Abstract: A method, system and computer program product for storing data of a Virtual Execution Environment (VEE), such as a Virtual Private Server (VPS) or a Virtual Machine, including starting an operating system running a computing system; starting a Virtual Machine Monitor under control of the operating system, wherein the VMM virtualizes the computing system and has privileges as high as the operating system; creating isolated Virtual Machines (VMs), running on the computing system simultaneously, wherein each VM executes its own OS kernel and each VM runs under the control of the VMM; starting a storage device driver and a file system driver in the operating system; mounting a virtual disk drive; starting VM-specific file system drivers in the VM, the VM specific file system driver together with the common storage device drivers support virtual disk drives, the virtual disk drive is represented on the storage device as a disk image, the disk image data are stored on the storage device as at least one file that in

Abstract: System for safe execution of guest code in virtual machine context includes (a) a virtual machine monitor (VMM) that uses hardware virtualization means for handling potentially unsafe instructions; (b) a virtual machine (VM) running guest code; (c) wherein the hardware virtualization means handles interrupts when encountering at least some privileged instructions in the guest code, (d) wherein the hardware virtualization means continuously determines, at runtime, if the instruction in the guest code is safe or potentially unsafe, wherein the potentially unsafe instructions are non-privileged instructions that can execute incorrectly in a context of the VM; (e) wherein the VM executes the safe instructions in a native mode; (f) wherein the hardware virtualization means bypasses potentially unsafe instructions; and (g) wherein offset addresses in the guest code are the same as offset addresses in source code from which the guest code was generated.

Abstract: A computing cloud comprising at least one computing node having a Virtual Machine (VM) running on a user level. A plurality of additional computing nodes, each node having a Hypervisor with the highest privilege level, a Virtual Machine Monitor (VMM) running with no higher privileges than the Hypervisor, and a plurality of Virtual Machines (VMs) running on a user level. Each node has a Primary operating system (POS) running within the one of its VMs. The POS has direct access to hardware devices of the corresponding computing node. The other VMs use the corresponding POS of its node to access the hardware devices.

Abstract: A method of controlling operation of an installed component includes generating auxiliary information relating to the installed component in user space; launching a control program in operating system space for controlling operation of the installed component; and controlling, from the operating system space, the operation of the installed component using the auxiliary information. The installed component can be an operating system component running in a Virtual Private Server, or a component of third party software. The auxiliary information can be, e.g., time stamps, CRC, access control information, function names, function address offsets and function parameter passing information derived from the debug file. The controlling step can patch the installed component. The patch can be version-specific to the installed component. The controlling step can monitor behavior of the installed component. The auxiliary information can be generated based on a debug file/pdb file.

Abstract: A method, system and computer program product for providing driver functionality in computing system includes installing an operating system on the computing system; forming a plurality of isolated sandboxes running on the computing system under control of the operating system; during an attempt to install a driver, installing driver stub in the operating system; installing the driver in one of the isolated sandboxes, wherein the driver directly uses at least part of system resources; using a gateway between the driver stub and the installed driver to provide an interface for transmitting requests from the driver stub to driver.

Abstract: A system, method and computer program product for launching a plurality of active virtual servers in a computing system, including as a background process, generating a plurality of inactive virtual servers, wherein data related to the inactive virtual server comprises a set of private files and a set of common files used by multiple virtual servers, that are required for the virtual server to function and each of which is stored in its own dedicated container; setting up a disk image and a mount point associated with a particular virtual server, the mount point required for activating a functional virtual server, the disk image including any blank areas, implemented by a system administrator during activation of the virtual server, for each inactive virtual server on a storage device of the computing system, and copying files associated with each inactive virtual server to the disk image, wherein the inactive virtual servers are not associated with any owner; upon request from a user for a virtual server, ac

Abstract: Methods and systems for safe execution of guest code in virtual machine context are presented. A method for running a virtual machine in a computing system includes (a) launching a virtual machine monitor (VMM) that uses a software debugger; (b) launching a virtual machine (VM) that can natively run safe instructions; (c) determining, at runtime, if the instruction is safe or potentially unsafe; (d) executing safe instructions in a native mode; and (e) activating control logic to process potentially unsafe instructions in the software debugger. The software debugger can bypass at least one of the potentially unsafe instructions. The potentially unsafe instructions include instructions that cannot be safely executed in the context of the VM, and instructions that can cause unpredictable results in the context of the VM.

