1. Field of the Invention
This invention pertains generally to enterprise computer systems, computer networks, embedded computer systems, wireless devices such as cell phones, computer systems, and more particularly to methods, systems and procedures (i.e., programming) for providing application isolation for multiple applications running on a host operating system and for streaming live applications within isolated environments from a central server into isolated environments on a client and for streaming entire isolated environments from a central server onto a client.
2. Description of Related Art
In many environments one of the most important features is to ensure that one running application doesn't affect other running applications, and that the crash of one application doesn't compromise other running applications. In many environments applications share system resources, libraries and hardware, which expose subtle interconnects between seemingly unrelated applications.
Several approaches have been developed addressing this fundamental problem. The first level of application isolation is provided by the operating system. Modern operating systems such as Linux, UNIX, Windows2000, NT, XP and Vista provide some level of application isolation through the use of processes, and the underlying hardware memory management unit. The use of processes generally ensure than one running application process cannot address memory owned by other processes. This first level of isolation does not address the use of shared resources, such as files, file systems, shared memory, and libraries, so other approaches have been developed.
The present invention builds on the teachings in U.S. patent application Ser. Nos. 12/813,593, 12/813,618, 12/421,691, 12/421,692, and 12/421,694, where Havemose (“Havemose”) teaches “SYSTEM AND METHOD FOR APPLICATION ISOLATION WITH LIVE MIGRATION”, “SYSTEM AND METHOD FOR HIERARCHICAL INTERCEPTION WITH ISOLATED ENVIRONMENTS” and “SYSTEM AND METHOD FOR APPLICATION ISOLATION”. Havemose discloses system and methods for creating and maintaining isolated environments wherein applications can be installed and run without interfering with any other applications on the host system. Havemose further discloses system and methods for creating isolated environments and for the use of pre-created isolated environment as “installation-free” images that can run on a client without requiring direct application installation on the client. Havemose also teaches live migration of isolated environment and the use of hierarchical interception. Havemose teaches an approach that works on commodity operating system using off-the-shelf applications. All of the patent applications were included in their entirety by reference above.
A related challenge is the deployment of applications across a large enterprise or network. By way of example, an enterprise may need to install and keep updated the word processing and spreadsheet applications on thousands of computer systems. With security and software updates being released almost daily, this is a major ongoing undertaking, and one that takes dedicated and highly trained staff. With hardware changing rapidly as well, it's not uncommon for a large enterprise to support hundreds of slightly different platforms with different underlying hardware such as video card, network card, amount of memory and peripherals. A solution would be to store all applications centrally and have the applications automatically installed, upgraded and patched when launched. While this eliminates the manual process of upgrading all applications, it does involve actual installation and upgrading which is fraught with possibilities for mistakes.
A variety of approaches has been created to address these particular challenges. Most require custom applications, custom operating systems or actual installation and updating of all of those thousands of systems.
In U.S. patent application Ser. No. 11/301,066 Smith et. al, teach “OS mini-boot for running multiple environments”. According to the disclosures each “silo” is mini-booted from the same base operating system and isolated using name spaces. This requires a customized operating system with support for mini-boot. A typical commercial environment running a commodity installation of Microsoft Windows or Linux therefore cannot utilize these teachings.
In U.S. Pat. No. 6,574,618 Eylon et al. teach “Method and System for executing networked streamed application”. The core teachings rely on a virtual file system installed on the client and mounted as a local file system combined with breaking up the application steaming into streamlets with delivery of the streamlets into the virtual file system. While this addresses one way to deliver applications, it does not address the concerns about application isolation and requires installation of a custom file system on all clients.
In U.S. Pat. No. 7,127,713 Davis et al, teach “Java application framework for use in content delivery networks (CDN)”. The core teachings describe a particular way to divide the server application into a highly distributed edge layer and a core centralized origin layer. While this addresses scalable delivery of content it does so in the context of Java and relies on the Java environment. It is not generally applicable to non-Java applications.
In U.S. Pat. No. 7,370,071 Greschler et al teach “Method for serving third party software applications from servers to client computers”. The disclosures describe a method for hosting applications on a web server and methods for downloading and upgrading the application to a client computer. The disclosures do not address application isolation and furthermore requires upgrading the client computer application installations every time there's a software update.
Therefore, in many systems, streaming of applications from a central location requires one or more of customized operating systems, custom file systems, customized applications, and proprietary streaming protocols or is limited to specific languages or run-time environments, such as Java. Furthermore, the above-cited references do not include or address application isolation. Hence, there is a need for systems and methods that combine application isolation with streaming of applications from a central server for standard applications running on commodity operating systems such as Windows and Linux