TW201600970A - System of system and method for virtualization and cloud computing system - Google Patents

Abstract

A "systems of system" and method for virtualization and cloud computing system are disclosed. According to one embodiment Fig.1, a "systems of system" comprises at least two systems. The first system includes multi-core processing cluster, multi-tasking operating system with application software stacks, and the second system includes identical or non-identical multi-core processing cluster, real time operating system with real time software stacks in communication with a network interface card, PCI-e and software instructions. When the software instructions are sent from first system to the second system and executed by the second system they cause the second system to receive a request for a service, create a new or invoke an existing software or virtual machine to service the request, and return a desired result indicative of successful completion of the service to the first system. The second system, within or external to the first system, can be expanded into multiple identical or non-identical systems. Each system within can invoke its own applications and has its own software stack with the software applications running concurrently in the software stacks of first system. By expanding both hardware infrastructure and software infrastructure, the second system can expanded into multiple systems, virtualized or non-virtualized, the resources of overall "systems of system" can be dynamically expanded based on the type of applications, loading of applications and users' requirements into on-demand cloud computing system.

Description

Method for integrating system groups and virtualization and cloud computing systems

The method and system relate to a computer system, and more particularly to a method of configuring a data driven application in a processor cluster.

In computing, virtualization refers to the fictitious (non-physical) of a thing, such as a hardware platform, operating system, storage device, or network resource.

Virtualization is part of the overall trend of enterprise IT, including the automated computing and utility computing of IT environments that can be self-managed according to known activities. The computer computing power is considered to be the utility of the customer to pay for the service as needed. The usual goal of virtualization is to centrally manage tasks while improving scalability and workload.

The clustering of a large number of personal computers, smart phones and smart mobile devices has a large demand for the processing performance of network packets in non-virtualized and virtualized servers in the data center environment.

The complex packet processing from different mobile devices requires different service content differentiation and security, and green computing becomes a necessary matter for energy saving. In addition, shortening the associated schedule of infrastructure can create revenue faster.

Optimized technology advances to achieve the desired performance levels while providing unmatched scalability solutions with integrated performance and energy consumption ratios, offering some multi-core CPU and hardware industry standards such as AMC standards, PCI Express standards, RapidIO standards and advanced TCA standards and Card Center Standard.

High-performance software packet processing capabilities are required to perform different common protocols with high efficiency and ensure proper service quality. Most of the advanced networks use hierarchical service functions, which can handle the different contents of each packet service one by one.

Communication between the data center and remote users is usually encrypted using IPSec and requires the assistance of a hardware encryption engine. Multicore technology provides the processing power necessary and the low-energy, high-end integration required for advanced networks. However, the continued development of software design has made development and integration difficult, and as a result, the integration of multi-core architecture solutions has been hindered.

With virtualization and cloud computing becoming more popular, existing servers can be logically integrated into a single device to provide a large amount of resources. The ability to aggregate the computing power of these devices into a single-available repository facilitates server utility while reducing capital requirements for operating expenses. But virtualization has made it impossible for traditional network security measures to properly protect against existing security threats in virtual environments. This is because the path between the server and the storage subsystem lacks major protection features, and the lack of protection prevents the enterprise from experiencing the significant benefits of data center changes.

Cloud computing is often seen as creating security risks and introducing new threat vectors, as well as losing opportunities for existing security improvements. Cloud features such as standardization and automation increase visibility in infrastructure can significantly increase the security level. Operating computing services in isolated areas, providing dynamic and static preset data encryption, and virtual storage control data, are ways to improve reliability and reduce data loss. In addition, automated delivery and recycling of enhanced image files reduces the attack surface and improves data access.

As the information and communications technology industry continues to transform into the third generation of platforms, including the world of mobile/social/cloud/massive data, with complex virtualization measures in the cloud infrastructure Widely used, mass network traffic in the data center explodes due to high-density VMs (virtual machines) and mobile devices/cloud services, so the performance of virtualized servers and access to network/storage devices become important factors. Because the technology of the data center has changed dramatically from the architecture of the client/server. In addition, it can solve the network and broadband IO bottlenecks caused by the provision of new services and the problems that may arise under the infrastructure platform (or the cloud computing platform that integrates servers, storage devices, networks and management software). A major challenge for existing servers and cloud computing platforms in data centers and public/private cloud facilities.

In one aspect, the present invention means that a distributed computing system includes a network interface and/or a communication link between processors, and the first processor clusters the network interface and/or the communication between the processors. Link, the first processing cluster with one or more hardware cores, the first processing cluster configurable to perform the task operating system and / or configuration using the multiplexed instruction system, the second processing cluster A link between the network interface and/or the processor is used to link the first processing cluster, and the second processing cluster contains one or more hardware cores, and the second processing cluster can be grouped Performing an immediate operating system and/or configuration using an instant command system, the agents and configurations executed by the first group of instant operating systems accept instant processing requests from the first processing cluster and return these instant processing requests The result is given to the first processing cluster. There is a group of software stacks configured on the first execution of the cluster's program execution according to the processing conditions of its specific real-time processing requirements, thereby transferring the routing processing that requires immediate processing to the second processing cluster, where instant Processing request content contains one or more I/O functions. In a particular embodiment, the one or more I/O functions include a cache data function and an I/O software control function. In a particular embodiment, the I/O function can be stored and aggregated in at least one computer file and accessed as needed.

In a particular embodiment, the computer file is located in the local system and in a storage device on the network. In a particular embodiment, the storage device can be a hard disk, a CD-ROM, an SSD or a non-volatile memory (NVM) or a hybrid storage device of a hard disk and an SSD/NVM. In a particular embodiment, the computer file can be managed, accessed, read, stored, and maintained by an archive system such as a shared file system and/or a file on the network file system and/or file system. In a specific embodiment, the plurality of computer files are located in a storage system of a local system or a network, and the storage device may be a hard disk, a CD-ROM, an SSD, or a non-volatile memory (NVM) or A hybrid storage device for hard drives and SSD/NVM. In a particular embodiment, the computer file can be managed, accessed, read, stored, and maintained by an archive system such as a shared file system and/or a file on the network file system and/or file system. In a particular embodiment, the first processing cluster can be managed by a virtualization server system. In a specific embodiment, the second processing cluster may further include an instant management program for coordinating the multi-core of the second processing cluster, configuring the service request from the first processing cluster, and transmitting to the The instant management program manages its second processing in the virtual machine executed by the cluster core.

In a particular embodiment, the first processing cluster can be managed by a multiplex management program or a multi-work system by multiple clusters. In a particular embodiment, the first processing cluster having multiple identical clusters is managed by a multiplex manager or a multi-work system. In a particular embodiment, the second processing cluster can be managed by a multiplex management program or a multi-work system by multiple clusters.

In a particular embodiment, the second processing cluster can be managed by an instant management program or an instant operating system with at least two clusters. In a specific embodiment, the system includes: an application layer server agent and an intermediary software server agent and a response media software interface program executed in the second processing cluster and a response intermediary executed in the first processing cluster software. The second processing cluster consists of multiple cores with at least two cores optimized for different job families. In the In the embodiment, the second processing cluster contains multiple cores, and at least two cores optimized for different job families. In a particular embodiment, this different job content includes I/O functions, network functions, network services, security functions, content-rich compression (encoding), and decompression (decoding) functions.

In a particular embodiment, the second processing cluster contains a plurality of cores, and at least two cores optimized for different job families. The second processing cluster consists of multiple cores with at least two cores optimized for different job families. In a specific embodiment, one or more data may be executed by DRAM, SRAM, SSD, non-volatile memory (NVM) mixed data cache memory in different memories, ie, DRAM, SRAM, SSD, and NVM. Cache feature.

In a specific embodiment, multiple DRAMs, SRAMs, SSDs, non-volatile memory (NVMs) can be used as data cache memory, or in different memories, namely DRAM, SRAM, SSD, and NVM. A mixed data cache to perform one or more data cache functions.

In a specific embodiment, the system includes code for performing one or more I/O functions, network functions, network services, VLANs, link aggregation, GRE encapsulation, IP tunneling GTP and IP, 2/3 Layer virtual routing management, routing, virtual routing, overwriting terminal networks, traffic management, service connectivity, expansion to unlimited traffic, virtual URL planning and buffer management, security features, rich content content, compression (plus) and decompression File (decoding) function.

In a specific embodiment, a new code can be downloaded to the second processing cluster by the intermediary software client agent in the first processing cluster for the application layer server agent, the intermediary software server agent. Execution of the program and mediation client agent. In a specific embodiment, a new virtual machine can be downloaded to the second processing cluster by the intermediary software client agent in the first processing cluster for the application layer server agent and the intermediary software. Execution of the server agent and the mediation client agent. In a specific embodiment, a new service content can be downloaded to the second processing cluster by the intermediary software client agent in the first processing cluster, and is used for the application layer server agent and the intermediary software server. Execution of the agent and mediation client agent.

In another aspect, the invention is directed to an arithmetic method in a distributed system comprising: a. processing with a plurality of clustered applications comprising one or more hardware core configurable multi-work systems And/or configuration using a multiplexed instruction system; b. performing an immediate job cluster with one or more hardware cores configurable to execute an immediate operating system and/or configuration using an instant command system, where the instant command system Contains one or more I/O functions; c. an application's analysis operations are integrated into both immediate and non-instant processing; d. based on network connections from the multiplexed processing cluster and/or communication link requests between processors To deliver instant processing to the Instant Job Cluster; and e. Provide instant processing of the Instant Job Cluster to the multiplex cluster. In a particular embodiment, the one or more I/O functions include a data cache function and an I/O software control function. In a specific embodiment, the I/O function can store and aggregate at least one computer file and access the computer file upon request. In a particular embodiment, the computer files and data are located in a storage system of the local system or network. In a particular embodiment, the storage device can be a hard disk, a CD-ROM, an SSD or a non-volatile memory (NVM) or a hybrid storage device of a hard disk and an SSD/NVM.

