`
`
`
`
`
`I mu 11111111 I mu 11111111 a 111111 a 111111 11111 11111 IIIII IIIII 11111, 11111, J imiIII! It 1111 11111 J imiIII! It 1111 11111 11111 11111 111111 111111 1111 1111 1111 1111 1111 1111
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`US 2013 011 1 018A1
`
`(19) United States
`
`(19) United States (19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2013/0111018 A1
`(12) Patent Application Publication (10) Pub. No.: US 2013/0111018 Al
`(12) Patent Application Publication (10) Pub. No.: US 2013/0111018 Al
`(43) Pub. Date:
`May 2, 2013
`
`May 2, 2013 May 2, 2013
`Ammons et al.
`
`Ammons et al. Ammons et al.
`
`(43) Pub. Date: (43) Pub. Date:
`
`(54)
`PASSIVE MONITORING OF VIRTUAL
`
`(54) PASSIVE MONITORING OF VIRTUAL (54) PASSIVE MONITORING OF VIRTUAL
`SYSTEMS USINGAGENT-LESS, OFFLINE
`
`SYSTEMS USING AGENT-LESS, OFFLINE SYSTEMS USING AGENT-LESS, OFFLINE
`INDEXING
`INDEXING
`INDEXING
`
`(75)
`(75) (75)
`
`
`Inventors: Glenn S. Ammons, West Chester, PA
`
`Inventors: Glenn S. Ammons, West Chester, PA Inventors: Glenn S. Ammons, West Chester, PA
`(US); Ahmed M. Azab, Raleigh, NC
`(US); Ahmed M. Azab, Raleigh, NC
`(US); Ahmed M. Azab, Raleigh, NC
`(US); Vasanth Bala, Rye, NY (US);
`(US); Vasanth Bala, Rye, NY (US);
`(US); Vasanth Bala, Rye, NY (US);
`Sastry S. Duri, Yorktown Heights, NY
`
`Sastry S. Duni, Yorktown Heights, NY Sastry S. Duni, Yorktown Heights, NY
`(US); Todd W. Mummert, Danbury, CT
`(US); Todd W. Mummert, Danbury, CT
`(US); Todd W. Mummert, Danbury, CT
`(US); Darrell C. Reimer, Tarrytown,
`(US); Darrell C. Reimer, Tarrytown,
`(US); Darrell C. Reimer, Tarrytown,
`NY (US); Lakshminarayanan
`
`NY (US); Lakshminarayanan NY (US); Lakshminarayanan
`Renganarayana, Elmsford, NY (US);
`Renganarayana, Elmsford, NY (US);
`Renganarayana, Elmsford, NY (US);
`Xiaolan Zhang, Chappaqua, NY (US)
`Xiaolan Zhang, Chappaqua, NY (US)
`Xiaolan Zhang, Chappaqua, NY (US)
`
`Assignee:
`(73)
`INTERNATIONAL BUSINESS
`
`(73) Assignee: INTERNATIONAL BUSINESS (73) Assignee: INTERNATIONAL BUSINESS
`MACHINES COPORATION, Armonk,
`MACHINES COPORATION, Armonk,
`MACHINES COPORATION, Armonk,
`NY (US)
`NY (US)
`NY (US)
`Appl. No.: 13/527,948
`(21)
`(21) Appl. No.: 13/527,948 (21) Appl. No.: 13/527,948
`
`(22)
`Filed:
`(22) Filed: (22) Filed:
`
`
`Jun. 20, 2012
`Jun. 20, 2012 Jun. 20, 2012
`
`
`Related U.S. Application Data
`Related U.S. Application Data
`Related U.S. Application Data
`Provisional application No. 61/552.797, filed on Oct.
`(60)
`(60) Provisional application No. 61/552,797, filed on Oct.
`(60) Provisional application No. 61/552,797, filed on Oct.
`28, 2011.
`
`28, 2011. 28, 2011.
`
`Publication Classification
`Publication Classification Publication Classification
`
`
`(51) Int. Cl.
`(51) Int. Cl.
`(51) Int. Cl.
`G06F 5/73
`G06F 15/173
`G06F 15/173
`(52) U.S. Cl.
