Systems and methods are described for providing a GUI for representing tunnels and stretched networks in a virtual entity pathway virtualization. In an example, an application can obtain data related to physical and virtual entities in a stretch network and build a model of the stretch network using the data. The model can be based on a flow of network traffic between two entities. The application can render a GUI that illustrates the flow of traffic between two entities, including any datacenters, physical entities, and virtual entities involved in the network flow. The GUI can display the entities in a way that shows which virtual extensible local area network is being used to transfer the network traffic at each step in the network flow. The GUI can also display icons representing remote tunnel endpoints that show how network traffic is transferred between datacenters.
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 47/2483 - Trafic caractérisé par des attributs spécifiques, p.ex. la priorité ou QoS en impliquant l’identification des flux individuels
Intelligent, transaction-aware table placement minimizes cross-host transactions while supporting full transactional semantics and delivering high throughput at low resource utilization. This placement reducing delays caused by cross-host transaction coordination. Examples determine a count of historical interactions between tables, based on at least a transaction history for a plurality of cross-table transactions. Each table provides an abstraction for data, such as by identifying data objects stored in a data lake. For tables on different hosts, having high count of historical interactions, potential cost savings achievable by moving operational control of a first table to the same host as the second table is compared with the potential cost savings achievable by moving operational control of the second table to the same host as the first table. Based on comparing the relative cost savings, one of the tables may be selected. Operational control of the selected table is moved without moving any of the data objects.
The disclosure provides a method for disaster recovery of a containerized workload running on a first host cluster. The method generally includes prior to determining the containerized workload is unreachable at the first host cluster: obtaining a current state of the containerized workload indicating a number of instances of the containerized workload that are running on the first host cluster; storing one or more images associated with the containerized workload on a second host cluster; and configuring the containerized workload at the second host cluster using the obtained current state without launching the containerized workload at the second host cluster; determining the containerized workload is unreachable; and instantiating instances of the containerized workload in the second host cluster using the stored one or more images, a number of the instances being based on the number of instances of the containerized workload that were running on the first host cluster.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 11/20 - Détection ou correction d'erreur dans une donnée par redondance dans le matériel en utilisant un masquage actif du défaut, p.ex. en déconnectant les éléments défaillants ou en insérant des éléments de rechange
The disclosure provides migration of control plane nodes across multiple architecture platforms. Embodiments include one or more processors configured to backup data of a source control plane node running on a first host, the first host having a first architecture platform, identify a second architecture platform of a second host, the second architecture platform being different than the first architecture platform, select a first control plane binary of a plurality of control plane binaries based on the first control plane binary being for the second architecture platform, wherein the plurality of control plane binaries are for a plurality of architecture platforms, deploy a target control plane node on the second host using the selected first control plane binary, copy the backed up data to the second host to configured the target control plane node, and run the target control plane node on the second host.
G06F 11/14 - Détection ou correction d'erreur dans les données par redondance dans les opérations, p.ex. en utilisant différentes séquences d'opérations aboutissant au même résultat
5.
Document printing in a virtualized computing environment
The capability to print to a portable document format (PDF) file is provided in a virtualized computing environment that supports a virtual desktop infrastructure (VDI). Printing-related properties, of local printers coupled to a client device, are provided to a host, so that virtual printers at the host can be configured with the printing-related properties. A simulator may be provided at the host to receive the printing-related properties from the client device and to receive a query from a virtualized computing instance for the printing-related properties, instead of the query being directly sent to the client device.
The disclosure herein describes deploying a Virtual Secure Enclave (VSE) using a universal enclave binary and a Trusted Runtime (TR). A universal enclave binary is generated that includes a set of binaries of Instruction Set Architectures (ISAs) associated with Trusted Execution Environment (TEE) hardware backends. A TEE hardware backend is identified in association with a VSE-compatible device. A VSE that is compatible with the identified TEE hardware backend is generated on the VSE-compatible device and an ISA binary that matches the TEE hardware backend is selected from the universal enclave binary. The selected binary is linked to a runtime library of the TR and loads the linked binary into memory of the generated VSE. The execution of a trusted application is initiated in the generated VSE using a set of interfaces of the TR. The trusted application depends on the TR interfaces rather than the selected ISA binary.
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
Systems and methods are described for providing a graphical user interface (“GUI”) for migrating workloads in a system. The GUI can display the locations of edge devices in the system and workloads running on the edge devices. A user can drag a workload from one edge device to another in the GUI, and in response the system can schedule the workload to be migrated accordingly. Before the migration is performed, the GUI can calculate a change in computing resource usage at both edge devices. The GUI can display the usage data and prompt the user to confirm the migration. If the user confirms, the workload can be deployed at the target edge device and removed from the source edge device.