The drawings are a part of the description of the invention, and are intended to illustrate the embodiments of the invention and the detailed description

(101), (201), (601)‧‧‧ Application Server

(102), (202), (602), (602_A)‧‧‧ system VCSS

(102_A)‧‧‧System VCNIS

(102_B), (602_B)‧‧‧ System VCNS

(602_D)‧‧‧System VCNEW

(103), (203)‧‧‧ server application

(OS) (104), (204) ‧ ‧ multi-work system

(105), (205) ‧‧‧Intermediary software agent

(106), (206) ‧‧‧ device drivers

(107), (207) ‧‧‧Intermediate software interface program

(108), (208) ‧ ‧ multi-core clusters

(109), (209), (606)‧‧‧ PCI-e backplane

(NIC) (110), (210), (607) ‧‧‧ Network Interface Card

(111), (217), (615)‧‧‧ Network access paths

(211), (211_A) ‧ ‧ multi-core processing cluster

(212), (212_A) ‧ ‧ control / data board software stack

(213), (213_A) ‧ ‧ immediate operating system

(214), (214_A)‧‧‧ Network Interface Agent

(215), (215_A)‧‧‧ Security Software Support

(216), (216_A)‧‧‧Application Layer Server Agent

(218), (218_A)‧‧‧Network interface card driver

(301) ‧‧‧Software infrastructure

(302)‧‧‧Applications rich in data content media (RCM)

(303) ‧‧‧Interprocessor communication/intermediary software

(304) ‧‧‧Operating systems and/or management programs and interfaces

(305) ‧‧‧RCM framework

(306)‧‧‧APIs and SOSA services

(307)‧‧‧ can support different code and library extensions or mediation software

(308) ‧‧‧System Framework

(309) ‧‧‧Information Framework

(401), (501)‧‧‧ Host Memory and Interface Controller

(402), (502)‧‧‧PE1

(403), (503)‧‧‧PE2

(404), (504)‧‧‧PE4

(405), (505)‧‧‧PE3

(406), (506)‧‧‧ host

(407), (507) ‧ ‧ communication links between processors

(508)‧‧‧Share memory

(502_A)‧‧‧VCNIS1

(505_A)‧‧‧VCNIS2

(503_A)‧‧‧VCNIS3

(504_A)‧‧‧VCNIS4

(603), (603_A), (603_B), (603_D)‧‧‧ virtual machine support device

(604), (604_A), (604_B), (604_D) ‧‧‧ Instant Management Program

(605), (608), (605_A), (605_B), (605_D) ‧ ‧ multi-core clusters and memory

(609)‧‧‧Host Management Program

(610), (611)‧‧‧ Web Hosting

(612), (617), (617_A), (617_B), (617_D) ‧‧‧Intermediate software

(SF1, SF2, ..., SFn) (613), (613_A), (613_B), (613_D) ‧‧‧ Secure virtual machine functions

(PKT1, PKT2, ..., PKTn) (614), (614_A), (614_B), (614(D)‧‧‧ Packet processing virtual machine

(616), (626), (616_A), (616_B), (616_D) ‧‧‧ hardware drivers

1 illustrates a system layer configuration of a first system, virtualized cloud security system, used to integrate or embed a standard server system, in accordance with a specific embodiment.

1A illustrates a system layer configuration of a second system, a virtualized cloud network, and an I/O system used to integrate or embed a standard server system, in accordance with a specific embodiment.

2 illustrates a system layer configuration scenario using a first system including a virtualized cloud security system architecture and an instant software stacking layer, in accordance with a specific embodiment.

2A illustrates a system layer configuration scenario using a second system including a virtualized cloud network and I/O system architecture and an instant software stack layer, in accordance with a particular embodiment.

Figure 3 illustrates a software infrastructure for use with the system in accordance with a specific embodiment.

Figure 4 illustrates hardware infrastructure and expansion for use in the present system, in accordance with a specific embodiment.

Figure 5 illustrates a hardware infrastructure for the first system to use the multiple extensions of the security system application, in accordance with a specific embodiment.

FIG. 5A illustrates a hardware infrastructure for a second system using virtualized cloud network and I/O system multiple extensions, in accordance with a specific embodiment.

Figure 5B illustrates a multi-integration expansion of a security system, network, and I/O system to a higher-order system configuration scenario, in accordance with a particular embodiment.

FIG. 5C illustrates a multiple extended hardware infrastructure of the security system, the network and the I/O system, and the software stack layers of each system according to a specific embodiment.

FIG. 5D illustrates a multiple extended hardware infrastructure of the security system, the network and the I/O system, the new data system in the future, and the software stack layer of each system according to a specific embodiment.

FIG. 5E illustrates multiple security hardware infrastructures of the security system, the network and the I/O system, the new data system in the future, and the software stack layers of each system according to a specific embodiment.

FIG. 6 illustrates a configuration of a system layer of the virtualized security system in a virtualization support integration or embedding virtualization server system according to a specific embodiment.

FIG. 6A illustrates a configuration of a system layer in a virtualization support virtualization network and an I/O system integration or embedding in a virtualization server system according to a specific embodiment.

FIG. 6B illustrates a system layer configuration scenario in which virtualization supports a future virtualized new I/O system integration or embedding in a virtualization server system according to a specific embodiment.

6C illustrates a system layer configuration scenario in which virtualization supports existing virtualized security systems, virtualized network, and I/O systems integrated or embedded in a virtualized server system, in accordance with a specific embodiment.

FIG. 6D illustrates a system layer configuration scenario in which virtualization supports future data system integration or embedding in a virtualized server system according to a specific embodiment.

FIG. 6E illustrates a system layer configuration scenario in which a virtualized virtualized network, an I/O system, and a virtualized new data system are expanded or embedded in a virtualized server system according to a specific embodiment.

7 illustrates a configuration scenario and use of an updated multi-core cluster, in accordance with a specific embodiment.

Figure 8 illustrates the acceleration that a multi-core cluster can be used for other existing functions, in accordance with a particular embodiment.

It should be noted that the contents of the drawings are not necessarily drawn to the correct proportions, and elements that are similar in structure or function are denoted by the reference numerals throughout the drawings, and it should be noted that these drawings are only used to illustrate different specific embodiments herein. The contents of this section are not detailed and are not limited to the scope of their patent claims. For example, the system in FIG. 6C herein may be extended to the first system (602), the second system (602_A), and the new system (602_B) integrated in the system under virtualization support, or may be integrated into the system. Virtualized (602), (602_A), (602_B), and (602_D).

This document means "system group composed of systems" and virtualized cloud security system. According to a specific embodiment, FIG. 1 illustrates that the system (101) is the first system including a multi-core cluster (108), The network interface card (110) or PCI-e backplane (109) and software commands (105) communicate with the multi-work system (104) to the system VCSS (102) that is installed and booted by the interface. When the second different or identical multi-core processing cluster (211) of the system VCSS (102) executes the software instructions (105), the system is controlled by the immediate operating system RTOS (213) within the system VCSS (102). A second different or identical multi-core processing cluster (211) may be requested to receive a service, create a new or called software presence request service, and use software instructions (107) and interface (110) or (109) A result indication of successful completion of the service is passed back to the first system.

1 illustrates a system layer configuration scenario using the system in accordance with a specific embodiment, the application server (101) is executing a server application (103) having a multi-service system (OS) (104), which may be different commercial operating system products such as Windows, Linux and Unix and mediation software interface program (107), mediation software agent (105) and driver for operating system (OS) (104) ), communication between the network interface card (NIC) (110) and other hardware resources. The application server (101) is executing a multi-core cluster (108) for the server application (103), which requires packet processing or secure software services, if the system VCSS (102) is not installed or started, The NIC (110) or PCI-e (PCI Express) backplane (109) communicates. The NIC (110) provides a network access path (111), and the device driver (106) or (206) (generally referred to simply as a driver) is a computer program that can operate or control a computer-specific type of device such as a NIC ( 110). In accordance with a particular embodiment herein, the mediation software interface (107) and the agent (105) communicate with the virtualized cloud security system VCSS (102) when the system (102) is installed or launched.

FIG. 2 illustrates a configuration scenario of a system layer for a virtualization and cloud security system (VCSS) architecture in the system according to a specific embodiment. An application server (201) is executing a server application (203) having an operating system (OS) 204 as described above, which can be any commercially available Windows, Linux, and Unix multiplex The operating system, the driver (206), the mediation software interface program (207), and the mediation software agent (205). The application server (201) is executing a multi-core cluster (208) for the server application in the memory stack layer of the memory itself. When the application server (201) needs to perform packet processing and security functions, the virtualized cloud security system VCSS (202) intercepts the request and provides services through the intermediary software interface program (207) and the agent program (205). ) Communication. According to the specific embodiments herein, the mediation software interface program (207) and the agent program (205) can communicate with the virtualized cloud security system VCSS (202). According to a specific embodiment, the VCSS (202) includes a hardware card board having a multi-core processing cluster (211) inserted into the PCI-e backplane (209), and a stacked layer having a network interface. The agent (214), an instant operating system (213), and a control/document board software stack layer (212) executed in the memory. This VCSS (202) also includes security software support (215) and application layer server agent (216). The mediation software interface program (207) and the agent program (205) can also communicate with the application server agent (216) associated with the service request, and the application server agent (216) can be combined with the RTOS (213), control. / Data software stack layer (212) and network interface agent (214) communication, through the network interface card driver (218) access (NIC) 210 or PCI-e backplane (209) and HW / multi-core Process cluster communication response service requests. The network interface card (NIC) 210 provides a network (217) access path, and the control/data board software stack layer (212) and security software stack layer (215) will be described in more detail below.

According to a specific embodiment, the system provides the functions of the fast and slow path network services in the control/data board SW (212), which can provide a performance advantage by utilizing the multi-core multiplex processing cluster (211). The system includes a complete and complete network function group, including VLAN, link aggregation, GRE encapsulation, IP tunnel GTP and IP, Layer 2/3 virtual route management, routing and virtual routing, terminal network stacking, terminal TCP, Traffic flow management, service connection, expansion to unlimited traffic, QoS (Quality-of-service) and filtering (ACLs) functions, deployed in the security SW (215) security function control / data board SW (212), Among IPSec, SVTI, IKEv1, and IKEv2, SW (212) and SW (215) are described in more detail below.

The system (102) can be executed on a multi-core platform (211) with integrated high-level APIs for embedded services and functions in interface-connected software (SW) (212) and hardware (HW) accelerators, such as multi-core The encryption engine or packet processing in the cluster (211) can be extended to different multi-core architectures, such as the same or different multi-core clusters (211), including low-cost and high-content components such as PCI-e or ATCA for enterprises. Network devices in the configuration and data center.

Hardware (HW) card/multicore cluster (211) provides hardware for developing smart virtualized cloud security systems, including hardware and software to support data center applications, smart network/security acceleration and Increasing demands for application offloading, such as network, security, deep packet inspection (DPI), firewall, WAN optimization, and application transfer (ADC) operations. HW/Multicore Cluster (211) with a multi-core processor cluster (such as Freescale P4080QorIQ), DDR memory, flash memory, 10Gb or 1Gb network interface, mini SD/MMC card slot, USB port, console Serial port and battery powered RTC and software driver (218). The hardware of the software configuration includes the instant OS (213), such as the Linux and Linux architecture drivers that control the hardware blocks and functions in real time.

Multi-core clusters have security, network packet processing, and service hardware acceleration units that, in general, can function as appropriate for DPI/DDI (Deep Packet Inspection/Deep Data Inspection) execution. In addition, the acceleration feature illustrates the handling of common protocols, including Ethernet, iSCSI, FC, FCoE, HTTP, SIP, and SNMP. The content format includes XML, HTML/JavaScript, pattern matching including IPS mode and virus mode, and security software (215) is described in more detail below.

Other embodiments of HW/multi-core clusters may include different multi-core clusters, such as a cluster of Cavium networks that can be used to accelerate other existing functions, such as Cavium Networks Nitrox's home assistance features for other security measures. The specific embodiments described herein include PCI-e constituent elements, ATCA and card center, and other forms that are not used in violation of the spirit of the system.

The Real Time Operating System (RTOS) (213) is an operating system (OS) for instant response to its application requests, sometimes referred to as an embedded operating system. An important feature of the RTOS is the acceptance and completion of an application task, with time-consuming consistency and unstable variability. A hard real-time operating system has lower variability than a soft real-time operating system. The main design goal is not to high output capability, but to ensure the characteristics of hard or soft platform types. An RTOS that normally meets the computation deadline can be a soft real-time OS, but if it meets the deadline requirements at any time, it is a hard real-time OS.

Instant OS has advanced scheduling capabilities, scheduling flexibility has a wider range of computer system control capabilities for processing priority, but instant OS is more limited to a specific application portfolio. The requirements in the real-time OS are the lowest interference and the possibility of thread conversion, but the instant OS pays more attention to the speed and predictability of response work during a specific period. Commercial application examples of instant OS include, but are not limited to, VxWorks and open source OS/RTOS such as Linux, embedded from Windriver or Enea, open source OS/RTOS that does not support commercial applications, and Windows embedded system from Microsoft . Some semiconductor companies also offer their own open source instant embedded Linux versions, such as Freescale and Cavium Networks. In addition to commercial products, there are also different markets. The OS/RTOS operating system developed by itself.

According to a specific embodiment, on the one hand, the system includes an unloading network packet processing function integrated in the control/data board software stack layer SW (212) of the data center application server (201). In another aspect, the system includes other offload security software stack layers SW (215) for supporting security and other application functions in the data center application server. The UTM (Unified Threat Management) or Enterprise Security Stacking Layer of the third-party vendor can be integrated and run on the SW (215). The UTM and Enterprise Security stacking layers are described below.

According to a specific embodiment, the security software stack layer, the UTM (Unified Threat Management), or the enterprise security stack layer may be provided by the third party to the vendor, except for the security software stack layer transparently running on the system (102). The function can be accelerated by the multi-core processing cluster (211) in the hardware card device, as explained below.

According to a specific embodiment, the security software stack layer (215) contains different software functions, as illustrated in Table 1, and Table 1 is used to illustrate the module.

Embodiments include NAT (Network Address Translation), IPSec VPN, SSLVPN, IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) firewalls, application traffic flow adjustment, antivirus and antispyware software, application firewall ( HTTP and SIP), the packet processing function in SW (212) and the network agent (214) with L4-L7 load balancer to support traffic policy and architecture, virtual cloud computing, network services, mobile devices and social networking Features such as the Internet.

There are many vendors' commercially available security software such as Check Point Software Technologies and Trend Micro that offer not only HW/multicore clusters (211), control/data board software (212), security software stacking layer (215) and other features. Complete security accelerated by blocks (215), (216), (214) The functionality of the software stacking layer can also be seamlessly integrated into the system (201) to provide security measures to avoid weaknesses in the internal and external traffic of the system (201).

According to a specific embodiment, the secure hardware technology function enables deep packet inspection/deep data inspection (DDP/DDI). DDP/DDI enables the integration of the system (201) advanced safety functions with the existing infrastructure without the need for new cost.

New or existing virtualized or non-virtualized security software or packet processing software can be downloaded from an existing user system from a remote server via a secure connection and an existing customer's remote call center. For new users, they can be installed and transferred in advance by the supplied hardware. After the initial loading of the loaded software, the client's application can be downloaded from the software on the different hardware modules depending on the security application.

The application layer server agent (216) can provide different applications, which are transmitted by the intermediary software client agents (205) and (207) to the application server agent (216), which represents the application. The server (201) responds to the request for service. System 102 uses the application layer's server agent (216) to perform existing and new advanced security functions that will be available in the future. In addition, system 102 can provide instant enhanced tasks, functions, applications or services on behalf of application server 101 in response to demand. After the service request is made, the application server system (201) can be started, and the PCI-e (which is controlled by the network interface (210) or by the intermediary software client agent (205) and the mediation software interface program (207) ( 209) A server agent (216) that is passed to the application layer to respond to the request by the application server 201 representing the RCM application (302) of the RCM software infrastructure as defined below. Once the new application (302) requires service, the new application can be transferred via the software interfaces (303), (305), (306), (307) between the (205) and (216) coordination mechanism architectures. Go to the application layer server (216) and use the software command (207) and interface (210) or (209) The result is that the instructions to successfully complete the service are passed back to the first system.

According to a specific embodiment, on the other hand, the functions provided by the system include a virtual network, a network service, a file system, and an I/O data cache and software control function. The network service virtualization, file system and I/O software control function platform also includes an integrated hardware multi-core cluster (211) and a software platform embedded in the top layer of the hardware card as described below, which is the basis of the cloud computing security platform. It also includes other software running in the system for the virtual machine from the system (101) to offload virtual machine related network functions, network service processing and I/O function data into (102). According to a specific embodiment, network packet processing, network services, and security functions can be processed as part of the system by packet processing software virtual machines and security software virtual machines.

The system mentioned in this paper can integrate virtual and physical multi-core cluster systems into the environment of physical server or virtual server, can activate the awareness function of virtual machines, and perform security in different virtual machine layers or non-virtual system layers. Policies, visibility and control of virtual machines, secure packet processing provided by virtual software application integration, and non-virtual security software packet processing software. In addition, the terminal data protection function of the server or host at the standard computer level is the source of data creation, which can speed up network traffic and enhance security functions. The open software architecture of the vendors' security software vendors can be eliminated by eliminating host execution. The rules and/or data security settings are uninstalled into existing systems.

The system includes a distributed real-time computing function integrated in a standard server platform. According to a specific embodiment, the distributed real-time computing cluster can be vertically and horizontally expanded, and can be regarded as a server group containing a heterogeneous multi-core processing cluster. The resources of this server group can increase the computing power according to the demand increase when the workload increases. Quickly start the resources, upgrades, or assignments of the server farm. According to a specific embodiment, FIG. 4 and FIG. 5 have distributed real-time operation for the system. An example of an embodiment of a cluster expansion function.

The system can perform two-dimensional direct and horizontal expansion. The same or the same multi-core cluster function can perform direct expansion of the homogeneity architecture. Different multi-core functions can perform lateral expansion of heterogeneity. The homogeneity and heterogeneity architecture is described in more detail below.

The system provides power consumption optimization, and the application load-driven approach provides the best energy consumption and enables or disables various power sources according to the green policy.

Not all existing applications in this system's software writing function need to be rewritten. All new applications can be run transparently from existing operating systems or APIs (application programming interfaces) provided by third-party software vendors.

This system means "system group composed of systems" and methods for virtualizing cloud security systems and I/O (input and output) systems. According to a specific embodiment, the system (101) of FIG. 1A includes a first multi-core processing cluster (108) that can be controlled by the multiplexed OS (104) to communicate with the network interface card (110), or when installed. The system VCNIS (102_A) is transmitted through the interface of the PCI-e backplane (109) and the software command (105). When the second system executes the software instruction (105) by the different or the same multi-core processing cluster (211_A) in the system (102_A), that is, controlled by the real-time operating system RTOS (213_A) in the system (102_A), Facilitating the second different or identical multi-core processing cluster (211_A) to receive a service request, creating a new or called software function to respond to the request, and by software command (107) and interface (110) or (109) The result of the successful completion of the service is passed back to the first system.

According to the specific embodiment, the system can fully integrate the control/data board SW of the operating system RTOS (213_A) to completely reuse the software, simplify the integration and hide the complexity of the multi-core design. The system (102_A) can be run on a multi-core cluster platform (211_A) by integrating high-level APIs for interface-connected software (SW) (212_A) and hardware (HW) counter built-in network services, such as Packet processing engine, virtual address planning/management, and/or (SW) (215_A) file system, I/O data cache, I/O software control functions, and different multi-core architectures in multi-core clusters (211_A) Other accelerators and scales, these same or different multi-core clusters (211_A) include low-cost, high-volume hardware components such as PCI-e, RapidIO, or ATCA for enterprise and data center network equipment. The system provides an open architecture that is easy to integrate.

According to a specific embodiment, on the one hand, the system includes an unloading network packet processing function integrated in the control/data board software stack layer SW (212_A) of the data center application server (201). On the other hand, the system includes other offload security software stack layers SW (215_A) for supporting security and other application functions in the data center application server. The network and I/O stacking layers of the third-party vendors can be integrated and run on SW (212_A) and SW (215_A). The SW (212_A) and (SW) (215_A) are described below.

According to a specific embodiment, the system provides the functions of the fast and slow path network services in the control/data board SW (212_A), which can provide a performance advantage by utilizing the multi-core multiplex processing cluster (211_A). The system includes a complete and complete network function group, including VLAN, link aggregation, GRE encapsulation, IP tunnel GTP and IP, Layer 2/3 virtual route management, routing and virtual routing, terminal network stacking, terminal TCP, Traffic flow management, service connection, expansion to unlimited traffic, QoS (Quality-of-service) and filtering (ACLs) functions, deployed in the security SW (215) security function control / data board SW (212), In IPSec, SVTI, IKEv1, and IKEv2, SW (212_A) and SW (215_A) are described in more detail below.

SW (215_A) includes file system, I/O data cache and I/O software control functions. The file system of the computing system is a method for storing and collecting computer files, and the data contained therein is easy to find, access or read. Data storage devices available for file systems such as hard drives, CD-ROMs or most The recently invented SSD (Solid State Drive) and NVM (Non-Volatile Memory) technology storage can be used to maintain and manage data. The file system can be used to maintain and manage the physical location of the archive or to virtualize only one access method for virtual data or network material such as NFS. Such file systems include, but are not limited to, native file systems, shared file systems (SAN file systems and cluster file systems), network file systems (distributed file systems and distributed parallel systems), and destination file systems. More formally, the file system is an abstract data group that can be used for data storage, tiering or consolidation, operation, navigation, access and retrieval. The destination file system is a storage method, and the data integrates a large amount of relay data, thereby being used to save relevant information of the context content of the data, and the relay data provided in the destination file system can be appropriately managed and accessed by the user. Information about the contextual content required for the data can be easily searched without knowing the specific file name, date or traditional file labeling content. Relay data can also be used for routing policy, maintenance, deletion, and automatic storage management. The details of the cache will be described in more detail below.

The cache is a temporary storage area that provides quick and easy access to data. For example, you can automatically request a query by downloading a web page stored in your browser's cache directory. When you go back to the recently visited web page, the browser extracts the files from the cache area instead of the original server, which saves you time and eliminates the extra burden of network traffic.

A cache is a process of storing data in a cache area, and the data in the cache area is stored in almost other areas. In the I/O acceleration cache area of the entire system, the cached information is usually the most active hard disk block in the physical or virtual system, and the performance is exactly what we want to improve. The cache area itself is located near the system access point, usually a high-performance storage medium, but the original copy data is placed in the system's main storage facility.

The method of caching will perform data caching at any time, by improving access performance. Subsequent access requirements. The cache can be differentiated by the update of its cache behavior (WRITES).

All caches have a similarity, that is, their limited space needs to manage their limited storage capacity to store active data. All caches have a replacement algorithm that can determine when the data is accessed and maintained optimally and manage when old data can be safely released from the cache area and re-release the storage space.

In short, when the cache is a good choice, the data cache is stored in the memory. The closer to the storage medium at the CPU, the faster the cache efficiency is, the higher the speed is than the hard disk. The storage medium can be used as The mechanism for performing I/O data caching can be DRAM, SRAM, SSD (Solid State Drive) or newer NVM (Non-Volatile Memory) technology.

According to a specific embodiment, on the other hand, the functions provided by the system include a virtual network, a network service, a file system, and an I/O data cache and software control function. The network service virtualization, file system and I/O software control function platform also includes an integrated hardware multi-core cluster (211_A) and a software platform embedded on the top of the hardware card board as described below, which is the basis of the cloud computing security platform. It also includes other software running in the system for the virtual machine from the system (101) to offload virtual machine related network functions, network service processing and I/O function data into (102_A). According to a specific embodiment, the network function, the network service, and the I/O function are processed by the network processing software virtual machine, the I/O file system, and the I/O control software virtual machine as part of the system. This is illustrated in Figure 6A and below.

The application layer server agent (216_A) provides different applications that are passed to the application server by the intermediary software client agent (205) and (207) on behalf of the application server (201). (216) in response to demand. System 102_A executes the new advanced web application stacking layer, network service with the application layer server agent (216_A) Services, file systems, I/O data caching and I/O control functions, and stacking layers that will appear in the future. In addition, new instant enhanced task functions or services can be provided by the system (102_A) on behalf of the application server (101) to meet service needs. Once the service request occurs, the application server system (201) can be launched and controlled by the network interface (210) or by the intermediary software client agent (205) and the intermediary software interface program (207). (209) The agent (216_A) transmitted to the application layer server represents the application server (201) of the RCM application (302) defining the following RCM application infrastructure (302) in response to the request.

Once the new application (302) has a service request, the new application can be transferred to the application layer server's agent (216_A) by the interface under the architecture of the coordination mechanism defined by (205) and (216_A). And the desired result, that is, the indication of successful completion of the service, is transmitted back to the first system by the software command (207) and the interface (210) or (209).

New or existing virtualized or non-virtualized I/O file systems, I/O control software and I/O data caching or web service processing software from existing user systems, with secure links and The remote call center of the existing customer is downloaded from the remote server. For new users, they can be installed and transferred in advance by the supplied hardware. New users can use the included hardware to pre-install and transfer. After the initial loading of the loaded software, the client's application can be downloaded from the software on different hardware modules depending on the network function, network service and I/O application status.

Depending on the specific embodiment, the vendor may provide the vendor with an I/O file system, and/or I/O data cache, and/or other I/O control function software stack layers. In addition to the file system, I/O data cache and I/O software stack layer running transparently on the system (102), there are other I/O related functions, which can be used in the hardware card device as described below. The multi-core processing cluster (211_A) is accelerated.

The system mentioned in this paper can integrate virtual and physical multi-core cluster systems into the environment of physical server or virtual server, can activate the awareness function of virtual machines, and perform security in different virtual machine layers or non-virtual system layers. Policy, virtual machine visibility and control, secure packet processing, non-virtual and virtual network services, virtual software applications (multiplexed virtual machines) integration provided by I / O software control functions and file system software, software stack layer And an expandable hardware infrastructure that forms the entire system architecture open to third parties in security, networking, file systems, and I/O control software to accelerate their software applications.

The system includes decentralized real-time computing capabilities integrated into a standard server platform. According to a specific embodiment, the distributed real-time computing cluster can be expanded directly and horizontally, and can be regarded as a server group including a heterogeneous multi-core processing cluster, and the resources of the server group can be adapted to the demand of the workload. The resources of the server farm can be quickly started, shut down, upgraded, or assigned. 4 and 5A are illustrations of embodiments of a system with scalable decentralized real-time computing clusters, as illustrated by the specific embodiments.

The system has two dimensions, direct and horizontal scalability. The same or the same multi-core cluster function can be directly expanded by a homogeneous architecture. Different multi-core functions can be laterally expanded by a heterogeneous architecture. The homogeneity and heterogeneity architecture will be described in more detail below.

The system provides energy-optimized functionality, and the application load-driven approach provides the best energy consumption and enables or disables resource functions based on the requirements of the green energy policy.

The software writing mode of this system allows all existing applications to be rewritten. All new applications can be sent from existing operating systems or third-party software vendors. The APIs are available for transparent operation (application programming interface). ) to write.

2A illustrates a system layer configuration including a virtualization and cloud network and I/O system (VCNIS) architecture for the system, and an application server (201) is executing a server application according to a specific embodiment. (203), the application server 201 has an operating system (OS) 204 as described above, and may be any commercially available Windows, Linux, and Unix multi-tasking system, driver (206), and mediation software interface program (207). And mediation software agent (205). The application server (201) performs multi-core cluster (208) functions in a server application in memory. The application server (201) intercepts these requests and provides services through virtualization and the Cloud Network and I/O System (VCNIS) (202_A) when network service processing, file system and I/O related functions are required. The service can be transmitted by the mediation software interface program (207) and the agent program (205). According to the specific embodiment of the present description, the mediation software interface program (207) and the agent program (205) can be used with the virtualization and cloud network and I. The /O system VCNIS (202_A) communicates. According to a specific embodiment, the VCNIS (202_A) includes a hardware card board device including a multi-core processing cluster (211_A) inserted into the PCI-e backplane (209) and at least one software stack layer, the stack layer including the network The interface agent (214_A), an instant operating system (213_A), and a software stack layer (212_A) of the control/data board. VCNIS (202_A) can also include file system, I/O data cache, I/O control software main support function (215_A) and application layer server agent (216_A). The mediation software interface program (207) and the agent program (205) can also communicate with the application server agent (216_A) for service requests. The application server agent (216_A) can communicate with the RTOS (213_A), the control/data software stack layer (212_A) and the network interface agent (214_A), and the HW/multi-core processing cluster network interface card The (NIC) 210 or the service is provided by the PCI-e backplane (209). The network interface card (NIC) 210 provides network (217) access functionality, the software stacking layer (212_A) of the control/data board and the file system and I/O software stacking layer (215_A) will be described in more detail below.

Hardware (HW) cardboard devices/multicore clusters (211_A) provide hardware for developing smart virtualized cloud networks and I/O systems, including support for network functions, intelligent network services, and file systems. And hardware infrastructure and software platforms for growing demand with I/O data and control functions, application offloading can be used in aggregating data center applications such as web services, file systems, storage, WAN optimization and applications Functions such as transfer (ADC) operations. HW/Multicore Cluster (211_A) and memory with a multi-core processor cluster (such as Freescale P4080QorIQ), DDR memory, flash memory, 10Gb or 1Gb network interface and mini SD/MMC card slot, USB埠, console serial port and battery supported RTC. The software for hardware configuration includes an instant OS (213_A), such as real-time Linux and Linux architecture drivers (218_A) to control hardware blocks and functions. An updated multi-core cluster (such as the Freescale T4240) can be another embodiment in Figure 7, with the same use as the Freescale P4080 QorIQ.

Other embodiments of HW/multi-core clusters may include different multi-core clusters, such as a multi-core cluster from Cavium Networks (Figure 8) that can be used for acceleration of other existing functions. For example, Cavium Networks Nitrox's home assistance feature can be used to accelerate the execution of other security measures. When the specific embodiment includes the PCI-e component, the ATCA and the card device center, and other components, its use remains in the spirit of the present invention.

The RTOS (213_A) is an operating system (OS) for responding to instant application requests. Sometimes an RTOS can be called an embedded operating system. An important feature of the RTOS is to accept and complete an application task. Time-consuming consistency with unstable variability. A hard real-time operating system has lower variability than a soft real-time operating system. The main design goal is not to high output capability, but to ensure the characteristics of hard or soft platform types. An RTOS that normally meets the computation deadline can be a soft instant OS. However, if it is ensured that the deadline is met at any time, it is a hard instant OS. Instant OS has advanced scheduling capabilities, scheduling flexibility has a wider range of computer system control capabilities for processing priority, but instant OS is more limited to a specific application portfolio. The requirements in the real-time OS are the lowest interference and the possibility of thread conversion, but the instant OS pays more attention to the speed and predictability of response work during a specific period. Commercial application examples of instant OS include, but are not limited to, VxWorks and open source OS/RTOS such as Linux, embedded from Windriver (Intel Corporation) or Enea, open source OS/RTOS that does not support commercial applications, and Microsoft from Microsoft. Windows embedded system. Some semiconductor companies also offer their own open source instant embedded Linux versions, such as Freescale and Cavium Networks. In addition to commercially available products, there are also OS/RTOS operating systems developed in different market segments.

The application layer server agent (216_A) provides different applications that are passed to the application server by the intermediary software client agents (205) and (207) on behalf of the application server (201) ( 216) in response to demand. The system (102_A) will implement new advanced network and I/O functions in the future with the application layer server's agent (216_A). In addition, new instant enhanced task functions or services can be provided by the system (102_A) on behalf of the application server (101) to meet service needs. If the application (302) requires a new service from (202_A), the new service for the RCM software infrastructure (301) is defined as follows. Once the new application (302) needs a new service from (202_A), a request for a new service can be made. The application server system (201) can be launched and transmitted to the application via the network interface (210) or via the intermediary software client (205) and the media software interface (207) controlled by the PCI-e (209). The layer server agent (216_A), from the remote storage system or the application server (302) under the control of the RCM application (302) and the RCM software infrastructure (301) through the network interface (210) (201) Load the service (218_A). Once the new service is borrowed Loaded (211_A) by the network interface (210) or defined (205), (207), (216_A) under its coordination mechanism architecture (208) to the application layer server (216_A), and borrowed The desired result, ie the indication of successful completion of the service, is passed back to the first system by the software command (207) and the interface (210) or (209).

Figure 3 illustrates, in accordance with a specific embodiment, a software infrastructure built from (203), (204), (205), (206), and (207) used in the system. The software infrastructure (301) in the embodiment can support an application (302) rich in data content media (RCM), an application (302) rich in content media, including security, video, video, audio. Integration with any media (as in the embodiments herein) and specific embodiments herein.

The infrastructure (301) includes inter-processor communication/intermediary software (303) and can support different operating systems and/or management programs and interfaces (304). The infrastructure (301) includes an RCM framework (305), general APIs, and SOAs services (306) that support different code (compressed and decompressed files) and library extensions or mediation software (307), including a system framework. (308) and a data frame (309).

The application framework (302) can be interfaced to any application rich in data content multimedia via APIs (application programming interface) SOA or via the services provided by (306). Accelerate or augment this application from one or more service groups, including network packet processing, security, secure encryption/decryption, video compression/decompression, image compression/decompression definitions such as text, audio and images for remote Or a plus or decode mix of native resources. The compression code in this case is the compression technology of the file, and the decoding is a decompressed technology. Content resources can come from running on a server, PC or other mobile device. Content resources can also be accessed from a remote server, a web server, an application server, a data center database server, or any cloud computing application accessed via the Internet via a LAN or WAN.

Newer applications, such as pattern recognition, can also be augmented from basic text, audio, and video images, and run on the local or remote end for encoding or decoding by a specific algorithm. In other words, the application framework (302) can be extended to compress or decompress cloud computing resources from a local server, a personal computer, a mobile device, or a remote internetwork by means of a specific algorithm that supports pattern recognition. .

The interprocessor communication and mediation software (303) is found in multicore clusters, operating systems, system cross-linking, and management programs. The communication and mediation software (303) module located between the processors on each multi-core cluster can communicate messages in each multi-core cluster across all different multi-core clusters and between the same and different mediation software. Key features of (303) include system-wide transparency and reconfiguration via decentralized messaging, OS and independent cross-linking (IPC), without the need to modify the code, and can be used by multiple manufacturers and customers. Communication technology between distributed processors, common protocols for message architecture or data-centric distributed data services, transparent application connectivity, reliable communication, independent operating systems (Windows, Linux and Unix) and independent Hardware platform (RISC, DSP or other).

Specific embodiments include the DDS for interprocessor communication described below. The data service (DDS) communication standard has system scalability to support the required range of communication, including fixed and mobile device end-to-end cluster intervals. Sexual and highly variable communication profile function.

The DDS standard is particularly well-suited for distributed real-time data for recording, general decentralized application development and system integration. The DDS is designed with an API for instant data distribution, a publish-subscribe communication model, and support for data patterns in the messaging and data center. DDS provides a number of content architecture power and transformations, monitoring, redundancy, replication, delivery and sequencing of various data flows and the simultaneous discovery of related enhancements. Furthermore, DDS provides information object center life back New features related to circle management, best messaging and predictable delivery, delivery sequencing, resource management and status notification.

The RCM Framework (305) provides Core Services (SOA) (Service Oriented Architecture) for communication between applications that use enterprise SOA or distributed and multiplexed real-time architecture operations in the system's memory. Under the system and multi-core cluster SOA, the application running on (203). The RCM framework (305) provides SOA by means of communication and mediation software (303) to distribute and transmit request messages between multiple clients and manufacturers via distributed messaging or data center DDS architecture for distributed messaging. Services to different multicore clusters in the system. This is an OS, platform and independent cross-linking facility. The system is transparent and can be reconfigured without modifying the code.

The system framework (308) includes the functionality of a multi-core cluster of native hardware, resource scheduler, management, provisioning, configuration, migration, and remote access. This multiplexed instant OS configuration feature supports AMP (Asymmetric Instant Multi-Core multiplex processing, such as heterogeneous processors with different operating systems for controlling different hardware multi-core clusters.), SMP (symmetric Instant multi-core multiplex processing is like a qualitative processor, in which the same kind of hardware multi-core cluster runs under the same operating system), control communication between operating system processors, overall scheduling resources, cluster management, and overall And local resource management, static and migration, and provide virtualized infrastructure interfaces and multi-core cluster management capabilities.

The network application of the IP architecture can be divided into three requirements: the data board, the control board and the management board.

The data board is a subsystem of the network node. The self-node can receive and transmit the packet from the interface, and process it by a feasible common protocol, and if necessary, transmit, discard or transfer. Regarding the routing function, that is, there are many steps (algorithms), the router is used for packet forwarding. Judgment. The algorithm defines the received packet, finds the specific key-in value in the forwarding table, and the correct steps to find out the routing function for this typed value. The offloadable packets are forwarded from a higher-level multi-core cluster. For most or all of the received packets, these packets are not transmitted to their own nodes and all necessary processing is performed on the packets. Similarly, in terms of IPSec functionality, the security tunnel checks that the security association is valid for the incoming data flow. If so, the data board searches the local end for information about its security associations that can be applied to the packet.

The information maintained by the control panel can be used to change the data used by the data board. To maintain this information, complex signal sharing agreements are required. Execution of these common agreements in the data board will result in poor transfer performance. Generally, the method of managing this mutual agreement is to let The data board determines the signal packet, which is forwarded to the control board at the local end. The signal of the control board is mutually agreed to update the information of the data board and reject the signal packet sent by the data board. The role of this architecture is because signal traffic is only a very small part of the overall traffic flow. Regarding its routing function, the control board has one or more routes co-agreed. This common agreement can exchange information between routers, and the router in the step (algorithm) can convert this information into the content of the forwarding table. As soon as the packet is detected, it will be forwarded to the control board, allowing the routing protocol to calculate new routes, thereby adding or deleting routes. Using these new information to update the forwarding table, when the routing common protocol transmits the packet, the data board will refuse to receive the packet and send it to the output data flow. For IPSec security functions, important exchanged signal common protocols such as IKE or IKEv2 are located in the control board. The entered IKE packet is forwarded to the control board on the local side. When the important exchange genus has a new security association in the plastic panel, it can be updated by the control panel. The output IKE packet will be rejected by the data board and sent to the output data flow.

To provide a complete solution for next-generation network applications and services, today's network packet processing is more complex than the simple TCP/IP stacking layer on Internet interception. Miscellaneous, refer to the definition of control board and data board in this article. The high-speed processing function can process data in fast paths or data boards. The software stacking layer runs on the data board. The multi-CPU core can handle the task of the data board. The complex processing functions are designed to handle slow path or control board. Data flow. Fast paths can often integrate a large number of common protocols, and are designed to not hinder the performance of the entire system when new common protocols are added.

The general network usage is VPN/IPSec tunnel, which is used to aggregate Gbps of HTTP, video and audio. Because the L3/L7 common agreement is encrypted, the design of the data board is limited to the fact that the data flow affinity feature cannot be specified by individual cores, and may only occur in the case where all IPSec pre-processing and bearer data decryption are completed. In each level, an exception may occur if the packet cannot be processed on the fast path. Performing other common protocols can be used in the initial test of the data flow, which requires more instructions. Overall performance will be lower, but some software design rules may contribute to a good compromise between functionality and performance.

The management board provides a management interface that can be accessed throughout the system. Its processing functions support operational management, management or configuration/supply actions, such as model facilities to support the collection and aggregation of statistics, and support for implementation of common protocol management. Data line interface (CLI) and/or graphical user configuration interfaces are also available, such as web interface or traditional SNMP management software, as well as solutions for more complex XML architectures.

This system supports content-rich multimedia (RCM) applications, because content-rich multimedia applications consume and manufacture a large variety of different types of data, it is very important that the distributed data framework can handle, operate, transmit/receive And extract / store all kinds of information, such as today's data, sound, audio and audio and video. The system also includes the following other content-rich materials, not limited to imaging, pattern recognition, speech recognition and animation. This information can be obtained from The basic format is expanded to become a content that integrates multiple data types. The collection of complex types of data transfer needs to compress the data stream into some industry standards, or process the specific algorithm before transmission. The receiver can compress or reconstruct the data into the original data type. This action is done by the instant processing function.

For example, video and audio data compressed by a specific algorithm can be changed into different kinds of data, such as MPEG4 and H.264, and the audio data can also be systematically applied. Therefore, the synchronization mechanism of certain kinds of data needs to support the reconstruction of data at the destination.

In the traditional multimedia system of the model, the type of data is limited by the content of the data that can be processed efficiently. For example, the type of material may be limited to audio, video or images, from a single native content resource to a single content destination, simple audio/video synchronization, and single content streaming. In general, the application is mainly used for decoding. It is not used for real-time non-interactive. It does not need to be synchronized in the data source. It does not need to be reconstructed at the destination of data transmission, and there is no need to integrate or protect the data types. The system can be used to process content-rich multimedia (RCM) such as text, audio, video, image, voice, pattern recognition or 2D/3D video, AI video processing, handwriting recognition, security processing, and the like. The data can come from multiple remote or local source sources and multiple remote or local destinations. Content synchronization can be combined with multiple sources, such as audio/video/data, to stream multiple content. The application can be coded and decoded in real time, interactively, synchronized at the source of the data, reconstructed at the data destination, integrated or protected with data types. FIG. 5 illustrates a state in which a hardware infrastructure performs a job by a system in which a plurality of audio and video streams are extended by different applications.

In the network-based computing model, the assistance of decentralized data facilities and data-based management is facing great challenges. There is an architectural approach to address this need, often called dispersal The data framework (309), the decentralized database model has the advantage of continuous access to all important information of the enterprise, directly affecting the reuse of software modules.

The software application gets instant information on changes to the content and provides instant and reliable access to the pipeline on a dynamic network. This architecture uniquely integrates real-time network services for end-to-end data distribution services, and the in-memory database management system (DBMS) is integrated into a complete solution for managing storage, extraction and distribution in a dynamic network environment. Changed information. The company can guarantee continuous and timely information processing. DDS technology can be used to facilitate the decentralized database management to form a truly decentralized data structure. DBMS technology is used to continuously provide real-time DDS data.

According to a specific embodiment, the embedded application does not need to know the semantics of SQL or OBDC, and the enterprise application does not force the semantic meaning of the message in the publish-subscribe activity. Therefore, this database can be used as a collection of data sheets by the system. When a node updates a node described by SQL INSERT, UPDATE, or DELETE in the table, the update actively urges other hosts to request access to the same data table by instant publish-subscribe messaging. This architectural approach allows instant replication of any number of remote data tables.

4 illustrates a hardware infrastructure used by the system in accordance with a specific embodiment in which a host (406) communicates in different multi-core clusters. In Figure 1, this host can be the system (101) but does not include the system (102). In general, the host (406) can consult a reference standard server platform or a general purpose computer system. This host is usually controlled by a multi-core cluster and a multiplexed OS. Hardware infrastructure consists of a group of single or multiple multi-core processing elements (PEs) or called multi-core cluster systems running on real-time operating systems and applications, such as PE1 (402), PE2 (403), PE3 (405) And PE4 (404). Each PE can reply to any system such as (102) or (102_A). The processing elements are communicated by a communication link (407) between the processors, and the communication link between the processors can be any network connection. Junction, parallel bus or serial bus connection. The network connection in the embodiment may be any open standard device, such as an Ethernet or InfiniBand infinite link, the parallel bus connection may be a PCI and PCI-x open standard, and the serial bus may be a PCI-e ( PCI Express multi-generation devices) and RapidIO.

The host multi-core cluster (406) in the embodiment can refer to x86 multi-core clusters from Intel and AMD, as well as Power and ARM multi-core cluster devices from IBM and its authorized companies, as well as multi-core clusters from ARM and its authorized companies. The multiplex OS in the embodiment can refer to Windows, Linux, and Unix operating systems from different companies. (406) may be a cluster of one or more identical components, a so-called application server, web server, or database server that can be used to perform all general purpose applications, I/O functions, and network functions. Service, and call out the OS operating system required by other related task systems.

In order to be able to integrate the hardware infrastructure in the illustrated embodiment, we refer to the above hardware card device, each hardware card includes many research components such as Freescale QorIQ 4080 (8 CPUs in IC package) or more groups. The set depends on the packing density of the hardware card. In general, a Freescale QorIQ 4080 (as an example) cluster responds to a group of processing elements in a hardware infrastructure such as PE1...PE18.

If Figure 4 installs two hardware cards, each card has the same kind of multi-core cluster (such as FreescaleQorIQ 4080; 8 core), it can be called homogeneity expansion. In other embodiments, the hardware card can contain multiple clusters on a single card board.

If there are two hardware cards installed, the first card is FreescaleQorIQ 4080, the second card has Cavium network cluster OCTEON II CN68XX, Freescale cluster can respond to PE1...PE18, Cavium cluster can respond to PE2 ...PE216 (assuming 16 cores are used). These two A hardware card has a different multi-core cluster and is a homogenous extension.

Figure 5 illustrates a hardware infrastructure used by the system in accordance with a specific embodiment. The host (506) standard server is an x86 architecture (Intel or AMD) or any other standard multi-core device, such as Power and ARM clusters. The server-executable application communicates with different clusters via the host memory/interface controller (501). This hardware infrastructure consists of a group of single or multiple systems that can run on the same or different operating systems and applications. In this embodiment, the PE1 (VCSS1) system is the first security system (502), the PE2 (VCSS2) system is the second security system (503), and the PE3 (VCSS3) system is the third security system (505). The PE4 (VCSS4) system is the fourth security system (504). All security systems can use the same or different multi-core clusters to run an immediate operating system. All systems communicate via a communication link (507) or shared memory (508) between the processors. The communication link between the processors can be any network connection, parallel bus or serial bus connection. The network connection in the embodiment may be any open standard Ethernet and InfiniBand infinite link, the parallel bus may be PCI and PCI-x open standards, and the serial bus may be PCI-e (PCI Express multi-generation device) ) and RapidIO.

This hardware infrastructure consists of one or more identical or different "systems" running on the same or different operating systems, and the same or different instant software stacking layers and applications that can run simultaneously on the host (506). The software is stacked on the layer.

5A illustrates a hardware infrastructure used by the system in accordance with a specific embodiment. The host (506) standard server is an x86 architecture (Intel or AMD) or any other standard multi-core device, such as Power and ARM clusters. The server-executable application communicates with different clusters via the host memory/interface controller (501). This hardware infrastructure consists of a group of single or multiple systems that can run on the same or different operating systems and applications. In this embodiment, The (VCNIS1) system is a network device and I/O cluster that can run on multiple network, file system, and I/O stack layers (502_A). The (VCNIS2) system is the second network device and I/O cluster that can run on multiple network, file system, and I/O stack layers (503_A). The (VCNIS3) system is the third network device and I/O cluster that can run on multiple network, file system, and I/O stack layers (505_A). The (VCNIS4) system is the fourth network device and I/O group that can run on multiple network, file system and I/O stack layers (504_A) in future applications. All systems communicate via a communication link (507) or shared memory (508) between the processors. The network connection in the embodiment may be any open standard Ethernet or InfiniBand infinite link, the parallel bus may be PCI and PCI-x open standard serial bus or PCI-e (PCI Express multi-generation device) And RapidIO.

This hardware infrastructure consists of one or more identical or different "systems" running on the same or different operating systems, and the same or different instant software stacking layers and applications that can run simultaneously on the host (506). The software is stacked on the layer.

5B illustrates a hardware infrastructure used by the system according to a specific embodiment, and integrates the existing systems (102) and (102_A) into an application server (101). The host (506) is a standard server. X86 architecture (Intel or AMD) or any other standard multi-core device such as Power and ARM clusters. The server-executable application communicates with different clusters via the host memory/interface controller (501). This hardware infrastructure consists of a group of single or multiple systems (102) and (102_A) that can run on the same or different operating systems and applications. This hardware infrastructure consists of one or more identical or different "systems" that can run on the same or different operating systems and the same or different instant software stacking layers and applications while running the application on the host (506) Software stacking layer.

FIG. 5C illustrates a hardware infrastructure used in the system according to a specific embodiment, The standard server (506) is an x86 architecture (Intel or AMD) or any other standard multi-core device such as Power and ARM clusters. The server-executable application communicates with different clusters via the host memory/interface controller (501). This hardware infrastructure consists of a group of single or multiple systems that can run on the same or different operating systems and applications. In this embodiment, the (VCSS1) system is a secure cluster and a stacking layer (502), the (VCSS2) system is a secure cluster and a stacking layer (503), and the (VCNIS1) is a network, an I/O cluster, and a stack. The layer (505_A), (VCNIS2) system is the network, I/O cluster, and stacking layer (504_A). A communication link (507) or a shared memory (508) between a plurality of system processors communicates. The communication link between the processors can be any network connection, parallel bus or serial bus connection. The network connection in the embodiment may be any open standard Ethernet and InfiniBand infinite link, the parallel bus may be PCI and PCI-x open standards, and the serial bus may be PCI-e (PCI Express multi-generation device) ) and RapidIO.

This hardware infrastructure consists of one or more identical or different "systems" running on the same or different operating systems, and the same or different instant software stacking layers and applications that can run simultaneously on the host (506). The software is stacked on the layer.

Figure 5D illustrates the state of hardware infrastructure integration or use of an application server (101) used by the present system (102), (102_A) and future new systems (102_B), in accordance with a specific embodiment. The future system (102_B) is a new data-driven system that is an application architecture, such as the pattern recognition, image or AI application described above, and can be any type of multimedia material rich in content. The host (506) standard server is an x86 architecture or any other standard multi-core device such as Power and ARM clusters. The server-executable application communicates with different clusters via the host memory/interface controller (501). This hardware infrastructure consists of a group of single or multiple systems that can run on the same or different operating systems and the same or different instant software stacking layers and applications, while at the host (506) Run the application's software stack layer. The future system (102_B) is a new data-driven system and a new application, such as pattern recognition or artificial intelligence data analysis, which can be expanded into multiple different kinds of data drive systems (102) and (102_A) by (102_B). A system combination of homogeneity or heterogeneity or interaction.

5E illustrates a hardware infrastructure used by the system in accordance with a specific embodiment. The host (506) standard server is an x86 architecture (Intel or AMD) or any other standard multi-core device, such as Power and ARM clusters. The server-executable application communicates with different clusters via the host memory/interface controller (501). This hardware infrastructure consists of a group of single or multiple systems that can run on the same or different operating systems and applications. In this embodiment, the PE1 (VCNIS1) system is a network device, an I/O cluster, and a stacking layer (502). The PE2 (VCSS2) system is a secure cluster and stacking layer (503). The PE3 (VCNS1) system is a video plus code (compression) and decoding (decompressing) cluster and stacking layer (505). The PE4 (VCNS2) system is a new data cluster and stacking layer (504). Multiple systems communicate via a communication link (507) or shared memory (508) between processors. PE3 is a new data application (video) running in multi-core clusters and software applications. PE4 can be any new data type system such as an imaging application running in its multi-core clustered application. This hardware infrastructure consists of one or more identical or different "systems" running on the same or different operating systems and the same or different instant software stacking layers and applications that can run simultaneously on the host (506). The software is stacked on the layer.

6 illustrates a system layer configuration with virtualization support functionality according to a specific embodiment. When the application server (601) is virtualized, it may include one or more virtualized hosts having virtual hosts (610) and (611) A virtual machine running on. The virtual host has different virtual machines running and managed by the host management program (609), and each virtual machine (VM) running package Includes operating system (OS) and application (App). This server (601) has a virtual machine running in a multi-core cluster and memory (608) requesting processing of packets and/or secure applications. The multi-core cluster and memory (608) and the management program (609) are communicated by the drive device (602) using a network interface card (NIC) (607). When there is no VCSS (602), the PCI-e back is used. The board (606) performs access to the network (615). When VCSS (602) is installed and started, the mediation software (612) in the virtualization system (601) is part of the software infrastructure (301) that communicates with the VCSS (602) and the hypervisor (609). The instant system's mediation software (617) converts all service calls or APIs from the system (601) into different virtual machines. Running on VCSS (602) and the instant management program (604), in addition to managing virtual machines, it can be used to schedule and configure resources. The VCSS (602) includes a hardware card device with a multi-core cluster (605) (HW/multi-core cluster and memory) device, an instant management program (604) for resource scheduling and configuration, and a The interface of the virtual machine support device (603) and a plurality of secure virtual machine functions (SF1, SF2, ..., SFn) (613) and packet processing virtual machines (PKT1, PKT2, ..., PKTn) (614) are stored in the memory. (605). The mediation software (617) used by the management program (604) and the VM support device (603) interface to different virtual machine functions and hardware drivers used by the multi-core cluster (605) (HW/multi-core cluster & memory) ( 616), any hardware functional block required to control the system VCSS (602), such as a hardware functional block of the NIC (607) or any other block. The driver (616), (626) will be explained in more detail below.

In computing, a device driver (often referred to simply as a driver) means an application that can be manipulated or controlled on a particular device. The driver provides the software interface to the hardware device, allowing the operating system and other computer programs to access the hardware functions without having to know the details of the hardware usage.

Management program (609) (or host management program) is also called virtual machine management. (VMM), which allows multiple operating systems, visitors to be on the host computer at the same time, or allows virtual machine self-storage systems and other servers to be converted into (601) by (NIC) 607 or PCI-e (606). . Such a name is because it is maintained at a higher level of monitoring, and the hypervisor provides a virtual operating platform for the guest operating system and manages the execution of the guest operating system. Numerous operating systems share virtualized hardware resources. The hypervisor can be installed in the server hardware that performs the task of the operating system. The hypervisor virtualization system is used for specific server hardware specific tasks, but usually Can be used on desktop, portable and handheld devices. Commercial products of the host management program (609) include, but are not limited to, VMware's vSphere and ESXi, Citrix's Xen, RedHat's KVM, and Microsoft's Hyper-V.

The Instant Management Program (604), also known as the Embedded Management Program, is a real-time architecture management program that can be used in real-time embedded system virtualization, allowing developers to integrate multiple devices in a single device. The instant operating system, which improves and expands the functionality of the device, helps to promote the reliability and risk of multi-core clusters, and provides new software configuration options needed to build next-generation embedded devices. The embedded management program on the hardware card includes but is not limited to products provided by Windriver, Mentor Graphics and Green Hills software, or any similar products such as the commercially available open source instant management program or any semiconductor vendor, such as Freescale. , Cavium Networks, ARM and Intel or any similar product that develops embedded management programs on its own.

Many secure virtual machine functions SF1, SF2...SFn (613) and packet processing virtual machine functions PKT1, PKT2...PKTn (614) and all other virtual machines of real-time architecture can be divided into HW/multi-core clusters and memory ( 605). Because it is a software format, it can be stored in the memory of the HW/multi-core cluster and memory (605) during startup or use of the external storage system and started by the embedded management program (604). If necessary, borrow This function is introduced by the control of the software infrastructure. In addition, the hypervisor running on the application server 601 can launch SF1...SFn or PKT1...PKTn virtual machines on behalf of virtual machines running on 610 and/or 611. When the virtual machine in (611) or (610) requests to perform network packet processing and security functions, the request is transmitted to the interface (603). The mediation software (612) translates the service request into a service request for the interface (603), and upon receiving the request from the interface (603), initiates a PKT1...PKTn (614) request to issue a network access. The same situation can also be applied to the secure virtual machines SF1...SFn (613). If the virtual machine in (611) or (610) requests the service of the security function, the mediation software (612) is converted into the interface (603). The response of the request, interface (603) is that the server group issues a security request, and the virtual machine SF1 or SF2...SFn is started by the intermediary software (617) of the interface (603). Upon completion of the service, the results are passed back to the virtual machine (611) or (610) by (612). The VCSS (602) re-expandable description is as follows, according to the description of the specific embodiment. The SF1...SFn or PKT1...PKTn virtual machine can also be expanded to an instant virtual machine for the RCM application described below. This hardware infrastructure consists of one or more identical or different "systems" running on the same or different instant software virtual machines, and the application and virtual machines can run simultaneously in the virtual host in the system (601) (611) Or (610). Multiple virtualization systems have the same or different multi-core clusters, and the same or different real-time architecture management programs can have the same or different instant software stack layers, the same or different multiplexed virtual machines (embodiments) and applications At the same time, it corresponds to (610) and (611) running in the system (601). According to a specific embodiment, in another aspect, the system can provide a virtualized security function and a network packet processing function. The virtualization security platform includes a combination of a hardware multi-core cluster (211) and a software platform. The built-in hardware card top layer is the foundation of the cloud computing security platform. In addition, other software virtual machines are included, which can be used to incorporate network packet processing and secure virtual machine offload into the instant software stack layer integration (102) of the system (101) virtualization server. Virtualized network packet processing, network services, and security features can be virtualized by virtual hosts Machine control, this virtual host is controlled by a virtual machine in the monitoring system (102).

6A illustrates a system layer configuration with virtualization support function according to a specific embodiment. When the application server (601) is virtualized, it may include one or more virtualized virtual hosts, and the virtual machine runs on the virtual machine. Host (610) and (611). The virtual host has different virtual machine running jobs and is managed by the host manager (609). The running jobs of each virtual machine (VM) include an operating system (OS) and an application (App). The virtual machine of this server (601) runs on multi-core cluster and memory (608_A) and can request network function processing, network service processing and/or I/O file system, I/O data cache, etc. Service and control application processing services. The multi-core cluster and memory (608) and the management program (609) communicate with the network interface card (NIC) (607) and the driver (626). When VCNIS (602_A) is not installed, PCI can be used. The -e backplane (606) accesses the network (615). When VCNIS (602_A) is installed and started, the mediation software (612) in the virtualization system (601) is part of the software infrastructure (301), with VCSS (602_A), management program (609), and instant system. The intermediary software (617_A) communicates and converts all service calls or APIs from the system (601) into different virtual machines, running in VCNIS (602_A), in addition to the management of the virtual machine, the instant management program (604_A) controls Resource scheduling and configuration. VCNIS (602_A) includes a hardware card device that includes a multi-core cluster (605) (HW/multi-core cluster and memory), an instant management program (604_A) for resource scheduling and configuration, and a Interface with virtual machine support function (603_A) and many network service virtual machines (Net1, Net2, ..., Netn) (613) and I/O processing virtual machine functions (IO1, IO2, ..., IOn) (614_A) Stored in (605_A) memory. The intermediary software (617_A) is used in the embedded management program (604_A), and integrates VM support (603_A) to interface with different virtual machine functions and hardware drivers (616_A) to allow multi-core cluster (605_A) (HW) / Multicore Cluster & Memory) Used to control any of the system VCNIS (602_A) hard A physical function block, such as a hardware function block of the NIC (607) or any other block. Many of the virtual machine processing functions of network services Net1, Net2, ..., Netn (613_A), I/O processing virtual machine processing functions IO1, IO2, ..., IOn (614_A) and all other real-time architecture virtual machines can share HW / Multi-core cluster and memory (605_A). Because it is a software format, it can be stored in the memory of the HW/multi-core cluster and memory (605_A) and activated by the embedded management program 9604_A) during the transfer or use of the external storage system, if necessary, by Control of software infrastructure introduces this functionality. In addition, the hypervisor (609) running on the application server (601) can represent a Net1...Netn or IO1...IOn virtual machine running on (610) and/or (611). When the virtual machine in (611) or (610) requests to perform a network service or I/O processing function, the request is transmitted to the interface (603_A). The mediation software (612) converts the service request into a service request for the interface (603_A), and upon receiving the request from the interface (603_A), can initiate a request by Net1...Netn (614_A) to issue a network access or network service. The same situation can also be applied to the I/O processing virtual machines IO1...IOn (613_A), and if the virtual machine in (611) or (610) requests the service of the I/O function, the mediation software (612) is converted into an interface. (603_A) The request, interface (603_A) reacts as if the server issued a security request, and the virtual machine IO1 or IO2...IOn is started by the intermediary software (617_A) of the interface (603). Upon completion of the service, the results are passed back to the virtual machine (611) or (610) by (612).

This hardware infrastructure consists of one or more identical or different "virtualized systems" running on the same or different instant management programs. The same or different instant software virtual machines can run simultaneously on the virtual host in the system (601). Medium (611) or (610). The plurality of virtualized "systems" have the same or different multi-core clusters, and the same or different real-time architecture management programs may have the same or different instant software stack layers, with the same or different multiplexed virtual machines (embodiments) and The application also corresponds to (610) and (611) running in the system (601). According to a specific embodiment On the other hand, the system can provide processing functions for virtualized network services, I/O file systems, I/O data caches, and I/O control functions. The virtualized network and I/O platform includes a combination of a hardware multi-core cluster (211) and a software platform. The built-in hardware card top layer is the basis of the cloud computing network and I/O platform. In addition, with other software virtual machine running functions, the network service processing function and I/O virtual machine offload can be incorporated into the instant software stack layer from the system (101) virtualization server and then enter (102_A). This virtualized network service processing function, I/O file system, I/O data cache and I/O functions can be controlled by a virtual machine in the virtual host, which is controlled by the virtual machine of the instant system (102_A). .

FIG. 6B illustrates a system configuration state of the system using the virtualization support function used in the system according to a specific embodiment, which can be integrated into (601) using the existing virtualization system VCNS (602_B). Many new real-time architecture virtual machine functions New1...Newn and IOnew1...IOnewns can be expanded as shown in Figure 6 or Figure 6A.

6C illustrates a virtualized system (602_A) with virtualization support functionality and (602) a configuration state that can be integrated into the virtualization layer application server (601) at its system level, in accordance with a particular embodiment. At startup, all instant virtual machines (SF1..SFn), (PK1..PKn), (Net1..Netn) and (IO1..IOn) can run simultaneously with virtual machines in (610) and (611) .

Therefore, we can expand the existing virtualization system (602), (602_A), and (602_B) into the virtualization system (601) according to the same design of the system layer configuration with virtualization support function. At startup, all instant virtual machines (SF1..SFn), (PK1..PKn), (New1..Newn) (Net1..Netn) and (IO1..IOn), (IONew1..IONewn) can be simultaneously Works with virtual machines in (610) and (611). Multiple "virtualization systems" have the same or different multi-core clusters, with the same or different real-time architecture management programs that allow the same or different instant software stack layers to Related identical or different virtual embodiment devices and applications run simultaneously in (610) and/or (611) in system (601).

Figure 6D illustrates a configuration of a system layer of the present virtualization system (602_D) with virtualization functionality integrated into (601), in accordance with a particular embodiment. Many new real-time architecture virtual machine functions New1, New2...Newn and Dat1, Dat2..Datn can be expanded, as shown in Figure 6, Figure 6A or Figure 6B. VCNew (602_D) can be expanded according to the hardware infrastructure. It can run one or more identical or different "virtualized systems" running on the same or different instant management programs. The same or different software virtual machines can be used with the application. The program virtual machine runs in (610) and/or (611) in the virtualization system (601).

Figure 6E illustrates the configuration of two systems (602_D) and (602_A) with virtualization support functionality integrated into their system layer in (601), in accordance with a particular embodiment. Many new real-time architecture virtual machine functions New1, New2...Newn and Dat1, Dat2...Datn can be expanded, as shown in Figure 6C. The functions of VCNew (602_D) and VCNIS (602_A) can be further extended according to the embodiment in FIG. 6C above.

According to a specific embodiment, it refers to a cloud architecture that provides cloud security functions, including a service oriented architecture (SOA) security layer or other services that can be placed on top of a secure virtualization runtime layer. The service layer of cloud delivery means a complex and decentralized SOA environment, and different services can be distributed in different clouds within the enterprise. This service can be placed in different management or security zones, which can be linked together to form a single cloud application. The SOA security model is fully applicable to the cloud, and the stacking layer of the common agreement of the network services (WS) can form the basis of SOA security, and therefore is the foundation of cloud security.

In one respect, SOA can easily integrate services from different vendors. Compared to most qye SOA environments, cloud computing only needs one step to publish this model because of the cloud. Sometimes it can support a very large number of rented users with the services and standards they need. This support function is also seen in its highly dynamic and fast service form under very complex trust relationships. In particular, cloud SOA can sometimes support and open up to a large user base, but cannot consider the relationship between cloud service providers and subscribers.

Those skilled in the art will appreciate that the present system is not limited to the application of the multi-core cluster configuration referred to herein, and that its specific embodiments include any other suitable alternative application to the cost goal. The description and illustrations herein include secure software applications, network packet processing functions, network services, I/O file systems, I/O data cache and I/O control functions, and in particular embodiments including audio compression. And decompression, video and other compression and decompression. Execution of this application can be extended to image compression and decompression, voice compression and decompression, or any RCM (content-rich multimedia) replacement application mentioned in this article and any matter that is rich in data types, up to the goal of the invention. .

The above description is only for convenience of the description herein, and the specific numerical values mentioned herein are only used to facilitate a thorough understanding of the present document. However, to those skilled in the art, these detailed descriptions are not necessarily required to teach the content of this document.

The detailed description of this part is about the algorithms and marking symbols used in computer memory. The descriptions and symbology of these algorithms are often used by those who specialize in data processing techniques, and can effectively express the content of this article on the invention process. The algorithms mentioned in this paper can generally be regarded as self-consistent description steps that can be used to preset results. These steps are required for the actual operation of physical quantities. Usually, however, these values may not be stored, transmitted, combined, compared, and otherwise manipulated by electrical or magnetic signals. Sometimes these bits, values, elements, characteristics, terms, quantities, or the like are simply indicated in a manner that is generally convenient.

However, it should be borne in mind that the use of these and similar terms only involves the relevant appropriate physics. For the sake of convenience, the symbolic indication of these physical quantities is performed. Unless otherwise stated in the discussion below, the appropriate expressions in the entire discussion may be "processing", "operation", "calculation", "decision", "display" or similar terms, meaning computer systems or The processing action of an electronic computing device means that the operation and conversion of data in the computer system becomes a physical quantity (electronic format) into the login area or the memory, as other memory, login area or other such information in the computer system. A similar physical quantity in a storage area, transmission or display device.

The description herein is directed to apparatus for performing the related operations herein. The apparatus may be particularly useful for a specific purpose of operation, and may include a general purpose computer device that can be selectively activated or configured by a program stored in the computer. The computer program can be stored on a computer that can read the storage medium, such as but not limited to any kind of hard disk, floppy disk, optical disk, CD-ROMs, magneto-optical disk, read-only memory (ROM), random removable memory. (RAM), EPROM, EEPROMs, magnetic or optical card, SSD, NVM or any kind of media that can be used to store electronic data and various connected computer system bus devices.

The algorithms mentioned in this article are not intended to emphasize the relevance of any particular computer or other device. Systems for different purposes, computer servers or personal computers may be used according to the teaching installation program in this article, or may be more structured for convenience. The professional device performs the required method steps. The structure required for these different systems is described below, and it is known that different programming languages can be used to implement the teachings herein.

Furthermore, the different features of the embodiments and their associated patent claims may be combined with non-specific, specific examples to provide a particular embodiment that is useful in the teachings of the invention. It should also be expressly noted that all numerical ranges or indications of the contents of any entity may be used to limit the relative purpose of the subject matter of the patent claims. Should also clearly notice the map The dimensions and shapes of the various elements in the aspects are only used to assist in understanding the teachings of the present invention, but are not intended to limit the dimensions and shape ranges in the embodiments.

This article describes cloud security virtualization, cloud network virtualization, and I/O-related "systems" and application methods. Although the description of the specific embodiments is provided for specific embodiments and attributes, the concepts referred to herein are not limited to the specific embodiments or systems, and may be extended to other specific embodiments. These ranges of concepts are specific embodiments mentioned in the description of other subsequent patent claims.

