entities, including files, directories and the file system itself. The file system also includes, for each data entity, an owner field for indicating which computer, if any, has exclusive or shared access to the data entity, along with a time field for indicating when a lease of the data entity began. When a computer wants to lease a data entity, the computer uses a disk reservation capability to temporarily lock the data storage unit, and, if the data entity is not currently leased, the computer writes its own identification value into the owner field and a current time into the time field for the data entity, to claim the data entity for a renewable lease period. If a prior lease of a data entity has expired, another computer may break the lease and claim ownership for itself.

Abstract: Techniques for migrating persistent data between and across data stores are implemented using monitoring methods. The method includes classifying frequently updated blocks of persistent data to distinguish those blocks from less frequently updated blocks of persistent data. The less frequently updated blocks are copied from the source data store to the destination data store, such that persistent data is copied to the destination data store in the absence of the persistent data of the frequently updated blocks. The method further includes identifying a modified set of the less frequently updated blocks that are modified during the copying. The modified set of less frequently updated blocks is copied from the source data store to the destination data store, without copying the frequently updated blocks. It is then determined whether to copy the frequently updated blocks of persistent data from the source data store to the destination data store.

Abstract: Embodiments provide a system including a first host computing device that includes a first virtual machine (VM) and a first application. The system also includes a second host computing device including a virtualization software layer, a second VM, and an auto-discovery service at least partially instantiated within the virtualization software layer. The auto-discovery service is configured to receive a message and an auto-discovery packet from a second application executing on the second VM. The auto-discovery service inserts an option into the auto-discovery packet, and transmits the auto-discovery packet to the first application. The option in the auto-discovery packet includes the message received from the second application.

Abstract: Systems and methods for obfuscating user data in a remote web-based application are disclosed. According to one method, user inputs to a displayed web page of the remote web-based application are received at a first web browser that is used by the user, wherein at least a portion of the user inputs comprise user-inputted data intended to be stored at the web-based application. The user inputs are transmitted to a management component that is configured to interact with a second web browser that communicates with the web-based application. The management component obfuscates at least a portion of the user-inputted data and forwards the obfuscated and un-obfuscated portions of the user inputs to the second web browser, which correspondingly transmits the obfuscated and un-obfuscated portions of the user inputs to the remote web-based application.

Abstract: Techniques are disclosed for managing memory within a virtualized system that includes a memory compression cache. Generally, the virtualized system may include a hypervisor configured to use a compression cache to temporarily store memory pages that have been compressed to conserve memory space. A “first-in touch-out” (FITO) list may be used to manage the size of the compression cache by monitoring the compressed memory pages in the compression cache. Each element in the FITO list corresponds to a compressed page in the compression cache. Each element in the FITO list records a time at which the corresponding compressed page was stored in the compression cache (i.e. an age). A size of the compression cache may be adjusted based on the ages of the pages in the compression cache.

Abstract: Autonomous selection between multiple virtualization techniques implemented in a virtualization layer of a virtualized computer system. The virtual machine monitor implements multiple virtualization support subsystems that each provide for the comprehensive handling of potential virtualization exceptions. A virtual machine monitor resident performance monitor computes relative virtualization overhead costs that are and would be incurred in using different virtualization support subsystems for virtualization exceptions that occur in executing a guest operating system within a defined interval. Dependent on the relative virtualization overhead costs determined, the virtual machine monitor resident virtualization selection control switches the virtual machine monitor to use the optimal virtualization support subsystem for handling virtualization exceptions that occur over a second defined interval.

Abstract: In a computer system, a method of controlling coalescence of interrupts includes dynamically basing a current level of interrupt coalescing upon a determination of outstanding input/output (I/O) commands for which corresponding I/O completions have not been received. Deliveries of interrupts are executed on the basis of the current level and in an absence of enabling timing-triggered delivery of an interrupt.

