EP1977317A1 - Verfahren und systeme zur bereitstellung eines zugriffs auf eine computerumgebung - Google Patents
Verfahren und systeme zur bereitstellung eines zugriffs auf eine computerumgebungInfo
- Publication number
- EP1977317A1 EP1977317A1 EP07762438A EP07762438A EP1977317A1 EP 1977317 A1 EP1977317 A1 EP 1977317A1 EP 07762438 A EP07762438 A EP 07762438A EP 07762438 A EP07762438 A EP 07762438A EP 1977317 A1 EP1977317 A1 EP 1977317A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- machine
- client
- computing environment
- virtual machine
- remote
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5077—Logical partitioning of resources; Management or configuration of virtualized resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/562—Brokering proxy services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/4557—Distribution of virtual machine instances; Migration and load balancing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45575—Starting, stopping, suspending or resuming virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/541—Client-server
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Definitions
- the invention generally relates to providing access to computing
- the invention relates to methods and systems
- Contemporary computer networks consist of a number of computer
- some of the systems are client machines and other systems are server
- a server machine may host a variety of application programs that can
- client machines be accessed and executed by client machines.
- client machines When a client machine launches
- the server In some environments, the server
- Desktop deployment strategies such as personal desktop deployment or
- Each desktop PC is installed on the user's
- PCs age rapidly and are usually replaced on a
- a server-based computing model solves many of the desktop PC
- each server hosts a number of
- the thin client/server-based computing model is subject to these same limitations
- client machines may not even be aware
- the virtual machine may be relocated from one server machine to another server.
- the client machine may not know that a virtual machine
- a user of the client machine may need to find and gain access to that server machine and perform a directory listing of
- a policy may require that a user access networked
- a policy may
- client machines - or particular users of client machines - may or may
- control may require particular authentication credentials from the client prior to
- a user of a client machine may view application-
- sources can include applications
- problems of current desktop deployment strategies are:
- An array of inexpensive physical machines may be partitioned into
- machines may be servers such as rack-mount servers, blade servers, or stand- alone servers.
- the physical machines may also be workstations or workstation
- the hardware lifecycle may be extended by increasing
- machines are configured to run multiple copies of one or more operating systems (e.g. different versions/releases of WINDOWS from
- the virtual machine can be any type of computing resource
- the virtual machine may be pre-configured with a plurality of software and/or virtual hardware
- request is directed to the selected, configured virtual machine and a remote
- client machine Devices such as CD-ROM drives, floppy drives, USB drives
- a deployment system may manage a pool of virtual machines (a machine
- virtual machine management component may provide management functionality.
- Executing virtual machines may be migrated from one physical machine to
- Inactive virtual machines may be suspended to
- machines may be resumed prior to users requiring access. This can be done manually or automatically via policies or preferences or through a learning
- Performance requirements of the requested resource may be considered
- financial analysis package may require twice as many CPU resources as a
- machine providing the financial analysis package may execute on a physical
- virtual machines may be relocated to other available physical machines to ensure
- Each user is provided a separate virtual machine environment, which
- Virtual machines also provide increased security isolation between users. Because each user is running a
- the operating system image may be incompatible - which also
- computing environments are accessed. Accessed data indicating to a client
- each computing environment available to a user of the client system are
- the accessed data transmitted
- user interface window representing computing environments available to a user
- the accessed data transmitted to the client system are displayable at the client system as icons in a graphical user interface
- the client system and the virtual machine is established using a presentation
- user credentials are received from the client system.
- the accessed data are transmitted to the client system
- the user of the client system is authenticated based on the received user credentials
- information is gathered about the client system and a
- the data set is generated from the gathered information.
- accessed data are transmitted to the client system indicating, responsive to the
- the accessed data are transmitted to the client system
- a web server receives a request from a client system
- a page template is retrieved from a persistent storage, the web server creates a page describing a display of computing environment images
- a network including a client system and a plurality of
- a server includes a broker module, a
- the broker module accesses collected
- the transmitter sends accessed data to the client system indicating to
- the client system each computing environment determined to be available to the client system
- the receiver receives a request to access one of the available
- the transceiver provides a connection between the
- the receiver receives user credentials from the client
- the server further comprises a database storing
- the broker module determines for the transaction.
- the server further comprises an output display
- creation engine creating output displays indicating each computing environment
- the output display creation engine creates a web page describing a display of the computing
- transceiver provides a connection between the client system and a virtual
- the hypermedium page displayed by a network browser includes the
- a client agent is started on the client
- the client agent creates a communication link to a virtual machine
- agent receives data from the virtual machine and displays on the client node the
- the network browser starts the client agent upon a
- the client agent is registered with the network
- the execution of the identified application on the virtual machine starts in response to
- a virtual machine is launched.
- a server agent is started on the virtual machine.
- data received from the virtual machine is displayed in a display
- the hypermedium page displayed by a network browser comprises a
- the client machine a network server, and a client agent.
- the client machine is a network server, and a client agent.
- hypermedium page including a hyperlink identifying a desired computing
- the network server transmits, in response to selection of said
- the hypervisor transmits data to the client
- the client agent displays data received from the virtual
- the display window is located within the boundaries of the hypermedium page. In still another embodiment, the display window is located
- the hyperlink configuration file comprises a resource
- remote desktop environments into a local desktop environment comprises a first
- first virtual channel conveys graphical data associated with a remote window
- the second virtual channel is provided by the first remote desktop environment.
- the third virtual channel conveys
- the fourth virtual channel conveys window attribute data
- the local agent directs the formation of a first local window in the
- the first local window displaying the
- the local agent forms and maintains a combined
- a local operating system forms the local desktop environment.
- the local agent detects an attribute change in one of the first
- a second window is formed
- the second window displaying the graphical data received from the third virtual channel in accordance with the window
- a combined windows list storing at least some of the
- window attribute data is formed.
