Patents by Inventor Lars Reuther
Lars Reuther has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240095053Abstract: Virtual Machine (VM) creation based on a dynamically-calculated feature set. A plurality of feature sets are identified. Each feature set in the plurality of feature sets corresponds to a different VM host node of a plurality of VM host nodes that are part of a common VM migration group, and indicates a set of features available at a corresponding VM host node. From the plurality of feature sets, a group feature set is calculated. The group feature set includes a subset of features that are common among the plurality of feature sets. A VM created within the plurality of VM host nodes is configured to use the group feature set.Type: ApplicationFiled: September 15, 2022Publication date: March 21, 2024Inventors: Lars REUTHER, Pooja MAHADEV SOUNDALGEKAR
-
Publication number: 20230066427Abstract: Distributed security key management for protecting roaming data via a trusted platform module is performed by systems that include first and second processors, and first and second respective hardware security modules. The first security module encrypts a security key using a public key from the second security module, and the encrypted security key is provided to the second security module. A virtual machine (VM) executed by the first processor has a first virtual security module instance having state data that includes a storage key encrypting VM virtual disk data and that is encrypted with the security key. When a transfer condition is determined, the VM is transferred and executed by the second processor, using a second virtual security module instance, based on decrypting the security key by the second security module using a private key and decrypting the state data for the second virtual security module using the security key.Type: ApplicationFiled: August 27, 2021Publication date: March 2, 2023Inventors: Ronald AIGNER, Giridhar VISWANATHAN, Lars REUTHER, Alvin Morales CARO, David Kimler ALTOBELLI, Dan MA
-
Publication number: 20210382739Abstract: A fine-grain selectable partially privileged container virtual computing environment provides a vehicle by which processes that are directed to modifying specific aspects of a host computing environment can be delivered to, and executed upon, the host computing environment while simultaneously maintaining the advantageous and desirable protections and isolations between the remaining aspects of the host computing environment and the partially privileged container computing environment. Such partial privilege is provided based upon directly or indirectly delineated actions that are allowed to be undertaken on the host computing environment by processes executing within the partially privileged container virtual computing environment and actions which are not allowed.Type: ApplicationFiled: June 4, 2020Publication date: December 9, 2021Inventors: Amber Tianqi GUO, Frederick J. SMITH, IV, John STARKS, Lars REUTHER, Deepu THOMAS, Hari R. PULAPAKA, Benjamin M. SCHULTZ, Judy J. LIU
-
Patent number: 11112975Abstract: Described is a technology by which a virtual hard disk is migrated from a source storage location to a target storage location without needing any shared physical storage, in which a machine may continue to use the virtual hard disk during migration. This facilitates use the virtual hard disk in conjunction with live-migrating a virtual machine. Virtual hard disk migration may occur fully before or after the virtual machine is migrated to the target host, or partially before and partially after virtual machine migration. Background copying, sending of write-through data, and/or servicing read requests may be used in the migration. Also described is throttling data writes and/or data communication to manage the migration of the virtual hard disk.Type: GrantFiled: June 27, 2018Date of Patent: September 7, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Dustin L. Green, Jacob K. Oshins, Lars Reuther
-
Patent number: 10855725Abstract: A host operating system running on a computing device monitors network communications for the computing device to identify network resources that are requested by the computing device. The host operating system compares requested network resources against security policies to determine if the requested network resources are trusted. When an untrusted network resource is identified, the host operating system accesses the untrusted network resource within a container that is isolated from the host operating system kernel using techniques discussed herein. By restricting access to untrusted network resources to isolated containers, the host operating system is protected from even kernel-level attacks or infections that may result from an untrusted network resource.Type: GrantFiled: June 2, 2016Date of Patent: December 1, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Navin Narayan Pai, Charles G. Jeffries, Giridhar Viswanathan, Benjamin M. Schultz, Frederick J. Smith, Lars Reuther, Michael B. Ebersol, Gerardo Diaz Cuellar, Ivan Dimitrov Pashov, Poornananda R. Gaddehosur, Hari R. Pulapaka, Vikram Mangalore Rao
-
