WO2008131460A2 - : système et procédé de création de système d'assurance - Google Patents

: système et procédé de création de système d'assurance Download PDF

Info

Publication number
WO2008131460A2
WO2008131460A2 PCT/US2008/061469 US2008061469W WO2008131460A2 WO 2008131460 A2 WO2008131460 A2 WO 2008131460A2 US 2008061469 W US2008061469 W US 2008061469W WO 2008131460 A2 WO2008131460 A2 WO 2008131460A2
Authority
WO
WIPO (PCT)
Prior art keywords
computer system
virtual
environment
system environment
application
Prior art date
Application number
PCT/US2008/061469
Other languages
English (en)
Other versions
WO2008131460A3 (fr
Inventor
Carolyn Turbyfill
Andrew Gross
John Clemens
John Hawley
Robert J. Stratton Iii
Original Assignee
Stacksafe, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/772,673 external-priority patent/US20080271018A1/en
Priority claimed from US11/948,441 external-priority patent/US20080271025A1/en
Application filed by Stacksafe, Inc. filed Critical Stacksafe, Inc.
Publication of WO2008131460A2 publication Critical patent/WO2008131460A2/fr
Publication of WO2008131460A3 publication Critical patent/WO2008131460A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files

Definitions

  • the present invention relates to the creation of an assurance system.
  • a plurality of applications running simultaneously on a plurality of computers such as servers usually connected to the same network, is used to provide business services to staff and/or customers.
  • the various applications allow the system to perform a variety of tasks simultaneously and provide information to a plurality of users at the same time.
  • a system may have an e-mail application running on a network at the same time as a document management application, both of which may be running on separate servers. Any user of the system is able to utilize the various applications at the same time on any computer connected to the system.
  • servers that provide information to customers and manage the activities of the business must function at all times and cannot be taken offline for maintenance.
  • These systems are often constructed of multiple, interdependent systems and software, often referred to as "n-tiered” or “multi-tier” applications or an "application stack". Improper operation of any individual software or hardware component or interconnection may render the entire business application inoperative or unavailable. Installation of new applications or the update of software on the systems may cause disruptions in service, which can cost such businesses immense amounts of money.
  • the present invention is a system and method for creating a virtual assurance system.
  • the present invention is a system for creating and analyzing a virtual application environment that is identical to the environment on a particular target system such as, for example, a network, an entire enterprise architecture or branch thereof, a particular network server, or a workstation.
  • the assurance system may consist of software adapted to copy the entire memory and various settings of the target system to a location separate from the target system.
  • the assurance system copies the memory of the target system, it preferably copies the entire contents of every memory device attached to the target system such as, for example, hard disk drives and read-only memory devices. This ensures that the virtual application environment has access to all of the information that the target system has access to.
  • the software may copy the memory of the target system over a network to the separate location or directly to another computer or portable storage device. The software may also capture details of the network interconnections between components of the target systems.
  • the assurance system uses the copied memory to create a virtual application environment in a location separate from the target system that functions in the same way as the target system.
  • the virtual application environment will be practically indistinguishable from the target system or systems.
  • Specific hardware or network attributes of target systems may be emulated by the virtual application environment to facilitate accurate representation of unique characteristics of the target when running in the virtual application environment.
  • the assurance system will have access to all of the applications and data stored on the target system because the entire memory and configuration of the target system is copied.
  • the virtual application environment may also be created on the same hardware as the target system, but in a designated area, such as a partition or dedicated portion of a storage area network.
  • the virtual application environment is simply isolated from the target environment using software. Isolation, however, may not always be desired. For example, in one embodiment input that is sent to the target system may simultaneously or on a delayed basis be sent to the virtual application environment so that a user may test how the virtual application environment functions differently from the target system, particularly after new software has been installed.
  • the virtual application environment may be connected to the same network as the target system in order to permit interaction between the virtual application environment and the physical network.
  • Network traffic may be routed from the network to both the target system and the virtual application environment, with only the target system being allowed to return responses to the network.
  • a firewall or other security may be set up to prevent the virtual application environment from sending output to the network.
  • the virtual application environment may also be connected to the same hardware devices as the target system, particularly if any difficulty has occurred in the past with a particular piece of hardware [0027]
  • the assurance system will provide a capability for the virtual application environments to interact with network resources, including name servers, time servers, file server or databases, outside the assurance environment while the target system's network and the virtual network share conflicting configuration parameters, such as duplicate IP addresses, which would normally prohibit interoperability. This may be accomplished in the assurance system through the use of network address translation, network service proxy servers or other technologies. For example, some network appliances use proprietary hardware and software that cannot be virtualized unless the vendor provides a virtual instance of the appliance.
  • the assurance environment would have to interact with the physical appliance on the network.
  • Another example would be a database or storage network that is too large to import into a virtual environment. If the database were a production database where a test could not be allowed to compromise the integrity of the data, tests could be limited to read-only queries or may be restricted to accessing a special set of test data that would only be used for testing and could not compromise the integrity of the production data. This could be accomplished by having a set of users with database access privileges that would be appropriately restricted.
  • the system merely simulates hardware devices that would be accessible to the target system.
  • the virtual application environment may have access to a virtual printer, which consists of a software program that communicates with the virtual application environment in the same manner as a physical printer.
  • software representations of virtual network components such as routers, firewalls, or network load balancers may be added to the virtual network inside the virtual application environment. In order to provide the best possible test fidelity, these virtual components may be derived from the product code base of the physical network components being replicated within the virtual network inside the assurance system.
  • the system according to the present invention will send simulated input, which simulates input that would be received by the target computer to the assurance system in order to properly test the virtual application environment in real conditions.
  • actual input that is received by the target system is simultaneously sent also to the assurance system in real time so that a user may compare and monitor the functionality of the virtual application environment with the functionality of the target system using the same inputs.
  • the assurance system may also retrieve or accept information about the target systems from tools used to manage target systems including but not limited to configuration management applications, systems management applications, audit and compliance tools, performance sizing and simulation tools, and vulnerability scanners.
  • one or more components of a large, complex target system environment may not be imported into the assurance system.
  • the assurance system will provide connectivity mechanisms to allow a virtual application environment to interoperate with one or more application and/or network service components running outside of the assurance system.
  • An example would be a database server running outside the assurance system, providing networked database management system services to a virtual application environment running inside the assurance system.
  • the assurance system may copy a plurality of target systems and manage a plurality of virtual application environments.
  • the virtual application environments may be created from various different environments on various different devices. This may be useful when a user wishes to determine how changes to one machine will affect other machines that function in conjunction with, or depend upon, the changed machine. This embodiment may also be useful to simultaneously compare the environments and attributes of multiple machines and environments, possibly through a network.
