US20150301818A1 - System and methods for updating software of templates of virtual machines - Google Patents
System and methods for updating software of templates of virtual machines Download PDFInfo
- Publication number
- US20150301818A1 US20150301818A1 US14/308,027 US201414308027A US2015301818A1 US 20150301818 A1 US20150301818 A1 US 20150301818A1 US 201414308027 A US201414308027 A US 201414308027A US 2015301818 A1 US2015301818 A1 US 2015301818A1
- Authority
- US
- United States
- Prior art keywords
- virtual machine
- software
- coefficient
- template
- update
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1415—Saving, restoring, recovering or retrying at system level
- G06F11/1433—Saving, restoring, recovering or retrying at system level during software upgrading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45562—Creating, deleting, cloning virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
- G06F8/63—Image based installation; Cloning; Build to order
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
Definitions
- the present disclosure relates to the field of control of virtual machines, and more specifically, to systems and methods for updating software of templates of virtual machines.
- VDI Virtual Desktop Infrastructure
- a method of infrastructure organization is attractive because of the ease of managing the infrastructure resources: at least one server is dedicated, whose hardware is used for the operation of a group of virtual machines, which are used remotely by the employees of the organization.
- the computing resources are “concentrated” in a single place, while the control of the software used by the employees of the organization occurs via the control of the templates, which eliminates the need for determining a set of software to be used for each employee.
- the aforementioned method of infrastructure organization has a number of drawbacks.
- the software installed on the virtual machines and used by the employees of the enterprise can become obsolete and vulnerabilities may be discovered therein.
- the operation of a virtual machine is in no way different in regard to the general ability to install software updates or updates to close vulnerabilities, that is, for example, the software vulnerabilities can be eliminated by installing corresponding software updates on a virtual machine created from a template that is vulnerable in terms of the software installed thereon.
- One technical result of the disclosed aspects is to minimize the idle time of the virtual machine for updating of software.
- an example method for updating software of templates of virtual machines includes determining a first coefficient indicative of a level of importance of a continuous operation of one or more virtual machines created from a virtual machine template; determining a second coefficient indicative of a level of criticality of software updates on the one or more virtual machines created from the virtual machine template; determining a third coefficient as a function of the first coefficient and the second coefficient; and when the third coefficient exceeds a threshold, updating the software on the virtual machine template to generate an updated virtual machine template.
- the method may further include determining, based on an analysis of critical events occurring during a period of operation of a test virtual machine created from the updated virtual machine template, whether the updated virtual machine template is suitable for being used for one or more virtual machines, and when the updated virtual machine template is suitable: creating a new virtual machine from the updated virtual machine template; shutting down the one or more virtual machine; and running the new virtual machine to replace the one or more virtual machines.
- the method may further include providing a database of software updates storing one or more of: at least one software update for updating of the virtual machine; data about a creation time of the software update; data about a version of the software update; data about software for which the software update is intended; data about vulnerabilities which are patched by the software update; data about a level of criticality of the software update; and data indicating a nature of changes made in the software by the update.
- the third coefficient is one of a linear function of the first coefficient and the second coefficient; and a product of the first coefficient weighted by a first index and the second coefficient weighted by a second index.
- updating the software on the virtual machine template may further include generating a dummy virtual machine based on the virtual machine template; applying the software update to the software of the dummy virtual machine; shutting down the dummy virtual machine; and creating an image corresponding to the dummy virtual machine.
- updating the software on the virtual machine template may further include applying the software update to the software of the virtual machine template.
- determining the first coefficient may include, based on a software evaluation table in which a weighting factor is established for each software program, determining weighting factors for installed software on the virtual machine template; and calculating the first coefficient as a function of the weighting factors.
- determining the first coefficient may be performed based on recorded length of continuous operation of the virtual machine.
- determining the second coefficient may further include determining one or more characteristics of the software update and respective coefficients for the one or more characteristics; and determining the second coefficient as a function of the respective coefficients.
- an example system for updating software of templates of virtual machines comprising a processor configure to determine a first coefficient indicative of a level of importance of a continuous operation of one or more virtual machines created from a virtual machine template; determine a second coefficient indicative of a level of criticality of software updates on the one or more virtual machines created from the virtual machine template; determine a third coefficient as a function of the first coefficient and the second coefficient; and when the third coefficient exceeds a threshold, update the software on the virtual machine template to generate an updated virtual machine template.
- an example computer program product stored on a non-transitory computer-readable storage medium, comprises computer-executable instructions for updating software of templates of virtual machines, including instructions for determining a first coefficient indicative of a level of importance of a continuous operation of one or more virtual machines created from a virtual machine template; determining a second coefficient indicative of a level of criticality of software updates on the one or more virtual machines created from the virtual machine template; determining a third coefficient as a function of the first coefficient and the second coefficient; and when the third coefficient exceeds a threshold, updating the software on the virtual machine template to generate an updated virtual machine template.
- FIG. 1 illustrates the structural diagram of an example system for updating software of templates of virtual machines according to one example aspect.
- FIG. 2 illustrates one example aspect of a template analysis module according to one example aspect.
- FIG. 3 illustrates one example aspect of an update analysis module according to one example aspect.
- FIG. 4 is a flowchart of an example method of running a virtual machine according to one example aspect.
- FIG. 5 shows an example of a general-purpose computer system suitable for implementing system and methods for updating software of templates of virtual machines according to various example aspects.
- Example aspects are described herein in the context of a system, method and computer program product for updating software of templates of virtual machines. Those of ordinary skill in the art will realize that the following description is illustrative only and is not intended to be in any way limiting. Other aspects will readily suggest themselves to those skilled in the art having the benefit of this disclosure. Reference will now be made in detail to implementations of the example aspects as illustrated in the accompanying drawings. The same reference indicators will be used to the extent possible throughout the drawings and the following description to refer to the same or like items.
- Some example aspects update software of templates of virtual machines by considering a level of importance of continuous operation of virtual machines that use the template and also a level of criticality of applying software updates to the templates. Some further aspects determine whether the updated template is suitable to be used for the virtual machines and reboot the virtual machines accordingly. Accordingly, updates may be performed on the basis of an analysis of a number of characteristics of both the set of software updates and the template of the virtual machine whose software is intended to be updated, or the virtual machines created from the aforementioned template of the virtual machine.
- FIG. 1 shows the structural diagram of an example aspect of a system for running a virtual machine.
- the infrastructure 118 of a certain organization in one example aspect includes a server, on which a set of virtual machines run, access to which is provided remotely by computing devices which are used by the employees of the organization.
- the virtual machines operating in the framework of the infrastructure 118 may be created from templates of virtual machines.
- the template of a virtual machine may be an image of the virtual machine storing information about the operating system installed on the virtual machine, the software, and the hardware set which is accessible for use by the virtual machine, which is used to create virtual machines that are identical with the virtual machine described by the aforesaid image.
- a template database 112 For the storage of the templates of virtual machines, which can be used in the infrastructure 118 of the organization, a template database 112 is used.
- the template database 112 may additionally store information on the software installed on the template of the virtual machine.
- the template database 112 for each template of a virtual machine additionally stores information on the virtual machines created from it and used in the infrastructure 118 .
- the group of templates of virtual machines used in the infrastructure 118 of the organization may include templates of virtual machines used for different purposes, e.g., from virtual machines playing the role of servers to virtual machines used by accountants or employees of the human resources department of the organization.
- the software running on the templates of the virtual machines used in the infrastructure 118 may vary.
- a virtual machine playing the role of an email server, and which may run an e-mail server software may operate without interruption over the course of several months, while a virtual machine used by the accountants, and which may run an accounting software, may be restarted each day.
- the templates of the virtual machines stored in the template database 112 for a time meet the needs of the infrastructure 118 , for example, up-to-date software (in the sense of no vulnerabilities and meeting the needs of the employees of the organization) is installed on the templates of the virtual machines.
- up-to-date software in the sense of no vulnerabilities and meeting the needs of the employees of the organization
- the software installed on the template may become outdated, for example, vulnerabilities may appear in it, which can be used by hackers, and also the software may simply cease meeting the possibly increasing needs of the company employees (for example, a company employee using software, such as an email client, now needs to filter unwanted emails, which cannot be done with the existing software functionality).
- sonic example aspects update the software on the templates of the virtual machines so that each virtual machine created from a template already has a set of updated software, and the users of the virtual machines do not have to spend their time updating the software on the virtual machines they are using.
- software updates may be used that are stored in an update database 114 .
- the database 114 may be filled up regularly as new software updates appear for downloading via the Internet.
- the software updates may include, but not limited to new program files, data used by the software, e.g., virus definitions, or instructions for changing the existing software files, e.g., software patches, etc.