`
`(52) U.S. Cl. (52) U.S. Cl.
`USPC .......................................................... 709/224
`709/224
`USPC
`709/224
`USPC
`
`(2006.01)
`(2006.01)
`(2006.01)
`
`(57)
`ABSTRACT
`(57) (57)
`
`ABSTRACT ABSTRACT
`
`Aspects of the present invention provide a solution for pas
`
`Aspects of the present invention provide a solution for pas-Aspects of the present invention provide a solution for pas-
`sively monitoring a computer system. In an embodiment, a
`sively monitoring a computer system. In an embodiment, a
`sively monitoring a computer system. In an embodiment, a
`virtual server is accessed by an indexing agent that is con
`virtual server is accessed by an indexing agent that is con-
`virtual server is accessed by an indexing agent that is con-
`tained in an indexing appliance. The virtual server is located
`
`tained in an indexing appliance. The virtual server is located tained in an indexing appliance. The virtual server is located
`on a physical server and is one of a plurality of virtual system
`on a physical server and is one of a plurality of virtual system
`on a physical server and is one of a plurality of virtual system
`instances on a common physical server. The indexing appli
`instances on a common physical server. The indexing appli-
`instances on a common physical server. The indexing appli-
`ance is separate from the virtual server and, as Such, the
`
`ance is separate from the virtual server and, as such, the ance is separate from the virtual server and, as such, the
`indexing agent is not executed within the virtual server, itself.
`indexing agent is not executed within the virtual server, itself.
`indexing agent is not executed within the virtual server, itself.
`The indexing agent retrieves a virtual image of the virtual
`The indexing agent retrieves a virtual image of the virtual
`The indexing agent retrieves a virtual image of the virtual
`server and indexes the virtual image to extract features indica
`
`server and indexes the virtual image to extract features indica-server and indexes the virtual image to extract features indica-
`tive of changes in the virtual server. These features are ana
`
`tive of changes in the virtual server. These features are ana-tive of changes in the virtual server. These features are ana-
`lyzed to perform passive monitoring of the virtual server.
`lyzed to perform passive monitoring of the virtual server.
`lyzed to perform passive monitoring of the virtual server.
`Since the indexing appliance is separate from the virtual
`
`Since the indexing appliance is separate from the virtual Since the indexing appliance is separate from the virtual
`server for which passive monitoring is being performed, the
`
`server for which passive monitoring is being performed, the server for which passive monitoring is being performed, the
`indexing agent can perform the retrieving and the indexing
`indexing agent can perform the retrieving and the indexing
`indexing agent can perform the retrieving and the indexing
`without utilizing agents executing within the virtual server.
`
`without utilizing agents executing within the virtual server. without utilizing agents executing within the virtual server.
`
`
`
`212
`212
`212
`
`
`210 210
`210
`N
`N
`
`
`
`
`
`Network 220 Network 220
`
`214 214
`
`214
`
`
`
`a a
`
`
`
`
`
`216 216
`
`Dr- 200
`Dr- 200
`
`230
`230
`230
`
`C=1111
`C=1111
`
`
`
`=MEM =MEM
`
`X2
`
`&
`
`WIZ, Inc. EXHIBIT - 1040
`WIZ, Inc. EXHIBIT - 1040
`WIZ, Inc. v. Orca Security LTD.
`WIZ, Inc. v. Orca Security LTD.
`
`WIZ, Inc. EXHIBIT - 1040
`WIZ, Inc. v. Orca Security LTD.
