as United States
`a2) Patent Application Publication co) Pub. No.: US 2002/0124072 Al
`
` Tormasovetal. (43) Pub. Date: Sep. 5, 2002
`
`
`US 20020124072A1
`
`(54) VIRTUAL COMPUTING ENVIRONMENT
`
`Related U.S. Application Data
`
`(76)
`
`Inventors: Alexander Tormasov, South San
`T'rancisco, CA (US); Dennis Lunev,
`South San Francisco, CA (US); Serguei
`Beloussov, Monte Serino, CA (US);
`Stanislav Protassov, Singapore (SG);
`Yuri Pudgorodsky, South San
`Francisco, CA (US)
`
`(60) Provisional application No. 60/269,655,filed on Feb.
`16, 2001.
`
`Publication Classification
`(SL) Unt. C17 occscsncsnsnsnntntntectete GO6F 15/173
`
`(52) US. Che esnmnnntuntsninsninninnnnnnnnnse 709/223
`
`(57)
`
`ABSTRACT
`
`Correspondence Address:
`Alan R. Thiele
`JENKENS & GILCHRIST, PC.
`1445 Ross Avenue, Suite 3200
`Dallas, TX 75202-2799 (US)
`
`(21) Appl. No.:
`
`09/918,031
`
`Methodofefficient utilization of a single hardware system
`with single operating system kernel wherein a virtual envi-
`ronment, functionally equivalentto a full-featured operating
`system box, is provided to an end user without emulation of
`hardware, dedicated physical memory or another hardware
`resource. Such method is realized by separation of user
`processes on the level of namespace and on the basis of
`restrictions implementedinside the operating system kernel.
`Each virtual environmentis invisible to other virtual envi-
`ronments within the system and has a completely indepen-
`dentroot file system.
`
`Google Exhibit 1010
`Google v. VirtaMove
`
`(22)
`
`Filed:
`
`Jul. 30, 2001
`
`
`
`_-1o
`
`Google Exhibit 1010
`Google v. VirtaMove
`
`

`

`Patent Application Publication
`
`Sep. 5, 2002 Sheet 1 of 3
`
`US 2002/0124072 Al
`
`|
`aiee
`
`
`
`_~ 10
`
`user
`100
`
`
`
`
`
`
`FIG 1
`
`

`

`Patent Application Publication
`
`Sep. 5, 2002 Sheet 2 of 3
`
`US 2002/0124072 Al
`
`200
`
`computer
`oor208
`sstpneoneentennnnssn”
`
`F
`
`A sooner, IOLA Leagan :
`|
`system
`:
`earnena
`i
`:
`
`local file
`system fo
`
`:
`
`focalfile
`sysien
`
`
`
`é~
`
`sharable
`code
`
`Hardvere resouces
`
`FIG. 2
`
`

`

`Patent Application Publication
`
`Sep. 5, 2002 Sheet 3 of 3
`
`U 2002/0124072 Al
`
`
`
`computer
`
`J
` fnarabie
`
`
`
`
`PoP ayo I IETDFa ITOT
`.
`PE OLE EE LE
`OE
`LAP EE Oy GE
`
`fee KLE PEE
`2
`PLE LE OOOEL IEEE fhe
`OE ee
`
`
`
`
`
`
`so Hal
`e5auGes |
`revere
`
`
`
`300
`
`coda
`
`FIG 3
`
`