- the following information may be stored in the update database 114 : the creation time of the software update; the software for which the mentioned update is intended; the version of the software update; the names of the vulnerabilities which are patched by installing the software update, if such exist (for example, CVE-2013-0422); the level of criticality of the update, which in one example aspect is established by the creators of the software update and evaluated by a number, the type of update, e.g., the nature of the changes made in the software, such as elimination of a vulnerability, and/or changing an interface, and/or changing a software functionality, which in one example aspect may be indicated by the developer of the software update.
- updating of the virtual machines of the infrastructure 118 may be performed as follows: update the software of the corresponding templates of the virtual machines, stop operation of said virtual machines, and start each from the template of the virtual machine with the updated software.
- Some example aspects for updating virtual machines minimize the number of shutdowns (or standstill time) during operation of those virtual machines for which a continuous operation is critical (for example, if the virtual machine is playing the role of an email server, or a database server).
- the template of a virtual machine may be characterized by a coefficient of importance of continuous operation, which is used to evaluate the criticality of the continuous running of the virtual machines created from the mentioned template.
- Coefficient of importance of continuous operation may be a number (such as 10.75), the larger the value of which, the more important its continuous operation for the virtual machine (created from the template to which the mentioned coefficient pertains).
- a template analysis module 110 is used to evaluate the criticality of continuous operation of at least one virtual machine created from the template of the virtual machine and, accordingly, designate a coefficient of importance of continuous operation for the template of the virtual machine.
- the template analysis module 110 uses the template of the virtual machine from the template database 112 to evaluate this template and to calculate a coefficient of importance of continuous operation corresponding to this template.
- FIG. 2 One example working scheme of the template analysis module 110 is shown in FIG. 2 , which will be described later.
- the software updates stored in the update database 114 may be intended for different purposes: some of the software updates may be intended to expand the existing software functionality, while others may be intended to eliminate vulnerabilities in the software.
- the need may vary to interrupt the operation of the virtual machines from the infrastructure 118 in order to start their updated versions and, consequently, install the software updates on the corresponding templates of the virtual machines.
- a coefficient of criticality of updates is used. Coefficient of criticality of updates may be a number (such as 20.34), the larger the value of which, the more important the software update to the operation of the software.
- an update analysis module 113 uses the set of software updates from the update database 114 to evaluate the set of said updates and to calculate a coefficient of criticality of updates corresponding to the analyzed set of software updates.
- the update analysis module 113 is shown in FIG. 3 , which will be described later.
- An update control module 115 is designed to make a decision on updating the software of the template of a virtual machine.
- the decision as to the need to install a set of software updates on the template of a virtual machine is made on the basis of an analysis of a number of characteristics of both the set of software updates and the template of the virtual machine whose software is intended to be updated, or the virtual machines created from the aforementioned template of the virtual machine.
- the update control module 115 evaluates the aforementioned characteristics of the set of software updates and the template of the virtual machine or the virtual machines created from that template by comparing a combination of coefficients, in one example aspect those obtained from the template analysis module 110 and update analysis module 113 , with an established value, which is a number, such as 43.5.
- the combination used is a linear combination of the aforementioned coefficients, for example, the difference between the coefficient of importance of continuous working and the coefficient of criticality of updates.
- the combination used is the product of the coefficients, each of which has its own index, for example the product of the coefficient of importance of continuous working with index “ ⁇ 1” and that of the coefficient of criticality of updates with index “1”.
- the obtained combination of coefficients is compared with the established value; in one example aspect the update control module 115 makes a decision as to the need for updating the software installed on the template of the virtual machine if the combination of coefficients exceeds a value of, for example, 1.5.
- the value with which the combination of coefficients is compared in one example aspect reflects how much more important it is to install the updates than for the virtual machines created from the template of the virtual machine to run continuous, and in one example aspect it is established by empirical values.
- the update control module 115 obtains the template of the virtual machine that was used by the template analysis module 110 to calculate the coefficient of importance of continuous operation.
- the update control module 115 obtains the template of the set of software updates that was used by the update analysis module 113 to calculate the coefficient of criticality of updates.
- the virtual machine template and set of software updates obtained by the above-described methods are sent by the update control module 115 , along with a decision as to the need for updating the software of the template of the virtual machine, to a template update module 116 .
- the template update module 116 is configured to update the template of the virtual machine. Updating the template of the virtual machine refers to updating the software of the template of the virtual machine. In one example aspect, when updating the software of the template of a virtual machine, the template update module 116 creates a virtual machine from the aforementioned template, and in the context of its operation the installed software is subjected to updating with the use of the set of software updates. From the virtual machine with updated software, the template update module 116 creates the template of the virtual machine with updated software. The template of the virtual machine is created from the virtual machine by shutting it down and creating an image corresponding to the aforementioned virtual machine. The image includes data necessary for running of the virtual machine.
- the template update module 116 does not run a virtual machine from the template of the virtual machine intended for updating. Instead, the modification in the software which is performed in accordance with the installation of the set of software updates is implemented directly in the template of the virtual machine.
- the template of the virtual machine is connected to a computing device (such as a personal computer) or another virtual machine as an external disk. The changes that are made in the software during the installation of the updates are made in the software installed on the connected external disk by the template update module 116 . If the software updates include any instructions for changing the software being updated, these instructions are carried out by the template update module 116 .
- the template update module 116 uses information from the database on the virtual machines operating within the infrastructure 118 that were created from the template of the virtual machine that was updated by the template update module 116 , shuts down the virtual machines previously created from the template of the virtual machine and runs the new virtual machines from the updated template of the virtual machine for operation within the infrastructure 118 in place of the ones shut down.
- the template update module 116 after updating the template of the virtual machine, saves that template of the virtual machine along with information on the versions of the updated software in the template database 112 .
- an update testing module 117 may be used to analyze the operation of the software on the virtual machine.
- the update testing module 117 is used to detect updated templates of virtual machines on which the software (including the updated software) has unstable operation (for example, the performance of certain tasks has errors when the updated software is run) or can adversely affect the operation of the virtual machines and other software (for example, become a cause of incorrect execution of tasks of other software).
- the update testing module 117 analyzes the operation of the virtual machine over the course of a period of time (e.g., 10 hours).
- the update testing module 117 collects information on critical events occurring in the course of the operation of the virtual machine created from the template updated with the aid of the template update module 116 . If critical events are found, the update testing module 117 sends a corresponding message to the template update module 116 . After obtaining such a message, the template update module 116 classifies the template of the virtual machine from which the analyzed virtual machine was created as being unsuitable for further use in the infrastructure 118 , and accordingly the restarting of the virtual machines with the use of this virtual machine template is not carried out. In one example aspect, the template update module 116 also does not send this virtual machine template for storage in the template database 112 .
- Critical events occurring in the course of operation of the analyzed virtual machine may be a degradation in productivity of the virtual machine (including due to a competition for the resources of the virtual machine among the software running thereon) or errors in the operation of the operating system of the virtual machine.
- critical events involving degraded productivity may be found by a periodic checking (at established intervals of time, such as every 10 minutes) of the utilization of resources of the virtual machine: if the workload or the consumption of resources (such as the central processing unit of the virtual machine or the main memory of that virtual machine) is constantly increasing, the update testing module 117 finds a critical event.
- errors in the operation of the operating system of the virtual machine may be found by going to the Windows operating system component known as Event Viewer, which makes it possible to obtain a list of events occurring during the operation of the operating system, and to classify as critical events those events on the list having the attribute “Level” with the value “Error” and the attribute “Source” with a value containing the name of the process corresponding to the updated software.
- Event Viewer the Windows operating system component known as Event Viewer
- FIG. 2 shows a flow chart of an example aspect of the operation of the template analysis module 110 .
- the template analysis module 110 is configured to calculate the coefficient of importance of continuous operation of the virtual machine template, and also to transmit this coefficient, along with the virtual machine template to which the coefficient pertains, to the update control module 115 .
- the determination of the coefficient of importance of continuous operation of the virtual machine template involves evaluating the need to interrupt the running of the virtual machines operating in the infrastructure 118 that were created from the virtual machine template.
- this evaluation may be done by comparing the software installed on the virtual machine template and a list of software from a software evaluation table in which a weighting factor (e.g., a number, such as 5.6) is established for each software program; the higher the number, the more important the continuous operation of the software associated therewith.
- this table is stored in the template evaluation module 110 .
- this table is stored in a specially designed software database.
- the coefficient of importance of continuous operation for the virtual machine template is calculated by adding up the weighting factors of the installed software in accordance with the values from the software evaluation table.