Abstract: A method and software is described for recreating on a target datastore a set of hierarchical files that are present on a source datastore. A content identifier (ID) is maintained for each component of the set of hierarchical files. The content ID of a component is updated when its contents are modified. The child component is copied from the source datastore to the target datastore. The content ID corresponding to the parent component on the source datastore is compared with content IDs corresponding to files present on the target datastore. When a matching content ID is discovered, it infers a copy of the parent component. The matching file on the target datastore is associated with the copied child component so that the matching file becomes a new parent component to the copied child component, thereby recreating the set of hierarchical files on the target.

Abstract: Persistent data of virtual machines are migrated between and across data stores using a method that provides for a bounded disk size, low performance overhead, arbitrarily low downtimes, atomic switch-over, and ability to build optimizations based around block level heuristics. The method includes the steps of copying the persistent data at the source data store to the destination data store, updating a bitmap data structure during the copying step to indicate which blocks of the persistent data have been modified during the copying step, identifying the blocks that have been modified during the copying step using the bitmap data structure, and copying the identified blocks to the destination data store. The method may further include the step of determining that the number of the identified blocks is below a predetermined threshold and suspending the virtual machine prior to the second copying step.

Abstract: A server supporting the implementation of virtual machines includes a local memory used for caching, such as a solid state device drive. During I/O intensive processes, such as a boot storm, a “content aware” cache filter component of the server first accesses a cache structure in a content cache device to determine whether data blocks have been stored in the cache structure prior to requesting the data blocks from a networked disk array via a standard I/O stack of the hypervisor.

Abstract: Methods, systems, and computer programs for providing an application server appliance utilizing one or more virtual machines are described. The application server appliance may be a virtual machine having a reduced guest operating system, a runtime environment, and a management agent installed therein. An appliance controller automatically determines one or more configurations and/or settings for the runtime environment based on a variety of factors, including the set up of the virtual machine appliance. The appliance controller generates an application package having the determined settings and transmits the package to the application server appliance, wherein the application package is configured to be executed by the runtime environment.

Abstract: A method for verifying instructions communicated from a user to a relying entity is described. A trusted entity receives a request from the relying entity to verify instructions received from the user wherein the request includes verification information corresponding to the instructions communicated to the relying entity from the user. The trusted entity sends a request to the user to provide verification information corresponding to the instructions. The trusted entity receives the verification information from the user and compares it to the verification information received from the relying entity. The trusted entity then verifies the instructions based on the comparing.

Abstract: The output of a non-deterministic instruction is handled during record and replay in a virtual machine. An output of a non-deterministic instruction is stored to a buffer during record mode and retrieved from a buffer during replay mode without exiting to the hypervisor. At least part of the contents of the buffer can be stored to a log when the buffer is full during record mode, and the buffer can be replenished from a log when the buffer is empty during replay mode.

Abstract: A method is provided for use in a system that includes a host computing machine configured to implement a virtualization intermediary and that includes a physical storage adapter, the configures a virtual machine (VM) and a virtual function (VF) to support IO operations to physical storage through a direct IOV path to the VF of the physical storage adapter, the method comprises: creating by the virtualization intermediary mapping information that includes a first mapping between virtual disks and physical regions of physical storage and that includes a second mapping between virtual disks and virtual disk addresses; transmitting the mapping information from the virtualization intermediary over the physical storage adapter from a physical function (PF) of the physical storage adapter to the VF; associating a virtual port with the mapping information within the virtualization intermediary; binding the virtual port to the VF; communicating virtual disk addresses indicated within the second mapping within the tra

Abstract: Methods, systems, and computer programs manage memory of a runtime environment executing on a virtual machine. A runtime environment, such as a Java Virtual Machine, may deterministically arrange immutable data within memory such that a hypervisor may perform page sharing on the immutable data. The runtime environment may page-align the immutable data within memory. The runtime environment may further store the immutable within memory using self-referenced or self-relative pointers.