Patent number: 10826749Abstract: Embodiments provide a method and system for transferring data between different computing devices. Specifically, a communication session is established between a first computing device and a second computing device. The communication session may be established using a first communication protocol. The first computing device creates a virtual memory object which is bound to one or more memory blocks of the first computing device. A path to the virtual memory object is generated and the path is transmitted to the second computing device using the communication session. The second computing device may then read or write data directly into/from the virtual memory object using a second communication protocol that is different from the first communication protocol. The data is written into and read from the virtual memory object using file system commands.Type: GrantFiled: June 11, 2019Date of Patent: November 3, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: David Matthew Kruse, Lars Reuther, Kevin Michael Broas
-
Publication number: 20190296957Abstract: Embodiments provide a method and system for transferring data between different computing devices. Specifically, a communication session is established between a first computing device and a second computing device. The communication session may be established using a first communication protocol. The first computing device creates a virtual memory object which is bound to one or more memory blocks of the first computing device. A path to the virtual memory object is generated and the path is transmitted to the second computing device using the communication session. The second computing device may then read or write data directly into/from the virtual memory object using a second communication protocol that is different from the first communication protocol. The data is written into and read from the virtual memory object using file system commands.Type: ApplicationFiled: June 11, 2019Publication date: September 26, 2019Applicant: Microsoft Technology Licensing, LLCInventors: David Matthew Kruse, Lars Reuther, Kevin Michael Broas
-
Patent number: 10404520Abstract: Embodiments provide a method and system for transferring data between different computing devices. Specifically, a communication session is established between a first computing device and a second computing device. The communication session may be established using a first communication protocol. The first computing device creates a virtual memory object which is bound to one or more memory blocks of the first computing device. A path to the virtual memory object is generated and the path is transmitted to the second computing device using the communication session. The second computing device may then read or write data directly into/from the virtual memory object using a second communication protocol that is different from the first communication protocol. The data is written into and read from the virtual memory object using file system commands.Type: GrantFiled: May 29, 2013Date of Patent: September 3, 2019Assignee: Microsoft Technology Licensing, LLCInventors: David Matthew Kruse, Lars Reuther, Kevin Michael Broas
-
Patent number: 10310893Abstract: An operating system running on a computing device uses containers for hardware resource partitioning. Using the techniques discussed herein, pausing and resuming of containers is managed to reduce the pressure a container exerts on system resources when paused. Resuming of containers can further be managed to reduce the startup time for containers. This managing of containers can implemented various different techniques, such as stopping scheduling of virtual processors, stopping scheduling of processes or threads, compressing memory, swapping pages of memory for the container to a page file on a hard drive, and so forth.Type: GrantFiled: June 22, 2016Date of Patent: June 4, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Yevgeniy M. Bak, Lars Reuther, Kevin M. Broas, Mehmet Iyigun, Hari R. Pulapaka, Morakinyo Korede Olugbade, Benjamin M. Schultz
-
Publication number: 20190114095Abstract: Described is a technology by which a virtual hard disk is migrated from a source storage location to a target storage location without needing any shared physical storage, in which a machine may continue to use the virtual hard disk during migration. This facilitates use the virtual hard disk in conjunction with live-migrating a virtual machine. Virtual hard disk migration may occur fully before or after the virtual machine is migrated to the target host, or partially before and partially after virtual machine migration. Background copying, sending of write-through data, and/or servicing read requests may be used in the migration. Also described is throttling data writes and/or data communication to manage the migration of the virtual hard disk.Type: ApplicationFiled: June 27, 2018Publication date: April 18, 2019Inventors: Dustin L. Green, Jacob K. Oshins, Lars Reuther
-
Patent number: 10025509Abstract: Described is a technology by which a virtual hard disk is migrated from a source storage location to a target storage location without needing any shared physical storage, in which a machine may continue to use the virtual hard disk during migration. This facilitates use the virtual hard disk in conjunction with live-migrating a virtual machine. Virtual hard disk migration may occur fully before or after the virtual machine is migrated to the target host, or partially before and partially after virtual machine migration. Background copying, sending of write-through data, and/or servicing read requests may be used in the migration. Also described is throttling data writes and/or data communication to manage the migration of the virtual hard disk.Type: GrantFiled: July 1, 2015Date of Patent: July 17, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Dustin L. Green, Jacob K. Oshins, Lars Reuther
-
Patent number: 9996384Abstract: Described is a technology by which a virtual machine may be safely migrated to a computer system with a different platform. Compatibility of the virtual machine may be checked by comparing the virtual machine's capabilities against those of the new platform. To ensure compatibility, when created the virtual machine may have its capabilities limited by the lowest common capabilities of the different platforms available for migration. Computer systems may be grouped into migration pools based upon similar capabilities, and/or a virtual machine may be mapped to certain computer systems based upon capabilities needed by that virtual machine, such as corresponding to needed performance, fault tolerance and/or flexibility.Type: GrantFiled: November 23, 2016Date of Patent: June 12, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Robert Bradley Bennett, René A. Vega, Shuvabrata Ganguly, Matthew Douglas Hendel, Rajesh Natvarlal Davé, Lars Reuther, Tamás Gál, Yuan Zheng
-
Patent number: 9875160Abstract: A computer system maintains identifiers that identify changed blocks of virtual machine (VM) storage. The computer system accesses a stable VM checkpoint comprising a restorable VM image at a time, and that stores a representation of data of at least one block as it existed at the time. The computer system converts the checkpoint to a reference point. Reference point information is transferable with the VM, such that if the VM is moved to a different computing system, any data identified by the reference point is recoverable. The conversion includes querying the storage to determine an identifier corresponding to the block of the checkpoint at the time, storing this identifier as a part of the reference point, and releasing the representation of the data of the block from the checkpoint. The computer system then uses the reference point to identify changes in the blocks of the storage since the time.Type: GrantFiled: July 26, 2016Date of Patent: January 23, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Angshuman Bezbaruah, Lars Reuther, Taylor O'Neil Brown, John Andrew Starks
-
Patent number: 9870291Abstract: Embodiments are directed to backing up a virtual machine cluster and to determining virtual machine node ownership prior to backing up a virtual machine cluster. In one scenario, a computer system determines which virtual machines nodes are part of the virtual machine cluster, determines which shared storage resources are part of the virtual machine cluster and determines which virtual machine nodes own the shared storage resources. The computer system then indicates to the virtual machine node owners that at least one specified application is to be quiesced over the nodes of the virtual machine cluster, such that a consistent, cluster-wide checkpoint can be created. The computer system further creates a cluster-wide checkpoint which includes a checkpoint for each virtual machine in the virtual machine cluster.Type: GrantFiled: June 30, 2016Date of Patent: January 16, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Angshuman Bezbaruah, Lars Reuther, Taylor O'Neil Brown
-
Publication number: 20170353496Abstract: A host operating system running on a computing device monitors network communications for the computing device to identify network resources that are requested by the computing device. The host operating system compares requested network resources against security policies to determine if the requested network resources are trusted. When an untrusted network resource is identified, the host operating system accesses the untrusted network resource within a container that is isolated from the host operating system kernel using techniques discussed herein. By restricting access to untrusted network resources to isolated containers, the host operating system is protected from even kernel-level attacks or infections that may result from an untrusted network resource.Type: ApplicationFiled: June 2, 2016Publication date: December 7, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Navin Narayan Pai, Charles G. Jeffries, Giridhar Viswanathan, Benjamin M. Schultz, Frederick J. Smith, Lars Reuther, Michael B. Ebersol, Gerardo Diaz Cuellar, Ivan Dimitrov Pashov, Poornananda R. Gaddehosur, Hari R. Pulapaka, Vikram Mangalore Rao
-
Publication number: 20170322824Abstract: An operating system running on a computing device, also referred to herein as a host device, uses containers for hardware resource partitioning. A container can include one or more of various different components, such as a base operating system, a user-mode environment, an application, virtual devices, combinations thereof, and so forth. One or more container templates are maintained for a computing device, and in response to a request to create a new container, a template container is copied into memory of the computing device to create the new container. The template container includes the various components of the container, and these components are copied into memory of the computing device rather than being launched or started one after the other. Thus, time need not be expended starting the various components included in the container—the components are just copied into memory as a new container.Type: ApplicationFiled: September 29, 2016Publication date: November 9, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Lars Reuther, David A. Hepkin, Kevin M. Broas, John A. Starks, Arun U. Kishan, John J. Richardson, Mehmet Iyigun, Yevgeniy M. Bak
-
Publication number: 20170286153Abstract: An operating system running on a computing device uses containers for hardware resource partitioning. Using the techniques discussed herein, pausing and resuming of containers is managed to reduce the pressure a container exerts on system resources when paused. Resuming of containers can further be managed to reduce the startup time for containers. This managing of containers can implemented various different techniques, such as stopping scheduling of virtual processors, stopping scheduling of processes or threads, compressing memory, swapping pages of memory for the container to a page file on a hard drive, and so forth.Type: ApplicationFiled: June 22, 2016Publication date: October 5, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Yevgeniy M. Bak, Lars Reuther, Kevin M. Broas, Mehmet Iyigun, Hari R. Pulapaka, Morakinyo Korede Olugbade, Benjamin M. Schultz
-
Patent number: 9733860Abstract: Migration of a virtual machine and associated files to a destination host may be performed. A source host may initiate establishment of a temporary network file share at a destination location of the destination host to provide the source host and the destination host with access to the file share. While the virtual machine is running at the source host, a storage migration and a live migration may be initiated. Using the network file share, the source host may copy the associated files to the destination location. A runtime state of the virtual machine may be copied to the destination host. In a final phase of the migration, the virtual machine at the source host may be stopped, the storage migration may be completed, the copying of the runtime state may be completed, and the virtual machine may be started at the destination host.Type: GrantFiled: June 24, 2013Date of Patent: August 15, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Lars Reuther, Sergey Dmitriyevich Meshcheryakov, Chris Eck, Rajesh Dave
-
Publication number: 20170109240Abstract: A computer system maintains identifiers that identify changed blocks of virtual machine (VM) storage. The computer system accesses a stable VM checkpoint comprising a restorable VM image at a time, and that stores a representation of data of at least one block as it existed at the time. The computer system converts the checkpoint to a reference point. Reference point information is transferable with the VM, such that if the VM is moved to a different computing system, any data identified by the reference point is recoverable. The conversion includes querying the storage to determine an identifier corresponding to the block of the checkpoint at the time, storing this identifier as a part of the reference point, and releasing the representation of the data of the block from the checkpoint. The computer system then uses the reference point to identify changes in the blocks of the storage since the time.Type: ApplicationFiled: July 26, 2016Publication date: April 20, 2017Inventors: Angshuman Bezbaruah, Lars Reuther, Taylor O'Neil Brown, John Andrew Starks
-
Patent number: 9626206Abstract: Described is a technology by which a virtual machine may be safely migrated to a computer system with a different platform. Compatibility of the virtual machine may be checked by comparing the virtual machine's capabilities against those of the new platform. To ensure compatibility, when created the virtual machine may have its capabilities limited by the lowest common capabilities of the different platforms available for migration. Computer systems may be grouped into migration pools based upon similar capabilities, and/or a virtual machine may be mapped to certain computer systems based upon capabilities needed by that virtual machine, such as corresponding to needed performance, fault tolerance and/or flexibility.Type: GrantFiled: March 18, 2010Date of Patent: April 18, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Robert Bradley Bennett, René A Vega, Shuvabrata Ganguly, Matthew Douglas Hendel, Rajesh Natvarlal Davé, Lars Reuther, Tamás Gál, Yuan Zheng