1. Technical Field
This invention relates generally to inter-node communication, such as communication between processes of different partitions of one or more servers, and more particularly to such communication that is secure in nature.
2. Description of the Prior Art
Servers are used in a wide variety of different computing applications. A server generally is a computer on a network that is accessible by a number of client computers also on the network. Servers are used for Internet web applications, data storage applications, data mining applications, as well as other types of computing applications. As used herein, a node can be a server, but is not limited to a server. For example, a node may refer to a partition of a server.
Because servers may need to be upgraded as their processing requirements grow, some servers are scalable. A scalable server is one that can be upgraded to handle greater amounts of processing. For instance, a scalable server may be able to have its number of processors increased as necessary.
A server, such as a scalable server, may be partitioned into different operating system instances. Each operating system instance is logically a different virtual computer running in a separate partition, or domain, of the server, and is separate from the other operating system instances. The operating system instances may run the same or different operating systems, such as UNIX, LINUX, MICROSOFT WINDOWS NT, as well as other types of operating systems.
Each operating system instance usually can have a number of different processes running on it, such as user processes, kernel processes, and other types of processes. A kernel is a fundamental part of the operating system that provides basic services to the user processes. Each process may be a separate application program, instances of a number of different types of application programs, and so on. The processes run in separate parts of the partition referred to as user spaces. As used herein, the software of a node can be a process running in a partition, but is not limited to a process running in a partition.
Processes in different partitions may find it necessary to communicate with one another, to exchange data, and for other purposes. In some types of servers, each partition has an associated kernel agent that is responsible for allowing user processes of its partition to communicate with user processes of other partitions. Agents are routines that run in the background, and perform actions as needed.
A server may have a number of potential communication end points that allow the processes of its partitions to communicate with the processes of partitions of the same or other servers. The communication end points may be statically or dynamically allocated among the server's different partitions. When a process wishes to communicate with a process of a different partition, it receives temporary use of a communication end point for this purpose, assuming one is available.
A virtual communication channel is therefore established between a communication end point of one partition and a communication end point of another partition. Each communication end point corresponds to a user or kernel process of a partition. A difficulty is that the virtual communication channel is desirably secure. That is, the kernel agents of the various partitions may not a priori trust one another. To ensure the stability and security of the partition, however, a kernel agent should be able to restrict connections to only those end points in other partitions that it has authorized. Furthermore, the kernel agent must ensure that malicious or corrupt kernel agents of other partitions are not able to pretend that they have received authorization to establish a channel.
A limited solution to this difficulty is the use of a hypervisor. A hypervisor is a facility that typically runs in large enterprise servers for providing and managing multiple virtual computers, or operating system instances, running in partitions. The hypervisor is inherently trusted by all user processes and kernel agents. However, where the hypervisor runs on a remote processor or server, having all communications run through the hypervisor results in degraded performance of inter- process communications. Furthermore, many types of computers, such as those using INTEL PENTIUM-class processors, do not have the necessary capability to run a hypervisor.
Another limited solution is to have a single trusted communication channel created among all the partitions when they are first configured. The kernel agents can use this channel to send authorized messages to one another, for the purpose of establishing virtual channels between partitions. However, this solution does not prevent malicious or corrupt agents from pretending that they have received authorization to establish a channel. Furthermore, it forces kernel intervention for all communication calls.
For these described reasons, as well as other reasons, there is a need for the present invention.