`
`
`
`Patent Application Publication
`
`9 jo I taallS
`
`Iv SIOIII0/£i0Z SR
`
`Figure 1
`
`,,,---- 100
`
`COMPUTER SYSTEM 102
`
`COMPUTING DEVICE 104
`
`MEMORY 110
`
`PASSIVE MONITORING
`PROGRAM 140
`VIRTUAL SERVER
`ACCESSOR MODULE 142
`
`VIRTUAL IMAGE
`RETRIEVER MODULE 144
`
`VIRTUAL IMAGE
`INDEXING MODULE 146
`
`VIRTUAL IMAGE
`ANALYZER MODULE 148
`
`PROCESSING
`COMPONENT
`106
`
`112
`
` p
`
`• I
`
`/O
`COMPONENT
`114
`
`152
`
`154\
`
`STORAGE SYSTEM 118
`
`VIRTUAL IMAGE
`
`I EXTRACTED FEATURES
`
`
`-
`
`USER
`120
`
`4 _
`
`Patent Application Publication
`
`May 2, 2013
`
`Sheet 1 of 6
`
`US 2013/0111018 Al
`
`
`
`
`
`STORAGE SYSTEM 1
`
`
`VIRTUAL IMAGE
`
`
`EXTRACTED FEATURES
`
`
`PASSIVE MONITORING
`PROGRAM 140
`VIRTUAL SERVER
`PROCESSING
`ACCESSOR MODULE 142
`COMPONENT
`
`VIRTUAL IMAGE
`RETRIEVER MODULE 144
`VIRTUAL IMAGE
`INDEXING MODULE 14
`
`
`VIRTUAL IMAGE
`ANALYZER MODULE 148
`
`Figure 1
`
`COMPUTER SYSTEM 102
`
`COMPUTING DEVICE 104
`
`MEMORY 110
`
`
`
`
`
`
`
`
`
`
`Vv
`
`USER
`120
`
`
`
`
`
`
`
`
`
`
`
`
`COMPONENT
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`May 2, 2013 Sheet 2 of 6
`Patent Application Publication May 2, 2013 Sheet 2 of 6
`
`US 2013/0111018 A1
`US 2013/0111018 Al
`
`0
`
`NCYNCYNCYNCNCYNCYNCYNCYNCYN ONCY
`NCY,
`
`di111,1111the
`?
`
`I_
`
`9 IZ
`
` i f
`
`l
`
`
`
`)
`
`I
`
`Network 220
`
`as
`
`0
`
`ZIZ
`
`
`
`
`
`
`
`Patent Application Publication
`
`May 2, 2013
`
`Sheet 2 of 6
`
`US 2013/0111018 Al
`
`230
`
`
`
`
`
`
`
`
`
`
`2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`210
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`216
`
`
`
`
`
`
`
`
`
`
`Figure 2
`
`
`
`Patent Application Publication
`
`9 jo £ taallS
`
`Iv 8I0iii0/£i0Z SR
`
`4,/ ---- 230
`
`r
`
`OUTPUT 250
`
`£ 9.InáI
`
`VIRTUALIZATION HYPERVISOR 232
`
`SOFTWARE STACK (IMAGE) 234
`
`OPERATING SYSTEM 236
`
`MIDDLEWARE (DBASE/WEB-SERVER) 238
`
`APPLICATIONS 240
`
`I
`
`PASSIVE MONITORING AGENT (PRIOR ART) 242
`
`Figure 3
`
`
`
`
`
`
`
`Z?Ž HOSIAHGHdAH NOILVZITIVQ L'HIA
`
`
`
`F?Z (GIOVINI) XHOVLS GIRIVAALHOS
`
`
`
`
`
`
`
`957 INGILSAS ONI LVRIGIJO
`
`
`
`
`
`
`
`Patent Application Publication
`
`9 jo 17 WIN
`
`Iv 8I0iii0/£i0Z SR
`
`AS
`CNNNNY.
`
`Y
`
`NOYACNY
`
`y
`
`Figure 4
`
`c 300
`
`
`
`
`
`
`
`
`
`
`
`
`
`310
`N
`
`N
`
`332
`
`318
`
`Storage
`System
`
`334
`
`350
`
`Virtual Image
`
`330
`
`352
`N
`Pre-Configured
`Software Stack
`
`. . .
`• • •Ihdoirig:Aricitioce •
`. • . • . .•.•. . . • .
`.
`.
`.
