1. Field of the Invention
The present invention relates generally to the running of operating system virtual machines and more particularly to maintaining their security when distributing them to and running them on various computing system (machines) and operating environments.
2. Description of the Prior Art
Operating system (OS) virtualization is a technology that allows multiple operating systems to share the same physical machine. For example, Windows, the operating system from Microsoft of Redmond, Wash., and Linux, an open source operating system, could be running side by side on the same physical machine yet be completely unaware of the presence of each other. The software that provides this virtualization capability is known as a hypervisor and an operating system being run by a hypervisor is known as a guest operating system (“guest OS”). The hypervisor software creates a “virtual machine” for each guest OS and, as such, the terms guest OS and virtual machine are often used interchangeably.
Operating system virtualization is not new technology, IBM of Armonk, N.Y. developed virtualization solutions in the 1960s as a means to partition mainframe computer resources to help organizations reduce costs. Operating system virtualization started to become more common in the 2000s when VMware of Palo Alto, Calif. introduced their first solutions for the of Santa. Clara, Calif. x86-based platforms, the base microprocessor commonly used in desktop and no book computers.
VMware created a flexible platform that allowed a virtual machine to be created on one type of computer and run on another without requiring any changes to the virtual machine. For example, referring now to FIG. 1, shown on the left is a first computer 109 which may be, for example, a server computer from Dell Computer of Round Rock, Tex. running the Windows 7 operating system from Microsoft as a host operating system 107. Guest operating system 101 is shown supported by a hypervisor 103 in order to run under host operating system 107 and to provide isolation between guest operating system 101 and any other guest operating system which may simultaneously be run on computer 109. Also shown coupled to computer 109 are Virtual Machine (“VM”) files 111 which are the files hypervisor 103 accesses via a filesystem 105 of host operating system 107 in order to startup and run guest operating system 101. VM files 111 are the files that comprise a virtual machine and typically include configuration information required to run the virtual machine together with a set of files that correspond to the storage disks of the operating system.
It is possible to take guest operating system 101 running on one machine, for example computer 109, and move it over to and run it on a different machine, for example computer 119 as shown on the right in the figure, which may be, for example, a notebook computer running the Mac OS/X operating system both from Apple of Cupertino, Calif. As depicted in the figure, guest operating system 101 has been moved from computer 109 to computer 119 so that it is now running under hypervisor 113 and host operating system 117 of computer 119 which may be completely different than hypervisor 103 and host operating system 107 of computer 109 due to the differences in operating system and machine environments yet it still operates the same.
As is known in the art, what actually occurs when moving a guest operating system from one computer to another is a process of copying the virtual machine files, again comprising a directory of files on disk, etc., from one machine to another for example by moving Virtual Machine files 111 from computer 109 to computer 119 as shown in the figure.
This flexibility in being able to move a guest operating system from one computer to another, while beneficial in many respects, has its downsides. Because of the low cost and small physical size of modern storage technologies and the commonplace use today of the same processor technology in both corporate data centers and at home, it has become very easy to steal such virtual machines. For example, today a virtual machine running highly confidential payroll or a human resources (BR) database can easily be copied onto a portable storage device and later run on a standard desktop computer at home. VMware even allows the downloading of a free copy of the hypervisor software and support tools to run and analyze these virtual machines.
Yet there remains a legitimate need to be able to move a virtual machine from one machine to another and run it when needed, for all the reasons virtualization was originally developed and has continued to be used today.
What is needed, therefore, is a way to ensure that virtual machine files can still be easily distributed and used on other computers in the case of authorized uses yet be prevented in the case of unauthorized uses.