- the coefficient of importance of continuous operation is calculated by taking the square root of the sum of the squares of the weighting factors of the installed software in accordance with the values from the software evaluation table.
- the module 110 may also collect information about operation of virtual machines in the infrastructure 118 that were created from the virtual machine template.
- the module 110 may also collect information about operation of virtual machines in the infrastructure 118 that were created from the virtual machine template.
- the time of continuous operation of a virtual machine may be evaluated by a periodic polling of the virtual machine (for example, by establishing a connection with the virtual machine using ping utility) in order to determine its status: operational or not.
- the time of continuous operation may be taken as being the time between the earliest polling to which an affirmative response was sent as to the operation of the virtual machine and the time of calculation of the coefficient of importance of continuous operation.
- the coefficient of importance of continuous operation when calculated by one of the aforementioned techniques may be further multiplied by a factor characterizing the likelihood of continuation of continuous operation of the virtual machines created from the virtual machine template. In one example aspect, this factor may be calculated as the ratio between the average time of continuous operation of the virtual machines created from the virtual machine template and the average time of continuous operation of the virtual machines in the infrastructure 118 .
- FIG. 3 shows a detailed flow chart of an example of operation of the update analysis module 113 .
- the update analysis module 113 is configured to calculate the coefficient of criticality of updates, and also to transmit this coefficient, along with the set of software updates to which the coefficient pertains, to the update control module 115 .
- the determination of the coefficient of criticality of updates involves an evaluation of the need to install the set of software updates as soon as possible, which set is found in the update database 114 .
- the update analysis module 113 analyzes the set of software updates, where such set of updates includes only updates for the software which is present on the virtual machine template on which such set of software updates is supposed to be installed.
- the list of software installed on the virtual machine template is obtained by the update analysis module 113 from the template analysis module 110 .
- the update analysis module 113 obtains from the update database 114 the set of software updates, and also information about the set of software updates (e.g., the type(s) of each update, the version and creation time of each update, the list of vulnerabilities being removed, the level of criticality).
- each characteristic of the software update (or a characteristic derived therefrom, for example, the creation time might appear as the “age” of the software update—the number of days from the moment of creation of the software update to the moment of analysis of that update) is assigned a corresponding number, characterizing the degree of influence of that characteristic (such as the type of update, the creation time) on the need to install that software update on the virtual machine template.
- the aforementioned coefficients are calculated as follows when evaluating the software update: the “age” of the software update may be evaluated by a number equal to the product of, for example, 0.07 times the number of days from the time of creation of the software update until the time of analysis of such update; vulnerabilities removed are evaluated by the product of, for example, 1.5 times the number of vulnerabilities removed by the software update; the level of criticality may be taken into account without changes (the level of criticality originally constitutes a number); the overall type of the update may be evaluated by the sum of the numbers characterizing the possible types of software update: removal of a vulnerability—1, changing of functionality—0.8, changing of interface—0.2.
- the update analysis module 113 calculates the coefficient of criticality of updates as the sum of the coefficients corresponding to the characteristics (e.g., the numbers characterizing the degree of influence of the particular characteristic on the need to install the software update) for each software update in the set of software updates.
- the coefficient of criticality of updates so calculated, with its corresponding set of software updates, is sent by the update analysis module 113 to the input to the update control module 115 .
- FIG. 4 shows a flowchart of the operating algorithm of one example aspect of the above-described system for updating software of templates of virtual machines.
- the template analysis module 110 calculates the coefficient of importance of continuous operation with regard to the virtual machine template. During this calculation, data are used that are stored in the template database 112 . The calculated coefficient of importance of continuous operation together with the template of the virtual machine to which that coefficient pertains goes to the input of the update control module 115 .
- the update analysis module 113 calculates the coefficient of criticality of updates for the set of software updates. During this calculation, data are used that are stored in the update database 114 .
- the calculated coefficient of criticality of updates together with the set of software updates to which this coefficient pertains goes to the input of the update control module 115 .
- the update control module 115 calculates the combination of coefficients which said module 115 receives from the template analysis module 110 and the update analysis module 113 .
- the update control module 115 compares the combination of coefficients calculated in step 420 with an established value. If the combination does not exceed the established value, the software of the virtual machine template is not updated, and the system ends its work in step 450 .
- the update testing module 117 performs an analysis of the influence of the software update in regard to the operation of the software of the template obtained in step 440 with the aid of the template update module 116 .
- the update testing module 117 makes a decision to classify the virtual machine template with updated software fit for further use. If the mentioned template was classified as unsuitable for further use, then in accordance with step 480 there is no restarting of the virtual machines created from the virtual machine template whose software was updated. But if the virtual machine template with updated software was not classified as unsuitable, then, in step 490 , the template update module 116 reboots the virtual machines running within the infrastructure 118 that were created from the virtual machine template whose software was updated in step 440 .
- FIG. 5 shows an example of a general-purpose computer system (which may be a personal computer or a server) 20 , which may be used to implement aspects of system and methods disclosed herein.
- the computer system 20 includes a central processing unit 21 , a system memory 22 and a system bus 23 connecting the various system components, including the memory associated with the central processing unit 21 .
- the system bus 23 is realized like any bus structure known from the prior art, including in turn a bus memory or bus memory controller, a peripheral bus and a local bus, which is able to interact with any other bus architecture.
- the system memory includes permanent memory (ROM) 24 and random-access memory (RAM) 25 .
- the basic input/output system (BIOS) 26 includes the basic procedures ensuring the transfer of information between elements of the personal computer 20 , such as those at the time of loading the operating system with the use of the ROM 24 .
- the personal computer 20 includes a hard disk 27 for reading and writing of data, a magnetic disk drive 28 for reading and writing on removable magnetic disks 29 and an optical drive 30 for reading and writing on removable optical disks 31 , such as CD-ROM, DVD-ROM and other optical information media.
- the hard disk 27 , the magnetic disk drive 28 , and the optical drive 30 are connected to the system bus 23 across the hard disk interface 32 , the magnetic disk interface 33 and the optical drive interface 34 , respectively.
- the drives and the corresponding computer information media are power-independent modules for storage of computer instructions, data structures, program modules and other data of the personal computer 20 .
- the present disclosure provides the implementation of a system that uses a hard disk 27 , a removable magnetic disk 29 and a removable optical disk 31 , but it should be understood that it is possible to employ other types of computer information media 56 which are able to store data in a form readable by a computer (solid state drives, flash memory cards, digital disks, random-access memory (RAM) and so on), which are connected to the system bus 23 via the controller 55 .
- solid state drives, flash memory cards, digital disks, random-access memory (RAM) and so on which are connected to the system bus 23 via the controller 55 .
- the computer 20 has a file system 36 , where the recorded operating system 35 is stored, and also additional program applications 37 , other program modules 38 and program data 39 .
- the user is able to enter commands and information into the personal computer 20 by using input devices (keyboard 40 , mouse 42 ).
- Other input devices can be used: microphone, joystick, game controller, scanner, and so on.
- Such input devices usually plug into the computer system 20 through a serial port 46 , which in turn is connected to the system bus, but they can be connected in other ways, for example, with the aid of a parallel port, a game port or a universal serial bus (USB).
- a monitor 47 or other type of display device is also connected to the system bus 23 across an interface, such as a video adapter 48 .
- the personal computer can be equipped with other peripheral output devices (not shown), such as loudspeakers, a printer, and so on.
- the personal computer 20 is able to work in a network environment, using a network connection to one or more remote computers 49 .
- the remote computer (or computers) 49 are also personal computers or servers having the majority or all of the aforementioned elements in describing the nature of a personal computer 20 , as shown in FIG. 4 .
- Other devices can also be present in the computer network, such as routers, network stations, peer devices or other network nodes.
- Network connections can form a local-area computer network (LAN) 50 and a wide-area computer network (WAN). Such networks are used in corporate computer networks and internal company networks, and they generally have access to the Internet.
- LAN or WAN networks the personal computer 20 is connected to the local-area network 50 across a network adapter or network interface 51 .
- the personal computer 20 can employ a modem 54 or other modules for providing communications with a wide-area computer network such as the Internet.
- the modem 54 which is an internal or external device, is connected to the system bus 23 by a serial port 46 . It should be noted that the network connections are only examples and need not depict the exact configuration of the network, i.e., in reality there are other ways of establishing a connection of one computer to another by technical communication modules.
- the systems and methods described herein may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the methods may be stored as one or more instructions or code on a non-transitory computer-readable medium.
- Computer-readable medium includes data storage.
- such computer-readable medium can comprise RAM, ROM, EEPROM, CD-ROM, Flash memory or other types of electric, magnetic, or optical storage medium, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a processor of a general purpose computer.