  • the user may use the assurance system for a plurality of uses.
  • the user may run a series of security tests on the virtual environment to attempt to penetrate the security on the computer using network security testing or "hacker" tools. If the user is successful in penetrating the security on the virtual application environment, the user knows that it must update the security on the target system. Because the tests are run on the virtual application environment, any damage to stored data caused by the testing will not effect user productivity because the data on the target system are never accessed.
  • the system may generate a patch, or programmed fix, to correct the flaw. We define a fix to be any change that will mitigate a failure.
  • a fix can any means of mitigating a flaw such as a configuration change, a component designed to intercept bad input such as an application firewall, or a patch.
  • a patch to be a subset of a fix, specifically a change to an applications code designed to eliminate an application flaw that is the root cause of a vulnerability or failure.
  • the user may then run the patch on the virtual application environment to ensure that it will not have any adverse effects on the functionality of the virtual application environment or on the data stored by the virtual application environment.
  • the user may then run tests on the virtual application environment to ensure that the patch remedies the security error. If the patch remedies the error, the patch may be applied at a later time to the target system.
  • the virtual application environment may be used in a forensics mode, where the user is able to pause and step through an application using forensics tools for purposes of determining the root cause of a system failure or performance anomaly.
  • the assurance system provides a means of integrating analysis and assurance tools from a variety of sources ranging from custom user-specific tools to commercial or open source products.
  • a user may also use the virtual application environment to install new software or update existing software.
  • the virtual environment may be configured to isolate it from the user's network.
  • a user may utilize the assurance system to release a virus on the virtual application environment to assess the effect that a virus would have on the machine if a virus ever penetrated the security of the machine. The results of such a test may be useful to a system administrator who is considering the cost and benefits of installing new virus protection software.
  • the virtual environment may be configured to isolate it from the user's network to prevent damage from the virus.
  • a user may use the virtual environment to evaluate the efficiency of the target system by, for example, removing or replacing selected applications on the virtual environment. The user may run a plurality of tests on the virtual environment to evaluate how to improve the speed of the virtual environment. If the system determines that changes may be implemented to improve the speed of the virtual environment, the system may suggest these changes to the user. The user may then implement the changes, evaluate the changes, and decide whether or not to implement the changes on the target system.
  • the software used to perform tests or evaluate the virtual environment is installed in the virtual environment.
  • the software is installed in such a way, however, as to avoid any impact on testing accuracy.
  • the software may be isolated from the virtual environment The software itself will be undetectable when evaluations or testing is performed.
  • the software may compensate for the effects on the comparison resulting from the software being installed in the virtual environment.
  • the system identifies which program is the source of the fault and may generate a patch, or programmed fix, to correct the flaw.
  • the user may then run the patch or fix on the virtual application environment to ensure that it will not have any adverse effects on the functionality of the virtual application environment or on the data stored by the virtual application environment.
  • the user may then run tests on the virtual application environment to ensure that the patch remedies the performance problem. If the patch or fix remedies the error, the patch or fix may be applied at a later time to the target system.
  • the identification of the flaw, the remedy designed, and the effectiveness of the remedy are all added to a report and provided to a user.
  • the report or the remediation information may also be stored for review at a later time if a similar error occurs on the same machine or a different machine with the same application.
  • the report may also be stored and automatically recalled at a later date if the user creates a virtual application environment from the same machine.
  • the report may provide the user with remediation measures that were taken in the past on this machine or on other machines that experienced similar problems, had similar configurations, utilized similar applications, interfaced with similar devices, or for any other reason, and suggest possible remediation measures or other changes to the workstation based on the report and/or based on the assurance system's knowledge base.
  • the system may suggest that the user perform another defragmentation on the workstation.
  • the report may also be useful to a system administrator who wishes to evaluate the number of flaws a particular software application has had in the past.
  • testing or analysis tools included or compatible with the assurance system may be deployed on systems within a production environment, with or without some alteration to minimize the tools' impact on the performance and functionality of the production systems.
  • these tools may report faults or issues to the assurance system where more invasive detection and diagnosis of an issue may be performed against a virtual application environment corresponding to the production environment.
  • proposed fixes are identified for the faults or issues, they may be tested against the virtual application environment prior to deployment in the production environment.
  • a user may create and store an initial baseline virtual application environment at a given date and use it at a later date to compare to a second virtual application environment created from the same target system. This allows the user to evaluate changes that have been made to the target system and determine exactly how the changes have affected the performance of the target system.
  • a baseline initial virtual application environment of a target system such as a World- Wide- Web (HTTP) server may be created and stored when a website is first deployed.
  • a second virtual application environment will be created and compared to the first. This will allow a user to evaluate how operations or security personnel have changed the environment since the initial deployment, such as by installing additional software or configuration changes, whether those changes are caused through user action, malicious software, or input that exploits a system vulnerability.
  • a user may also wish to compare, over time, multiple target systems that were identical at the time of initial deployment. Though originally identical, poorly-documented system configuration changes made by administrators in the heat of incident resolution may cause "configuration drift" in these supposedly identical systems. Some of these changes may have caused certain servers to become more or less reliable or secure than others, without an obvious indication of the reason.
  • a baseline virtual application environment for a redundantly deployed network server such as a network load balancer, web server, or application server may be taken at the time of initial deployment. Later, after a period of continuous operation, multiple instances of virtual application environments from these originally replicated systems may be created and compared to the baseline to reveal undocumented configuration changes that enhance or adversely affect system performance.
  • the system may also be used to compare two virtual environments created from two separate target systems that reside on the same network. This type of comparison may be especially useful where one of the users of the virtual environments is experiencing problems with one or more applications on one of the target systems. A user may use the system to compare two potentially dissimilar virtual environments, determine the differences between the two environments, and evaluate the problem environment to determine how to remedy the error.
  • the system may store a plurality of virtual environments from a number of similar target systems such as computers connected to a common network, local area networks, or wide area networks, and possibly even refresh or update them periodically, in order to generate reports showing the various attributes of the computers, their software, and the interoperability of multiple components.
  • a user may utilize a virtual assurance system to evaluate the possible functionality and repercussions of installing a new piece of hardware to a target system.
  • the user first creates a virtual environment from the target system using the system software. Then the user may install the hardware on the virtual environment and run test programs on the virtual application environment to determine how the new hardware will affect the target system if it is installed on the target system.
  • the virtual assurance system may be used to detect operating system errors, server errors, database errors, or virtually any other errors that may occur on a target system.
