Abstract: Disclosed embodiments relate to authenticating a hypervisor with encoded hypervisor information. In one embodiment, booting firmware 112 includes instructions to determine whether a received hypervisor 108 is an authentic hypervisor. In one embodiment, booting firmware 112 includes instructions to determine whether the received hypervisor 108 is in a selected configuration. In one embodiment, booting firmware 112 includes instructions to determine whether the receive hypervisor 108 is a selected version.

Abstract: A computing system and a method of handling a system management request. The computing system includes a virtual high-privilege mode in a trusted domain managed by the virtual machine monitor. The virtual high-privilege mode handles the system management request.

Abstract: A computing system and a method of communicating with a virtual trusted runtime BIOS. The computing system can include hardware and a virtual machine monitor. A virtual trusted runtime BIOS can be managed by the virtual machine monitor. A communication channel can communicate with the virtual trusted runtime BIOS. The communication channel can be secured by a secure socket layer.

Abstract: A web-based interface in an electronic device receives a request to access a function of a Basic Input/Output System.

Abstract: A privileged domain includes a function of a Basic Input/Output System (BIOS). A request to access the function of the BIOS is routed to the privileged domain.

Abstract: An implementation may include a virtual trusted runtime BIOS managed by the virtual machine monitor. A replacement portion of the virtual trusted runtime BIOS may be included. A router can replace an address to a resource of the virtual trusted runtime BIOS with the address to the resource of the replacement portion of the virtual trusted runtime BIOS.

Abstract: A method includes executing a hypervisor (165) with computing hardware (105) to implement a virtual machine (175); responsive to detecting a removable storage medium (115) communicatively coupled to the computing hardware (105), executing a virtualized migration control appliance (180) through the hypervisor (165) separate from the virtual machine (175); and blocking the virtual machine (175) from accessing data (185) stored by the removable storage medium (115) with the virtualized migration control appliance (180) if at least one governing policy prohibits the virtual machine (175) from accessing the data (185).

Abstract: Disclosed embodiments relate to authenticating a hypervisor with encoded hypervisor information. In one embodiment, booting firmware 112 includes instructions to determine whether a received hypervisor 108 is an authentic hypervisor. In one embodiment, booting firmware 112 includes instructions to determine whether the received hypervisor 108 is in a selected configuration. In one embodiment, booting firmware 112 includes instructions to determine whether the receive hypervisor 108 is a selected version.

Abstract: A set of data is provided to an application executed in an environment within which the application is restricted from making its output available outside the environment. An operation performed on the set of data by the application is inspected. A determination of whether an output of the application is satisfactory is reached based on the inspection. If the output is determined satisfactory, the output of the application is made available outside the environment.

Abstract: A data center can share processing resources using virtual networks. A virtual machine manager (10) hosts one or more virtual machines (11, 411), the virtual machines forming part of a segmented virtual network (34). Outgoing messages from the virtual machines have an intermediate destination address of an intermediate node in a local segment of the segmented virtual network, and the virtual machine manager has a router (18) for determining a new intermediate destination address outside the local segment, for routing the given outgoing message. By having the router as part of the virtual machine manager rather than having only a switch in the virtual machine manager, the need for virtual machines for implementing gateways is avoided. This can reduce the number of “hops” for the message between virtual entities hosted, and thus improve performance. This can help a service provider to share physical processing resources of a data center between different clients having their own virtual networks.

Abstract: A method of booting a computing device includes, responsive to said computing device powering on, loading a first lightweight operating system on said computing device and executing an instant-on application through said lightweight operating system. The method further includes, during execution of said instant-on application, loading a hypervisor on said computing device and migrating said instant-on application to a first virtual machine executing a second lightweight operating system implemented by said hypervisor. The method further includes loading a full-feature operating system on a second virtual machine implemented by said hypervisor.

Abstract: A method includes executing a hypervisor (165) with computing hardware (105) to implement a virtual machine (175); responsive to detecting a removable storage medium (115) communicatively coupled to the computing hardware (105), executing a virtualized migration control appliance (180) through the hypervisor (165) separate from the virtual machine (175); and blocking the virtual machine (175) from accessing data (185) stored by the removable storage medium (115) with the virtualized migration control appliance (180) if at least one governing policy prohibits the virtual machine (175) from accessing the data (185).

Abstract: A method of booting a computing device includes, responsive to said computing device powering on, loading a first lightweight operating system on said computing device and executing an instant-on application through said lightweight operating system. The method further includes, during execution of said instant-on application, loading a hypervisor on said computing device and migrating said instant-on application to a first virtual machine executing a second lightweight operating system implemented by said hypervisor. The method further includes loading a full-feature operating system on a second virtual machine implemented by said hypervisor.

Abstract: In a virtualized computer system in which a plurality of virtual machines run on a platform that includes a hardware graphics processing unit (‘GPU’), provision is made for dynamically assigning the GPU to a selected one of the virtual machines. To this end, each virtual machine comprises, in addition to a guest operating system, a virtual bus with a hot-pluggable slot, and a virtual first configuration-management component responsive to events relevant to the hot-pluggable slot to interact with a second configuration-management component provided as part of the guest operating system of the virtual machine. To assign the GPU to a selected virtual machine, an emulated slot insertion event is generated in respect of the virtual hot-pluggable slot of the selected virtual machine thereby causing the first configuration-management component of that machine to trigger the guest operating system of the first virtual machine to operatively engage with the GPU.

Abstract: To provide a secure service to an application virtual machine running in a first domain of a virtualized computing platform, a second domain is arranged to run a corresponding service driver exclusively for the application virtual machine. As part of the secure service, the service driver effects a key-based cryptographic operation; to do so, the service driver has to obtain the appropriate key from a key manager. The key manager is arranged to store the key and to release it to the service driver only upon receiving evidence of its identity and being satisfied of compliance with release policies associated with the key. These policies include receipt of valid integrity metrics, signed by trusted-device functionality of the virtualized computing platform, for the service driver and the code on which it depends.

Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. The system has a mapping manager to dynamically alter the mapping for balancing, performance, and redundancy. There can be more independence from the underlying physical configuration, compared to known methods of virtualizing only some of the entities. The mapping manager can be distributed across a number of entities on different physical servers arranged to cooperate with each other.