Abstract: The invention virtualizes a computer that includes a host computer system, which comprises a processor, memory, and physical system devices. A conventional operating system (referred to below as the “host operating system” or “HOS”) is installed on the hardware. A computer program product that is executable within the host computer system comprises computer-executable code for implementing an interface software layer, preferably a virtual machine monitor, between the host system and a virtual machine; for reading in and storing state information of the processor associated with the HOS; and for logically decoupling the HOS from the processor with respect to pre-determined functions of the interface software layer and the virtual machine by setting the processor state information to settings associated with the interface software layer.

Abstract: A filter driver that is loaded during an initial part of the boot process enable operating systems that are not capable of booting from central storage to be booted from central storage. According to this technique, an initial set of operating system files is loaded into system memory from a local storage volume. The initial set of files includes a small subset of all of the operating system files and includes a boot loader, a kernel, boot time drivers, a file system driver, and a filter driver. The filter driver takes control over the loading of the remainder of the operating system files, so that these files are loaded from central storage instead of the local storage volume.

Abstract: Virtual machines are managed in centralized manner. Files that are shared by multiple virtual machines are stored in a central storage unit and a management program is executed on one or more of these files on a per file basis. The management program is executed on a file if an 10 operation is issued for that file. A namespace map is used to provide a mapping of filenames used by the different virtual machines to filenames used by the central storage unit.

Abstract: Memory space is managed to release storage area occupied by pages similar to stored reference pages. The memory is examined to find two similar pages, and a transformation is obtained. The transformation enables reconstructing one page from the other. The transformation is then stored and one of the pages is discarded to release its memory space. When the discarded page is needed, the remaining page is fetched, and the transformation is applied to the page to regenerate the discarded page.

Abstract: A method for customizing the response for network based intrusion prevention comprising of: 1) virtual proxying the application data to enable custom response 2) enhancing transport layer (TCP/IP) to enable selective processing and selective modification of the stream for intrusion prevention. The invention also discloses a method for customizing the processing for both network or host based intrusion prevention comprising of: 1) loading externally defined processing procedures for the detection and prevention of intrusions 2) combining multiple of these processing procedures to form a unified processing engine that can be used for intrusion detection and prevention 3) unloading processing procedures that are not needed any more 4) loading new processing procedures that improve the intrusion detection and prevention.

Abstract: In a virtualized computer system, a network frame is transmitted from a virtual machine using a network interface device, possibly through a virtual switch, by copying only a part of the network frame to the transmit buffers that have pre-translated mappings from guest physical addresses to hypervisor virtual addresses and to machine addresses. The length of the part of the network frame that is copied to the transmit buffers may be variable.

Abstract: A swap space is provided for a host computer system, where the swap space includes a plurality of swap files with each individual swap file for swapping data only for a single corresponding virtual machine (VM). The per-VM swap space is used solely by the single, corresponding VM, such that only that particular VM's memory is allowed to be swapped out to the swap file.

Abstract: A method of acquiring a lock by a node, on a shared resource in a system of a plurality of interconnected nodes, is disclosed. Each node that competes for a lock on the shared resource maintains a list of locks currently owned by the node. A lock metadata is maintained on a shared storage that is accessible to all nodes that may compete for locks on shared resources. A heartbeat region is maintained on a shared resource corresponding to each node so nodes can register their liveness. A lock state is maintained in the lock metadata in the shared storage. A lock state may indicate lock held exclusively, lock free or lock in managed mode. If the lock is held in the managed mode, the ownership of the lock can be transferred to another node without a use of a mutual exclusion primitive such as the SCSI reservation.

Abstract: A method of creating a new virtual machine in a hypervisor server using a virtual machine setup profile is disclosed. A virtual machine setup profile method is selected from a plurality of virtual machine setup profiles. Then, system information is retrieved from the hypervisor server. The system information includes available computing resources in the hypervisor server. Thereafter a number of virtual machines that can be hosted in the hypervisor server based on the available computing resources is calculated and a number of new virtual machines are created in the hypervisor server.