  • the system may also run tests to uncover possible future errors that may occur before they ever cause any disruption on the target system.
  • the present system for creating a virtual assurance system may also function on only a single computer.
  • the system creates a virtual application environment in a separate storage area, such as a partition, on the same computer. Tests and changes may be run by the assurance system on the virtual application environment without interfering with the normal storage and applications of the computer.
  • the virtual assurance system may be used to apply programmatic or manual changes to modify the configuration of the virtual application environment and determine the results of the modified configuration. If the user determines that the changes improve the performance of the virtual application environment with no adverse effects, the changes may then be applied to the analogous target system in the production environment without fear of adverse effects.
  • the present system may also be used to create and store one or more virtual environments as backup systems that may be utilized in the case of a failure of the target system.
  • the assurance system may provide functionality that allows the contents and configuration of a virtual application environment to be copied to one or more physical target systems that are external to the assurance system.
  • software may capture system software configuration data, fault information, and user-contributed information on fault mitigation strategies and maintain a knowledge base of fault and fix information.
  • the system would, given user authorization, collect fault and fix information from individual users of the system, remove private information from the data, and upload the information to a central repository. From this repository, updates to all other customers knowledge base systems would be derived, and delivered, via a mechanism such as a network connection or recorded media. Other information products would also be derived from this data and published for the benefit of the user community.
  • the knowledge base may accept information from, and deliver information to, other enterprise support systems, such as patch management systems, trouble ticket systems, or vulnerability databases such as Common Vulnerabilities and Exposures, a database known in the art which can be found at http://cve.mitre.org and is hereby incorporated by reference herein in its entirety, and best practices for security, programming, information technology processes and system configuration. This may be done via a variety of mechanisms such as application programming interfaces, network services, or updates from vendors or software providers via network feed or any form of media such as, for example, DVD's.
  • the knowledge base may store configuration data for virtual application environments it has imported in the past or for machines connected to the same network as the knowledge base.
  • the system may use this information to suggest configuration changes to a user based on the configurations of other machines and the performance of the other machines.
  • the system may also use this information to generate reports concerning the functionality of the various machines evaluated by the assurance system and how the performance of any particular machine or machines may be improved.
  • the knowledge base may also compare reports to prior reports that have been created and stored in the past regarding a particular machine.
  • the present invention is a method for creating a virtual computer system environment comprising copying data stored in a first location of a first computer system environment to a second location in the virtual computer system environment, copying the configuration of the first computer system environment to a third location in the virtual computer system environment, copying a first application from the first computer system environment to a fourth location in the virtual computer system environment, providing a second application in a fifth location in the virtual computer system environment, wherein the second application is used to test the virtual computer system environment, and emulating components from the first computer system environment in the virtual computer system environment.
  • the method may further comprise copying network information from the first computer system environment to a sixth location in the virtual computer system environment.
  • the second location, third location, fourth location, and fifth location may comprise locations on a single memory device.
  • the first application may comprise a plurality of applications.
  • the step of copying data stored in a first location of a first computer system environment may include copying all data stored on the first computer system environment to the third location in the virtual computer system environment.
  • the virtual computer system environment may be located on a hardware device remote from the first computer system environment.
  • the virtual computer system environment may be located in a dedicated portion of the same hardware device on which the first computer system environment is located.
  • One embodiment of a method according to the present invention further comprises allowing a user to access the virtual computer system environment through an application programming interface.
  • One embodiment of the present invention comprises a method for evaluating a first computer system environment, comprising copying data stored in a first location of a first computer system environment to a second location in the virtual computer system environment, copying the configuration of the first computer system environment to a third location in the virtual computer system environment, copying a software application from the first computer system environment to a fourth location in the virtual computer system environment, providing an evaluation application in a fifth location in the virtual computer system environment, and evaluating the first computer system environment, using the evaluation application, based on the operation of the virtual computer system environment.
  • the evaluation application may be an analysis application and evaluating the first computer system environment may comprise analyzing the hardware and/or software functionality of the virtual computer system environment using the analysis application.
  • the evaluation application is a test application and a method according to the present invention further comprises running a test of the virtual computer system environment using the test application.
  • the test results may be stored in a sixth location.
  • the software application is a first software application and the method further comprises installing a second software application on the virtual computer system environment.
  • the method may further comprise uninstalling a third software application from the virtual computer system environment.
  • a method according to the present invention may further comprise running a script on the virtual computer system environment.
  • the evaluation application may be a security testing application.
  • the evaluation of the first computer system environment may comprise evaluating the security of the first computer system environment using the security testing application by attempting to breach the security of the virtual computer system environment which is derived from the first computer system environment.
  • the second location, third location, fourth location and fifth location comprise locations on a single memory device.
  • One embodiment of a method according to the present invention further comprises copying network information from the first computer system environment to a sixth location in the virtual computer system environment.
  • the second software application comprises testing software, reporting software, software for evaluating the virtual computer system environment, software for repairing the virtual computer system environment, one or more scripts for evaluating the virtual computer system environment, and/or one or more scripts for repairing the virtual computer system environment.
  • the first application comprises all applications stored on the first computer system environment
  • the second application is used to test the operation of the virtual computer system environment.
  • the second application is used to identify security flaws in the virtual computer system environment.
  • the second application is used to test compatibility of a third application with the virtual computer system environment.
  • the present invention comprises a system for evaluating a first computer system, comprising a first computer system including a first memory device wherein the first memory device includes data and configuration settings, a second computer system, including a second memory device wherein the data and configuration settings from the first memory device are copied to the second memory device to emulate the first computer system in the second computer system, and a computer software program located in the second computer system that is used to evaluate the first computer system based on the operation of the second computer system.
  • the first memory device may include network configuration information and the network configuration information may be copied to the second computer system.
  • a system according to the present invention may further comprise a first peripheral device coupled to the first computer system and the second computer system may include a virtual peripheral device that emulates the first peripheral device.
  • the computer software program tests the second computer system.