- one of the first local window and the second local window is detected and a
- the local windows exhibit window attribute data substantially similar relative to the local desktop environment as the window
- remote desktop environments into a local desktop environment comprises a first
- the first virtual channel conveys graphical data
- the second virtual channel conveys window attribute data associated with the
- the local agent provides a remote window provided by the remote desktop environment.
- the first local window displaying the graphical data conveyed by the
- the local agent forms and maintains a combined
- the window attribute is the local desktop environment.
- the window attribute is the window attribute
- a local operating system forms the local desktop environment
- the corresponding windows exhibit window attribute data
- the local desktop environment is coupled with a plurality of remote desktop environments via a plurality of communications links
- the communication links including first and second virtual channels conveying
- remote desktop environments into a local desktop environment includes the step
- first window is formed in the local desktop environment displaying the graphical user interface
- a combined windows list storing at least some of the
- window attribute data is formed.
- a local operating condition a local operating condition
- the local window exhibits window attribute data substantially similar
- program requested by a client machine includes the step of receiving a file
- identification of the plurality of application files is retrieved, responsive to the
- application files is retrieved, responsive to the file. A determination is made as to
- a second client machine determines whether a client machine includes the at least one characteristic.
- the second client requesting execution of the plurality of
- an operating system on the client machine is
- an application version of an application program residing on the client machine is identified.
- the collection agent gathering information associated with the
- the client machine and determining whether the client machine includes the at least
- a system for accessing a plurality of files comprising an
- application program includes a file, a first client and a second client.
- the file
- first client executes on a client machine and is capable of receiving an application
- the first client receives the file, retrieves an identification of a plurality of
- the client machine includes the at least one characteristic.
- the second client receives the file from the first client and, responsive to a determination by the first
- the first client retrieves an identification of at least one
- the first client determines whether the client machine includes a
- the first client determines whether the client machine includes the at least one
- the first client receives an enumeration of a plurality of available application
- the virtual machine executes on the client machine.
- the virtual machine executes on a remote machine.
- the second client includes a receiver for receiving
- the receiver receives the
- the second client includes a means for displaying, on the
- client machine received application-output data.
- computing environment provided by a virtual machine includes the step of receiving authentication information associated with a user of a client machine.
- a connection is established between the client machine and the
- a collection agent gathers information about the client
- a computing environment provided by a virtual machine and already associated with the user is identified.
- first computing environment provided by a first virtual machine and a second
- a first computing environment provided by a first virtual
- connection is established between the client machine and the identified computing environment subject to a rule.
- authentication information associated with the user is
- a computing environment is
- a presentation-layer protocol connection is established between the
- application sessions includes the step of receiving, at a client machine, a
- a connection is established between the client machine
- a first computing environment provided by a first computing environment
- a first computing environment In another embodiment, a first computing environment
- a first virtualized operating system executing on a first server and a
- a presentation-layer associated with the user.
- the environment includes a network module, a data store, and a broker process.
- network module receives authentication information associated with a user
- the data store contains an identifier of a computing
- broker process connects the client machine to the identified computing
- the data store contains a first identifier of a first
- the first computing environment executes on a first server and the
- second computing environment executes on a second server.
- the broker process connects the client to the identified computing environment subject to a rule. In yet another embodiment, the broker process
- process updates a data record associated with the identified computing
- the server includes a collection agent and a policy
- the collection agent gathers information about the client machine.
- policy engine receives the gathered information and assigns one of a plurality of
- the policy engine transmits the collection agent to the collection agent.
- the collection agent gathers the information by running at least one script on the client machine.
- the collection agent gathers the information by running at least one script on the client machine.
- the broker process establishes a presentation-layer protocol
- a system for granting access to resources includes
- a client machine a collection agent, a policy engine, and a broker server.
- the collection agent gathers
- the policy engine receives the gathered information and assigns one of a plurality of levels of access responsive to
- the broker server establishes,
- the collection agent executes on the client machine.
- the policy engine transmits the collection agent to the
- the collection agent gathers
- the collection agent gathers information about the client machine
- said information residing on a server.
- the policy engine includes a database storing
- the policy engine transmits
- a method for granting access to resources includes
- a policy engine receives the
- An access control decision is made based on the received
- a connection is established, responsive to the access control
- the collection agent gathers the information by
- the policy executes at least one script on the client.
- the policy executes at least one script on the client.
- the access control decision is made by applying a policy to
- a connection is established between the client machine
- the request including an
- One of a plurality of execution machines is identified,
- a connection is
- one of the plurality of virtual machines is identified
- the one of the plurality of execution machines is identified
- the identified virtual machine is
- a connection is
- an apparatus comprises an identification component, an
- execution component provisions the identified virtual machine.
- a virtual machine service component executing in the
- hypervisor is in communication with the session management component and
- the virtual machine service component executes in the identified
- the identification component receives from the broker machine an identification of one of a plurality of
- the virtual machine management component includes
- management component further comprises providing an internet protocol
- the management component further comprises
- the management component is configured to control the client machine.
- the management component is configured to control the client machine.
- a computing environment provided by a virtual machine includes the step of
- a collection agent gathers
- a policy engine receives the gathered
- the policy engine makes an access control decision based on the
- a broker server establishes,
- a first computing environment and a second
- the first computing environment executing on a first server and the second computing
- a second computing environment already associated with the user and comprising a second application session, is identified.
- a computing environment provided by a virtual machine includes a collection
- the collection agent gathers
- the policy engine receives the gathered
- the request including the access control
- the broker server enumerates a computing environment associated with the client machine, responsive to the access control decision, the
- the collection agent executes on the client machine.
- the policy engine transmits the collection agent to the
- the policy engine transmits
- the policy engine makes an
- the broker server enumerates a first computing
- the broker server enumerates a first computing environment
- the broker server enumerates an
- computing environment comprising a first application session, and enumerates a
- application includes the step of receiving credentials.
- a plurality of applications are provided.