- module refers to a real-world device, component, or arrangement of components implemented using hardware, such as by an application specific integrated circuit (ASIC) or field-programmable gate array (FPGA), for example, or as a combination of hardware and software, such as by a microprocessor system and a set of instructions to implement the module's functionality, which (while being executed) transform the microprocessor system into a special-purpose device.
- a module can also be implemented as a combination of the two, with certain functions facilitated by hardware alone, and other functions facilitated by a combination of hardware and software.
- a module can be executed on the processor of a general purpose computer (such as the one described in greater detail in FIG. 5 above). Accordingly, each module can be realized in a variety of suitable configurations, and should not be limited to any particular implementation exemplified herein.
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
Description
- The present disclosure claims benefit of priority under 35 U.S.C. 119(a)-(d) to a Russian Application No. 2014115455 filed on Apr. 18,2014, which is incorporated by reference herein.
- The present disclosure relates to the field of control of virtual machines, and more specifically, to systems and methods for updating software of templates of virtual machines.
- Today the use of Virtual Desktop Infrastructure (VDI), which generally includes a set of templates of virtual machines and means that allow the operation of virtual machines created from those templates, is becoming increasingly popular as the basis for forming an enterprise or organizational infrastructure. Such a method of infrastructure organization is attractive because of the ease of managing the infrastructure resources: at least one server is dedicated, whose hardware is used for the operation of a group of virtual machines, which are used remotely by the employees of the organization. In other words, the computing resources are “concentrated” in a single place, while the control of the software used by the employees of the organization occurs via the control of the templates, which eliminates the need for determining a set of software to be used for each employee.
- However, the aforementioned method of infrastructure organization has a number of drawbacks. For example, the software installed on the virtual machines and used by the employees of the enterprise can become obsolete and vulnerabilities may be discovered therein. On the one hand, the operation of a virtual machine is in no way different in regard to the general ability to install software updates or updates to close vulnerabilities, that is, for example, the software vulnerabilities can be eliminated by installing corresponding software updates on a virtual machine created from a template that is vulnerable in terms of the software installed thereon. However, the problem arises that after a certain time, the software on the template becomes so outdate that the installation of all necessary updates on the virtual machine created from the template takes a lot of time and computing resources
- There are conventional methods of automatic updating of the software of templates, but in these methods the problem of selecting an update strategy which can effectively manage a set of virtual machines and templates, minimizing the time during which the software being updated is unavailable for use, is not solved. Accordingly, there is an unmet need in the field of control of virtual machines to improve the processes of updating software of templates of virtual machines.
- Disclosed are various aspects of systems, methods and computer program products for automatic updating software of templates of virtual machines. One technical result of the disclosed aspects is to minimize the idle time of the virtual machine for updating of software.
- In one aspect, an example method for updating software of templates of virtual machines includes determining a first coefficient indicative of a level of importance of a continuous operation of one or more virtual machines created from a virtual machine template; determining a second coefficient indicative of a level of criticality of software updates on the one or more virtual machines created from the virtual machine template; determining a third coefficient as a function of the first coefficient and the second coefficient; and when the third coefficient exceeds a threshold, updating the software on the virtual machine template to generate an updated virtual machine template.
- In another aspect, the method may further include determining, based on an analysis of critical events occurring during a period of operation of a test virtual machine created from the updated virtual machine template, whether the updated virtual machine template is suitable for being used for one or more virtual machines, and when the updated virtual machine template is suitable: creating a new virtual machine from the updated virtual machine template; shutting down the one or more virtual machine; and running the new virtual machine to replace the one or more virtual machines.
- In another aspect, the method may further include providing a database of software updates storing one or more of: at least one software update for updating of the virtual machine; data about a creation time of the software update; data about a version of the software update; data about software for which the software update is intended; data about vulnerabilities which are patched by the software update; data about a level of criticality of the software update; and data indicating a nature of changes made in the software by the update.
- In another aspect, the third coefficient is one of a linear function of the first coefficient and the second coefficient; and a product of the first coefficient weighted by a first index and the second coefficient weighted by a second index.
- In another aspect, updating the software on the virtual machine template may further include generating a dummy virtual machine based on the virtual machine template; applying the software update to the software of the dummy virtual machine; shutting down the dummy virtual machine; and creating an image corresponding to the dummy virtual machine.
- In another aspect, updating the software on the virtual machine template may further include applying the software update to the software of the virtual machine template.
- In another aspect, determining the first coefficient may include, based on a software evaluation table in which a weighting factor is established for each software program, determining weighting factors for installed software on the virtual machine template; and calculating the first coefficient as a function of the weighting factors.
- In another aspect, determining the first coefficient may be performed based on recorded length of continuous operation of the virtual machine.
- In another aspect, determining the second coefficient may further include determining one or more characteristics of the software update and respective coefficients for the one or more characteristics; and determining the second coefficient as a function of the respective coefficients.
- In another aspect, an example system for updating software of templates of virtual machines, the system comprising a processor configure to determine a first coefficient indicative of a level of importance of a continuous operation of one or more virtual machines created from a virtual machine template; determine a second coefficient indicative of a level of criticality of software updates on the one or more virtual machines created from the virtual machine template; determine a third coefficient as a function of the first coefficient and the second coefficient; and when the third coefficient exceeds a threshold, update the software on the virtual machine template to generate an updated virtual machine template.
- In a further aspect, an example computer program product, stored on a non-transitory computer-readable storage medium, comprises computer-executable instructions for updating software of templates of virtual machines, including instructions for determining a first coefficient indicative of a level of importance of a continuous operation of one or more virtual machines created from a virtual machine template; determining a second coefficient indicative of a level of criticality of software updates on the one or more virtual machines created from the virtual machine template; determining a third coefficient as a function of the first coefficient and the second coefficient; and when the third coefficient exceeds a threshold, updating the software on the virtual machine template to generate an updated virtual machine template.
- The above simplified summary of example aspects serves to provide a basic understanding of the present disclosure. This summary is not an extensive overview of all contemplated aspects, and is intended to neither identify key or critical elements of all aspects nor delineate the scope of any or all aspects of the present disclosure. Its sole purpose is to present one or more aspects simplified form as prelude to the more detailed description of the disclosure that follows.
- The accompanying drawings, which are incorporated into and constitute a part of this specification, illustrate one or more example aspects of the present disclosure and, together with the detailed description, serve to explain their principles and implementations.
-
FIG. 1 illustrates the structural diagram of an example system for updating software of templates of virtual machines according to one example aspect. -
FIG. 2 illustrates one example aspect of a template analysis module according to one example aspect. -
FIG. 3 illustrates one example aspect of an update analysis module according to one example aspect. -
FIG. 4 is a flowchart of an example method of running a virtual machine according to one example aspect. -
FIG. 5 shows an example of a general-purpose computer system suitable for implementing system and methods for updating software of templates of virtual machines according to various example aspects. - Example aspects are described herein in the context of a system, method and computer program product for updating software of templates of virtual machines. Those of ordinary skill in the art will realize that the following description is illustrative only and is not intended to be in any way limiting. Other aspects will readily suggest themselves to those skilled in the art having the benefit of this disclosure. Reference will now be made in detail to implementations of the example aspects as illustrated in the accompanying drawings. The same reference indicators will be used to the extent possible throughout the drawings and the following description to refer to the same or like items.
- Some example aspects update software of templates of virtual machines by considering a level of importance of continuous operation of virtual machines that use the template and also a level of criticality of applying software updates to the templates. Some further aspects determine whether the updated template is suitable to be used for the virtual machines and reboot the virtual machines accordingly. Accordingly, updates may be performed on the basis of an analysis of a number of characteristics of both the set of software updates and the template of the virtual machine whose software is intended to be updated, or the virtual machines created from the aforementioned template of the virtual machine.