  • the results of the tests may be stored in the second memory device.
  • the results of the tests may be compared to previous test results.
  • the computer software program installs software on the second computer system.
  • the computer software program runs a script on the second computer system.
  • the computer software program is accessible through a network using an application programming interface.
  • the user may execute commands on the second computer system through the application programming interface.
  • the evaluation of the first computer system based on the operation of the second computer system is conducted at a first time and at a second time, and the results of the evaluation at the first time and at the second time are compared.
  • the second computer system is connected to a stream of network traffic.
  • the first computer and the second computer are each connected to the stream of network traffic.
  • Fig. 1 is a flow diagram depicting a method of creating a virtual application environment according to the present invention.
  • Fig. 2 is a flow diagram depicting a method of assessing the security of a target system using a virtual environment according to the present invention.
  • Fig. 3 is a flow diagram depicting a method of assessing a software implementation on a target system using an assurance system.
  • Fig. 4 is a flow diagram depicting a method of remedying flaws in a computer environment.
  • Fig. 5 is a system diagram depicting the various components of an assurance system according to the present invention.
  • Fig. 6 is a system diagram showing various systems of the present invention in communication with the knowledge base in one embodiment.
  • Fig. 7 depicts one embodiment of a user interface according to the present invention.
  • Fig. 8 depicts the simultaneous flow of network traffic to a target system and a virtual application environment according to one embodiment of the present invention.
  • Fig. 9 depicts one embodiment of an assurance system managing various virtual environments according to the present invention.
  • Fig. 10 depicts one embodiment of a user interface according to the present invention in communication with a plurality of assurance systems.
  • FIG. 11 depicts one embodiment of an enterprise management station according to the present invention in communication with a plurality of assurance systems.
  • the present invention is a method and system for creating a virtual assurance system, which creates and analyzes a virtual application environment that is identical to a target environment.
  • the assurance system may then be used to assess the effect of contemplated changes, run tests, create reports, or install new software without interfering with the target environment.
  • the target environment to be emulated may be a computer, a workstation, a personal digital assistant, a cellular telephone, a user interface device, a server, an entire network, an entire enterprise system comprised of multiple servers, or any other electronic device.
  • the target environment may be a plurality of devices such as, for example, a number of servers that together provide a business service, or a number of cable television receivers connected to a system.
  • FIG. 1 A method of creating a virtual assurance system according to the present invention is depicted in Fig. 1.
  • software according to the present invention searches for all storage devices attached to the target environment 110. Once all storage devices have been identified, the software searches for the amount of storage space used on the storage devices or occupied by the target environment 120. Once the amount of space has been determined, the software will set aside an area of memory to create the virtual system that is large enough to accommodate all of the storage used by the target system 130.
  • the area set aside by the software, or dedicated area may be in any location depending on the amount of storage needed and the target system to be copied.
  • the dedicated area may be on the same system as the target system, such as the same network, or may be on a separate device or network. For example, if a user simply wants to create a virtual environment replicating a personal computer environment, they may simply create a virtual environment on a flash memory device.
  • the dedicated area may be distributed across various devices or memory locations. In another embodiment, if a user wishes to create a virtual environment replicating a server on a storage area network, an area on another server may be used as the dedicated area.
  • the software copies the entire contents of all storage devices, including for example, hard disk drives and read-only memory, to the dedicated area 140.
  • the software also copies the details of network settings in order to reproduce the network configuration of the systems being copied.
  • the software will then configure the dedicated area according to the configuration files or settings of the target area so that the dedicated area will function in the same way as the target area, becoming the virtual application environment 150.
  • a virtual wall may be set up to separate the dedicated area from the target area if necessary, for example, where the dedicated area is on the same network as the target area 160.
  • the software may create virtual devices that emulate the various memory areas, storage devices connected to the target system, or other virtual hardware components.
  • the software may create a virtual hard drive that communicates with the virtual system in the same way as a hard drive in the target system does.
  • the system may provide a means of storing changes to an initial baseline virtual application environment through the use of copy-on-write technology or overlays, to reduce the (potentially large) overall storage requirements for multiple versions of the virtual application environments.
  • the storage system drivers when running a version of a virtual application environment that has been modified since the time of initial creation, the storage system drivers will "read-through” a set of stored change data or “deltas” and apply them dynamically to the baseline dataset being read. This presents the appearance to the system of reading a new version of the dataset, while only requiring the storage of the initial baseline set and specific changed data.
  • the system imports a number of machines into the assurance system and may simultaneously test or compare the virtual application environments created from the machines.
  • a user may test how changes to one virtual application environment may impact a second virtual application environment or simply implement a single change on a number of virtual application environments and evaluate how the machines are each affected. For example, a user may wish to evaluate the impact of running three applications on one particular machine as opposed to running them on three separate machines.
  • a user may access, evaluate, and manipulate multiple virtual application environments through a single user interface.
  • the user interface may allow a user to run tests on a particular virtual application environment, a particular software application across a number of machines, a particular hardware device utilized by one or more machines, or a select group of the virtual application environments.
  • the user may create reports for any tests run or create aggregated reports that summarize the result of two or more tests.
  • a "Security Report” may contain the results of a plurality of tests that attempt to breach the security of the system.
  • a “Comparison Report” may contain all of the differences between two or more virtual application environments.
  • the software used to run the assurance system and perform evaluations and tests of the virtual application environment may be located in the virtual application environment. This software will be isolated from the virtual application environment so that it is undetectable by the analysis components of the assurance system to ensure that the software itself does not effect the evaluations or tests.
  • the software may compensate for the effects on the comparison resulting from the software being installed in the virtual environment. In one example of this compensation, when a program is evaluating the amount of memory used by a particular virtual environment, the program may subtract the amount of memory used by the software used to run the assurance system. In another example of this compensation, when an evaluation program is evaluating the functionality of a processor, including the speed of the processor in performing certain tasks, the program may compensate for the amount of processing required by the evaluation program itself.
  • performance of a single computer environment may be evaluated at different times by creating a plurality of virtual machines from the single computer environment at different points in time and comparing the plurality of virtual machines. During this evaluation, it may be sufficient to simply determine relative changes in performance or resource usage in the plurality of virtual computers. In this case, rather than compensating for resource usage of the virtual assurance environment software, it is possible to simply insure that the overhead is the same when comparing test results for two systems. For example, the assurance system can determine which processes outside of the system being tested were running in the assurance environment the last time the test was run, and insure that exactly the same processes are running when the test is repeated on a different instance of the target system.
  • memory and CPU allocation for the system being tested and for the virtual assurance environment should be the same.