- the predetermined number of methods including
- a method is selected for streaming the requested
- the method is selected responsive to
- a virtual machine is provisioned to execute a
- the virtual machine selected responsive to an identified
- a template is
- a collection agent gathers credentials associated with
- the client machine for access to a resource.
- the client machine is
- an apparatus comprises a transceiver, a server agent,
- the transceiver receives credentials associated with a user of a
- client machine enumerates a plurality of resources available to the user of the
- client machine responsive to the received credentials, and receives a request to
- the server agent selects one of a
- the predetermined number of methods including a method
- the identification component communicates with
- the identified virtual machine providing the
- the execution component provisions the identified
- the management component establishes a connection between
- the apparatus includes a policy engine. In another embodiment,
- the policy engine applies a policy to the received credentials
- the server agent makes an access control decision.
- the server agent makes an access control decision.
- the server agent streams the requested application to
- the server In another embodiment, the server
- agent selects a method for streaming the requested application to the client
- the identified virtual machine provides resource-
- identification component identifies a virtual machine responsive to an evaluation
- the identification component is configured to of the client machine.
- the identification component is configured to of the client machine.
- the identification component selects a
- FIG. 1 is a block diagram of one embodiment of an environment in which a
- client machine accesses a computing resource provided by a remote machine
- FIGs. 1 A and 1B are block diagrams depicting embodiments of typical
- FIG. 2A is a block diagram of a system for providing access to a resource
- FIG. 2B is a block diagram of one embodiment of a system in which a
- client machine can initiate execution of an application program for determining
- FIG. 2C is a block diagram of an embodiment in which a client machine
- FIGs. 3A, 3B, and 3C are block diagrams of embodiments of systems of
- FIG. 3D is a block diagram of one embodiment of a system in which a
- client machine can access a resource from a resource neighborhood web page
- FIG. 3E is a block diagram of one embodiment of a system in which a
- FIG. 4 is a block diagram of one embodiment of a resource neighborhood
- FIG. 5 is a block diagram of a computing embodiment in which a client
- FIG. 6A is a screen shot of an embodiment of a display of a client machine
- FIG. 6B is a screen shot of another embodiment of a display screen of a
- FIG. 7 A is a block diagram of an embodiment of a network providing
- FIG. 7B is a block diagram depicting a more detailed embodiment of a
- FIG. 8 is a flowchart depicting one embodiment of a process for providing
- FIG. 9 is a flow diagram depicting one embodiment of a process for
- FIG. 10 is a flow diagram depicting one embodiment of a process to
- FIG. 11 is a block diagram depicting an embodiment of a machine farm
- FIG. 12 is a block diagram depicting one embodiment of a virtual machine
- FIG. 13 is a block diagram depicting one embodiment of a session
- FIG. 14 is a block diagram depicting one embodiment of a system in which
- a drive associated with the client machine 10 is made available to a computing environment
- FIG. 15A is a block diagram depicting one embodiment of a client machine
- FIG. 15B is a block diagram depicting one embodiment of a system for
- FIG. 15C is a block diagram depicting one embodiment of a session login
- FIG. 16A is a flow diagram depicting one embodiment of the steps to be
- FIG. 16B is a flow diagram depicting one embodiment of a process to
- FIG. 16C is a flow diagram depicting one embodiment of the steps taken
- FIG 16D is a flow diagram depicting one embodiment of the steps taken to
- FIG. 17 is a block diagram depicting one embodiment of a system in which
- a remote machine authenticates the user of a client machine
- FIG. 18 is a flow diagram depicting one embodiment of the steps taken to
- FIG. 19 is a block diagram depicting one embodiment of a client machine
- FIG. 20 is a flow diagram depicting one embodiment of steps taken by a
- FIG. 21 is a block diagram depicts one embodiment of a plurality of
- FIG. 22A is a flow diagram depicting one embodiment of the steps taken
- FIG. 22B is a flow diagram depicting one embodiment of the steps taken
- FIG. 23 is a flow diagram depicting another embodiment of the steps
- FIG. 24 is a flow diagram depicting one embodiment of the steps taken to
- FIG. 25 is a block diagram depicting an embodiment of a remote machine
- FIG. 26 is a block diagram depicting one embodiment of a client machine
- FIG. 27 is a block diagram depicting one embodiment of communication
- FIG. 28 is a block diagram depicting one embodiment of a client machine
- FIG. 29 is a flow diagram depicting one embodiment of the steps taken to display application output in a web page
- FIG. 30 is a flow diagram depicting one embodiment of the steps taken
- FIG 31 is a block diagram depicting an embodiment of a system
- FIG. 32 is a block diagram depicting another embodiment of a system
- FIG. 33 is a block diagram depicting one embodiment of an architecture
- FIG. 34 is a block diagram depicting another embodiment of an
- FIG. 35 is a block diagram depicting another embodiment of an
- FIG. 36 is a block diagram depicting another embodiment of an
- FIG. 37 is a block diagram depicting one embodiment of a client machine
- FIG. 38 is a block diagram depicting a client machine connected to more
- FIG. 39 is a flow diagram depicting one embodiment of the steps taken to
- FIG. 40 is a flow diagram depicting one embodiment of the steps taken to
- FIG. 41 is a flow diagram depicting one embodiment for enabling
- FIG. 42 is a block diagram depicting one embodiment of an agent
- FIG. 43 is a block diagram depicting one embodiment of a system for
- FIG. 44 is a flow diagram depicting one embodiment of the steps taken in
- FIG. 45 is a block diagram of a system for providing a client with a reliable connection to a host service according to an embodiment of the invention.
- FIG. 46 is a block diagram of a system for providing a client with a reliable connection to a host service according to another embodiment of the invention.
- FIG. 47 depicts communications occurring over a network according to an embodiment of the invention.
- FIG. 48 depicts communications occurring over a network according to another embodiment of the invention.