-
FIG. 1 shows the structural diagram of an example aspect of a system for running a virtual machine. Theinfrastructure 118 of a certain organization in one example aspect includes a server, on which a set of virtual machines run, access to which is provided remotely by computing devices which are used by the employees of the organization. The virtual machines operating in the framework of theinfrastructure 118 may be created from templates of virtual machines. In one example aspect, the template of a virtual machine may be an image of the virtual machine storing information about the operating system installed on the virtual machine, the software, and the hardware set which is accessible for use by the virtual machine, which is used to create virtual machines that are identical with the virtual machine described by the aforesaid image. For the storage of the templates of virtual machines, which can be used in theinfrastructure 118 of the organization, atemplate database 112 is used. In one example aspect, thetemplate database 112 may additionally store information on the software installed on the template of the virtual machine. In yet another example aspect, thetemplate database 112 for each template of a virtual machine additionally stores information on the virtual machines created from it and used in theinfrastructure 118. The group of templates of virtual machines used in theinfrastructure 118 of the organization may include templates of virtual machines used for different purposes, e.g., from virtual machines playing the role of servers to virtual machines used by accountants or employees of the human resources department of the organization. Thus, the software running on the templates of the virtual machines used in theinfrastructure 118, and also the time of continuous working of the virtual machines created from the mentioned templates, may vary. For example, a virtual machine playing the role of an email server, and which may run an e-mail server software, may operate without interruption over the course of several months, while a virtual machine used by the accountants, and which may run an accounting software, may be restarted each day. - The templates of the virtual machines stored in the
template database 112 for a time meet the needs of theinfrastructure 118, for example, up-to-date software (in the sense of no vulnerabilities and meeting the needs of the employees of the organization) is installed on the templates of the virtual machines. After some time passes, the software installed on the template may become outdated, for example, vulnerabilities may appear in it, which can be used by hackers, and also the software may simply cease meeting the possibly increasing needs of the company employees (for example, a company employee using software, such as an email client, now needs to filter unwanted emails, which cannot be done with the existing software functionality). To solve this situation, sonic example aspects update the software on the templates of the virtual machines so that each virtual machine created from a template already has a set of updated software, and the users of the virtual machines do not have to spend their time updating the software on the virtual machines they are using. To update the software of the templates of the virtual machines, software updates may be used that are stored in anupdate database 114. In one example aspect, thedatabase 114 may be filled up regularly as new software updates appear for downloading via the Internet. The software updates may include, but not limited to new program files, data used by the software, e.g., virus definitions, or instructions for changing the existing software files, e.g., software patches, etc. Besides software updates, in one example aspect, the following information may be stored in the update database 114: the creation time of the software update; the software for which the mentioned update is intended; the version of the software update; the names of the vulnerabilities which are patched by installing the software update, if such exist (for example, CVE-2013-0422); the level of criticality of the update, which in one example aspect is established by the creators of the software update and evaluated by a number, the type of update, e.g., the nature of the changes made in the software, such as elimination of a vulnerability, and/or changing an interface, and/or changing a software functionality, which in one example aspect may be indicated by the developer of the software update. - In one example aspect, updating of the virtual machines of the infrastructure 118 (e.g., updating of the software of the virtual machines) performing various roles, may be performed as follows: update the software of the corresponding templates of the virtual machines, stop operation of said virtual machines, and start each from the template of the virtual machine with the updated software. Some example aspects for updating virtual machines minimize the number of shutdowns (or standstill time) during operation of those virtual machines for which a continuous operation is critical (for example, if the virtual machine is playing the role of an email server, or a database server). The template of a virtual machine may be characterized by a coefficient of importance of continuous operation, which is used to evaluate the criticality of the continuous running of the virtual machines created from the mentioned template. Coefficient of importance of continuous operation may be a number (such as 10.75), the larger the value of which, the more important its continuous operation for the virtual machine (created from the template to which the mentioned coefficient pertains). To evaluate the criticality of continuous operation of at least one virtual machine created from the template of the virtual machine and, accordingly, designate a coefficient of importance of continuous operation for the template of the virtual machine, a
template analysis module 110 is used. Thetemplate analysis module 110 uses the template of the virtual machine from thetemplate database 112 to evaluate this template and to calculate a coefficient of importance of continuous operation corresponding to this template. One example working scheme of thetemplate analysis module 110 is shown inFIG. 2 , which will be described later. - The software updates stored in the
update database 114 may be intended for different purposes: some of the software updates may be intended to expand the existing software functionality, while others may be intended to eliminate vulnerabilities in the software. Depending on the software changes which are introduced by the software updates, the need may vary to interrupt the operation of the virtual machines from theinfrastructure 118 in order to start their updated versions and, consequently, install the software updates on the corresponding templates of the virtual machines. To evaluate the need to install software updates on a template, a coefficient of criticality of updates is used. Coefficient of criticality of updates may be a number (such as 20.34), the larger the value of which, the more important the software update to the operation of the software. To evaluate the importance of installing a set of software updates on a template of a virtual machine and, consequently, designating a coefficient of criticality of the update for a set of software updates, anupdate analysis module 113 is used. Theupdate analysis module 113 uses the set of software updates from theupdate database 114 to evaluate the set of said updates and to calculate a coefficient of criticality of updates corresponding to the analyzed set of software updates. One example working scheme of theupdate analysis module 113 is shown inFIG. 3 , which will be described later. - An
update control module 115 is designed to make a decision on updating the software of the template of a virtual machine. The decision as to the need to install a set of software updates on the template of a virtual machine is made on the basis of an analysis of a number of characteristics of both the set of software updates and the template of the virtual machine whose software is intended to be updated, or the virtual machines created from the aforementioned template of the virtual machine. In one example aspect, one uses as such characteristics the coefficient of importance of continuous operation, which is determined by thetemplate analysis module 110, and also the coefficient of criticality of updates, which is determined by theupdate analysis module 113. In one example aspect, theupdate control module 115 evaluates the aforementioned characteristics of the set of software updates and the template of the virtual machine or the virtual machines created from that template by comparing a combination of coefficients, in one example aspect those obtained from thetemplate analysis module 110 andupdate analysis module 113, with an established value, which is a number, such as 43.5. In one example aspect, the combination used is a linear combination of the aforementioned coefficients, for example, the difference between the coefficient of importance of continuous working and the coefficient of criticality of updates. In another example aspect, the combination used is the product of the coefficients, each of which has its own index, for example the product of the coefficient of importance of continuous working with index “−1” and that of the coefficient of criticality of updates with index “1”. The obtained combination of coefficients is compared with the established value; in one example aspect theupdate control module 115 makes a decision as to the need for updating the software installed on the template of the virtual machine if the combination of coefficients exceeds a value of, for example, 1.5. The value with which the combination of coefficients is compared in one example aspect reflects how much more important it is to install the updates than for the virtual machines created from the template of the virtual machine to run continuous, and in one example aspect it is established by empirical values. Besides the coefficient of importance of continuous working from thetemplate analysis module 110, theupdate control module 115 obtains the template of the virtual machine that was used by thetemplate analysis module 110 to calculate the coefficient of importance of continuous operation. Besides the coefficient of criticality of updates from theupdate analysis module 113, theupdate control module 115 obtains the template of the set of software updates that was used by theupdate analysis module 113 to calculate the coefficient of criticality of updates. The virtual machine template and set of software updates obtained by the above-described methods are sent by theupdate control module 115, along with a decision as to the need for updating the software of the template of the virtual machine, to atemplate update module 116. - The