  • a relative comparison of the performance and resource usage of the systems being tested is valid, even if the test results are not a precise predictor of how the system would perform in production.
  • the same metrics can be obtained in the virtual assurance environment, providing a virtual/real ratio that can be used to predict how a virtual metric can be adjusted to predict what the physical metric in production would be.
  • the assurance system may also be accessible to a number of users at different computers or different locations on a network. This allows each user to access the assurance system through a user interface and run tests or evaluations on the virtual application environments.
  • the system contains a library of virtual application environments which may be managed by users. The user can add, delete or change a virtual application environment. The user may also create a backup version of a virtual application environment before a change is made.
  • the original virtual application environment imported from a target physical system may be kept as a baseline version and in some embodiments must be explicitly deleted by a user.
  • Each user may be given different permission levels such that a particular user may be able to run only passive tests while another user may able to run active tests such as the installation of software or the modification of files. Certain users may also only have access to certain virtual application environments or certain applications in the virtual environment to ensure that confidential data stored on one or more virtual application environments is not provided to unauthorized users.
  • the system also allows a near-instantaneous "reversion" capability after changes, as the base data are never changed or completely recopied and always available for use.
  • graphical user interface elements may provide visual cues as to original versions and changed versions of virtual application environment data.
  • the present invention is a method of searching for reliability or security flaws on a target system and determining the effect of patching the flaws as depicted in the flow diagram of Fig. 2. A user first creates a virtual application environment emulating the target system according to the method described above 210.
  • the user runs the virtual application as if it were running in its regular environment.
  • the user may then use software external to the virtual application environment to test the virtual application environment for reliability or security flaws 220.
  • This analysis software may reside in the assurance system, and multiple analysis or testing programs may be accessed through a common consistent user interface.
  • the analysis software may be software typically used to audit the performance or security of a computer attached to a network, or the sort used by intruders in order to access data protected from unauthorized users. If any reliability or security flaw is found 230, the system will automatically determine where the flaw is located in the virtual application environment, such as with a particular application. If no flaw is found, the user is informed 240 and a report is generated 250.
  • the system may design a patch to correct the flaw 260 or suggest a course of action to the user to remedy the flaw. If a patch has been designed, the system may test the patch on the virtual application environment 270 to determine whether the patch has been successful 280. If the patch is successful in the virtual application environment, the user may elect to implement the patch on the target system 290. If the patch has not been successful, the system will design another patch to attempt to remedy the flaw. Once the flaw has been corrected, the user may utilize the system to run the same tests or additional tests on the virtual application environment to ensure that the flaw has been corrected. The system will generate a report for the user detailing what actions have been taken 250.
  • the user may then fix the flaw on the target system with only minimal interruption in usage of the target system.
  • the target system While the user is running tests on the virtual application environment, the target system is free to be used by other users. This allows for increased productivity because of the lack of inoperative time, or "down time" necessary to test and modify the system.
  • the data stored on the target system is also free from threat of being damaged by testing or simulated hacker attacks that are run on the virtual application environment. Neighboring systems are also insulated from inadvertent damage due to disruptive testing, as it is contained within the virtual network of the assurance system.
  • the virtual application environment may be erased or it may be stored for comparison to another virtual application environment created from the same target machine at a later date.
  • FIG. 3 Another method according to the present invention is depicted in Fig. 3.
  • a virtual application environment is created in the same manner as described above 310.
  • the user may then run test programs on the virtual application environment to determine its efficiency and running environment 320.
  • the user may then install new software or update existing software on the virtual application environment in order to determine its impact on the virtual application environment 330.
  • the user may reboot the system to determine whether all of the applications and hardware are functioning properly. If any software application or piece of hardware is malfunctioning, the system will determine the cause of the problem and suggest a change to the user.
  • the system will then run tests on the virtual application environment 340, compare the results to tests run on the virtual application environment before the software was installed 350, and create a comprehensive report detailing the changes to system configuration that occur as a result of the installation of new software 360.
  • the report may contain information such as, for example, the amount of memory used by the new application or the amount of other resources used by the new application. If the user determines that the installation of the new software will not detrimentally affect the target system, the user may then install the software on the target system.
  • the user interface may also provide the user with real-time reports such as usage of the machine's resources by any particular application.
  • FIG. 4 Another method according to the present invention is depicted in Fig. 4.
  • the system depicted in Fig. 4 allows a user to utilize the testing capability of the assurance system without the necessity of creating a virtual application environment.
  • a user first determines whether a target system will be virtualized 402. If not, the target environment will be tested without creating a virtual application environment 404. If the user decides to create a virtual application environment, one is created as discussed above 406. The virtual application environment is then tested for flaws 408.
  • the assurance system determines if a flaw has been found 410. If no flaw has been found, the user is informed 412 and a report is generated 414 detailing the results of the testing for flaws.
  • the assurance system will design a patch to remedy the flaw 416.
  • the assurance system determines whether the flaw was found on a virtual application environment 418. If it has, then the assurance system will test the patch on the virtual application environment 420. If no virtual application environment has been created, the patch is tested on the target system 422. The assurance system will determine whether the patch has been successful 424. If the patch has not been successful, the assurance system will design another patch to remedy the flaw 416. If the patch has been successful, the assurance system will implement the patch on the target system 426 if it has not already been implemented on the target system and generate a report 414 detailing the flaw that was found and how it was remedied.
  • Fig. 5 is a system diagram showing the various components of an assurance system 500 according to the present invention.
  • the application stack includes a plurality of servers, such as an application server 504, a web server 506, and a database server 508. These servers are imported into a assurance system that creates virtual application environments 514, 516, and 518 from the servers. Virtual application environments may be created on the assurance system from the application server, web server, and database servers.
  • An analysis library 512 may contain one or more tests to be run on the assurance system or software to be implemented on the virtual application environment.
  • the analysis library 512 may be updated over the content feed, which may be a connection to a network such as the Internet or an enterprise network 560.
  • the assurance system may also have a virtual application environment monitor 510 that monitors the virtual application environments.
  • the assurance system 500 depicted in Fig. 5 may include a number of subsystems.
  • the assurance system 500 may include a content feed and software update subsystem 522 that manages a feed of information 540 from a network such as the Internet to the virtual application environments.
  • the content feed may be used to test the various application environments under network conditions, such as within a virtual network 550.
  • the content feed may also be used to update the assurance system software.
  • the assurance system may also include an analysis subsystem 524 that runs tests on the virtual application environments to assess their functionality.
  • the reporting subsystem 526 generates reports concerning the functionality of the virtual application environments.