- FIG. 49 depicts a process for encapsulating a plurality of secondary protocols within a first protocol for communication over a network according to an embodiment of the invention
- FIG. 50 is a block diagram of an embodiment of a computer system to maintain authentication credentials in accordance with the invention
- FIG. 51 is a flow diagram of the steps followed in an embodiment of the computer system of FIG. 5 to maintain authentication credentials during a first communication session in accordance with the invention
- FIG. 52 is a flow diagram of the steps followed in an embodiment of the computer system of FIG. 50 to maintain authentication credentials during a second communication session following the termination of the first communication session of FIG. 53A in accordance with the invention
- FIG. 53 is a block diagram of an embodiment of a computer system to maintain authentication credentials in accordance with another embodiment of the invention.
- FIG. 54 is a flow diagram of the steps followed in an embodiment of the computer system of FIG. 53 to maintain authentication credentials during a first communication session in accordance with the invention
- FIG. 55 is a flow diagram of the steps followed in an embodiment of the computer system of FIG. 53 to maintain authentication credentials during a second communication session following the termination of the first communication session of FIG. 53 in accordance with the invention
- FIG. 56 is a flow diagram of the steps followed in an embodiment of the computer system of FIG. 53 to maintain authentication credentials during a second communication session following the termination of a second communication channel of the first communication session of FIG. 53 in accordance with the invention
- FIG. 57 is a block diagram of a system to maintain authentication credentials and provide a client with a reliable connection to a host service according to an embodiment of the invention
- FIG. 58 is a block diagram of a system to maintain authentication credentials and provide a client with a reliable connection to a host service according to another embodiment of the invention.
- FIG. 59 is a block diagram of a system to maintain authentication credentials and provide a client with a reliable connection to a host service according to another embodiment of the invention.
- FIG. 60 is a block diagram of a system to maintain authentication credentials and provide a client with a reliable connection to a host service according to another embodiment of the invention.
- FIG. 61 is a block diagram of a system for providing a client with a reliable connection to a host service and further including components for reconnecting the client to a host service according to an embodiment of the invention
- FIG. 62 is a block diagram of an embodiment of a system for providing a client with a reliable connection to a host service and further including components for reconnecting the client to a host service;
- FIG. 63 is a block diagram of an embodiment of FIG. 61 further including components for initially connecting the client to a host service;
- FIG. 64 is a block diagram of the system of FIG. 62 further including components for initially connecting the client to a host service and to maintain authentication credential according to an embodiment of the invention
- FIG. 65 is a flow diagram of a method for network communications according to an embodiment of the invention.
- FIG. 66 is a flow diagram of a method for reconnecting the client to the host services
- FIGS. 67-69 are flow diagrams of a method for connecting a client to a plurality of host services according to an embodiment of the invention.
- FIG. 70 is a flow diagram of a method for providing a client with a reliable connection to host services and for reconnecting the client to the host services according to an embodiment of the invention
- FIGS. 71-72 are flow diagrams of a method for reconnecting a client to host services according to an embodiment of the invention.
- FIG. 73 is a conceptual block diagram of an embodiment of client software and server software
- FIG. 74 is a flow chart of an embodiment of a method for monitoring network performance
- FIG. 75 is a flow chart of an embodiment of a method of operation of the server software
- FIG. 76 is a flow chart of an embodiment of a method of generating sub- metrics by the client
- FIG. 77 is a flow chart of an embodiment of a method of generating sub- metrics by the client
- FIG. 78 is a flow chart of an embodiment of a method of generating sub- metrics by the server
- FIG. 79 is a schematic diagram depicting a networked client-server computing system
- FIG. 80 is a flow chart depicting a method for connecting a client machine to disconnected application sessions
- FIG. 81 is a flow chart depicting on embodiment a method for connecting the client machine to active application sessions
- FIG. 82 is a schematic diagram depicting one embodiment of a client machine in communication with several remote machines
- FIG. 83 is a flow diagram depicting one embodiment of steps taken in a method to connect a user of a client machine to a computing environment
- FIG. 84 is a flow diagram depicting an embodiment of steps taken in a method to connect a user of a client machine to a computing environment in response to selection of a graphical user interface element;
- FIG. 85 is a block diagram depicting one embodiment of a remote machine able to connect the client machine to an application session
- FIG. 86 is a block diagram of an embodiment of a system for connecting a client machine to an application session responsive to application of a policy
- FIG. 87 is a flow diagram depicting the steps taken in one method to connect a client machine to an application session responsive to application of a policy
- FIG. 88 is a block diagram depicting one embodiment of a system for providing, by a virtual machine, access to a computing environment
- FIG. 89A is a block diagram depicting one embodiment of a storage device and a computing device
- FIG. 89B is a flow diagram depicting one embodiment of the steps taken in a method for providing access to a computing environment on a computing device via a storage device;
- FIG. 9OA is a block diagram depicting one embodiment of a mobile computing device
- FIG. 9OB is a flow diagram depicting one embodiment of the steps taken in a method for providing a portable computing environment by a mobile computing device
- FIG. 91 A is a block diagram of one embodiment of a mobile computing device and a computing device
- FIG. 91 B is a flow diagram depicting depicts one embodiment of the steps taken in a method for providing access to a computing environment on a computing device via a mobile computing device;
- FIG. 92A is a block diagram depicting one embodiment of a mobile computing device and a computing device comprising a computing environment selector;
- FIG. 92B is a flow diagram depicting an embodiment of the steps taken in a method for establishing a computing environment on a computing device via a mobile computing device;
- FIG. 93A is a block diagram depicting one embodiment of a mobile computing device connecting to a docking station;
- FIG. 93B is a block diagram depicting one embodiment of a docking station connecting a mobile computing device and a computing device;
- FIG. 93C is a block diagram depicting one embodiment of a mobile computing device and computing device having a docking mechanism
- FIG. 93D is a flow diagram depicting one embodiment of the steps taken in a method of providing to a mobile computing device one or more hardware resources;
- FIG. 94A is a block diagram depicting one embodiment of a mobile computing device having a plurality of processors
- FIG. 94B is a flow diagram depicting one embodiment of the steps taken in a method for switching, by a mobile computing device, between use of multiple processors;
- FIG. 95 is a block diagram depicting one embodiment of a system for providing to a first client agent, via a second client agent on a first remote machine, output data generated by a resource executing in a virtual machine provided by a second remote machine;
- FIG. 96 is a block diagram depicting an embodiment of a system for providing to a first client agent, via a second client agent on a first remote machine, output data generated by a resource executing in a virtual machine provided by a second remote machine; and
- FIG. 97 is a block diagram depicting one embodiment of a system for identifying, by a coordinator machine, a worker machine providing, via a virtual machine, access to a computing environment.