`. •
`Indexing Agent
`
`340
`342
`
`Extracted
`Features
`
`354
`
`Rules
`
`Patent Application Publication
`
`May 2, 2013
`
`Sheet 4 of 6
`
`US 2013/0111018 Al
`
`340
`
`342
`
`CNCATAON CA Chet
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`TAA
`
`
`
`
`
`Figure 4
`
` 310
`
`
`
`
`
`AN
`
`
`
`/
`
`332
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` Virtual Image
`
`
`
`
`
`
` 0
`
`318
`
`Storage
`System
`
`
`
`
`
`
`352
`\
`Pre-Configured
`Software Stack
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`N
`
`Extracted
`Features
`
`_
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`GHT|{{IVIL, IGIOOV
`
`SCHONVHO
`
`— NON TWOLNOHOITOOV
`
`
`
`
`(H?NVHO JLNVITI, IIANOO
`
`
`
`(H?NVHO JLNVITI,IIANOO — NON
`S[]OIOITVIAN
`
`Figure 5
`
`4,/ ---- 400
`
`PRE-CONFIGURED STACKS 410
`
`INDEX RESULT DATA
`
`420
`
`STACK DATA 412A
`
`EXTRACTED FEATURES 414A
`,
`424:
`i
`i
`
`ACCEPTABLE
`CHANGES
`
`Patent Application Publication ,
`
`.
`
`IN
`
`IN
`0
`
`44
`
`9 Jo S loollS
`
`Iv 8I0iii0/£i0Z SR
`
`
`
`
`
`VZI?7 VIVOI XHOVILS
`
`ACCIDENTAL NON- 424:
`COMPLIANT CHANGE
`
` iN_ EXTRACTED FEATURES 414B
`
`EXTRACTED FEATURES 412C
`
`426
`MALICIOUS NON-
`COMPLIANT CHANGE
`i
`
`STACK DATA 412B
`
`
`
`
`
`
`
`[#7 SXIOWLS GIGIRI[15)I HINOO-CHRICH
`
`
`
`Patent Application Publication
`
`9 jo 9 JamiS
`
`Iv 8I0iii0/£i0Z SR
`
`
`
`GIOVINI TVQ JLRHIA
`
`GIZATIVNV
`
`RETRIEVE
`VIRTUAL IMAGE
`
`Jr
`
`INDEX VIRTUAL
`IMAGE
`
`1
`
`ANALYZE
`VIRTUAL IMAGE
`
`ACCESS VIRTUAL
`SERVER
`
`
`
`TVÍTALRILA XHOINI
`
`GIOVIAI
`
`Jr
`
`
`
`Figure 6
`
`
`
`TVÍTALRILA SSCHOOV
`
`RICHARIGIS
`
`CHACHIRIJLGIRI
`
`
`
`GIOVINI TVQ JLRHIA
`
`Si
`
`S2 -
`
`S3 -
`
`S4 -
`
`
`
`US 2013/011 1 0 18 A1
`US 2013/0111018 Al
`
`1
`
`May 2, 2013
`May 2, 2013
`
`PASSIVE MONITORING OF VIRTUAL
`PASSIVE MONITORING OF VIRTUAL
`SYSTEMS USINGAGENT-LESS, OFFLINE
`SYSTEMS USING AGENT-LESS, OFFLINE
`INDEXING
`INDEXING
`
`CROSS-REFERENCE TO RELATED
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`APPLICATIONS
`0001. This patent application claims the benefit of co
`[0001] This patent application claims the benefit of co-
`pending U.S. Provisional Application No. 61/552,797, filed
`pending U.S. Provisional Application No. 61/552,797, filed
`on Oct. 28, 2011, which is hereby incorporated herein by
`on Oct. 28, 2011, which is hereby incorporated herein by
`reference.
`reference.
`0002 This patent application is related to patent applica
`[0002] This patent application is related to patent applica-
`tion filed concurrently herewith, Ser. No.
`, Attorney
`tion filed concurrently herewith, Ser. No.
`, Attorney
`Docket Number YOR9201 10713US1, entitled PASSIVE
`Docket Number YOR920110713US1, entitled PASSIVE
`MONITORING OF VIRTUAL SYSTEMS USING EXTEN
`MONITORING OF VIRTUAL SYSTEMS USING EXTEN-
`SIBLE INDEXING.
`SIBLE INDEXING.
`
`TECHNICAL FIELD
`TECHNICAL FIELD
`0003. The subject matter of this invention relates generally
`[0003] The subject matter of this invention relates generally
`to computer systems management. More specifically, aspects
`to computer systems management. More specifically, aspects
`of the present invention provide a solution for improved pas
`of the present invention provide a solution for improved pas-
`sive monitoring in a complex virtual environment.