template update module 116 is configured to update the template of the virtual machine. Updating the template of the virtual machine refers to updating the software of the template of the virtual machine. In one example aspect, when updating the software of the template of a virtual machine, thetemplate update module 116 creates a virtual machine from the aforementioned template, and in the context of its operation the installed software is subjected to updating with the use of the set of software updates. From the virtual machine with updated software, thetemplate update module 116 creates the template of the virtual machine with updated software. The template of the virtual machine is created from the virtual machine by shutting it down and creating an image corresponding to the aforementioned virtual machine. The image includes data necessary for running of the virtual machine. In another example aspect, thetemplate update module 116 does not run a virtual machine from the template of the virtual machine intended for updating. Instead, the modification in the software which is performed in accordance with the installation of the set of software updates is implemented directly in the template of the virtual machine. In one example aspect, the template of the virtual machine is connected to a computing device (such as a personal computer) or another virtual machine as an external disk. The changes that are made in the software during the installation of the updates are made in the software installed on the connected external disk by thetemplate update module 116. If the software updates include any instructions for changing the software being updated, these instructions are carried out by thetemplate update module 116. An example of such instructions may be SFX (Self-Extract Archive) instructions: “Delete=***.dll”, “Path=C:\”, the first of which deletes a certain file of the dynamic library dll, while the second specifies a directory for copying files from the sfx archive of type “C:\”. - The
template update module 116, using information from the database on the virtual machines operating within theinfrastructure 118 that were created from the template of the virtual machine that was updated by thetemplate update module 116, shuts down the virtual machines previously created from the template of the virtual machine and runs the new virtual machines from the updated template of the virtual machine for operation within theinfrastructure 118 in place of the ones shut down. - In one example aspect, the
template update module 116, after updating the template of the virtual machine, saves that template of the virtual machine along with information on the versions of the updated software in thetemplate database 112. - In one example aspect, an
update testing module 117 may be used to analyze the operation of the software on the virtual machine. In one example aspect, theupdate testing module 117 is used to detect updated templates of virtual machines on which the software (including the updated software) has unstable operation (for example, the performance of certain tasks has errors when the updated software is run) or can adversely affect the operation of the virtual machines and other software (for example, become a cause of incorrect execution of tasks of other software). To detect critical events occurring during the operation of the virtual machine and reflecting unstable operation of the software, theupdate testing module 117 analyzes the operation of the virtual machine over the course of a period of time (e.g., 10 hours). During the analysis, theupdate testing module 117 collects information on critical events occurring in the course of the operation of the virtual machine created from the template updated with the aid of thetemplate update module 116. If critical events are found, theupdate testing module 117 sends a corresponding message to thetemplate update module 116. After obtaining such a message, thetemplate update module 116 classifies the template of the virtual machine from which the analyzed virtual machine was created as being unsuitable for further use in theinfrastructure 118, and accordingly the restarting of the virtual machines with the use of this virtual machine template is not carried out. In one example aspect, thetemplate update module 116 also does not send this virtual machine template for storage in thetemplate database 112. Critical events occurring in the course of operation of the analyzed virtual machine, in one example aspect, may be a degradation in productivity of the virtual machine (including due to a competition for the resources of the virtual machine among the software running thereon) or errors in the operation of the operating system of the virtual machine. In one example aspect, critical events involving degraded productivity may be found by a periodic checking (at established intervals of time, such as every 10 minutes) of the utilization of resources of the virtual machine: if the workload or the consumption of resources (such as the central processing unit of the virtual machine or the main memory of that virtual machine) is constantly increasing, theupdate testing module 117 finds a critical event. In yet another example aspect, errors in the operation of the operating system of the virtual machine may be found by going to the Windows operating system component known as Event Viewer, which makes it possible to obtain a list of events occurring during the operation of the operating system, and to classify as critical events those events on the list having the attribute “Level” with the value “Error” and the attribute “Source” with a value containing the name of the process corresponding to the updated software. -
FIG. 2 shows a flow chart of an example aspect of the operation of thetemplate analysis module 110. In some aspects, thetemplate analysis module 110 is configured to calculate the coefficient of importance of continuous operation of the virtual machine template, and also to transmit this coefficient, along with the virtual machine template to which the coefficient pertains, to theupdate control module 115. The determination of the coefficient of importance of continuous operation of the virtual machine template involves evaluating the need to interrupt the running of the virtual machines operating in theinfrastructure 118 that were created from the virtual machine template. In one example aspect, this evaluation may be done by comparing the software installed on the virtual machine template and a list of software from a software evaluation table in which a weighting factor (e.g., a number, such as 5.6) is established for each software program; the higher the number, the more important the continuous operation of the software associated therewith. In one example aspect, this table is stored in thetemplate evaluation module 110. In another example aspect, this table is stored in a specially designed software database. In one example aspect, the coefficient of importance of continuous operation for the virtual machine template is calculated by adding up the weighting factors of the installed software in accordance with the values from the software evaluation table. In another example aspect, the coefficient of importance of continuous operation is calculated by taking the square root of the sum of the squares of the weighting factors of the installed software in accordance with the values from the software evaluation table. - In yet another example aspect, during the calculation of the coefficient of importance of continuous operation of the virtual machine template by the
template analysis module 110, themodule 110 may also collect information about operation of virtual machines in theinfrastructure 118 that were created from the virtual machine template. In some example aspects, during the calculation of the mentioned coefficient, it is possible to take into account the operation time of the virtual machines created from the virtual machine template. It is assumed that the longer the time of continuous operation (on average, for example) of the virtual machines created from the virtual machine template, the more likely the operation of such virtual machines should not be interrupted even for a certain interval of time. The time of continuous operation of a virtual machine may be evaluated by a periodic polling of the virtual machine (for example, by establishing a connection with the virtual machine using ping utility) in order to determine its status: operational or not. Thus, in one example aspect, the time of continuous operation may be taken as being the time between the earliest polling to which an affirmative response was sent as to the operation of the virtual machine and the time of calculation of the coefficient of importance of continuous operation. Based on these considerations, in one example aspect, the coefficient of importance of continuous operation when calculated by one of the aforementioned techniques may be further multiplied by a factor characterizing the likelihood of continuation of continuous operation of the virtual machines created from the virtual machine template. In one example aspect, this factor may be calculated as the ratio between the average time of continuous operation of the virtual machines created from the virtual machine template and the average time of continuous operation of the virtual machines in theinfrastructure 118. -
FIG. 3 shows a detailed flow chart of an example of operation of theupdate analysis module 113. In some example aspects, theupdate analysis module 113 is configured to calculate the coefficient of criticality of updates, and also to transmit this coefficient, along with the set of software updates to which the coefficient pertains, to theupdate control module 115. The determination of the coefficient of criticality of updates involves an evaluation of the need to install the set of software updates as soon as possible, which set is found in theupdate database 114. In some example aspect, theupdate analysis module 113 analyzes the set of software updates, where such set of updates includes only updates for the software which is present on the virtual machine template on which such set of software updates is supposed to be installed. In one example aspect, the list of software installed on the virtual machine template is obtained by theupdate analysis module 113 from thetemplate analysis module 110. When calculating the coefficient of criticality of updates, theupdate analysis module 113 obtains from theupdate database 114 the set of software updates, and also information about the set of software updates (e.g., the type(s) of each update, the version and creation time of each update, the list of vulnerabilities being removed, the level of criticality). When calculating the coefficient of criticality of updates, each characteristic of the software update (or a characteristic derived therefrom, for example, the creation time might appear as the “age” of the software update—the number of days from the moment of creation of the software update to the moment of analysis of that update) is assigned a corresponding number, characterizing the degree of influence of that characteristic (such as the type of update, the creation time) on the need to install that software update on the virtual machine template. In one example aspect, the aforementioned coefficients are calculated as follows when evaluating the software update: the “age” of the software update may be evaluated by a number equal to the product of, for example, 0.07 times the number of days from the time of creation of the software update until the time of analysis of such update; vulnerabilities removed are evaluated by the product of, for example, 1.5 times the number of vulnerabilities removed by the software update; the level of criticality may be taken into account without changes (the level of criticality originally constitutes a number); the overall type of the update may be evaluated by the sum of the numbers characterizing the possible types of software update: removal of a vulnerability—1, changing of functionality—0.8, changing of interface—0.2. In one example aspect, theupdate analysis module 113 calculates the coefficient of criticality of updates as the sum of the coefficients corresponding to the characteristics (e.g., the numbers characterizing the degree of influence of the particular characteristic on the need to install the software update) for each software update in the set of software updates. The coefficient of criticality of updates so calculated, with its corresponding set of software updates, is sent by theupdate analysis module 113 to the input to theupdate control module 115. -
