IBM cloud patching system highlights virtualization research

IBM's research division is working on several virtualization projects that could boost security of cloud computing networks, reduce data center power costs, and improve the ability to run multiple hypervisors and operating systems, including Linux and Windows.

IBM's research division is working on several virtualization projects that could boost security of cloud computing networks, reduce data center power costs, and improve the ability to run multiple hypervisors and operating systems, including Linux and Windows.

IBM and North Carolina State University this week announced a new "cloud computing patch tool" that updates virtual machines even when they are offline, boosting the efficiency of applying security updates to cloud networks. The tool is four times faster than current patch application systems, the organizations said.

FAQ: Cloud computing, demystified

"Current patching systems are designed for computers that are online and they don't work for dormant computers or virtual machines," Peng Ning, professor of computer science at N.C. State, said in a press release. "The tool we developed automatically analyzes the 'script' that dictates how a security patch is installed, and then automatically re-writes the script to make it compatible with an offline system."

Ning and colleagues from N.C. State and IBM describe the research in a report that is titled "Always Up-to-date – Scalable Offline Patching of VM Images in a Compute Cloud," and which will be presented at next week's Annual Computer Security Applications Conference in Austin, Texas.

The paper was first published in March, and IBM and N.C. State have tested the system on IBM's Research Compute Cloud, which provides services to IBM researchers.

Because many of the virtual machines in cloud networks are used infrequently, patches are not always applied in a timely manner, IBM said. "This leaves the VMs vulnerable to cyber-attacks when they are brought back online. The VMs are particularly vulnerable if they have been left dormant for months, and missed significant patches," IBM said.

The cloud patching system is just one of several virtualization research projects underway at IBM, which first started using virtualizaton on its own mainframe systems decades ago.

An IBM research paper published last month titled "VMFlow: Leveraging VM Mobility to Reduce Network Power Costs in Data Centers," describes a framework for placing and moving virtual machines "that takes into account both the network topology as well as network traffic demands," in a bid to reduce power use.

"Our simulation uses real data center traces and the results demonstrate that, by applying an intelligent VM placement heuristic, VMFlow can achieve 15 per cent to 20 per cent additional savings in network power while satisfying 50 per cent to 60 per cent more network demands as compared to recently proposed techniques for saving network power," IBM researchers wrote.

In still another research project, dubbed "Turtles," IBM has proposed a nested virtualization system for Intel-based x86 systems.

The Turtles project puts nested virtualization into the KVM hypervisor, which is part of Linux, allowing flexibility to run multiple hypervisors and operating systems.

"The Turtles project … runs multiple unmodified hypervisors (e.g., KVM and VMware) and operating systems (e.g., Linux and Windows)," IBM researchers state. "Despite the lack of architectural support for nested virtualization in the x86 architecture, it can achieve performance that is within six per cent to eight per cent of single-level (non-nested) virtualization for common workloads."

Tags LinuxConfiguration / maintenanceIBMhardware systemsinternetcloud computingoperating systemsNorth Carolina State UniversityData Centernon-Windowsvirtualization

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jon Brodkin

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?