- FIG. 1 a block diagram of one embodiment of an
- a remote machine 30 such as remote machine 30, 30', 30", or 30"'
- remote machine 30 accepts connections from
- the system may include
- the logical group of remote machines may be referred to as
- machine farm 38 a "server farm” or “machine farm,” indicated in FIG. 1A as machine farm 38.
- the remote machines 30 may be geographically
- the group of remote machines 30 logically grouped as a
- machine farm 38 may be interconnected using a wide-area network (WAN)
- WAN wide-area network
- MAN metropolitan-area network
- LAN local area network
- SAN storage-area network
- public network such as the Internet.
- a machine farm 38 may include remote machines 30 physically
- a machine farm 38 may be any type of network (LAN) connection or some form of direct connection.
- LAN network
- a machine farm 38 may
- a centralized service may provide management for machine farm 38.
- one or more remote machines 30 elect a particular remote
- remote machine 30 may be referred to as a management server, management
- the management node 30 may gather and store
- an administrator designates one or more remote
- machines 30 to provide management functionality for machine farm 38.
- management of the machine farm 38 may be de-centralized.
- one or more remote machines 30 comprise components,
- one or more remote machines 30 provide functionality for management of dynamic data, including techniques
- machines 30 include communications capabilities to enable the one or more
- remote machines 30 to interact with one another to share responsibility for
- Each remote machine 30 may communicate with a
- persistent store and, in some embodiments, with a dynamic store.
- Persistent store may be physically implemented on a disk, disk farm, a
- RAID redundant array of independent disks
- writeable compact disc or any combination thereof
- a single physical device may
- the persistent store maintains static data associated with each remote machine
- the persistent store may maintain the
- LDAP Lightweight Directory Access Protocol
- the persistent store stores server data in an ODBC-
- the data stored by the persistent store may be replicated for reliability
- the database itself may be replicated using
- both physical and logical replication may be used concurrently.
- the remote machines 30 store "static" data, i.e., data that persist across client sessions, in the persistent store. Writing to the
- the remote machines 30 may develop a logical, common
- the dynamic store may be physically implemented in the local memory of a single or multiple remote machines 30in the machine farm 38.
- the local local memory may be physically implemented in the local memory of a single or multiple remote machines 30in the machine farm 38.
- memory can be random access memory, disk, disk farm, a redundant array of
- RAID independent disks
- data stored in the dynamic store are data that are typically
- runtime data are the current workload level for each of the remote
- remote machine 30 and licensing information.
- the dynamic store comprises one or more tables
- the dynamic store (i.e., the collection of all record tables) can be embodied in various ways.
- the dynamic store is centralized; that is, all runtime data are stored in the memory of one remote machine 30 in the machine farm 38. That server operates in a manner similar to the management node described above, that is, all other remote machines 30 in the machine farm 38 communicate with the server acting as the centralized data store when seeking access to that runtime data.
- each remote machine 30 in the machine farm 38 keeps a full copy of the dynamic store.
- each remote machine 30 communicates with every other remote machine 30 to keep its copy of the dynamic store up to date.
- each remote machine 30 maintains its own runtime data and communicates with every other remote machine 30 when seeking to obtain runtime data from them.
- a remote machine 30 attempting to find an application program requested by the client machine 10 may communicate directly with every other remote machine 30 in the machine farm 38 to find one or more servers hosting the requested application.
- a collector point is a server that collects run-time data.
- Each collector point stores runtime data collected from certain other remote machines 30in the machine farm 38.
- Each remote machine 30 in the machine farm 38 is capable of operating as, and consequently is capable of being designated as, a collector point.
- each collector point stores a copy of the entire dynamic store.
- each collector point stores a portion of the dynamic store, i.e., it maintains runtime data of a particular data type.
- the type of data stored by a remote machine 30 may be predetermined according to one or more criteria. For example, remote machines 30may store different types of data based on their boot order. Alternatively, the type of data stored by a remote machine 30 may be configured by an administrator using administration tool 140. In these embodiments, the dynamic store is distributed among two or more remote machines 30in the machine farm 38.
- Remote machines 30 not designated as collector points know the remote machines 30 in a machine farm 38 that are designated as collector points.
- a remote machine 30 not designated as a collector point communicates with a particular collector point when delivering and requesting runtime data. Consequently, collector points lighten network traffic because each remote machine 30 in the machine farm 38 communicates with a single collector point remote machine 30, rather than with every other remote machine 30, when seeking to access the runtime data.
- the machine farm 38 can be heterogeneous, that is, one or more of the remote machines 30 can operate according to one type of operating system platform (e.g., WINDOWS NT, manufactured by Microsoft Corp. of Redmond, Washington), while one or more of the other remote machines 30 can operate according to another type of operating system platform (e.g., Unix or Linux). Additionally, a heterogeneous machine farm 38 may include one or more remote machines 30 operating according to a type of operating system, while one or more other remote machines 30 execute one or more types of hypervisors rather than operating systems. In these embodiments, hypervisors may be used to emulate virtual hardware, partition physical hardware, virtualize physical hardware, and execute virtual machines that provide access to computing environments.
- hypervisors may be used to emulate virtual hardware, partition physical hardware, virtualize physical hardware, and execute virtual machines that provide access to computing environments.