Abstract: Hijacking of an application is prevented by securing execution of a computer program on a computing system. Prior to execution of the computer program, the computer program is analyzed to identify permitted targets of all indirect transfers. An application-specific policy based on the permitted targets is created. When the program is executed on the computing system, the application-specific policy is enforced such that the program is prohibited from executing indirect transfer instructions that do not target one of the permitted targets.

Abstract: A method for synchronizing the handling of events in a computer using the Advanced Configuration and Power Interface (ACPI) standard is presented, wherein an ACPI Notification Queue (ANQ) is provided to store events, such that such events can be handled in first-in-first-out order.

Abstract: The output of a non-deterministic instruction is handled during record and replay in a virtual machine. An output of a non-deterministic instruction is stored to a buffer during record mode and retrieved from a buffer during replay mode without exiting to the hypervisor. At least part of the contents of the buffer can be stored to a log when the buffer is full during record mode, and the buffer can be replenished from a log when the buffer is empty during replay mode.

Abstract: Replay-time-only functionalities in a computer program are executed only during replay in a virtual machine and are skipped outside of replay. If a replay-time-only functionality is detected during the replay of a program execution in a virtual machine, the replay may be paused and the virtual machine state may be saved. The replay-time-only core functionality is executed. When this execution is complete, a prior state of the virtual machine may be restored and the replay may be resumed.

Abstract: A virtualization system supports secure, controlled execution of application programs within virtual machines. The virtual machine encapsulates a virtual hardware platform and guest operating system executable with respect to the virtual hardware platform to provide a program execution space within the virtual machine. An application program, requiring license control data to enable execution of the application program, is provided within the program execution space for execution within the virtual machine. A data store providing storage of encrypted policy control information and the license control data is provided external to the virtual machine. The data store is accessed through a virtualization system including a policy controller that is selectively responsive to a request received from the virtual machine to retrieve the license control data dependent on an evaluation of the encrypted policy control information.

Abstract: Dynamic program analysis is decoupled from execution in virtual computer environments and is carried out synchronously with program execution. Decoupled dynamic program analysis is enabled by separating execution and analysis into two tasks: (1) recording, where system execution is recorded with minimal interference, and (2) analysis, where the execution is replayed and analyzed. Synchronous decoupled program analysis is enabled by suspending execution or data outputs of the program until a confirmation is received that the analysis is in sync with the program execution.

Abstract: Dynamic program analysis is decoupled from execution in virtual computer environments so that program analysis can be performed on a running computer program without affecting or perturbing the workload of the system on which the program is executing. Decoupled dynamic program analysis is enabled by separating execution and analysis into two tasks: (1) recording, where system execution is recorded with minimal interference, and (2) analysis, where the execution is replayed and analyzed. Recording and analysis are carried out on heterogeneous systems so that they can be separately optimized.

Abstract: Dynamic program analysis is decoupled from execution in virtual computer environments so that program analysis can be performed on a running computer program without affecting or perturbing the workload of the system on which the program is executing. Decoupled dynamic program analysis is enabled by separating execution and analysis into two tasks: (1) recording, where system execution is recorded with minimal interference, and (2) analysis, where the execution is replayed and analyzed.

Abstract: A virtual machine system decouples dynamic program analysis from program execution. Program analysis is decoupled from program execution through the use of a virtual machine to record program execution and an analysis platform to replay and analyze the program execution. Optimization techniques are applied to prevent the analysis platform from falling too far behind the program execution platform during replay.

Abstract: For a virtual memory of a virtualized computer system in which a virtual page is mapped to a guest physical page which is backed by a machine page and in which a shadow page table entry directly maps the virtual page to the machine page, reverse mappings of guest physical pages are optimized by removing the reverse mappings of certain immutable guest physical pages. An immutable guest physical memory page is identified, and existing reverse mappings corresponding to the immutable guest physical page are removed. New reverse mappings corresponding to the identified immutable guest physical page are no longer added.

Abstract: A service level management (SLM) system where the system learns the structure of a web application, monitors the operation of the application, and controls the processing of incoming requests to achieve optimal performance as defined in a service level agreement (SLA). The system is operative for example in enterprise web applications and in enterprise data centers that deploy web applications and optimally is capable of controlling and maintaining a level of service of web applications.