Career

Education

Stanford University, MS Electrical Engineering, Computer Systems

University of California (Santa Barbara), BA (highest honors), Computer Science

About

(Retired July 2013)

Over 30 years of professional accomplishments in systems architecture, systems software R&D, software project management, and multi-function business management. A unique combination of in-depth technical knowledge combined with broad administrative, communication, and management skills has contributed to a record of outstanding performance, producing exemplary results and acknowledgement as an exceptional people, project, and business manager AND a creative, insightful, and efficient systems architect and open source software designer/developer.

Specialties: Recognized as a skilled leader with a demonstrated aptitude for:

o building successful, highly motivated teams that deliver top-quality on-time results

o optimizing engineering and resource usage for maximum efficiency

o communicating effectively at all levels of the organization

o designing and developing complex systems software

o analyzing and improving systems and software performance

Experience

Consulting Developer, Virtualization and Linux Kernel

Oracle Corp.

Sep 2007 - Jul 2013

• • Xen development, including optimizing physical memory management across virtual machines, and time virtualization.

  • Linux kernel memory management development including cleancache, frontswap, zcache, and ramster. (Search lwn.net for Transcendent Memory in a Nutshell, The Future Calculus of Memory Management, In-kernel Compression.)

Principal Scientist, Virtualization Research

Hewlett Packard Laboratories

April 2001 - May 2007

• • Innovative research at the intersection of systems architecture and software virtualization, including "transformational virtualization" and other proprietary directions. Initiated, designed, and implemented first open source port of the Xen virtual machine monitor to a non-x86 architecture; led and built Xen/ia64 community to include dozens of worldwide contributors from many companies and a mailing list of hundreds; handed off to product division to complete delivery to customers via top two Linux distros. Led architecture and design for vBlades, the first VMM for Itanium. Delivered key contributions for research Secure Platform Architecture including fully functional port of Linux, dramatic performance improvements, and instruction set simulator enhancements.

  • Innovative research at the intersection of systems architecture and software virtualization, including "transformational virtualization" and other proprietary directions. Initiated, designed, and implemented first open source port of the Xen virtual machine monitor to a non-x86 architecture; led and built Xen/ia64 community to include dozens of worldwide contributors from many companies and a mailing list of hundreds; handed off to product division to complete delivery to customers via top two Linux distros. Led architecture and design for vBlades, the first VMM for Itanium. Delivered key contributions for research Secure Platform Architecture including fully functional port of Linux, dramatic performance improvements, and instruction set simulator enhancements.

R&D Manager

Hewlett Packard (various divisions)

June 1985 - April 2001

• • 16 years of various R&D management positions, including: 

    • Storage Systems Division. Rebuilt an R&D team responsible for managing technical relationships with backup application providers (e.g. Veritas, CA).

    • Network Server Division. Program managed R&D relationship with Microsoft. Built from scratch a remote R&D team responsible for joint development of a clustering/high-availability solution for Windows NT.

    • Software Engineering Systems Division. Managed cross-functional (R&D, marketing, learning products, sales development) "micro-division" that enabled $3.5 million in software sales of the business SoftBench product family.

    • Computer Language Labs. Initiated and led a multi-organizational team that delivered a last-minute 37% performance boost for HP's first PA-RISC entry into the mainstream workstation market. Managed various teams, including Fortran and C++ compilers, Motorola 68K code-gen/optimization, math libraries, software architecture, and performance tools.

Lead Engineer / Member of Technical Staff

Hewlett Packard (various divisions)

Feb 1982 - May 1985

• • Designed and implemented PA-RISC simulator and remote debugger -- over 30K lines of C code that exceeded performance projections by two orders of magnitude; both tools were in user for over 15 years by PA-RISC systems designers. Conceived and prototyped HP3000 emulator and object code translator technology that enabled PA-RISC to successfully replace the HP3000 architecture. Developed a concise, high-performance integer multiplication algorithm that simplified several generations of PA-RISC CPU implementations and was referenced in a seminal computer architecture textbook. Contributed to the initial PA-RISC architecture. Rewrote the HP-UX linker from scratch and contributed to procedure call conventions, object file format definition, and C compiler debugging.

Programmer

Digital Sound Corporation

June 1979 - Dec 1981

• Coded process control and inventory management applications and systems support tools.