`sive monitoring in a complex virtual environment.
`
`BACKGROUND
`BACKGROUND
`0004. In the electronic environment of today, computer
`In the electronic environment of today, computer
`[0004]
`systems undergo constant changes. In order to keep up with
`systems undergo constant changes. In order to keep up with
`these changes, it is important that users of these systems be
`these changes, it is important that users of these systems be
`able to monitor the systems. Monitoring can be classified into
`able to monitor the systems. Monitoring can be classified into
`several different types, including active monitoring and pas
`several different types, including active monitoring and pas-
`sive monitoring. Passive monitoring includes any observation
`sive monitoring. Passive monitoring includes any observation
`that does not modify a computer system. To this extent, pas
`that does not modify a computer system. To this extent, pas-
`sive monitoring can include Scanning a file system to perform
`sive monitoring can include scanning a file system to perform
`a compliance check, Scanning a registry to determine which
`a compliance check, scanning a registry to determine which
`applications are currently installed on the system, security
`applications are currently installed on the system, security
`scanning, file system inspection, license usage monitoring,
`scanning, file system inspection, license usage monitoring,
`and the like. In contrast, activities, such as patching, applying
`and the like. In contrast, activities, such as patching, applying
`a security update, etc., that involve modification of the com
`a security update, etc., that involve modification of the com-
`puter system are referred to as active monitoring.
`puter system are referred to as active monitoring.
`0005 Standardization can be an asset in effective systems
`[0005] Standardization can be an asset in effective systems
`management. Standardization of a data center helps custom
`management. Standardization of a data center helps custom-
`ers control maintenance costs by limiting the number of dif
`ers control maintenance costs by limiting the number of dif-
`ferent variations of systems running in the data center. This
`ferent variations of systems running in the data center. This
`allows costs to grow in proportion to the number of different
`allows costs to grow in proportion to the number of different
`Software configurations rather than in proportion to the num
`software configurations rather than in proportion to the num-
`ber of different instances of those configurations.
`ber of different instances of those configurations.
`0006 To realize some of the benefits of standardization,
`[0006] To realize some of the benefits of standardization,
`providers of a computer system can insure that all deployed
`providers of a computer system can insure that all deployed
`instances begin their lifecycle from one or more standard
`instances begin their lifecycle from one or more standard
`“images' or pre-configured software stacks. However, once
`"images" or pre-configured software stacks. However, once
`an instance begins execution, it can deviate from this stan
`an instance begins execution, it can deviate from this stan-
`dardized state due to changes within the instance. These
`dardized state due to changes within the instance. These
`changes can be accidental, intentional but without harmful
`changes can be accidental, intentional but without harmful
`intent, or malicious in nature. In any case, these con-compli
`intent, or malicious in nature. In any case, these con-compli-
`ant deviations can cause the particular instance not to function
`ant deviations can cause the particular instance not to function
`correctly and/or can affect the efficiency of the instance
`correctly and/or can affect the efficiency of the instance
`within the overall computer system, possibly impacting other
`within the overall computer system, possibly impacting other
`instances and/or the overall efficiency of the computer sys
`instances and/or the overall efficiency of the computer sys-
`tem.
`tem.
`0007 Existing solutions for providing drift detection and
`[0007] Existing solutions for providing drift detection and
`other passive monitoring services use agents that must be
`other passive monitoring services use agents that must be
`installed inside every system instance. These agents periodi
`installed inside every system instance. These agents periodi-
`cally scan some or all portions of the file system of the
`cally scan some or all portions of the file system of the
`instance and send the Scanned information to a central server.
`instance and send the scanned information to a central server.
`However, as the number of instances, and each instance's
`However, as the number of instances, and each instance's
`
`accompanying agent, increases, the impact of the agents on
`accompanying agent, increases, the impact of the agents on
`the capacity, function and/or communications of the com
`the capacity, function and/or communications of the com-
`puter system increases, and these agents use resources that
`puter system increases, and these agents use resources that
`could otherwise be devoted to the designed function of the
`could otherwise be devoted to the designed function of the
`computer system.
`computer system.