  • the administration subsystem 528 manages the administration functions of the assurance system.
  • a user may access the assurance system 500 and the virtual application environments stored thereupon using a user interface 520, which may be a graphical user interface.
  • the assurance system may also include a knowledge base subsystem 530 and a library of virtual application environments 532.
  • All of the components or subsystems depicted in Fig. 5 may be on one physical device or they may be distributed over multiple devices.
  • the database of analysis results and reports, library of virtual application environments and/or the knowledge base may grow so large that these components may be moved to a dedicated database machine with a large amount of disk space.
  • Some historical data may be moved to an archival store optimized for searching and reporting functions.
  • a database is optimized for reporting a large number of indices may be built which make retrieval queries efficient as the time frame for making updates to the database increases. Increasing the number of indices causes updates to consume additional system resources, as every update to a single entry in a database will also require updating multiple indices.
  • Fig. 6 depicts the knowledge base subsystem in communication with the various other systems of the present invention, including a vulnerability database 602, application and device logs 604, a network management system 606, a configuration management system 608, an intrusion prevention system 610, an intrusion detection system 612, a patch management system 614, a trouble ticket system 616, a source code analysis tool 618, and source code 620.
  • the knowledge base may store assurance system tests 630 and reports 640 may be created from the data stored in the knowledge base 600.
  • the knowledge base subsystem includes stored information regarding the tests run by the system on the present virtual application environment or on other virtual application environments.
  • the knowledge base subsystem may store the results of all tests that the assurance system has run on any virtual application environments created from any of the business 's computers.
  • the results may show patterns of failure in particular programs or similar problems experienced by multiple users.
  • the knowledge base may be updated through a network such as the Internet to include information from various other systems.
  • the knowledge base may also provide information on patterns of failure across the population of users of the assurance system, whether in the same or different organizations.
  • the knowledge base subsystem may be accessed through an interface by users without the creation of any virtual application environments if a user wishes to access test or installation information or if the user wishes to create reports concerning previous tests. For example, in a business environment a member of the accounting department may wish to know which particular software component installed on the various computer systems in the company has failed the most times. This may allow the user to evaluate the cost of maintaining the software and decide whether to purchase an upgrade to the software or to purchase different software.
  • the knowledge base may also store configuration data concerning one or more machines that are in communication with the assurance system, even if the machine has not been imported into a virtual application environment. The configuration data may be used to assess other machines, such as the virtual application environment, and provide configuration suggestions to the user.
  • the assurance system may analyze the configuration of the virtual application environment, compare it to configuration data stored in the knowledge base, and provide suggestions to the user for changing the configuration of their machine based on the data in the knowledge base.
  • the suggestions may be in the form of a report and may include data such as, "There are 5 other machines connected to the same network as your machine. Three of them are utilizing Windows Vista as an operating system and are functioning 20% more efficiently than your machine. Based on this data, it is recommended that you upgrade your operating system to Windows Vista. Would you like to attempt this upgrade on the virtual application environment to evaluate the results of the upgrade on your physical machine?"
  • the knowledge base may also be used to provide the user with information regarding the possible outcomes of a particular action before an action is taken. For example, if a user attempts to upgrade the operating system, the system may warn the user, "Based on statistics stored in the knowledge base, 50% of users who attempted this action lost stored data. Do you want to utilize the assurance system to test the results of this upgrade before upgrading your machine?"
  • software according to the present invention may create an entire virtual application environment from a target computer over the Internet.
  • a user accesses the software over the Internet, possibly in the form of an application programming interface or graphical user interface.
  • Fig. 7 depicts one embodiment of a graphical user interface 700 according to the present invention.
  • the user may provide the software with the necessary access to the target system by simply selecting a button 702.
  • the software may then create a virtual application environment in a location separate from the user's target system by copying all of the necessary information over the Internet.
  • the user interface will then provide the user with a set of tests or scripts that may be run on the virtual application environment over the Internet without interfering with the target system at all.
  • the user interface will also provide the user with the ability to run user-defined tests or to simply access the virtual application environment to assess the results of a particular command or set of commands.
  • buttons or selections may be available to, for example, create a new virtual application environment 704, access results and reports from previous tests 706, run tests on stored virtual application environments 708 and 710, or create reports concerning a virtual application environment 712.
  • Fig. 8 depicts an embodiment wherein a virtual application environment 820 receives network traffic from a network 800.
  • the network traffic is routed from the network 800 to both the target system 810 and the virtual application environment 820.
  • Network traffic is not returned from the virtual application environment 820 to the network 800 to protect the network from duplicate transaction processing or any damage that may be caused by testing in the virtual application environment 820.
  • Another method according to the present invention involves the creation and maintenance of a central repository of system fault and remediation information aggregated from the entire user community in an automated manner.
  • the system may capture information on the components within a first user's environment, the nature of the fault, and resolution information contributed by the end user. This information may be edited to remove sensitive details and uploaded to a central repository, where an update to all other users' systems would be constructed. Then the new fault and mitigation data would be delivered over a network connection or recorded media to other users.
  • the knowledge base in the second user's system could suggest the mitigation strategy previously identified by the first user.
  • the reports created by the system may be user-defined reports to present a user with the particular information that the user feels is most relevant to the use of the system.
  • the system may also generate standardized reports for upload to a database that is shared with other systems so that any one system can access reports for a particular application or a particular configuration as implemented on other systems.
  • Fig. 9 depicts one embodiment of the present invention that allows a user 900 to create and manipulate a plurality of virtual application environments through one assurance system 910.
  • one assurance system 910 oversees a virtual server 920, a first virtual network environment 930, a virtual personal digital assistant 940, a virtual cellular telephone 950, a virtual router 960, and a second virtual network environment 970.
  • the user may run tests or create reports concerning all of these virtual application environments through one assurance system.
  • a network administrator wishes to create a new workstation for a new employee who will review a company's financial records for any irregularity.
  • the network administrator may be concerned about the impact on other network users of deploying the additional workstation that accesses the company's financial records.
  • the network administrator may create a virtual application environment that includes the financial records database, the software footprint of the workstation, and software footprints of a plurality of existing workstations that utilize the financial records database.
  • the network administrator may utilize the virtual new workstation to access the financial records database at the same time as the virtual application environments and determine how the database is affected by the addition of the new workstation.
  • a user may be provided with access to multiple assurance systems through one interface.
  • An example of this embodiment is depicted in Fig. 10.
  • the user may access the multiple assurance systems 1010, 1020, 1030, and 1040 through a single user interface 1000.
  • the user interface may be present on the machine being used by the user or may be accessed by the user through a network such as the Internet.
