The present invention relates generally to the field of security policy and/or stability of computer performance issues, and more particularly to security policy and/or stability of computer performance issues applicable to virtual machines.
It is known that changes to a computer system that includes virtual machines (VMs) can introduce operability problems to that computer system. One known technique for attempting to diagnose and/or remediate such problems is by the systematic capture of snapshots (for example, periodic capture of snapshots). In some variations on this known technique, a “partial capture” is used. More specifically, under the partial capture approach, a full VM snapshot is not used, but, rather, a capture of a subset of the information in a server is used, such as the list of all files (at some granularity of the file system), the list of all installed products running processes, open ports, and so on.
One known technique is called “difference computation.” The known technique of “difference computation” can be described as follows: at any moment in time, the state of a server (a physical or virtual entity), measured along many dimensions, can be captured as a snapshot. One representation of the machine state in a snapshot can be recorded in terms of the files on the system, running processes, software packages installed and their configuration settings, configuration settings for various hardware components, the network settings allowing that machine to communicate with others, etc. A difference between any two snapshots of a machine is an important representation of state changes that have occurred on the machine between two points in time (when those snapshots were created). Calculation of such snapshot differences is performed using a difference computation process.