`
`SUMMARY
`SUMMARY
`0008. In general, aspects of the present invention provide
`In general, aspects of the present invention provide
`[0008]
`a solution for passively monitoring a computer system. In an
`a solution for passively monitoring a computer system. In an
`embodiment, a virtual server is accessed by an indexing agent
`embodiment, a virtual server is accessed by an indexing agent
`that is contained in an indexing appliance. The virtual server
`that is contained in an indexing appliance. The virtual server
`is located on a physical server and is one of a plurality of
`is located on a physical server and is one of a plurality of
`virtual system instances on a common physical server. The
`virtual system instances on a common physical server. The
`indexing appliance is separate from the virtual server and, as
`indexing appliance is separate from the virtual server and, as
`Such, the indexing agent is not executed within the virtual
`such, the indexing agent is not executed within the virtual
`server, itself. The indexing agent retrieves a virtual image of
`server, itself. The indexing agent retrieves a virtual image of
`the virtual server and indexes the virtual image to extract a set
`the virtual server and indexes the virtual image to extract a set
`of features indicative of changes in the virtual server. One or
`of features indicative of changes in the virtual server. One or
`more of these extracted features are analyzed to perform
`more of, these extracted features are analyzed to perform
`passive monitoring of the virtual server. Since the indexing
`passive monitoring of the virtual server. Since the indexing
`appliance is separate from the virtual server for which passive
`appliance is separate from the virtual server for which passive
`monitoring is being performed, the indexing agent can per
`monitoring is being performed, the indexing agent can per-
`form the retrieving and the indexing without utilizing agents
`form the retrieving and the indexing without utilizing agents
`executing within the virtual server.
`executing within the virtual server.
`0009. A first aspect of the invention provides a method for
`[0009] A first aspect of the invention provides a method for
`passively monitoring a computer system, comprising: access
`passively monitoring a computer system, comprising: access-
`ing a virtual server by an indexing agent that is contained in an
`ing a virtual server by an indexing agent that is contained in an
`indexing appliance separate from the virtual server, the Vir
`indexing appliance separate from the virtual server, the vir-
`tual server being one of a plurality of virtual system instances
`tual server being one of a plurality of virtual system instances
`ona common physical server, retrieving a virtual image of the
`on a common physical server; retrieving a virtual image of the
`virtual server by the indexing agent; indexing the virtual
`virtual server by the indexing agent; indexing the virtual
`image by the indexing appliance to extract a set of features
`image by the indexing appliance to extract a set of features
`indicative of changes in the virtual server; and analyzing at
`indicative of changes in the virtual server; and analyzing at
`least one of the set of features to perform passive monitoring
`least one of the set of features to perform passive monitoring
`of the virtual server, wherein the retrieving and the indexing
`of the virtual server, wherein the retrieving and the indexing
`are performed without utilizing agents executing within the
`are performed without utilizing agents executing within the
`virtual server.
`virtual server.
`0010. A second aspect of the invention provides a system
`[0010] A second aspect of the invention provides a system
`for passively monitoring a computer system, comprising: a
`for passively monitoring a computer system, comprising: a
`physical server having a plurality of virtual system instances
`physical server having a plurality of virtual system instances
`operating thereon; and an indexing appliance operating on the
`operating thereon; and an indexing appliance operating on the
`physical server, which performs a method comprising: using
`physical server, which performs a method comprising: using
`an indexing agent that is contained in the indexing appliance
`an indexing agent that is contained in the indexing appliance
`to access a virtual server from among the plurality of virtual
`to access a virtual server from among the plurality of virtual
`systems instances, the virtual server being separate from the
`systems instances, the virtual server being separate from the
`indexing appliance; retrieving a virtual image of the virtual
`indexing appliance; retrieving a virtual image of the virtual
`server by the indexing agent; indexing the virtual image by
`server by the indexing agent; indexing the virtual image by
`the indexing appliance to extract a set of features indicative of
`the indexing appliance to extract a set of features indicative of
`changes in the virtual server, and analyzing at least one of the
`changes in the virtual server; and analyzing at least one of the
`set of features to perform passive monitoring of the virtual
`set of features to perform passive monitoring of the virtual
`server, wherein the retrieving and the indexing are performed
`server, wherein the retrieving and the indexing are performed
`without utilizing agents executing within the virtual server.