Patents (9)

Selecting one of plural layouts of virtual machines on physical machines; US 9092250 · Issued Jul 28, 2015

• • • To provide an arrangement of virtual machines on physical machines, at least one controller compares indicators associated with plural different layouts of the virtual machines on the physical machines, wherein the indicators provide information regarding performances of corresponding layouts. The at least one controller selects one of the plural layouts based on the comparing.

    • To provide an arrangement of virtual machines on physical machines, at least one controller compares indicators associated with plural different layouts of the virtual machines on the physical machines, wherein the indicators provide information regarding performances of corresponding layouts. The at least one controller selects one of the plural layouts based on the comparing.

Peer-to-peer transcendent memory; US 8775755 · Issued Jul 8, 2014

• • • Various arrangements for utilizing memory of a remote computer system are presented. Two computer systems may allocate a portion of RAM accessible to a memory-access API. A first set of data from the first portion of the first memory of a first computer system may be determined to be moved to memory of another computer system. The first set of data from the first portion of the first memory may be transmitted for storage in the second portion of the second memory of a second computer system. Using the second memory-access API, the set of data may be stored in the second portion of the second memory. Using the first memory-access API, the set of data from the first portion of the first memory may be deleted.

    • Various arrangements for utilizing memory of a remote computer system are presented. Two computer systems may allocate a portion of RAM accessible to a memory-access API. A first set of data from the first portion of the first memory of a first computer system may be determined to be moved to memory of another computer system. The first set of data from the first portion of the first memory may be transmitted for storage in the second portion of the second memory of a second computer system. Using the second memory-access API, the set of data may be stored in the second portion of the second memory. Using the first memory-access API, the set of data from the first portion of the first memory may be deleted.

Methods and systems for implementing transcendent page caching; US 8769205 · Issued Jul 1, 2014

• • • This disclosure describes, generally, methods and systems for implementing transcendent page caching. The method includes establishing a plurality of virtual machines on a physical machine. Each of the plurality of virtual machines includes a private cache, and a portion of each of the private caches is used to create a shared cache maintained by a hypervisor. The method further includes delaying the removal of the at least one of stored memory pages, storing the at least one of stored memory pages in the shared cache, and requesting, by one of the plurality of virtual machines, the at least one of the stored memory pages from the shared cache. Further, the method includes determining that the at least one of the stored memory pages is stored in the shared cache, and transferring the at least one of the stored shared memory pages to the one of the plurality of virtual machines.

    • This disclosure describes, generally, methods and systems for implementing transcendent page caching. The method includes establishing a plurality of virtual machines on a physical machine. Each of the plurality of virtual machines includes a private cache, and a portion of each of the private caches is used to create a shared cache maintained by a hypervisor. The method further includes delaying the removal of the at least one of stored memory pages, storing the at least one of stored memory pages in the shared cache, and requesting, by one of the plurality of virtual machines, the at least one of the stored memory pages from the shared cache. Further, the method includes determining that the at least one of the stored memory pages is stored in the shared cache, and transferring the at least one of the stored shared memory pages to the one of the plurality of virtual machines.

Virtualization with binary translation; US 8327354 · Issued Dec 4, 2012

• • • A system for providing virtualization that includes a processor operable to execute one or more machine-readable instructions, the processor having a native instruction set architecture (ISA) and a virtual machine monitor (VMM) operable to host at least a first virtual machine having a first ISA different from the native ISA, the VMM having integrated therein a first dynamic binary translation (DBT) layer to assist in an execution of a first application of the first ISA in the first virtual machine by the processor having the native ISA.

    • A system for providing virtualization that includes a processor operable to execute one or more machine-readable instructions, the processor having a native instruction set architecture (ISA) and a virtual machine monitor (VMM) operable to host at least a first virtual machine having a first ISA different from the native ISA, the VMM having integrated therein a first dynamic binary translation (DBT) layer to assist in an execution of a first application of the first ISA in the first virtual machine by the processor having the native ISA.

Flexible operating system operable as either native or as virtualized; US 7877747 · Issued Jan 25, 2011

• • • According to at least one embodiment, a flexible operating system comprises operability for executing in a first manner as a native operating system on a computer system and for executing in a second manner as a virtualized operating system on the computer system. The flexible operating system further comprises code for determining whether it is being used as a native operating system or as a virtualized operating system on the computer system.

    • According to at least one embodiment, a flexible operating system comprises operability for executing in a first manner as a native operating system on a computer system and for executing in a second manner as a virtualized operating system on the computer system. The flexible operating system further comprises code for determining whether it is being used as a native operating system or as a virtualized operating system on the computer system.

Delivery of an interruption to an operating system; US 7363536 · Issued Apr 26, 2008

• • • One embodiment of the invention is a method for handling an interruption during execution of an application on a computer system that uses a register stack, the method comprising receiving the interruption by a hypervisor, sending the interruption to an operating system for handling; if the register stack has a fault, then generating, by the operating system, another interruption that is delivered to the hypervisor; after receiving the another interruption, covering, by the hypervisor, the register stack; after covering the register stack, sending the interruption to the operating system for handling; and after handling, returning to execution of the application.

    • One embodiment of the invention is a method for handling an interruption during execution of an application on a computer system that uses a register stack, the method comprising receiving the interruption by a hypervisor, sending the interruption to an operating system for handling; if the register stack has a fault, then generating, by the operating system, another interruption that is delivered to the hypervisor; after receiving the another interruption, covering, by the hypervisor, the register stack; after covering the register stack, sending the interruption to the operating system for handling; and after handling, returning to execution of the application.

Migrating a virtual machine from a first physical machine in response to receiving a command to lower a power mode of the first physical machine; US 8,296,760 · Issued Oct 27, 2006

• • • A command is received to place a first physical machine into a lower power mode. The first physical machine has a virtual machine. In response to the received command, a procedure is performed to migrate the virtual machine from the first physical machine to a second physical machine.

    • A command is received to place a first physical machine into a lower power mode. The first physical machine has a virtual machine. In response to the received command, a procedure is performed to migrate the virtual machine from the first physical machine to a second physical machine.

Method and apparatus for system caller authenticationUS 7,784,063 · Issued Jun 14, 2004

• • • In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.

    • In various embodiments of the present invention, execution-state transitions occur in a first portion of a system, and a cumulative execution state for each process is maintained by a second portion of the system so that, when a second-portion routine is called, the second-portion routine can determine whether or not the current execution state is suitable for execution of the second-portion routine. In various embodiments, a callpoint log, allocated and maintained for each process, stores the cumulative execution state for the process. In one embodiment, the first portion is an operating system, and the second portion is a secure kernel, with the cumulative execution state used by the secure kernel to prevent unauthorized access by erroneously or maliciously invoked operating-system routines to secure kernel routines. In another embodiment, the cumulative execution state is used as a debugging tool by the second-portion routines to catch errors in the implementation of the first-portion routines.

Secure machine platform that interfaces to operating systems and customized control programs; US 7,073,059 · Issued Apr 8, 2002

• • • A combined-hardware-and-software secure-platform interface to which operating systems and customized control programs interface within a computer system. The combined-hardware-and-software secure-platform interface employs a hardware platform that provides at least four privilege levels, non-privileged instructions, non-privileged registers, privileged instructions, privileged registers, and firmware interfaces. The combined-hardware-and-software secure-platform interface conceals all privileged instructions, privileged registers, and firmware interfaces and privileged registers from direct access by operating systems and custom control programs, providing to the operating systems and custom control programs the non-privileged instructions and non-privileged registers provided by the hardware platform as well as a set of callable software services. The callable services provide a set of secure-platform management services for operational control of hardware resources that neither exposes privileged instructions, privileged registers, nor firmware interfaces of the hardware nor simulates privileged instructions and privileged registers. The callable services also provide a set of security-management services that employ internally generated secret data, each compartmentalized security-management service managing internal secret data without exposing the internal secret data to computational entities other than the security-management service itself.

    • A combined-hardware-and-software secure-platform interface to which operating systems and customized control programs interface within a computer system. The combined-hardware-and-software secure-platform interface employs a hardware platform that provides at least four privilege levels, non-privileged instructions, non-privileged registers, privileged instructions, privileged registers, and firmware interfaces. The combined-hardware-and-software secure-platform interface conceals all privileged instructions, privileged registers, and firmware interfaces and privileged registers from direct access by operating systems and custom control programs, providing to the operating systems and custom control programs the non-privileged instructions and non-privileged registers provided by the hardware platform as well as a set of callable software services. The callable services provide a set of secure-platform management services for operational control of hardware resources that neither exposes privileged instructions, privileged registers, nor firmware interfaces of the hardware nor simulates privileged instructions and privileged registers. The callable services also provide a set of security-management services that employ internally generated secret data, each compartmentalized security-management service managing internal secret data without exposing the internal secret data to computational entities other than the security-management service itself.