FIG. 4 shows a flowchart of the operating algorithm of one example aspect of the above-described system for updating software of templates of virtual machines. Instep 400, thetemplate analysis module 110 calculates the coefficient of importance of continuous operation with regard to the virtual machine template. During this calculation, data are used that are stored in thetemplate database 112. The calculated coefficient of importance of continuous operation together with the template of the virtual machine to which that coefficient pertains goes to the input of theupdate control module 115. Instep 410, theupdate analysis module 113 calculates the coefficient of criticality of updates for the set of software updates. During this calculation, data are used that are stored in theupdate database 114. The calculated coefficient of criticality of updates together with the set of software updates to which this coefficient pertains goes to the input of theupdate control module 115. Theupdate control module 115, instep 420, calculates the combination of coefficients which saidmodule 115 receives from thetemplate analysis module 110 and theupdate analysis module 113. Instep 430, theupdate control module 115 compares the combination of coefficients calculated instep 420 with an established value. If the combination does not exceed the established value, the software of the virtual machine template is not updated, and the system ends its work instep 450. But if the combination is greater than the established value, the virtual machine template and set of software updates obtained by theupdate control module 115 are sent to thetemplate update module 116 for subsequent updating of the software of the virtual machine template instep 440. Instep 460, theupdate testing module 117 performs an analysis of the influence of the software update in regard to the operation of the software of the template obtained instep 440 with the aid of thetemplate update module 116. Instep 470, theupdate testing module 117 makes a decision to classify the virtual machine template with updated software fit for further use. If the mentioned template was classified as unsuitable for further use, then in accordance withstep 480 there is no restarting of the virtual machines created from the virtual machine template whose software was updated. But if the virtual machine template with updated software was not classified as unsuitable, then, instep 490, thetemplate update module 116 reboots the virtual machines running within theinfrastructure 118 that were created from the virtual machine template whose software was updated instep 440. -
FIG. 5 shows an example of a general-purpose computer system (which may be a personal computer or a server) 20, which may be used to implement aspects of system and methods disclosed herein. Thecomputer system 20 includes acentral processing unit 21, asystem memory 22 and asystem bus 23 connecting the various system components, including the memory associated with thecentral processing unit 21. Thesystem bus 23 is realized like any bus structure known from the prior art, including in turn a bus memory or bus memory controller, a peripheral bus and a local bus, which is able to interact with any other bus architecture. The system memory includes permanent memory (ROM) 24 and random-access memory (RAM) 25. The basic input/output system (BIOS) 26 includes the basic procedures ensuring the transfer of information between elements of thepersonal computer 20, such as those at the time of loading the operating system with the use of theROM 24. - The
personal computer 20, in turn, includes ahard disk 27 for reading and writing of data, amagnetic disk drive 28 for reading and writing on removablemagnetic disks 29 and anoptical drive 30 for reading and writing on removableoptical disks 31, such as CD-ROM, DVD-ROM and other optical information media. Thehard disk 27, themagnetic disk drive 28, and theoptical drive 30 are connected to thesystem bus 23 across thehard disk interface 32, themagnetic disk interface 33 and theoptical drive interface 34, respectively. The drives and the corresponding computer information media are power-independent modules for storage of computer instructions, data structures, program modules and other data of thepersonal computer 20. - The present disclosure provides the implementation of a system that uses a
hard disk 27, a removablemagnetic disk 29 and a removableoptical disk 31, but it should be understood that it is possible to employ other types ofcomputer information media 56 which are able to store data in a form readable by a computer (solid state drives, flash memory cards, digital disks, random-access memory (RAM) and so on), which are connected to thesystem bus 23 via thecontroller 55. - The
computer 20 has afile system 36, where the recordedoperating system 35 is stored, and alsoadditional program applications 37,other program modules 38 andprogram data 39. The user is able to enter commands and information into thepersonal computer 20 by using input devices (keyboard 40, mouse 42). Other input devices (not shown) can be used: microphone, joystick, game controller, scanner, and so on. Such input devices usually plug into thecomputer system 20 through aserial port 46, which in turn is connected to the system bus, but they can be connected in other ways, for example, with the aid of a parallel port, a game port or a universal serial bus (USB). Amonitor 47 or other type of display device is also connected to thesystem bus 23 across an interface, such as avideo adapter 48. In addition to themonitor 47, the personal computer can be equipped with other peripheral output devices (not shown), such as loudspeakers, a printer, and so on. - The
personal computer 20 is able to work in a network environment, using a network connection to one or moreremote computers 49. The remote computer (or computers) 49 are also personal computers or servers having the majority or all of the aforementioned elements in describing the nature of apersonal computer 20, as shown inFIG. 4 . Other devices can also be present in the computer network, such as routers, network stations, peer devices or other network nodes. - Network connections can form a local-area computer network (LAN) 50 and a wide-area computer network (WAN). Such networks are used in corporate computer networks and internal company networks, and they generally have access to the Internet. In LAN or WAN networks, the
personal computer 20 is connected to the local-area network 50 across a network adapter ornetwork interface 51. When networks are used, thepersonal computer 20 can employ amodem 54 or other modules for providing communications with a wide-area computer network such as the Internet. Themodem 54, which is an internal or external device, is connected to thesystem bus 23 by aserial port 46. It should be noted that the network connections are only examples and need not depict the exact configuration of the network, i.e., in reality there are other ways of establishing a connection of one computer to another by technical communication modules. - In various aspects, the systems and methods described herein may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the methods may be stored as one or more instructions or code on a non-transitory computer-readable medium. Computer-readable medium includes data storage. By way of example, and not limitation, such computer-readable medium can comprise RAM, ROM, EEPROM, CD-ROM, Flash memory or other types of electric, magnetic, or optical storage medium, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a processor of a general purpose computer.
- In various aspects, the systems and methods described in the present disclosure in terms of modules. The term “module” as used herein refers to a real-world device, component, or arrangement of components implemented using hardware, such as by an application specific integrated circuit (ASIC) or field-programmable gate array (FPGA), for example, or as a combination of hardware and software, such as by a microprocessor system and a set of instructions to implement the module's functionality, which (while being executed) transform the microprocessor system into a special-purpose device. A module can also be implemented as a combination of the two, with certain functions facilitated by hardware alone, and other functions facilitated by a combination of hardware and software. In certain implementations, at least a portion, and in some cases, all, of a module can be executed on the processor of a general purpose computer (such as the one described in greater detail in
FIG. 5 above). Accordingly, each module can be realized in a variety of suitable configurations, and should not be limited to any particular implementation exemplified herein. - In the interest of clarity, not all of the routine features of the aspects are disclosed herein. It will be appreciated that in the development of any actual implementation of the present disclosure, numerous implementation-specific decisions must be made in order to achieve the developer's specific goals, and that these specific goals will vary for different implementations and different developers. It will be appreciated that such a development effort might be complex and time-consuming, but would nevertheless be a routine undertaking of engineering for those of ordinary skill in the art having the benefit of this disclosure.
- Furthermore, it is to be understood that the phraseology or terminology used herein is for the purpose of description and not of restriction, such that the terminology or phraseology of the present specification is to be interpreted by the skilled in the art in light of the teachings and guidance presented herein, in combination with the knowledge of the skilled in the relevant art(s). Moreover, it is not intended for any term in the specification or claims to be ascribed an uncommon or special meaning unless explicitly set forth as such.
- The various aspects disclosed herein encompass present and future known equivalents to the known modules referred to herein by way of illustration. Moreover, while aspects and applications have been shown and described, it would be apparent to those skilled in the art having the benefit of this disclosure that many more modifications than mentioned above are possible without departing from the inventive concepts disclosed herein.
Claims (20)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2014115455/08A RU2573789C2 (en) | 2014-04-18 | 2014-04-18 | System and method for launching virtual machine |
RU2014115455 | 2014-04-18 |
Publications (2)
Publication Number | Publication Date |
---|---|