`

`US 2002/0124072 Al
`
`Sep. 5, 2002
`
`VIRTUAL COMPUTING ENVIRONMENT
`
`REFERENCE TO RELATED APPLICATIONS
`
`[0001] This application claims the benefit of U.S. Provi-
`sional Application for Patent No. 60/269,655 titled “Use of
`Virtual Computing Environments to Provide Full Indepen-
`dent Operating System Services on a Single Hardware
`Node”filed on Feb. 16, 2001 for priority under 35 U.S.C.
`§119(e),is related thereto, is commonly assigned therewith,
`and incorporates herein by reference in its entirety the
`subject matter thereof.
`
`BACKGROUND OF THE INVENTION
`
`[0002]
`
`1. Technical Field
`
`[0003] This invention relates to the provision of full
`independent computer system services across a network of
`remote computer connections.
`
`[0004]
`
`2. Description of the Prior Art
`
`[0005] The problem of providing computer services across
`remote computer connections has existed during the last
`30-40 years beginning with the early stages of computer
`technologies. In the very beginning, during the mainframe
`computer age, this problem wassolved by renting computer
`terminals which were associated with a mainframe computer
`and then connecting the related computer terminals to the
`mainframe computer using a modem or dedicated lines to
`provide the mainframe computer with data access services
`(U.S. Pat. No. 4,742,477, Bach 1987). Later, with the
`beginning of the age of personal computers and with the
`widespread acceptance of the client-server model (Crowley
`1997), the problemof access to large information sources in
`the form of computer readable data, at first look, seems to
`have been solved. Specifically, every user could have his
`own computer and then rent an Internet connection to obtain
`access to information sources or data stored on other com-
`puters.
`
`Internet access,
`[0006] Today, with wide growth of
`another problem has arisen—the problem of information
`creation. Usually, users want to put out their own informa-
`tion sources in the form of websites and then provide other
`computer users with access to these websites. However,it is
`not possible to install a web server on most home conncc-
`tions to a personal computer, simply because the connection
`to the network from a home computer
`is usually not
`adequate to handle the amount of data transfer required.
`Accordingly, this need has given birth to an industry called
`a “hosting service”—a hosting service provides computer
`users with an ability to utilize installed web services (Eckel
`1995).
`
`[0007] When one wants to provide Internet users with
`information in the form of computer readable data (usually
`in web server form) which could be of interest ta a wide
`range of Internet users, one must store the information and
`provide a reliable network connection to access the infor-
`mation when needed.
`
`[0008] The problem of providing ordinary personal com-
`putcr uscrs access to information on large capacity comput-
`ers occurred virtually from the beginning of personal com-
`puter production. During the era of the mainframe computer,
`whendirect user access to computer equipment wasdifficult,
`
`this problem was solved by providing users with remote
`terminals directly connected to a single mainframe computer
`(U.S. Pat. No. 4,742,477, Bach 1987). These remote termi-
`nals were used to obtain certain services from mainframe
`
`computers. The advantage of using multiple remote termi-
`nals with a single mainframe computer wasthat the user had
`little trouble accessing both the mainframe computer hard-
`ware and,
`to some extent,
`the software resident on the
`mainframe computer. This is because mainframe computer
`administration has always dealt with installing and updating
`software.
`
`[0009] Later, with the introduction of personal computers,
`each personal computer user could gain access to computing
`powerdirectly from his workplace or home. With the advent
`of Internet access, the needs of mostusers for large amounts
`of information and robust operating systems were met.
`
`[0010] The client-server model of networking computers
`(Crowley 1997) provides a system for accessing computer
`readable data in which a personal computeris designated as
`the client computer and another computer or a set of
`computers is designated as the server computer. Access to
`the server computeris carried out in a remote way covering
`the majority of needs of the common computerusers.
`
`[0011] But even the client-server model has some very
`fundamental drawbacks. Specifically, the high price of ser-
`vicing many client workplace computers,
`including the
`creation of a network infrastructure and the installation and
`
`upgrading of software and hardware to obtain bandwidth for
`client computer network access, is a significant drawback.
`Additionally, the rapid growth of information on the Internet
`has produced more users who in turn continue to fill the
`Internet with more information. The required service to
`client computers should be provided bya sufficiently pow-
`erful server computer (usually a web or www server) which
`has an access channel to the Internet with corresponding
`power. Usually, personal computers have enough perfor-
`mance capability to interact with most of the web servers,
`but the typical network accessis usually less productive than
`whatis required. Additionally, most home personal comput-
`ers cannot provide sufficient reliability and security. Apart
`from Internet services,
`the same problems occur when
`ordinary personal computerusers utilize very complex soft-
`ware packages. Users spend a lot of time and effort setting
`up and administering these complex software packages. To
`solve these web service problems, a remote web host (usu-
`ally supported by an ISP, ie., Internet Service Provider)
`usually hosts the web servers for the personal computer
`users. Thus, the personal computer user is restricted to use
`of the standard preinstalled web server of the ISP. As a
`result, the personal computer user’s options are limited.
`
`[0012] Problems usually arise with the use of CGI (The
`Common Gateway Interface) scripts and more complex
`applications requiring a data base. Such computer tools
`cannot be used to access any of the personal computer user’s
`programson a remote server. The personal computer useris
`used to the absolute freedom of adjustment of his local
`machine, and therefore the limitations that are imposed by
`the administration of a remote node on a data storage
`network are often unacceptable.
`
`[0013] One solution to these problemsis the use of com-
`puter emulators. The OS/390 operating system for IBM
`mainframe computcrs has becn in usc for many years
`
`

`

`US 2002/0124072 Al
`
`Sep. 5, 2002
`
`(Samson). The same products with hardware partitioning are
`produced by another vendor of computers—Sun Microelec-
`tronics (Kobert). Each personal computer user is given a
`fully-functional virtual computer with emulated hardware.
`This approach is very costly because the operating system
`installed in the corresponding virtual computer does not
`recognize the existence of the neighboring analogous com-
`puters and shares practically no resources with those com-
`puters. Experience has shownthat the price associated with
`virtual computers is very great.
`
`{0014] Another analogous solution for non-mainframe
`computers utilizes software emulators of the VMware type
`(VMWare Workstation 2.0 Documentation). These software
`programs exist for different types of operating systems and
`wholly emulate a typical computer inside one process of a
`main computer operating system.
`
`[0015] The main problem is the limitation on the number
`of computer emulators that can be used on a typically
`configured server. This limitation is usually due to the fact
`that the size of the emulated memory is close to the size of
`the memory used by the process or in which the computer
`emulator works. ‘That is, the number of computer emulators
`that can be simultaneously used on one server ranges from
`about 2-3 to about 10-15. All of the above-mentioned
`
`solutions can beclassified as multikernel implementations of
`virtual computers; i.e., the simultaneous existence on one
`physical computer of several operating system kernels that
`are unaware of each other.
`
`[0016] Therefore, when it is necessary for many personal
`computer users to deal with a hosting computer, each
`personal computer user must be provided with a complete
`set of services that the personal computer user can expect
`from the host; i.e., a complete virtual environment which
`emulates a complete computer with installed operating sys-
`tem. For an effective use of equipment,
`the number of
`computers in a virtual environment installed in one host
`computer should beat least two to three times larger than the
`numbers mentioned above.
`
`BRIEF SUMMARYOF THE INVENTION
`
`[0017] The present invention describes a method of effi-
`cient utilization of a single hardware system with a single
`operating system kernel. The end user of a personal com-
`puter connected to a server system is provided with a virtual
`computing environmentthat is functionally equivalent to a
`computer with a full-featured operating system. There is no
`emulation of hardware or dedicated physical memory or any
`other hardware resources as is the case in a full hardware
`
`emulation-type solution.
`
`[0018] The system and method of the present invention is
`implemented by the separation of user processes on the level
`of kernel objects/resources namespace and on the basis of
`access restrictions enforces inside the operating system
`kernel. As defined in (Crowley 1997), namespace is a
`collection of unique names, where name is an arbitrary
`identificr, usually an integer or a character string. Usually
`the term “name”is applied to such objectsasfiles, directo-
`ries, devices, computers, etc. Virtual computing environ-
`ment processes are never visible to other virtual computing
`environments running on the same computer. A virtual
`computing environment rootfile system is also nevervisible
`to other virtual computing cnvironments running on the
`
`same computer. The rootfile system of a virtual computing
`environmentallowsthe root user of every virtual computing
`environment to perform file modifications and local operat-
`ing system parameters configuration.
`
`BRIEF DESCRIPTION OF THE DRAWING
`FIGURES
`
`{0019] A better understanding of the present invention
`may be had by reference to the drawing figures, wherein:
`
`[0020] FIG. 1 shows a network of end users with access
`to virtual computing environments encapsulated in a com-
`puter with a full feature operating system in accordance with
`the present invention;
`
`{0021] FIG.2 showsa utilization of resources of hardware
`(memory and file system) by different virtual computing
`environments; and
`
`{0022] FIG.3 showsa utilization of resources of hardware
`(memory and file system) in another full hardware emulation
`solution.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`[0023] The disclosed invention presents a method for
`efficient utilization of a single hardware system with a single
`operating system kernel. The utilization of the disclosed
`system and method is perceived by the personal computer
`user as if he has obtained full network root access to a
`
`common computer with a fully-featured operating system
`installed on it. Specifically,
`the end user of a personal
`computer is provided with a virtual computing environment
`that
`is functionally equivalent
`to a computer with full-
`featured operating system.
`
`From the pointof view of the end userof a personal
`[0024]
`computer, each virtual computing environmentis the actual
`remote computer with the network address in which the end
`user can perform all actions allowed for the ordinary com-
`puter: the work in commandshells, compilation and instal-
`lation of programs, configuration of network services, work
`with offices and other applications. As shownin FIG. 1,
`several different users 10, 20, 30 of personal computers can
`work with the same hardware node 100 without noticing
`cach other, just as if they worked on totally scparate com-
`puters with no associated hardware.
`
`[0025] Each virtual computing environment includes a
`complete set of processes and files of an operating system
`that can be modified by the end user. In addition, each end
`user 10, 20, 30 may stop and start the virtual computing
`environment in the same manner as with a common oper-
`ating system. However, all of the virtual computing envi-
`ronments share the same kernel of the operating system. All
`the processes inside the virtual computing environmentare
`the common processes of the operating system and all the
`resources inherent to each virtual computing environment
`are shared in the same way as typically happens inside an
`ordinary single kernel operating system.
`
`[0026] FIG. 2 shows the method enabling the coexistence
`of the two virtual computing cnvironments 40, 50 on onc
`hardware computer 200. Each of the two virtual computing
`environments 40, 50 has its own unique file system 45, 55
`and cach virtual environment can also sce the commonfile
`
`

`

`US 2002/0124072 Al
`
`Sep. 5, 2002
`
`the processes of all virtual computing
`system 205. All
`environments work from inside the same physical memory.
`If two processesin different virtual computing environments
`were started for execution from one file (for example from
`the shared file system) they would be completely isolated
`from each other, but use the same set of read-only shared
`physical memory pages.
`
`In this manner, highly effective implementation of
`[0027]
`multiple virtual computing environments inside one operat-
`ing system is achieved. There is no emulation of hardware
`or dedicated physical memory or another hardware resource.
`
`[0028] As shownin FIG.3, the disclosed invention differs
`from the other solutions that provide a complete emulation
`of computer hardware to give the user a full scope virtual
`computer al a higher cost. This happens because a minimum
`of 2 actual kernels 60, 70 are performedin the computer 300,
`one inside the other—the kernel of the main operating
`system and inside the process, the kernel of the emulated
`operating system.
`
`‘lhe implementation of the kernels of the operating
`[0029]
`system with the properties necessary for this invention carry
`out the separation of the personal computer users not on the
`level of hardware but on the level of the namespace and on
`the basis of access limitations implemented inside the ker-
`nels of the operating system.
`
`are
`[0030] Virtual computing environment processes
`never visible to other virtual computing environments run-
`ning on the same computer. The virtual computing environ-
`mentroot file system is independentandis also nevervisible
`to other virtual computing environments running on the
`same computer. The rootfile system of the virtual computing
`environment allows a root user of every virtual computing
`environment to make file modifications and configure their
`own local parameters of the operating system.
`
`[0031] The changes done in the file system in one virtual
`computing environmentdo not influence the file systems in
`the other virtual computing environment.
`
`[0032] The disclosed system and method has been dis-
`closed by reference to its preferred embodiment. Those of
`ordinary skill
`in the art will understand that additional
`embodiments of the disclosed system and method are made
`possible by the foregoing disclosure. Such additional
`embodiments shall fall within the scope and meaning of the
`appended claims.
`
`BIBLIOGRAPHY
`
`[0033] Bach, Maurice. 1987. Design of the Unix Oper-
`ating System by Marice J Bach, 1 edition (Feb. 27,
`1987) Prentice Hall; ISBN: 0132017997.
`
`[0034] Crowley, Charles. 1997.Operating Systems: a
`design-oriented approach. Irwin. 1997. ISBN 0-256-
`15151-2.
`
`[0035] Eckel, George and Chris Hare. 1995. Building a
`Linux Internet Server, Chris Hare”, G. Eckel, New
`Riders Publishing; ISBN: 1562055259.
`
`[0036] Kobert, Jeannie Johnstone. Guide to High Avail-
`ability: Configuring boot/root/swap, Prentice Hall
`PTR/Sun Microsystems Press; ISBN: 0130163066.
`
`[0037] Samson, Stephen L. MVS Performance Manage-
`ment Os/390 Edition: With Mvs/Esa Sp Version 5.
`Ranade IBM Series, ASIN: 0070577005.
`
`[0038] The Common Gateway Interface, document
`downloaded from Internet http://hoohoo.nesa.uiuc.edu/
`cgi/overview.html.
`
`[0039] U.S. patent Document U.S. Pat. No. 4,742,477
`May 3, 1988 Phillips, et al. 361/686.
`
`[0040] VMware Workstation 2.0 Documentation, docu-
`ment downloaded from Internet http:/Avww.vmware-
`.com/support/ws2/doc/index_ws_linux.html.
`
`Whatis claimed is:
`
`1. A systemfor efficient utilization of a single hardware
`system with a single operating system kernel by an end user
`of a personal computer, said system comprising:
`
`a virtual computing environment functionally equivalent
`to a computer having a full-featured operating system;
`
`said virtual computing environment constructed and
`arranged to separate user processes on the level of
`namespace and onthe basisof restrictions implemented
`inside said operating system kernel;
`
`whereby emulation of hardware resource or a dedicated
`memory is not required.
`2. The system as defined in claim 1 wherein virtual
`computing environments are not visible to other virtual
`computing environments operating in a network of comput-
`ers on non-network level of communications.
`
`3. The system as defined in claim 1 wherein each virtual
`computing environment has a completely independent root
`file system.
`
`