- Hypervisors may include those manufactured by VMWare, Inc., of Palo Alto, California; the Xen hypervisor, an open source product whose development is overseen by XenSource, Inc., of Palo Alto; the VirtualServer or virtual PC hypervisors provided by Microsoft or others.
- a hypervisor executes on a machine executing an operating system.
- a machine executing an operating system and a hypervisor may be said to have a host operating system (the operating system executing on the machine), and a guest operating system (an operating system executing within a computing resource partition provided by the hypervisor).
- a hypervisor interacts directly with hardware on a machine, instead of executing on a host operating system.
- the hypervisor may be said to be executing on "bare metal," referring to the hardware comprising the machine.
- Remote machines 30 may be servers, file servers, application servers, appliances, network appliances, gateways, application gateways, gateway servers, virtual ization servers, deployment servers, or firewalls.
- the remote machine 30 may be an SSL VPN server.
- the remote machine 30 may be an application acceleration appliance.
- the remote machine 30 may provide functionality including firewall functionality, application firewall functionality, or load balancing functionality.
- the remote machine 30 comprises an appliance such as one of the line of appliances manufactured by the Citrix Application Networking Group, of San Jose, CA, or Silver Peak Systems, Inc., of Mountain View, CA, or of Riverbed Technology, Inc., of San Francisco, CA, or of F5 Networks, Inc., of Seattle, WA, or of Juniper Networks, Inc., of Sunnyvale, CA.
- a remote machine 30 comprises a remote authentication dial-in user service, referred to as a RADIUS server.
- remote machines 30 may have the capacity to function as a master network information node monitoring resource usage of other machines in the farm 38.
- a remote machine 30 may provide an Active Directory.
- Remote machines 30 may be referred to as execution machines, intermediate machines, broker machines, intermediate broker machines, or worker machines.
- remote machines 30 in the machine farm 38 may be stored in high-density racking systems, along with associated storage systems, and located in an enterprise data center.
- consolidating the machines in this way may improve system manageability, data security, the physical security of the system, and system performance by locating machines and high performance storage systems on localized high performance networks. Centralizing the machines and storage systems and coupling them with advanced system management tools allows more efficient use of machine resources.
- the client machines 10 may also be referred to as endpoints, client nodes, clients, or local machines.
- the client machines 10 have the capacity to function as both client machines seeking access to resources and as remote machines 30 providing access to remotely hosted resources for other client machines 10.
- remote machines 30 may request access to remotely-hosted resources.
- the remote machines 30 may be referred to as client machines 10.
- the client machine 10 communicates directly with one
- the client machines 30 in a machine farm 38.
- the client machines 30 in another embodiment, the
- client machine 10 executes an application to communicate with the remote
- the client machine 10 communicates with one of the remote machines 30 via a gateway,
- the client machine 10 such as an application gateway.
- the client machine 10 such as an application gateway.
- 10 can, for example, request access to or execution of various resources
- remote machines 30 such as applications, computing environments,
- the client machine 10 can communicate with the client machine 10 via the communications link 150.
- the communications link 150 may be synchronous or asynchronous and
- LAN connection may be a LAN connection, MAN connection, or a WAN connection. Additionally,
- communications link 150 may be a wireless link, such as an infrared channel or
- the communications link 150 may use a transport layer protocol
- HTTP HyperText Protocol
- XML Extensible Markup Language
- XML Extensible Markup Language
- communications link 150 uses a Wi-Fi protocol.
- the Wi-Fi protocol In still another embodiment, the
- communications link 150 uses a mobile internet protocol.
- the communications link 150 may provide communications functionality
- links e.g., T1 , T3, 56 kb, X.25, SNA, DECNET), broadband connections (ISDN,
- Connections can be established using a
- ARCNET ARCNET
- SONET SONET
- SDH Fiber Distributed Data Interface
- FDDI Fiber Distributed Data Interface
- RS232 IEEE
- IEEE 802.11 IEEE 802.11 a, IEEE 802.11 b, IEEE 802.11 g, CDMA, GSM, WiMax and
- the remote machine 30 In one embodiment, the remote machine 30
- gateway any type and/or form of gateway or
- tunneling protocol such as Secure Socket Layer (SSL) or Transport Layer
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
- Memory System Of A Hierarchy Structure (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP11161963A EP2369479A3 (de) | 2006-01-24 | 2007-01-24 | Verfahren und System zur Bereitstellung des Zugriffs auf eine Computerumgebung |
EP11161966A EP2375328A3 (de) | 2006-01-24 | 2007-01-24 | Verfahren und System zur Bereitstellung des Zugriffs auf eine Computerumgebung |
Applications Claiming Priority (11)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US76167406P | 2006-01-24 | 2006-01-24 | |
US11/552,315 US20070174429A1 (en) | 2006-01-24 | 2006-10-24 | Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment |
US11/559,658 US20070180447A1 (en) | 2006-01-24 | 2006-11-14 | Methods and systems for interacting, via a hypermedium page, with a virtual machine |
US11/563,958 US20070174410A1 (en) | 2006-01-24 | 2006-11-28 | Methods and systems for incorporating remote windows from disparate remote desktop environments into a local desktop environment |
US11/563,932 US8341270B2 (en) | 2006-01-24 | 2006-11-28 | Methods and systems for providing access to a computing environment |
US11/624,402 US7949677B2 (en) | 2006-01-24 | 2007-01-18 | Methods and systems for providing authorized remote access to a computing environment provided by a virtual machine |
US11/624,395 US8117314B2 (en) | 2006-01-24 | 2007-01-18 | Methods and systems for providing remote access to a computing environment provided by a virtual machine |
US11/624,394 US7870153B2 (en) | 2006-01-24 | 2007-01-18 | Methods and systems for executing, by a virtual machine, an application program requested by a client machine |
US11/624,396 US7954150B2 (en) | 2006-01-24 | 2007-01-18 | Methods and systems for assigning access control levels in providing access to resources via virtual machines |
US11/624,403 US8341732B2 (en) | 2006-01-24 | 2007-01-18 | Methods and systems for selecting a method for execution, by a virtual machine, of an application program |
PCT/US2007/060963 WO2007087558A2 (en) | 2006-01-24 | 2007-01-24 | Methods and systems for providing access to a computing environment |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1977317A1 true EP1977317A1 (de) | 2008-10-08 |
Family
ID=38003083
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP07762438A Ceased EP1977317A1 (de) | 2006-01-24 | 2007-01-24 | Verfahren und systeme zur bereitstellung eines zugriffs auf eine computerumgebung |
EP11161966A Ceased EP2375328A3 (de) | 2006-01-24 | 2007-01-24 | Verfahren und System zur Bereitstellung des Zugriffs auf eine Computerumgebung |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP11161966A Ceased EP2375328A3 (de) | 2006-01-24 | 2007-01-24 | Verfahren und System zur Bereitstellung des Zugriffs auf eine Computerumgebung |
Country Status (6)
Country | Link |
---|---|
EP (2) | EP1977317A1 (de) |
AU (1) | AU2007208093A1 (de) |
BR (1) | BRPI0707220A2 (de) |
CA (1) | CA2637980A1 (de) |
IL (1) | IL192910A (de) |
WO (1) | WO2007087558A2 (de) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9749333B2 (en) | 2014-05-05 | 2017-08-29 | Oliver Lloyd Pty Ltd | Shared access appliance, device and process |
CN113259696A (zh) * | 2021-05-11 | 2021-08-13 | 西安万像电子科技有限公司 | 直播方法和装置、存储介质及电子设备 |
Families Citing this family (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9020854B2 (en) | 2004-03-08 | 2015-04-28 | Proxense, Llc | Linked account system using personal digital key (PDK-LAS) |
EP1829283A2 (de) | 2004-12-20 | 2007-09-05 | Proxense, LLC | Authentifizierung eines persönlichen biometrischen datenschlüssels |
US8433919B2 (en) | 2005-11-30 | 2013-04-30 | Proxense, Llc | Two-level authentication for secure transactions |
US11206664B2 (en) | 2006-01-06 | 2021-12-21 | Proxense, Llc | Wireless network synchronization of cells and client devices on a network |
US8340672B2 (en) | 2006-01-06 | 2012-12-25 | Proxense, Llc | Wireless network synchronization of cells and client devices on a network |
US9269221B2 (en) | 2006-11-13 | 2016-02-23 | John J. Gobbi | Configuration of interfaces for a location detection system and application |
US8012015B2 (en) | 2006-11-15 | 2011-09-06 | Cfph, Llc | Verifying whether a gaming device is communicating with a gaming server |
US7942741B2 (en) | 2006-11-15 | 2011-05-17 | Cfph, Llc | Verifying whether a device is communicating with a server |
US7942742B2 (en) | 2006-11-15 | 2011-05-17 | Cfph, Llc | Accessing identification information to verify a gaming device is in communications with a server |
US7942738B2 (en) | 2006-11-15 | 2011-05-17 | Cfph, Llc | Verifying a gaming device is in communications with a gaming server |
US10068421B2 (en) | 2006-11-16 | 2018-09-04 | Cfph, Llc | Using a first device to verify whether a second device is communicating with a server |
US7942739B2 (en) | 2006-11-15 | 2011-05-17 | Cfph, Llc | Storing information from a verification device and accessing the information from a gaming device to verify that the gaming device is communicating with a server |
US7942740B2 (en) | 2006-11-15 | 2011-05-17 | Cfph, Llc | Verifying a first device is in communications with a server by storing a value from the first device and accessing the value from a second device |
US8659427B2 (en) | 2007-11-09 | 2014-02-25 | Proxense, Llc | Proximity-sensor supporting multiple application services |
US8171528B1 (en) | 2007-12-06 | 2012-05-01 | Proxense, Llc | Hybrid device having a personal digital key and receiver-decoder circuit and methods of use |
US9251332B2 (en) | 2007-12-19 | 2016-02-02 | Proxense, Llc | Security system and method for controlling access to computing resources |
US8508336B2 (en) | 2008-02-14 | 2013-08-13 | Proxense, Llc | Proximity-based healthcare management system with automatic access to private information |
US11120449B2 (en) | 2008-04-08 | 2021-09-14 | Proxense, Llc | Automated service-based order processing |
US9418205B2 (en) | 2010-03-15 | 2016-08-16 | Proxense, Llc | Proximity-based system for automatic application or data access and item tracking |
US8771064B2 (en) | 2010-05-26 | 2014-07-08 | Aristocrat Technologies Australia Pty Limited | Gaming system and a method of gaming |
US9322974B1 (en) | 2010-07-15 | 2016-04-26 | Proxense, Llc. | Proximity-based system for object tracking |
US8857716B1 (en) | 2011-02-21 | 2014-10-14 | Proxense, Llc | Implementation of a proximity-based system for object tracking and automatic application initialization |
US9191454B2 (en) * | 2011-06-27 | 2015-11-17 | Microsoft Technology Licensing, Llc | Host enabled management channel |
US8683548B1 (en) | 2011-09-30 | 2014-03-25 | Emc Corporation | Computing with policy engine for multiple virtual machines |