US20150301818A1 true US20150301818A1 (en) | 2015-10-22 |
US9182974B1 US9182974B1 (en) | 2015-11-10 |
Family
ID=54322091
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/308,027 Active US9182974B1 (en) | 2014-04-18 | 2014-06-18 | System and methods for updating software of templates of virtual machines |
Country Status (2)
Country | Link |
---|---|
US (1) | US9182974B1 (en) |
RU (1) | RU2573789C2 (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160306735A1 (en) * | 2015-04-16 | 2016-10-20 | International Business Machines Corporation | Customized application performance testing of upgraded software |
US20170005864A1 (en) * | 2015-06-30 | 2017-01-05 | International Business Machines Corporation | Cloud system order and configuration using customized templates |
US9600267B2 (en) * | 2015-06-15 | 2017-03-21 | International Business Machines Corporation | Optimizing provisioning through automated virtual machine template generation |
US9660947B1 (en) * | 2012-07-27 | 2017-05-23 | Intuit Inc. | Method and apparatus for filtering undesirable content based on anti-tags |
US20170228246A1 (en) * | 2016-02-08 | 2017-08-10 | Vmware, Inc. | Effective and efficient virtual machine template management for cloud environments |
US20180336053A1 (en) * | 2017-05-19 | 2018-11-22 | International Business Machines Corporation | Managing different virtual images as a single image |
US10579363B2 (en) * | 2017-11-29 | 2020-03-03 | Citrix Systems, Inc. | Cloud service automation of common image management |
US10853190B1 (en) * | 2019-09-04 | 2020-12-01 | EMC IP Holding Company LLC | System and method for a machine learning based smart restore mechanism |
WO2021096349A1 (en) * | 2019-11-15 | 2021-05-20 | Mimos Berhad | Method and system for resource upgrading in cloud computing environment |
US11074060B2 (en) * | 2018-11-15 | 2021-07-27 | Vmware, Inc. | Automated detection of patch criticality on customer environment |
US11294772B2 (en) | 2019-09-04 | 2022-04-05 | EMC IP Holding Company LLC | System and method to achieve virtual machine backup load balancing using machine learning |
US20230085233A1 (en) * | 2014-11-17 | 2023-03-16 | At&T Intellectual Property I, L.P. | Cloud-based spam detection |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9558031B2 (en) | 2015-04-29 | 2017-01-31 | Bank Of America Corporation | Updating and redistributing process templates with configurable activity parameters |
US9772873B2 (en) | 2015-04-29 | 2017-09-26 | Bank Of America Corporation | Generating process templates with configurable activity parameters by merging existing templates |
WO2018004367A1 (en) * | 2016-06-27 | 2018-01-04 | Emc Corporation | Techniques for accurately apprising a user of progress in booting a virtual appliance |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6976251B2 (en) * | 2001-05-30 | 2005-12-13 | International Business Machines Corporation | Intelligent update agent |
US20070204266A1 (en) * | 2006-02-28 | 2007-08-30 | International Business Machines Corporation | Systems and methods for dynamically managing virtual machines |
US8205194B2 (en) * | 2007-06-29 | 2012-06-19 | Microsoft Corporation | Updating offline virtual machines or VM images |
US8161479B2 (en) * | 2008-06-13 | 2012-04-17 | Microsoft Corporation | Synchronizing virtual machine and application life cycles |
US8185884B2 (en) | 2008-06-23 | 2012-05-22 | Novell, Inc. | System and method for offline updation of software in virtual machine (VM) images |
WO2011142753A1 (en) * | 2010-05-12 | 2011-11-17 | Hewlett-Packard Development Company, L.P. | Methods, apparatus and articles of manufacture to update virtual machine templates |
US8584121B2 (en) | 2010-11-19 | 2013-11-12 | International Business Machines Corporation | Using a score-based template to provide a virtual machine |
US20120144489A1 (en) | 2010-12-07 | 2012-06-07 | Microsoft Corporation | Antimalware Protection of Virtual Machines |
US8578376B2 (en) | 2011-01-04 | 2013-11-05 | International Business Machines Corporation | Automatically and securely configuring and updating virtual machines |
TW201250482A (en) * | 2011-06-02 | 2012-12-16 | Hon Hai Prec Ind Co Ltd | System and method for updating virtual machine templates |
US8533715B2 (en) * | 2011-08-09 | 2013-09-10 | International Business Machines Corporation | Virtual machine management |
US8769519B2 (en) * | 2011-12-08 | 2014-07-01 | Microsoft Corporation | Personal and pooled virtual machine update |
US10713183B2 (en) * | 2012-11-28 | 2020-07-14 | Red Hat Israel, Ltd. | Virtual machine backup using snapshots and current configuration |
US9104447B2 (en) * | 2012-12-03 | 2015-08-11 | International Business Machines Corporation | Restoring a previous version of a virtual machine image |
US9015716B2 (en) * | 2013-04-30 | 2015-04-21 | Splunk Inc. | Proactive monitoring tree with node pinning for concurrent node comparisons |
US9183034B2 (en) * | 2013-05-16 | 2015-11-10 | Vmware, Inc. | Managing availability of virtual machines in cloud computing services |
-
2014
- 2014-04-18 RU RU2014115455/08A patent/RU2573789C2/en active
- 2014-06-18 US US14/308,027 patent/US9182974B1/en active Active
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9660947B1 (en) * | 2012-07-27 | 2017-05-23 | Intuit Inc. | Method and apparatus for filtering undesirable content based on anti-tags |
US20230085233A1 (en) * | 2014-11-17 | 2023-03-16 | At&T Intellectual Property I, L.P. | Cloud-based spam detection |
US20160306735A1 (en) * | 2015-04-16 | 2016-10-20 | International Business Machines Corporation | Customized application performance testing of upgraded software |
US9619371B2 (en) * | 2015-04-16 | 2017-04-11 | International Business Machines Corporation | Customized application performance testing of upgraded software |
US9600267B2 (en) * | 2015-06-15 | 2017-03-21 | International Business Machines Corporation | Optimizing provisioning through automated virtual machine template generation |
US10361916B2 (en) * | 2015-06-30 | 2019-07-23 | International Business Machines Corporation | Cloud system order and configuration using customized templates |
US10333784B2 (en) * | 2015-06-30 | 2019-06-25 | International Business Machines Corporation | Cloud system order and configuration using customized templates |
US20170005865A1 (en) * | 2015-06-30 | 2017-01-05 | International Business Machines Corporation | Cloud system order and configuration using customized templates |
US20170005864A1 (en) * | 2015-06-30 | 2017-01-05 | International Business Machines Corporation | Cloud system order and configuration using customized templates |
US10445122B2 (en) * | 2016-02-08 | 2019-10-15 | Vmware, Inc. | Effective and efficient virtual machine template management for cloud environments |
US20170228246A1 (en) * | 2016-02-08 | 2017-08-10 | Vmware, Inc. | Effective and efficient virtual machine template management for cloud environments |
US11182195B2 (en) | 2017-05-19 | 2021-11-23 | International Business Machines Corporation | Deploying updates to virtual machine images based on differences in artifacts |
US20180336053A1 (en) * | 2017-05-19 | 2018-11-22 | International Business Machines Corporation | Managing different virtual images as a single image |
US20180336055A1 (en) * | 2017-05-19 | 2018-11-22 | International Business Machines Corporation | Managing different virtual images as a single image |
US10534628B2 (en) * | 2017-05-19 | 2020-01-14 | International Business Machines Corporation | Deploying updates to virtual machine images based on differences in artifacts |
US10534630B2 (en) * | 2017-05-19 | 2020-01-14 | International Business Machines Corporation | Deploying updates to virtual machine images based on differences in artifacts |
US10579363B2 (en) * | 2017-11-29 | 2020-03-03 | Citrix Systems, Inc. | Cloud service automation of common image management |
US10860309B2 (en) | 2017-11-29 | 2020-12-08 | Citrix Systems, Inc. | Cloud service automation of common image management |
US11720338B2 (en) | 2017-11-29 | 2023-08-08 | Citrix Systems, Inc. | Cloud service automation of common image management |
US11074060B2 (en) * | 2018-11-15 | 2021-07-27 | Vmware, Inc. | Automated detection of patch criticality on customer environment |
US11294772B2 (en) | 2019-09-04 | 2022-04-05 | EMC IP Holding Company LLC | System and method to achieve virtual machine backup load balancing using machine learning |
US10853190B1 (en) * | 2019-09-04 | 2020-12-01 | EMC IP Holding Company LLC | System and method for a machine learning based smart restore mechanism |
WO2021096349A1 (en) * | 2019-11-15 | 2021-05-20 | Mimos Berhad | Method and system for resource upgrading in cloud computing environment |
Also Published As
Publication number | Publication date |
---|---|
RU2573789C2 (en) | 2016-01-27 |
US9182974B1 (en) | 2015-11-10 |
RU2014115455A (en) | 2015-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9182974B1 (en) | System and methods for updating software of templates of virtual machines | |
US11783036B2 (en) | Ransomware infection detection in filesystems | |
US10229134B2 (en) | Systems and methods for managing upgrades, migration of user data and improving performance of a cloud-based platform | |
US10810088B1 (en) | System and method of dynamic backup policy generation | |
US8494996B2 (en) | Creation and revision of network object graph topology for a network performance management system | |
US8219983B1 (en) | Systems and methods for providing guidance on the potential impact of application and operating-system changes on a computing system | |
US20220005027A1 (en) | Smart contract regulation | |
US11645245B2 (en) | Container software discovery and cataloging | |
US9608867B1 (en) | Detecting deviation of data center connectivity by conditional sub-graph matching | |
US10817542B2 (en) | User clustering based on metadata analysis | |
US11175909B2 (en) | Software discovery using exclusion | |
US11356508B1 (en) | Retry strategies for handling failures during continuous delivery of software artifacts in a cloud platform | |
KR102042230B1 (en) | Synchronizing local and remote data | |
US11880484B2 (en) | Enforcing data isolation in jobs executed by a multi-tenant system on a secondary platform | |
US11196633B2 (en) | Generalized correlation of network resources and associated data records in dynamic network environments | |
US10528530B2 (en) | File repair of file stored across multiple data stores | |
US11099939B2 (en) | Snapshot clustering techniques for multipart volumes | |
US9256509B1 (en) | Computing environment analyzer | |
US20210014243A1 (en) | Method and system for antivirus scanning of backup data at a centralized storage | |
US11221943B2 (en) | Creating an intelligent testing queue for improved quality assurance testing of microservices | |
US20120204149A1 (en) | Discovery-based migration correctness testing | |
US20220222125A1 (en) | Enforcing system configuration freeze of services deployed via continuous delivery on datacenters configured in cloud platforms | |
US11803429B2 (en) | Managing alert messages for applications and access permissions | |
US11526599B2 (en) | Clustered application policy generation | |
US11689560B2 (en) | Network-wide malware mapping |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: KASPERSKY LAB ZAO, RUSSIAN FEDERATION Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:VORONKOV, KONSTANTIN P.;DESHEVYKH, STEPAN N.;SMIRNOV, TIMUR E.;AND OTHERS;REEL/FRAME:033129/0738 Effective date: 20140609 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |