Xiao Xi Liu

Bio: Xiao Xi Liu is an academic researcher from IBM. The author has contributed to research in topics: Service provider & Trusted third party. The author has an hindex of 4, co-authored 6 publications receiving 106 citations.

Identity Federation Broker for Service Cloud

Abstract: As the wide adoption of in-cloud services (e.g., software-as-a-service), some major identity related issues are brought up. For enterprises, it usually introduces additional cost and risk to manage identities in services. For service providers, typical pairwise identity federation solutions are not scalable to support single sign-on, service composition, etc. among services for large environment like service cloud. This paper proposes an identity federation broker that introduces a trusted third party as a trust broker to simplify the management of identity federation in a user centric manner. With this solution, the cost and risk of federated identity management for both enterprises and service providers could be significantly reduced. A detailed scenario implementation is given to demonstrate the feasibility of the solution. Moreover, the vulnerability analysis shows how the solution can resist the typical security attacks.

Identity Federation Broker for Service Cloud.

Abstract: As the wide adoption of in-cloud services (e.g., software-as-a-service), some major identity related issues are brought up. For enterprises, it usually introduces additional cost and risk to manage identities in services. For service providers, typical pairwise identity federation solutions are not scalable to support single sign-on, service composition, etc. among services for large environment like service cloud. This paper proposes an identity federation broker that introduces a trusted third party as a trust broker to simplify the management of identity federation in a user centric manner. With this solution, the cost and risk of federated identity management for both enterprises and service providers could be significantly reduced. A detailed scenario implementation is given to demonstrate the feasibility of the solution. Moreover, the vulnerability analysis shows how the solution can resist the typical security attacks.

Method and device for backing up, restoring a virtual machine

Abstract: A method for backing up or restoring a virtual machine is provided. The backup method includes creating a virtual machine having a first and a second union file system directory. The first directory read only stores a virtual machine base operating system file. The second directory is readable and writable and stores modifications to the base operating system file, and new files generated during running of the virtual machine. The virtual machine preferentially reads and writes the second directory. When a request to back up the virtual machine is received, the data in the second directory is backed up. The restore method includes preparing a virtual machine for restoring data. When a request to restore the virtual machine is received, the backup data of the second directory is obtained and restored to the second directory of the prepared virtual machine.

Virtual machine backup and recovery method and device

Abstract: The invention discloses a virtual machine backup or recovery scheme; the backup scheme comprises the following steps: creating a virtual machine, the virtual machine comprises a first catalog and a second catalog managed by a united file system, the first catalog is arranged to be read-only and used for storing a virtual machine basis operation system file, and the second catalog is arranged to be read-write and used for storing new files generated in a virtual machine running process and modifying the basis operation system file; running the virtual machine, and the virtual machine can read-write the second catalog with priority in the running process; responding to a received request of backing up the virtual machine, and backing up the virtual machine according to the data of the second catalog. The recovery scheme comprises the following steps: preparing the virtual machine for recovering data; responding to the backup operation, and obtaining corresponding backup data of the second catalog; recovering obtained backup data to the second catalog of the prepared virtual machine. The method and device can conveniently backup and recover the virtual machine.

High Availability Benchmarking for Cloud Management Infrastructure

Abstract: Cloud-management infrastructure plays an important role as a part of cloud computing stacks, serving as the resource manager of cloud platforms. The complexity of cloud-management infrastructure makes its high availability (HA) one of the most critical requirements. Various technologies have been developed to increase the reliability and availability of cloud management infrastructure, however, little work focused on quantitative analysis of its availability. In this paper, we designed a new availability benchmarking method for cloud management infrastructure. By using our measurement method, a private cloud customer or public cloud provider can estimate the availability of deployment of its cloud management stack. We have evaluated our method on Open Stack cloud infrastructure. We show that with various HA technologies and configurations, the availability of the cloud management infrastructure can be greatly different.

Virtual machine change block tracking

Abstract: According to certain aspects, a system includes a client device that includes a virtual machine (VM) executed by a hypervisor, a driver located within the hypervisor, and a data agent. The VM may include a virtual hard disk file and a change block bitmap file. The driver may intercept a first write operation generated by the VM to store data in a first sector, determine an identity of the first sector based on the intercepted write operation, determine an entry in the change block bitmap file that corresponds with the first sector, and modify the entry in the change block bitmap file to indicate that data in the first sector has changed. The data agent may generate an incremental backup of the VM based on the change block bitmap file in response to an instruction from a storage manager, where the incremental backup includes the data in the first sector.

Efficient live-mount of a backed up virtual machine in a storage management system

Abstract: Systems and methods enable a virtual machine, including any applications executing thereon, to quickly start executing and servicing users based on pre-staged data blocks supplied from a backup copy in secondary storage. An enhanced media agent may pre-stage certain backed up data blocks which may be needed to launch the virtual machine, based on predictive analysis pertaining to the virtual machine's operational profile. The enhanced media agent may also pre-stage backed up data blocks for a virtual-machine-file-relocation operation, based on the operation's relocation scheme. Servicing read requests to the virtual machine may take priority over ongoing pre-staging of backed up data. Read requests may be tracked so that the media agent may properly maintain the contents of an associated read cache. Some embodiments of the illustrative storage management system may lack, or may simply not require, the relocation operation, and may operate in a “live mount” configuration.

Efficiently restoring execution of a backed up virtual machine based on coordination with virtual-machine-file-relocation operations

Abstract: The disclosed systems and methods enable a virtual machine, including any applications executing thereon, to quickly start executing and servicing users based on pre-staged data blocks supplied from a backup copy in secondary storage. Substantially concurrently with the ongoing execution of the virtual machine, a virtual-machine-file-relocation operation may move data blocks originating in the backup copy to a primary storage destination that becomes the virtual machine's primary data store after the relocation operation completes. An enhanced data agent, operating in conjunction with an enhanced media agent in a storage management system, coordinates restoring of the virtual machine and the launch of the relocation operation. The enhanced media agent may pre-stage certain backed up data blocks which may be needed to launch the virtual machine, based on predictive analysis pertaining to the virtual machine's operational profile. The enhanced media agent may also pre-stage backed up data blocks for the relocation operation, based on the operation's relocation scheme. Servicing read requests to the virtual machine may take priority over ongoing pre-staging of backed up data. Read requests may be tracked so that the media agent may properly maintain the contents of an associated read cache. Some embodiments of the illustrative storage management system may lack, or may simply not require, the relocation operation, and may operate in a “live mount” configuration.

Cross-platform virtual machine backup and replication

Abstract: According to certain aspects, a method can include, at a first time, performing an incremental backup of first data associated with a virtual machine (VM) residing on a source client computing device from the source client computing device to one or more secondary storage devices to create a backup copy of the VM, where the VM is associated with a hypervisor of a first type; receiving an instruction to restore the first data associated with the VM from the one or more secondary storage devices; retrieving the first data from the one or more secondary storage devices; and applying the first data to second data associated with a replicated VM running on the destination client computing device, where the replicated VM is a replicated version of the VM, and where the second data corresponds to data of the VM at a time before the first time.

Volume or virtual machine level backup and generating placeholders for virtual machine files

Abstract: According to certain aspects, a method can include creating a backup copy of data associated with a virtual machine (VM) on one or more secondary storage devices, wherein the backup copy includes corresponding secondary copies of a plurality of files associated with the VM; analyzing metadata associated with the secondary copies to determine which of the plurality files are eligible to be removed from the primary storage device; in response determining that one or more files are eligible to be removed from the primary storage device, for respective file of the one or more files: determining whether the respective file has been changed since a first time at which the backup copy of the data associated with the VM was created; in response to determining that the respective file has not changed since the first time, removing the respective file; and adding a file placeholder for the removed file.