`without utilizing agents executing within the virtual server.
`0011. A third aspect of the invention provides a computer
`[0011] A third aspect of the invention provides a computer
`program product embodied in a computer readable medium
`program product embodied in a computer readable medium
`for implementing a method for passively monitoring a com
`for implementing a method for passively monitoring a com-
`puter system, the method comprising: accessing a virtual
`puter system, the method comprising: accessing a virtual
`server by an indexing agent that is contained in an indexing
`server by an indexing agent that is contained in an indexing
`appliance separate from the virtual server, the virtual server
`appliance separate from the virtual server, the virtual server
`being one of a plurality of virtual system instances on a
`being one of a plurality of virtual system instances on a
`common physical server; retrieving a virtual image of the
`common physical server; retrieving a virtual image of the
`virtual server by the indexing agent; indexing the virtual
`virtual server by the indexing agent; indexing the virtual
`image by the indexing appliance to extract a set of features
`image by the indexing appliance to extract a set of features
`indicative of changes in the virtual server; and analyzing at
`indicative of changes in the virtual server; and analyzing at
`least one of the set of features to perform passive monitoring
`least one of the set of features to perform passive monitoring
`
`
`
`US 2013/011 1 0 18 A1
`US 2013/0111018 Al
`
`2
`
`May 2, 2013
`May 2, 2013
`
`of the virtual server, wherein the retrieving and the indexing
`of the virtual server, wherein the retrieving and the indexing
`are performed without utilizing agents executing within the
`are performed without utilizing agents executing within the
`virtual server.
`virtual server.
`0012. A fourth aspect of the present invention provides a
`[0012] A fourth aspect of the present invention provides a
`method for deploying an application for passively monitoring
`method for deploying an application for passively monitoring
`a computer system, comprising: providing a computer infra
`a computer system, comprising: providing a computer infra-
`structure being operable to: access a virtual server by an
`structure being operable to: access a virtual server by an
`indexing agent that is contained in an indexing appliance
`indexing agent that is contained in an indexing appliance
`separate from the virtual server, the virtual server being one of
`separate from the virtual server, the virtual server being one of
`a plurality of virtual system instances on a common physical
`a plurality of virtual system instances on a common physical
`server; retrieve a virtual image of the virtual server by the
`server; retrieve a virtual image of the virtual server by the
`indexing agent; index the virtual image by the indexing appli
`indexing agent; index the virtual image by the indexing appli-
`ance to extract a set of features indicative of changes in the
`ance to extract a set of features indicative of changes in the
`virtual server; and analyze at least one of the set of features to
`virtual server; and analyze at least one of the set of features to
`perform passive monitoring of the virtual server, wherein the
`perform passive monitoring of the virtual server, wherein the
`retrieving and the indexing are performed without utilizing
`retrieving and the indexing are performed without utilizing
`agents executing within the virtual server.
`agents executing within the virtual server.
`0013 Still yet, any of the components of the present inven
`[0013] Still yet, any of the components of the present inven-
`tion could be deployed, managed, serviced, etc., by a service
`tion could be deployed, managed, serviced, etc., by a service
`provider who offers to implement passive monitoring in a
`provider who offers to implement passive monitoring in a
`computer system.
`computer system.
`0014 Embodiments of the present invention also provide
`[0014] Embodiments of the present invention also provide
`related systems, methods and/or program products.
`related systems, methods and/or program products.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`BRIEF DESCRIPTION OF THE DRAWINGS
`0015 These and other features of this invention will be
`[0015] These and other features of this invention will be
`more readily understood from the following detailed descrip
`more readily understood from the following detailed descrip-
`tion of the various aspects of the invention taken in conjunc
`tion of the various aspects of the invention taken in conjunc-
`tion with the accompanying drawings in which:
`tion with the accompanying drawings in which:
`0016 FIG. 1 shows an illustrative computer system
`[0016] FIG. 1 shows an illustrative computer system
`according to embodiments of the present invention.
`according to embodiments of the present invention.
`0017 FIG. 2 shows a virtualized datacenter environment
`[0017] FIG. 2 shows a virtualized datacenter environment
`according to embodiments of the invention.