(101)‧‧‧Application Server

(102)‧‧‧System VCSS

(103)‧‧‧Server application

(104) ‧‧‧Multi-Working System (OS)

(105)‧‧‧Intermediary software agent

(106)‧‧‧Device drivers

(107)‧‧‧Intermediate software interface program

(108)‧‧‧Multi-core cluster

(109)‧‧‧PCI-e backplane

(110)‧‧‧Network Interface Card (NIC)

(111)‧‧‧Network access path

Claims (72)

A distributed computing system includes: a network interface and/or a communication connection between processors; a so-called first processing cluster link network interface and/or communication link organization between processors, the first The processing cluster contains one or more hardware cores, where the first processing cluster can be configured to execute a multi-work system and/or configuration using a multiplexed instruction set; there is a so-called second processing cluster link a network interface and/or a communication link between the processors to link the first processing cluster, wherein the second processing cluster contains one or more hardware cores, and the second processing cluster is configurable Execute the real-time operating system and/or configuration using the instruction set; a first agent group executed by the real-time operating system, configured to receive the immediate processing request from the first processing cluster, and reply to the processing result to the first Process the cluster to respond to requests that are processed on-the-fly, and; a set of software stacking layers that are used to allocate programs that perform processing on the first processing cluster based on specific instant processing requests in the processing job Source, required by the routing process the immediate processing in response to a second processing clusters, wherein the immediate processing request containing one or more I / O functions. The distributed computing system of claim 1, wherein the one or more I/O functions include a data cache function and an I/O body control function. The distributed computing system of claim 2, wherein the I/O function stores and aggregates at least one computer file, and the installation request can access the file located in the storage device. A third distributed computing system as described in claim 3, wherein the computer file is located in a storage system of the local system or the network. The distributed computing system of claim 4, wherein the storage device is a hard disk, a CD-ROM or an SSD or a non-volatile memory (NVM) or a hybrid of a hard disk and an SSD/NVM. The distributed computing system of claim 3, wherein the computer file can be managed, accessed, read and maintained by the file system into a shared file system and/or a network file system and/or an object file. system. The distributed computing system of claim 4, wherein the plurality of computer files are located in a storage system of the local system or the network. The distributed computing system of claim 5, wherein the storage device is a plurality of hard disks, CD-ROMs and/or SSDs and/or non-volatile memory (NVMs) and/or hard disks and SSDs. /NVM mixing device. The distributed computing system of claim 7, wherein the plurality of computer files can be managed, accessed, read and maintained by one or more file systems into a file sharing system and/or network file. System and / or object file system. The distributed computing system of claim 1, wherein the first processing cluster is managed by a virtual server system. The distributed computing system of claim 1, wherein the second processing cluster may further comprise an instant management program for coordinating the plurality of cores of the second processing cluster, using an instant management program by using The cores of the two processing clusters assign service requests from the first processing cluster to the virtual machine. The distributed computing system of claim 11, wherein the first processing cluster is managed by a plurality of hypervisors or a multi-work system having a plurality of cores. The distributed computing system of claim 11, wherein the first processing cluster has a plurality of identical clusters managed by one or more hypervisors or a multi-cluster multi-work system. The distributed computing system of claim 1, wherein the second processing cluster is managed by an instant management program or a multi-cluster real-time operating system. The distributed computing system of claim 1, wherein the second processing cluster has a plurality of identical processing clusters, managed by an instant management program or an instant operating system including at least two clusters. The distributed computing system according to claim 1, further comprising: an application layer server agent, an intermediary software server agent executed in the second processing cluster, and a corresponding intermediary software slot, The first clustered execution agent client. The distributed computing system of claim 1, wherein the second processing cluster comprises a plurality of cores, and at least two different cores have optimization functions for different jobs. The distributed computing system of claim 1, wherein the second processing cluster comprises a plurality of cores, and at least two different clusters have optimization functions for different jobs. The distributed computing system of claim 17, wherein the different operations include I/O functions, network functions, network services, a security function, a content-rich compression (plus code), and decompression (decoding). )Features. The distributed computing system of claim 19, wherein the second processing cluster comprises a plurality of cores, and at least two cores have optimized functions for a plurality of different jobs. The distributed computing system of claim 19, wherein the second processing cluster comprises a plurality of cores, and at least two different cores have optimized functions for a plurality of different operations. can. The distributed computing system of claim 2, wherein the one or more data cache functions are DRAM, SRAM, SSD, non-volatile memory (NVM) or different memory, DRAM, SRAM Mixed data cache device consisting of SSD and NVM. The distributed computing system of claim 2, wherein the one or more data cache functions can use one or more DRAM, SRAM, SSD, non-volatile memory (NVM) or multiple different memories. Mixed data cache device consisting of body, DRAM, SRAM, SSD and NVM. The distributed computing system described in claim 19, may further include one or more I/O functions, network functions, network services, VLANs, link aggregation, GRE encapsulation, and IP tunneling. GTP and IP, Layer 2/3 forwarding with virtual route management, routing and virtual routing, network coverage terminals, TCP endpoints, traffic management, service links, extended unlimited traffic, virtual address planning and buffer management, security Features, rich in content compression (plus code) and decompression (decoding). For example, in the distributed computing system described in claim 16, a new code can be downloaded by the intermediary software client agent in the first processing cluster, by using the agent and agent in the application layer server. The software server agent and the intermediary software client agent execute. For example, in the distributed computing system described in claim 16, a new virtual machine can be downloaded by the intermediary software client agent in the first processing cluster, by using the agent and agent in the application layer server. The software server agent and the intermediary software client agent execute. For example, in the distributed computing system described in claim 16, a new service can be downloaded by the intermediary software client agent in the first processing cluster, by using the application layer server. The agent, the intermediary software server agent and the intermediary software client agent execute. A method of computing a distributed system includes: a. Performing application processing using a multiplexed cluster with one or more hardware cores configured to perform a multi-work system and/or configuration using multiple a set of immediate operations; the cluster includes one or more hardware cores configured to execute an immediate operating system and/or use an instant instruction set, wherein the instant instruction set contains one or Multiple I/O functions; c. An application's jobs can be parsed into immediate or non-instant processing; d. Communicate with real-time handlers to make requests on network connections and/or to perform processor communication from a multiplexed processing cluster Linking instant job clusters; and e. Providing instant processing results from real-time job clusters to multiplexed clusters. The method of claim 28, wherein the one or more I/O functions include a data cache function and an I/O software control function. The method of claim 29, wherein the I/O function can store and summarize at least one computer file, and access the computer file when requested. The method of claim 30, wherein the computer file and data are located in a storage system of the local system or the network. The method of claim 31, wherein the storage device means a hard disk, a CD-ROM or an SSD, or a non-volatile memory (NVM) or a hybrid device of a hard disk and an SSD/NVM. The method of claim 30, wherein the computer file can be managed, accessed, read, or executed by a file system, and/or a network file system, and/or an object file system. Storage and maintenance. The distributed computing system of claim 31, wherein the plurality of computer files are located in a storage system of the local system or the network. The distributed computing system of claim 32, wherein the storage device means a plurality of hard disks, a CD-ROM or an SSD, or a non-volatile memory (NVM) or a mixture of a hard disk and an SSD/NVM. Device. The distributed computing system of claim 34, wherein the plurality of computer files can be a file sharing system, and/or a network file system, and/or an object by using one or more file systems. File system management, access, reading, storage and maintenance. The method of claim 28, wherein the first cluster is managed by a virtualization server system. The method of claim 28, wherein the first cluster is managed by a multiplex management program or a multi-core multi-work system. The method of claim 28, wherein the first cluster has a plurality of identical clusters managed by a multiplex management program or a multi-core multi-work system. The method of claim 28, wherein the second cluster is managed by a multiplex management program or a multi-core multi-work system. The method of claim 28, further comprising: an application layer server agent, an intermediary software server agent executing on the second processing cluster, and executing on the first processing cluster Corresponding intermediary software server agent. The method of claim 28, wherein the second cluster comprises a plurality of cores having different cores optimized for at least two remote operating functions. The method of claim 28, wherein the second cluster comprises a plurality of cores, different clusters having at least two remote job functions optimized. The method of claim 41, wherein the remote operation comprises an I/O function, a network function, a network service, a security function, a content-rich compression (plus code), and a decompression (decoding) function. The method of claim 44, wherein the second cluster comprises a plurality of cores having at least two different cores optimized for a plurality of remote operating functions. The method of claim 44, wherein the second cluster comprises a plurality of cores having at least two different clusters optimized for a plurality of remote job functions. The method of claim 28, wherein the second cluster further includes an instant management program for coordinating the plurality of cores of the second processing cluster, and the service request from the first processing cluster Assigned to the instant management program to manage the virtual machines executed by the multi-core on the second processing cluster. The method of claim 28, wherein the instant job cluster further includes an instant management program for coordinating multiple clusters of instant jobs, and assigning service requests from the multiplex cluster to the instant management program The managed virtual machines are executed by multiple clusters of instant job clusters. The method of claim 28, wherein the multiplexed cluster is managed by a multiplex management program or a multi-work system. The method of claim 28, wherein the instant job cluster is managed by a multiplex management program or a multi-work system. The method of claim 28, wherein the second processing cluster comprises a plurality of cores, at least two different cores having optimized functions for different jobs. One of the methods described in claim 29, which can be performed by a DRAM, SRAM, SSD, non-volatile memory (NVM) or a hybrid device of different memories, DRAM, SRAM, SSD, and NVM. Or multiple data cache functions. The method described in claim 29 can be made into a data cache area by DRAM, SRAM, SSD, non-volatile memory (NVM) or different memory, or by DRAM, SRAM, SSD and NVM. The hybrid device becomes a data cache and performs one or more of the data cache functions. For example, in the method described in claim 41, a new code can be downloaded by the intermediary software client agent in the first processing cluster, by using the agent in the application layer server, the intermediary software server. The agent and the intermediary software client agent execute. For example, in the method described in claim 41, a new virtual machine can be downloaded by the intermediary software client agent in the first processing cluster, by using the agent in the application layer server, the intermediary software server. The agent and the intermediary software client agent execute. For example, in the method described in claim 41, a new service can be downloaded by the intermediary software client agent in the first processing cluster, by using the agent in the application layer server, the agent software server agent. The program and the intermediary software client agent execute. For example, the distributed computing system described in claim 1 wherein the first processing cluster includes multiple cores, is managed by a multiplex management program or a multi-core multi-work system, and has at least two different cores. Features with remote work optimization. For example, the distributed computing system described in claim 1 wherein the first processing cluster includes multiple cores, is managed by a multiplex management program or a multi-core multi-work system, and has at least two different groups. Sets features that are optimized for remote work. The distributed computing system according to claim 1, wherein the first processing cluster comprises a plurality of application stacking layers, and is managed by a multiplex management program or a multi-core multi-work system, at least two A different core has the ability to optimize remote work. The distributed computing system according to claim 1, wherein the first processing cluster comprises a plurality of application stacking layers, and is managed by a multiplex management program or a multi-cluster multi-work system, at least Two different clusters have the ability to optimize remote jobs. The distributed computing system of claim 1, wherein the second processing cluster comprises a plurality of instant application stacking layers, and at least two different cores have remote operation optimization functions. The distributed computing system of claim 1, wherein the second processing cluster includes multiple instant application stacking layers, more than two clusters, and at least two different clusters having remote operations Optimized features. The distributed computing system of claim 19, wherein the second processing cluster comprises a plurality of instant application stacking layers, and there are more than two cores and at least two different cores having the best distance remote operation. Functionality. The distributed computing system of claim 19, wherein the second processing cluster comprises a plurality of instant application stacking layers, more than two clusters and at least two different clusters having remote operations Optimized features. The method of claim 28, wherein the first processing cluster comprises a plurality of cores managed by a multiplex management program or a multi-core multi-work system, and at least two remote operation functions are optimized. Different cores. The method of claim 28, wherein the first processing cluster comprises a plurality of cores A multiplex management program or a multi-core, multi-work system management with different clusters optimized for at least two remote job functions. The method of claim 28, wherein the first processing cluster comprises a plurality of application stack layers managed by a multiplex management program or a multi-core multi-work system, having at least two remote jobs Different cores for functional optimization. The method of claim 28, wherein the first processing cluster comprises a plurality of application stack layers managed by a multiplex management program or a multi-core multi-work system, having at least two remote jobs Different clusters that are functionally optimized. The method of claim 28, wherein the second processing cluster comprises a plurality of instant application stacking layers, having different cores with more than two cores and at least two remote working functions optimized. The method of claim 28, wherein the second processing cluster comprises a plurality of instant application stacking layers, having different clusters with more than two clusters and at least two remote job functions optimized. The method of claim 44, wherein the second processing cluster comprises a plurality of instant application stack layers, having different cores with more than two cores and at least two remote job functions optimized. The method of claim 44, wherein the second processing cluster comprises a plurality of instant application stacking layers, having different clusters with more than two clusters and at least two remote job functions optimized.