System and method for managing different classes of storage input/output (I/O) requests for a two-phase commit operation in a distributed storage system assigns reserved log sequence values to each of storage I/O requests of a first class, which are added to a two-phase commit queue. The reserved log sequence values of the storage I/O requests of the first class in the two-phase commit queue are assigned to some of the storage I/O requests of the second class, which are added to the two-phase commit queue.
An example method of handling traffic for an existing connection of a virtual machine (VM) migrated from a source site to a destination site includes: receiving, at an edge server of the destination site, the traffic, the traffic being associated with a network flow; determining, by the edge server of the destination site, that a stateful service of the edge server does not have state for the network flow; sending, by the edge server of the destination site, a threshold number of packets of the traffic to a plurality of sites; receiving, at the edge server of the destination site, an acknowledgement from the source site that the source site has the state for the network flow; and creating, by the edge server of the destination site, a flow mapping to send the traffic associated with the network flow to the source site.
Deleting directories in a virtual distributed file system (VDFS), and non-virtual file systems, involves changing the name of a selected directory to a unique object identifier (UID) and moving the selected directory, named according to the UID, to a deletion target directory. A recursive process, implemented using a background deletion thread, starts in the current directory and identifies objects in the current directory. For an object that is a file or an empty directory, the object is added to a deletion queue. For an object that is a directory that is not empty, the recursion drops down into that directory as the new current directory. When the recursion has exhausted the selected directory, or some maximum object count has been reached, the objects identified in the deletion queue are deleted. This approach can also be used for file operations other than deletion, such as compression, encryption, and hashing.
A method for recovering a storage policy of a workload executing in a cluster of host servers that are managed by a first management appliance, wherein the host servers each include a local storage device, and the storage policy corresponds to storage objects of the workload, includes the steps of: in response to an instruction from the first management appliance, creating a first storage object of the workload according to the storage policy, wherein the instruction includes the storage policy; storing the first storage object and the storage policy in a shared storage device that is provisioned from the local storage devices of the host servers; and in response to a request from a second management appliance configured to manage the cluster of host servers, retrieving the storage policy from the shared storage device and transmitting the storage policy to the second management appliance.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
12.
SECURE EXECUTION OF A FILE ON A COPY DEVICE IN A VIRTUALIZED COMPUTING ENVIRONMENT
Techniques are provided to prevent or allow the execution of a file from a copy device, such as a shadow copy device, depending on whether the file includes malicious code or trusted code. Redirection techniques may be used to cause a file (stored in the copy device) to be analyzed for malicious code at an original volume, rather than being analyzed at or executed from the copy device.
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
13.
METHODS AND APPARATUS TO STORE CLUSTER INFORMATION IN A DISTRIBUTED DATASTORE
Methods, apparatus, systems, and articles of manufacture to store cluster information in a distributed datastore are disclosed. An example apparatus includes memory; programmable circuitry; and first instructions to cause the programmable circuitry to: obtain second instructions to create a cluster of first hosts; determine second hosts of the cluster of the first hosts to implement a distributed datastore in the cluster; and cause transmission of third instructions to store cluster information corresponding to the cluster of the first hosts in datastores of the second hosts.
G06F 11/14 - Détection ou correction d'erreur dans les données par redondance dans les opérations, p.ex. en utilisant différentes séquences d'opérations aboutissant au même résultat
The disclosure provides an example method for live packet tracing. Some embodiments of the method include configuring a first network interface of a first pod to mark each of a plurality of packets, with a corresponding flow tag and a corresponding packet identifier, receiving, from one or more observation points, at least one of copies or metadata of the plurality of packets each marked with the corresponding flow tag and the corresponding packet identifier. In some embodiments, the method further includes displaying data indicative of the at least one of the copies or the metadata of the plurality of packets.
Example methods and systems to process input/output (I/O) requests in a distributed storage system in a virtualized computing environment are disclosed. One example method includes executing a first thread to destage one or more data writes, wherein the one or more data writes correspond to a first bucket; executing a second thread to destage the one or more data deletes, wherein the one or more data deletes correspond to a second bucket; in response to executing the first thread, buffering write I/Os associated with the one or more data writes in a logical queue; in response to executing the second thread, buffering delete I/Os associated with the one or more data deletes in the logical queue; and adjusting a number of slots in the logical queue dedicated to buffer the delete I/Os based on a relationship between the first bucket and the second bucket.
Some embodiments provide a method for evaluating a network correctness requirement at an evaluation program instance assigned to evaluate a particular network correctness requirement. The method identifies data message properties associated with the particular network correctness requirement. The method evaluates the particular network correctness requirement by (i) determining a path through a set of network devices for a data message having the identified data message properties and (ii) from a data storage that stores data message processing rules for a plurality of network devices including the set of network devices and additional network devices, retrieving and storing in memory data specifying data message processing rules for the set of network devices to use in evaluating the particular network correctness requirement.
