Russinovich
Mark Russinovich, Clyde Hill, WA US
Patent application number | Description | Published |
---|---|---|
20120311573 | ISOLATION OF VIRTUAL MACHINE I/O IN MULTI-DISK HOSTS - Embodiments of the present invention relate to systems, methods, and computer storage media for concurrently maintaining a spanned virtual hard drive across two or more computer-storage media and a non-spanned virtual hard drive on one of computer-storage media. The method includes storing data of the spanned virtual hard drive across the computer-storage media utilizing volume spanning. While the spanned virtual hard drive is maintained on the computer storage media, the method includes storing data of the non-spanned virtual hard drive on one of the computer-storage media. | 12-06-2012 |
20140137218 | MANAGING SECURITY CREDENTIALS FOR SCALED-OUT SERVICES - Embodiments are directed to establishing separate security identities for a shared service and shared service instances, and to managing shared and service instance credentials. In one scenario, a computer system establishes a shared credential for a shared service that includes multiple shared service instances, where the shared credential uniquely identifies the shared service. The computer system establishes a service instance credential for each shared service instance that uniquely identifies each shared service instance and maintains a relationship between the service instance and the shared service. The relationship provides service instance access to the shared credentials as the shared credentials are updated over time. Then, upon determining that the shared credentials have been updated and are no longer valid, the shared service instance accesses the updated shared credentials using the established relationship. | 05-15-2014 |
Mark Russinovich, Austin, TX US
Patent application number | Description | Published |
---|---|---|
20130298128 | MANAGED CONTROL OF PROCESSES INCLUDING PRIVILEGE ESCALATION - Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role. | 11-07-2013 |
Mark E. Russinovich, Clyde Hill, WA US
Patent application number | Description | Published |
---|---|---|
20150178097 | Memory-Preserving Reboot - Techniques are described for preserving application state in virtual memory during operating system reboot. A preserved virtual memory allocation that has been populated with state by an application is identified. The application is shutdown during the OS reboot. The operating system is rebooted without modifying the preserved virtual memory allocation. For example, physical memory and paging file pages associated with the preserved virtual memory allocation on the computer system are unmodified when the operating system is rebooted. The application is restarted after the operating system has been rebooted. The preserved virtual memory allocations are identified after the application is restarted, such as by checking contents of a memory region or by an API return value. The application is then reconnected to the preserved virtual memory allocation, which allows the application to immediately access the preserved state without having to rebuild new state. | 06-25-2015 |
Mark Eugene Russinovich, Clyde Hill, WA US
Patent application number | Description | Published |
---|---|---|
20120089833 | SECURE DEPLOYMENT OF PROVABLE IDENTITY FOR DYNAMIC APPLICATION ENVIRONMENTS - An invention is described for securely deploying a provable identity for virtual machines (VMs) in a dynamic environment. In an embodiment, a fabric controller instructs a VM host to create a VM and sends that VM a secret. The fabric controller sends that same secret (or a second secret, such as the private key of a public/private key pair) to the security token service along with an instruction to make an account for the VM. The VM presents proof that it possesses the secret to the security token service and in return receives a full token. When a client connects to the deployment, it receives the public key from the security token service, which it trusts, and the full token from the VM. It validates the full token with the public key to determine that the VM has the identity that it purports to have. | 04-12-2012 |
20140156847 | Service Allocation in a Distributed Computing Platform - The techniques and arrangements described herein provide for updating services, host operating systems and other applications while satisfying update domain constraints. In some examples, one or more controller modules may maintain a data structure including a plurality of server update domains, each server update domain including a set of machines of a plurality of machines of a distributed computing system which may be concurrently updated. The one or more controller modules may allocate the plurality of instances to the plurality of machines such that a number of server update domains is minimized. | 06-05-2014 |
20140157264 | Virtual Machine-Preserving Host Updates - Techniques are described for updating a host operating system on a server while maintaining virtual machines running on the server. An updated host operating system is copied to the server. The currently active host operating system freezes the virtual machines but leaves them resident in RAM. The allocations and state for each virtual machine is copied to RAM or local storage. The active host operating system is shut down. Instead of issuing a command to reboot the server after it finishes shutting down, the active host operating system transfers execution to a loader. The loader reads the kernel of the updated host operating system into RAM along with an allocation map for the virtual machines and instructions to resume the virtual machines. The loader transfers execution to the updated host operating system entry point, and the updated host operating system loads the states of the virtual machines and resumes them. | 06-05-2014 |