  • the multiple assurance systems may be accessed through a network such as the Internet.
  • the user may access the user interface over the Internet and be provided with access to multiple assurance systems present anywhere in the world that are also connected to the Internet.
  • the multiple assurance systems depicted in Fig. 10 may be in various different physical locations.
  • Each assurance system may be distributed across numerous devices in different physical locations or across numerous memory devices in one physical location.
  • an assurance system will utilize a load balancing approach to distribute assurance systems across physical machines connected to a network that are underutilized or that have an abundance of free resources.
  • the present invention may further comprise an Enterprise
  • the Enterprise Management Station 1100 is an application which accesses and controls a plurality of assurance systems.
  • the Enterprise Management Station 1100 has access to a first assurance system 1110, a second assurance system 1120, a third assurance system 1130, and a fourth assurance system 1140.
  • Each of these assurance systems represents a separate system of an organization, such as the first assurance system which is a virtual application environment created from the organization's risk management department.
  • Each assurance system in this embodiment may be used independently or used together as one large assurance environment.
  • the Enterprise Management Station 1100 presents a user with a unified view so that a set of assurance environments may be configured and managed as one assurance environment from a single interface.
  • the Enterprise Management Station 1100 depicted in Fig. 11 allows a user to create reports concerning all of the assurance systems shown as a single enterprise report. Each department of the organization may use their own assurance environment but results of their tests may be sent to the Enterprise Management Station 1100.
  • the Enterprise Management Station 1100 may also be able to disseminate information gathered from a particular assurance system to other assurance systems. Thus, the Enterprise Management Station 1100 may be used to coordinate and disseminate content and updates across the enterprise.
  • the Enterprise Management Station 1100 may further be used to coordinate testing and upgrades of the entire enterprise.
  • An assurance system may create a virtual application environment on a host server that has four 64-bit central processing unit cores, such as AMD Opteron 2210 or Intel Xeon 5150 central processing units, 8 gigabytes of memory, and one terabyte of disk space.
  • This host server may be used to virtualize a three-tier web application which has a 32-bit web server with 1 gigabyte of memory and 100 gigabytes of disk space, a 64- bit application server with 2 gigabytes of memory and 250 gigabytes of disk space, and a 64-bit database server with four gigabytes of memory and 500 gigabytes of disk space.
  • the assurance system may run each of the three tiers as a virtual application environment inside the one host server.
  • the three-tier web application described above may also be virtualized by an assurance system with a completely different hardware configuration consisting of three smaller servers, each smaller server having two 64-bit central processing units, such as AMD Opteron 2210s or Intel Xeon 5150s, 4 GB of memory, and 600 GB of disk space.
  • the assurance system would be a cluster of three machines presented to the user as a single assurance system interface. Each smaller server would be responsible for virtualizing one of the physical servers.
  • the assurance system software would manage the three smaller servers.
  • the host server may partition storage and memory space to be used by the assurance system, and separate storage and memory space to be used for the operations of the host server.
  • the host may also create a virtual network to allow virtual guests to connect with the virtualized servers.
  • the host may additionally create a virtual network to allow a user to access the virtual servers or to access the assurance system applications.
  • software is contained on a portable memory device such as a
  • DVD or flash drive which is automatically loaded when the memory device is accessed by a target machine.
  • the software will gather data about the target machine, establish a connection with the host server, and make virtual application environments of the target machine in assurance system on the host server. For example, a user may purchase a DVD, insert the DVD into his or her personal computer, and the DVD will automatically load, contact the provider of the DVD through the Internet, send configuration information about the personal computer through the Internet to the provider, and manage copying of the personal computer to an assurance system on a server managed by the provider.
  • a system administrator may create a virtual application environment from a new workstation deployed on a network to preserve the original configuration and storage of the workstation before it is utilized. Three months after the workstation has been activated, the system administrator may create a second virtual application environment from the workstation and compare the second virtual application environment to the stored first virtual application environment to determine what has changed on the workstation since it was activated. The system administrator may create comprehensive reports on the current configuration of the second virtual application environment and the differences between the second virtual application environment and the stored first virtual application environment. If problems have been detected with the workstation, the system administrator may run tests on both the second virtual application environment and the first virtual application environment to determine the cause of the problems.
  • the system administrator may reverse some of the configuration changes in the second virtual application environment and re -run the tests to isolate the problem and determine how to modify the workstation to eliminate the problem.
  • a system administrator may wish to determine whether several supposedly identical workstations are actually identical. To accomplish this analysis, the system administrator creates a virtual application environment from each of the workstations. The system administrator then compares each virtual application environment and runs tests on the virtual application environments to produced a comprehensive list of the differences between the virtual application environments. The system administrator may use this report to determine how to modify the physical workstations to render the workstations all identical.
  • a system administrator may wish to evaluate how a new e-mail application will function on various workstations connected to a network.
  • the system administrator creates virtual application environments from three workstations connected to the network and installs the new e-mail application on the virtual application environments.
  • the system administrator then routes traffic from the network to the virtual application environments and runs tests on the virtual application environments to evaluate the efficiency of the machines as a whole, the speed of the new e-mail application, and the actual memory used by the new e-mail application.
  • the system administrator may run tests on the workstations and compare the results to tests run on the virtual application environments to determine the precise effects of the e-mail application on the workstations.
  • Another embodiment of a system and method according to the present application includes a software application for analyzing change management. This analysis may include determining the common denominator between multiple applications, environments and customers, for example, with respect to a particular problem or successful fix.
  • the software application provides a guide to trouble shooting the problem and suggested fixes, and analysis of the similarities and differences in the sets of environments and users that are experiencing problems and those that are not, including isolating and identifying issues relating to interoperability between components, such as, for example, of an application stack, an application, an operating system or hardware, and determining whether problems are application independent, such as, for example, environment specific.
  • the software application also stores information regarding the results of the various changes that are implemented in attempting to resolve the system problems and stores these results in a database for later reference and/or use in troubleshooting other system problems.
  • Another embodiment of a system and method according to the present application includes a database that stores information regarding the configurations of the various systems that have been virtualized and/or tested, the types of problems encountered, the proposed and successful fixes, the troubleshooting methods used and implemented, and quantification of the activities performed and the other information stored in the database.
  • a software application according to an embodiment of the present application provides analysis of the data in the database to quantify the effectiveness of the virtualized test system, including identifying improvements in downtime, successful fixes, speed of deployment implementation, effectiveness of deployments, cost savings, configuration improvements, etc., and by quantifying the impact of cardinal, ordinal and interval variables.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)
  • Stored Programmes (AREA)