`according to embodiments of the invention.
`0018 FIG.3 shows an example virtual server according to
`[0018] FIG. 3 shows an example virtual server according to
`embodiments of the invention.
`embodiments of the invention.
`0019 FIG. 4 shows an example server having an indexing
`[0019] FIG. 4 shows an example server having an indexing
`appliance according to embodiments of the invention.
`appliance according to embodiments of the invention.
`0020 FIG. 5 shows example comparison analyses accord
`[0020] FIG. 5 shows example comparison analyses accord-
`ing to embodiments of the invention.
`ing to embodiments of the invention.
`0021
`FIG. 6 shows an example flow diagram according to
`[0021] FIG. 6 shows an example flow diagram according to
`embodiments of the invention.
`embodiments of the invention.
`0022. The drawings are not necessarily to scale. The draw
`[0022] The drawings are not necessarily to scale. The draw-
`ings are merely schematic representations, not intended to
`ings are merely schematic representations, not intended to
`portray specific parameters of the invention. The drawings are
`portray specific parameters of the invention. The drawings are
`intended to depict only typical embodiments of the invention,
`intended to depict only typical embodiments of the invention,
`and therefore should not be considered as limiting the scope
`and therefore should not be considered as limiting the scope
`of the invention. In the drawings, like numbering represents
`of the invention. In the drawings, like numbering represents
`like elements.
`like elements.
`
`DETAILED DESCRIPTION
`DETAILED DESCRIPTION
`0023. As indicated above, aspects of the present invention
`[0023] As indicated above, aspects of the present invention
`provide a solution for passively monitoring a computer sys
`provide a solution for passively monitoring a computer sys-
`tem. In an embodiment, a virtual server is accessed by an
`tem. In an embodiment, a virtual server is accessed by an
`indexing agent that is contained in an indexing appliance. The
`indexing agent that is contained in an indexing appliance. The
`virtual server is located on a physical server and is one of a
`virtual server is located on a physical server and is one of a
`plurality of virtual system instances on a common physical
`plurality of virtual system instances on a common physical
`server. The indexing appliance is separate from the virtual
`server. The indexing appliance is separate from the virtual
`server and, as Such, the indexing agent is not executed within
`server and, as such, the indexing agent is not executed within
`the virtual server, itself. The indexing agent retrieves a virtual
`the virtual server, itself. The indexing agent retrieves a virtual
`image of the virtual server and indexes the virtual image to
`image of the virtual server and indexes the virtual image to
`extract features indicative of changes in the virtual server.
`extract features indicative of changes in the virtual server.
`These features are analyzed to perform passive monitoring of
`These features are analyzed to perform passive monitoring of
`the virtual server. Since the indexing appliance is separate
`the virtual server. Since the indexing appliance is separate
`
`from the virtual server for which passive monitoring is being
`from the virtual server for which passive monitoring is being
`performed, the indexing agent can perform the retrieving and
`performed, the indexing agent can perform the retrieving and
`the indexing without utilizing agents executing within the
`the indexing without utilizing agents executing within the
`virtual server.
`virtual server.
`0024 Turning to the drawings, FIG. 1 shows an illustrative
`[0024] Turning to the drawings, FIG. 1 shows an illustrative
`environment 100 for passively monitoring a computer sys
`environment 100 for passively monitoring a computer sys-
`tem. To this extent, environment 100 includes a computer
`tem. To this extent, environment 100 includes a computer
`system 102 that can perform a process described herein in
`system 102 that can perform a process described herein in
`order to passively monitor a computer system. In particular,
`order to passively monitor a computer system. In particular,
`computer system 102 is shown including a computing device
`computer system 102 is shown including a computing device
`104 that includes a passive monitoring program 140, which
`104 that includes a passive monitoring program 140, which
`makes computing device 104 operable to passively monitor a
`makes computing device 104 operable to passively monitor a
`computer system by performing a process described herein.
`computer system by performing a process described herein.
`0025 Computing device 104 is shown including a pro
`[0025] Computing device 104 is shown including a pro-
`cessing component 106 (e.g., one or more processors), a
`cessing component 106 (e.g., one or more processors),
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