US8726337B1 (en) | 2011-09-30 | 2014-05-13 | Emc Corporation | Computing with presentation layer for multiple virtual machines |
US8904008B2 (en) | 2012-01-09 | 2014-12-02 | Microsoft Corporation | Assignment of resources in virtual machine pools |
US9047169B1 (en) * | 2012-03-30 | 2015-06-02 | Emc Corporation | Resizing snapshot mount points |
US8448260B1 (en) * | 2012-05-25 | 2013-05-21 | Robert Hansen | Electronic clipboard protection |
US9600351B2 (en) * | 2012-12-14 | 2017-03-21 | Microsoft Technology Licensing, Llc | Inversion-of-control component service models for virtual environments |
US9305174B2 (en) | 2013-04-09 | 2016-04-05 | Robert Hansen | Electronic clipboard protection |
US9405898B2 (en) | 2013-05-10 | 2016-08-02 | Proxense, Llc | Secure element as a digital pocket |
US9519498B2 (en) * | 2013-12-24 | 2016-12-13 | Microsoft Technology Licensing, Llc | Virtual machine assurances |
US9652631B2 (en) | 2014-05-05 | 2017-05-16 | Microsoft Technology Licensing, Llc | Secure transport of encrypted virtual machines with continuous owner access |
US10229272B2 (en) | 2014-10-13 | 2019-03-12 | Microsoft Technology Licensing, Llc | Identifying security boundaries on computing devices |
US9584317B2 (en) | 2014-10-13 | 2017-02-28 | Microsoft Technology Licensing, Llc | Identifying security boundaries on computing devices |
US9519787B2 (en) | 2014-11-14 | 2016-12-13 | Microsoft Technology Licensing, Llc | Secure creation of encrypted virtual machines from encrypted templates |
US11182713B2 (en) | 2015-01-24 | 2021-11-23 | Vmware, Inc. | Methods and systems to optimize operating system license costs in a virtual data center |
US9742782B2 (en) * | 2015-06-11 | 2017-08-22 | International Business Machines Corporation | Configuration management for virtual machine environment |
CN106230806A (zh) * | 2016-07-26 | 2016-12-14 | 中国南方电网有限责任公司信息中心 | 混合数据在内外网隔离环境下的定制协议通讯系统和方法 |
CN107797845B (zh) | 2016-09-07 | 2021-06-15 | 华为技术有限公司 | 用于访问容器的方法和装置 |
DE102019119110A1 (de) * | 2019-07-15 | 2021-01-21 | Claas Selbstfahrende Erntemaschinen Gmbh | Verfahren zur Abarbeitung eines landwirtschaftlichen Arbeitsprozesses auf einem Feld |
US11546208B2 (en) * | 2019-12-31 | 2023-01-03 | Vmware, Inc. | Multi-site hybrid networks across cloud environments |
CN112148107A (zh) * | 2020-09-18 | 2020-12-29 | 苏州浪潮智能科技有限公司 | 一种数据中心的功耗控制方法、系统及相关组件 |
EP4323995A1 (de) * | 2021-04-15 | 2024-02-21 | Dexcom, Inc. | Globaler konfigurationsdienst |
CN117082134A (zh) * | 2022-11-29 | 2023-11-17 | 中移(杭州)信息技术有限公司 | 一种代理连接方法、服务器、通信系统及存储介质 |
CN116455660B (zh) * | 2023-05-04 | 2023-10-17 | 北京数美时代科技有限公司 | 页面访问请求的控制方法、系统、存储介质和电子设备 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050120160A1 (en) * | 2003-08-20 | 2005-06-02 | Jerry Plouffe | System and method for managing virtual servers |
US20050198303A1 (en) * | 2004-01-02 | 2005-09-08 | Robert Knauerhase | Dynamic virtual machine service provider allocation |
-
2007
- 2007-01-24 BR BRPI0707220-1A patent/BRPI0707220A2/pt not_active Application Discontinuation
- 2007-01-24 AU AU2007208093A patent/AU2007208093A1/en not_active Abandoned
- 2007-01-24 CA CA002637980A patent/CA2637980A1/en not_active Abandoned
- 2007-01-24 WO PCT/US2007/060963 patent/WO2007087558A2/en active Application Filing
- 2007-01-24 EP EP07762438A patent/EP1977317A1/de not_active Ceased
- 2007-01-24 EP EP11161966A patent/EP2375328A3/de not_active Ceased
-
2008
- 2008-07-20 IL IL192910A patent/IL192910A/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050120160A1 (en) * | 2003-08-20 | 2005-06-02 | Jerry Plouffe | System and method for managing virtual servers |
US20050198303A1 (en) * | 2004-01-02 | 2005-09-08 | Robert Knauerhase | Dynamic virtual machine service provider allocation |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9749333B2 (en) | 2014-05-05 | 2017-08-29 | Oliver Lloyd Pty Ltd | Shared access appliance, device and process |
CN113259696A (zh) * | 2021-05-11 | 2021-08-13 | 西安万像电子科技有限公司 | 直播方法和装置、存储介质及电子设备 |
Also Published As
Publication number | Publication date |
---|---|
CA2637980A1 (en) | 2007-08-02 |
WO2007087558A2 (en) | 2007-08-02 |
IL192910A0 (en) | 2009-02-11 |
EP2375328A2 (de) | 2011-10-12 |
BRPI0707220A2 (pt) | 2011-04-26 |
EP2375328A3 (de) | 2011-12-21 |
AU2007208093A1 (en) | 2007-08-02 |
IL192910A (en) | 2012-12-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8051180B2 (en) | Methods and servers for establishing a connection between a client system and a virtual machine executing in a terminal services session and hosting a requested computing environment | |
EP2375328A2 (de) | Verfahren und System zur Bereitstellung des Zugriffs auf eine Computerumgebung | |
EP2369479A2 (de) | Verfahren und System zur Bereitstellung des Zugriffs auf eine Computerumgebung | |
WO2007100942A9 (en) | Methods and systems for providing access to a computing environment provided by a virtual machine executing in a hypervisor executing in a terminal services session | |
US9742876B2 (en) | Span out load balancing model | |
AU2019229870B2 (en) | Instant virtual application launch | |
US11595482B2 (en) | Image acquisition device virtualization for remote computing | |
US11818183B2 (en) | System and method for workspace sharing | |
WO2024045000A1 (en) | Application-based clipboard isolation and sharing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20080722 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
17Q | First examination report despatched |
Effective date: 20090409 |
|
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1123111 Country of ref document: HK |
|
DAX | Request for extension of the european patent (deleted) | ||
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20140122 |
|
REG | Reference to a national code |
Ref country code: HK Ref legal event code: WD Ref document number: 1123111 Country of ref document: HK |