Abstract

La présente invention concerne un système permettant la création et l'évaluation d'un environnement virtuel qui émule et évalue un système cible. Une information telle qu'une information de configuration de réseau, une information d'interface, et des progiciels ou sous-systèmes sont importés dans l'environnement d'application virtuel. Le système d'assurance peut être utilisé an vue de la vérification et la délivrance de rapports exhaustifs de résultats probables sur le système cible en fonction des résultats provenant de l'environnement d'application, comprenant des éléments tels que des modifications de configuration à l'environnement, la charge et les conditions de contraintes de l'environnement, la sécurité de l'environnement, l'installation de logiciels dans l'environnement, et les niveaux de performance de l'environnement entre autres.
PCT/US2008/061469 2007-04-24 2008-04-24 : système et procédé de création de système d'assurance WO2008131460A2 (fr)

Applications Claiming Priority (12)

Application Number Priority Date Filing Date Title
US91380307P 2007-04-24 2007-04-24
US60/913,803 2007-04-24
US93958407P 2007-05-22 2007-05-22
US60/939,584 2007-05-22
US11/772,667 2007-07-02
US11/772,673 US20080271018A1 (en) 2007-04-24 2007-07-02 System and Method for Managing an Assurance System
US11/772,679 US20080271019A1 (en) 2007-04-24 2007-07-02 System and Method for Creating a Virtual Assurance System
US11/772,673 2007-07-02
US11/772,667 US20080270104A1 (en) 2007-04-24 2007-07-02 System and Method for Creating an Assurance System in a Mixed Environment
US11/772,679 2007-07-02
US11/948,441 US20080271025A1 (en) 2007-04-24 2007-11-30 System and method for creating an assurance system in a production environment
US11/948,441 2007-11-30

Publications (2)

Publication Number Publication Date
WO2008131460A2 true WO2008131460A2 (fr) 2008-10-30
WO2008131460A3 WO2008131460A3 (fr) 2010-01-14

Family

ID=39875991

Family Applications (3)

Application Number Title Priority Date Filing Date
PCT/US2008/061469 WO2008131460A2 (fr) 2007-04-24 2008-04-24 : système et procédé de création de système d'assurance
PCT/US2008/061465 WO2008131458A1 (fr) 2007-04-24 2008-04-24 Système et procédé de creation d'un système d'assurance dans un environnement mixte
PCT/US2008/061462 WO2008131456A1 (fr) 2007-04-24 2008-04-24 Système et procédé de gestion de système d'assurance

Family Applications After (2)

Application Number Title Priority Date Filing Date
PCT/US2008/061465 WO2008131458A1 (fr) 2007-04-24 2008-04-24 Système et procédé de creation d'un système d'assurance dans un environnement mixte
PCT/US2008/061462 WO2008131456A1 (fr) 2007-04-24 2008-04-24 Système et procédé de gestion de système d'assurance

Country Status (1)

Country Link
WO (3) WO2008131460A2 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8375382B2 (en) * 2009-05-13 2013-02-12 International Business Machines Corporation Enabling parallel websphere runtime versions
US9354852B2 (en) 2010-12-23 2016-05-31 Microsoft Technology Licensing, Llc Satisfying application dependencies
US9473523B1 (en) 2016-02-04 2016-10-18 International Business Machines Corporation Execution of test inputs with applications in computer security assessment
US20210248056A1 (en) * 2018-05-23 2021-08-12 Siemens Aktiengesellschaft Method for evaluating application deployment, apparatus, computer program product, and readable medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020162015A1 (en) * 2001-04-29 2002-10-31 Zhaomiao Tang Method and system for scanning and cleaning known and unknown computer viruses, recording medium and transmission medium therefor
US20060053260A1 (en) * 2004-09-08 2006-03-09 Hitachi, Ltd. Computing system with memory mirroring and snapshot reliability

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7206915B2 (en) * 2004-06-03 2007-04-17 Emc Corp Virtual space manager for computer having a physical address extension feature

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020162015A1 (en) * 2001-04-29 2002-10-31 Zhaomiao Tang Method and system for scanning and cleaning known and unknown computer viruses, recording medium and transmission medium therefor
US20060053260A1 (en) * 2004-09-08 2006-03-09 Hitachi, Ltd. Computing system with memory mirroring and snapshot reliability

Also Published As

Publication number Publication date
WO2008131456A1 (fr) 2008-10-30
WO2008131458A1 (fr) 2008-10-30
WO2008131460A3 (fr) 2010-01-14

Similar Documents

Publication Publication Date Title
US20080271019A1 (en) System and Method for Creating a Virtual Assurance System
US20080271025A1 (en) System and method for creating an assurance system in a production environment
US11354414B2 (en) Method to scan a forensic image of a computer system with multiple malicious code detection engines simultaneously from a master control point
US20210352099A1 (en) System for automatically discovering, enriching and remediating entities interacting in a computer network
US20190342744A1 (en) Operation of device and application discovery for a managed network
US8793681B2 (en) Determining best practices for applying computer software patches
US8707385B2 (en) Automated compliance policy enforcement in software systems
US9736182B1 (en) Context-aware compromise assessment
CN111488578A (zh) 现代应用程序的连续漏洞管理
US20060080656A1 (en) Methods and instructions for patch management
US20090307763A1 (en) Automated Test Management System and Method
US20020174422A1 (en) Software distribution system
US10412109B2 (en) Method for detecting vulnerabilities in a virtual production server of a virtual or cloud computer system
US20130219156A1 (en) Compliance aware change control
CN105100092B (zh) 控制客户端访问网络的检测方法、装置和系统
JP2019008376A (ja) ファイル管理装置及びファイル管理方法
Dunagan et al. Towards a self-managing software patching process using black-box persistent-state manifests
KR100926735B1 (ko) 웹 소스 보안 관리 시스템 및 방법
WO2008131460A2 (fr) : système et procédé de création de système d'assurance
US11783049B2 (en) Automated code analysis tool
Oliveira et al. Opvis: extensible, cross-platform operational visibility and analytics for cloud
Tom et al. Recommended practice for patch management of control systems
US11836040B2 (en) Software application development tool for automation of maturity advancement
Bartoletti et al. Secure software distribution system
Anisetti et al. Moon cloud: a cloud platform for ICT security governance

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08746820

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08746820

Country of ref document: EP

Kind code of ref document: A2