Abstract: A method, system and computer program product for providing driver functionality in computing system includes installing an operating system on the computing system; forming a plurality of isolated sandboxes running on the computing system under control of the operating system; during an attempt to install a driver, installing driver stub in the operating system; installing the driver in one of the isolated sandboxes, wherein the driver directly uses at least part of system resources; using a gateway between the driver stub and the installed driver to provide an interface for transmitting requests from the driver stub to driver.

Abstract: A computing system includes a physical server having a single instance of an operating system; and a plurality of virtual environments running on the physical server and directly supported by the single instance of the operating system. Each virtual environment responds to requests from users and appears to the users as a stand-alone server having its own instance of the operating system. Each virtual environment has a plurality of objects associated with it and supported by the operating system. Some of the objects are private and other objects are shared between multiple virtual environments. One virtual environment cannot access private objects of another virtual environment.

Abstract: A system, method and computer program product for managing computer resources in a computer system running an operating system and a plurality of processes grouped into at least two groups. A set of resource limits corresponds to the processes. A scheduler of resource allocation allocates resources to each process such that total resource allocation to a group to which that process belongs remains constant. The scheduler reallocates the resources based on a request for resources over an established limit, a predictive algorithm, or process priority, or based on relative weighting of the processes. The scheduler can reallocate to one of an increase and a decrease of the resources available to a particular process. The scheduler can reallocate the resources to exceed the resource allocation to a particular process while keeping the resource allocation to the group to which that process belongs constant.

Abstract: A system, method and computer program product for controlling virtual servers includes a plurality of virtual servers running on a host computer. An address and a unique identifier can be associated with each virtual server. A control procedure(s) is within each corresponding virtual server, and can be used to control that virtual server in response to control commands. A control interface is outside the virtual servers and can be used for control of the virtual servers in response to control commands. The virtual server can be a Virtual server. The control command can be executable by both the control procedure(s) and the control interface, or can be executable by the control interface if the control procedure(s) is unreachable, or can be executable by the control interface if the virtual server has failed, or can be executable even if the virtual server is inaccessible. The control interface can be accessible by using multiple addresses and identifiers.

Abstract: A system and method for managing administration of security services provided to users includes a computer system and an operating system running on the computer system. A plurality of Virtual Execution Environments (VEEs) are executed on the computer system. The VEEs can be any of a Virtual Private Server, a Virtual Machine, a Hypervisor-based Virtual Machine, and a Lightweight Hypervisor-based Virtual Machine, a session of Terminal Server and a session of Presentation Server, Lightweight Hypervisor-based Virtual Machines, VMM-based VMs or hypervisor-based VMs. Each VEE provides a set of services to remote users. One or more designated VEE(s) provide security services to each of the VEEs based on the needs of the remote users of the particular VEEs. The security services provided by the designated VEE can be firewall services, spam filtering and anti-virus protection.

Abstract: A system, computer program product and method for a running process migration with planned minimized down-time. The method facilitates fast and efficient process migration by performing background data synchronization prior to actual process migration. The service slowdown is reduced by employing two-stage transfer method. During a first stage the service, being executed on the original machine, does not stop and all the available data required by this process is being copied. After the first stage is completed the service continues to be executed without an interruption, while the most of the data associated with the service process is already transferred to the new machine. During the second stage the execution of the service on the first machine is stopped. The files, which were not available during the first stage, are now copied. Then the execution of service is started on the second machine. The down-time is reduced to the duration of the second stage.

Abstract: A method of on-the-fly patching of executable code includes placing a block of modified instructions in memory, identifying a block of code to be changed, storing instructions to be changed from the block of code to be changed in a storage location, change the instructions to be changed to mark instructions, and adding a jump to the block of modified instructions in the block of code to be changed. Prior to the placing and the identifying steps, a write flag for a page in memory where the block of code to be changed is located is set to allow writes, and interrupts are masked. The instructions are replaced in reverse order. The mark instructions are the same length, in bytes, as the instructions to be changed. The modified instructions include a resolver to determine a number of instructions of the block of code to be changed that had already been executed. If the number is less than a number of instructions to be changed, then a “no patch installed” scenario is imitated.

Abstract: A method and system for managing files in a server environment includes launching a plurality of virtual servers in a computing system; copying a content of a file of a virtual server to a shared space; providing access to the file copy in the shared space when the virtual server attempts to access the file; detecting files with the same content in other virtual servers; and providing access to the file copy in the shared space from the other virtual servers when they attempt to access their files with the identical content.

Abstract: The present invention provides a methodology of organization of control over the process of space or other quantitative parameter of resource allocation in computer data storages. More specifically, the present invention organizes areas of quoted space or time. A method and system of the present invention includes an establishment of quotas for an area of a file system that takes into account the belonging of a file to a certain subtree or subtrees of the file system. The quota management of the present invention is established within a usual computer system which includes a hierarchic file system, as well as a set of unique users, that could be united into groups.

Abstract: A system, method and computer program product for controlling virtual servers includes a plurality of virtual servers running on a host computer. An address and a unique identifier can be associated with each virtual server. A control procedure(s) is within each corresponding virtual server, and can be used to control that virtual server in response to control commands. A control interface is outside the virtual servers and can be used for control of the virtual servers in response to control commands. The virtual server can be a Virtual server. The control command can be executable by both the control procedure(s) and the control interface, or can be executable by the control interface if the control procedure(s) is unreachable, or can be executable by the control interface if the virtual server has failed, or can be executable even if the virtual server is inaccessible. The control interface can be accessible by using multiple addresses and identifiers.

Abstract: A method, system and computer program product for providing driver functionality in computing system includes installing an operating system on the computing system; forming a plurality of isolated sandboxes running on the computing system under control of the operating system; during an attempt to install a driver, installing driver stub in the operating system; installing the driver in one of the isolated sandboxes, wherein the driver directly uses at least part of system resources; using a gateway between the driver stub and the installed driver to provide an interface for transmitting requests from the driver stub to driver.

Abstract: A method of controlling operation of an installed component includes the steps of generating auxiliary information relating to the installed component in user space; launching a control program in operating system space for controlling operation of the installed component; and controlling, from the operating system space, the operation of the installed component using the auxiliary information. The installed component can be an operating system component running in a Virtual Private Server, or a component of third party software. The auxiliary information can be, e.g., time stamps, CRC, access control information, function names, function address offsets and function parameter passing information derived from the debug file. The controlling step can monitor behavior of the installed component. The auxiliary information can be generated based on a debug file, which can be a pdb file.

Abstract: A system, method and computer program product for managing Virtual Private Servers, including launching a plurality of active Virtual Private Servers (VPSs) in user space of a computing system; generating a plurality of inactive VPSs, wherein data related to the inactive VPS comprises a set of files and links stored in a dedicated container; upon request from a user for a VPS, activating one of the inactive VPSs using the dedicated container using data related to the inactive VPS that comprises a set of files and links stored in a dedicated container; and configuring the activated VPS based on user parameters. The configuring step can include configuring any of URL names, IP addresses, passwords, resource allocations, DNS names, hostnames, VPS administrative functions, and VPS user password. The generating step optionally runs as a background process, or at a time of low system load.