The disclosure provides an approach for backward compatibility of federated data centers. A method includes of synchronizing an object configuration includes creating an object at a global network manager, where the object is associated with one or more properties, and where each of the one or more properties is associated with a minimum virtualized networking version. The method includes determining at the global network manager a minimum compatibility version of the object that is a largest minimum virtualized networking version associated with the one or more properties. The method includes determining a span associated with the object, where the span includes one or more local network managers. The method includes, based on the minimum compatibility version and the span, synchronizing the object at each of the one or more local network managers or determining not to synchronize the object at each of the one or more local network managers.
H04L 41/342 - Canaux de signalisation pour la communication dédiée à la gestion du réseau entre entités virtuelles, p.ex. orchestrateurs, SDN ou NFV
H04L 41/0859 - Récupération de la configuration du réseau; Suivi de l’historique de configuration du réseau en conservant l'historique des différentes générations de configuration ou en revenant aux versions de configuration précédentes
H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p.ex. entités SDN ou NFV
18.
Supporting virtual machine migration when network manager or central controller is unavailable
The disclosure provides an approach for virtual computing instance (VCI) migration. Embodiments include scanning logical segments associated with a customer gateway to identify network addresses associated with the logical segments. Embodiments include determining one or more recommended supernets based on the network addresses associated with the logical segments. Embodiments include providing output to a user based on the one or more recommended supernets. Embodiments include based on the output, receiving input from the user configuring an aggregation supernet for the customer gateway. Embodiments include advertising the aggregation supernet to one or more endpoints separate from the customer gateway.
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p.ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p.ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
19.
OPTIMIZED SYSTEM DESIGN FOR DEPLOYING AND MANAGING CONTAINERIZED WORKLOADS AT SCALE
An example method of automatically deploying a containerized workload on a hypervisor based device is provided. The method generally includes booting the device running a hypervisor, in response to booting the device: automatically obtaining, by the device, one or more intended state configuration files from a server external to the device, the one or more intended state configuration files defining a control plane configuration for providing services for at least deploying and managing the containerized workload and workload configuration parameters for the containerized workload; deploying a control plane pod configured according to the control plane configuration; deploying one or more worker nodes based on the control plane configuration, and deploying one or more workloads identified by the workload configuration parameters on the one or more worker nodes.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
A method for efficient write-back for journal truncation is provided. A method includes maintaining a journal in a memory of a computing system including a plurality of records. Each record indicates a transaction associated with one or more pages in an ordered data structure and maintaining a dirty list including an entry for each page indicated by a record in the journal. Each entry in the dirty list includes a respective first log sequence number (LSN) associated with a least recent record of the plurality of records that indicates the page and a respective second LSN associated with a most recent record of the plurality of records that indicates the page. The method includes determining to truncate the journal. The method includes identifying one or more records, of the plurality of records, from the journal to write back to a disk, where the identifying is based on the dirty list.
G06F 12/0804 - Adressage d’un niveau de mémoire dans lequel l’accès aux données ou aux blocs de données désirés nécessite des moyens d’adressage associatif, p.ex. mémoires cache avec mise à jour de la mémoire principale
The disclosure provides an approach for certificate management for cryptographic agility. Embodiments include receiving, by a cryptographic agility system, a cryptographic request related to an application. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information associated with the cryptographic request. Embodiments include determining, by the cryptographic agility system, based on the cryptographic request, a certificate for authenticating a key related to the cryptographic technique. Embodiments include providing, by the cryptographic agility system, the certificate to an endpoint related to the cryptographic request for use in authenticating the key.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method for efficient journal truncation is provided. A method for journal truncation includes maintaining a journal in a memory of a computing system including a plurality of records. Each record indicates a transaction in an ordered data structure. The method includes maintaining a truncation queue in the memory including one or more entries. Each entry in the truncation queue includes a physical on-disk offset associated with a different record of the plurality of records. The method includes determining to truncate the journal and truncating records, of the plurality of records, from the journal starting from a beginning record in the journal up to the record with the physical on-disk offset associated a least recent entry of the one or more entries in the truncation queue, where the truncating includes removing the records from the memory.
A computer-implemented method, computer-readable medium and computer system to execute containerized applications includes initiating a Supervisor Cluster on top of a SDDC to support execution of containerized applications. A supervisor cluster namespace is created on the Supervisor Cluster. A storage policy is attached to the supervisor cluster namespace. Then, a control plane is bootstrapped, and containerized applications are executed in a virtual machine cluster using vSphere pods as the worker nodes in the virtual machine cluster.
System and method for anonymizing logs generated in applications running in a computing environment detects log data being generated in an application and compares the log data to a set of predefined search pattern policies to find sensitive information contained in the log data. The sensitive information contained in the log data is converted into anonymous information to produce anonymized log data within the application. The anonymized log data is then written to a destination.
The disclosure describes growing a data cache using a background hash bucket growth process. A first memory portion is allocated to the data buffer of the data cache and a second memory portion is allocated to the metadata buffer of the data cache based on the cache growth instruction. The quantity of hash buckets in the hash bucket buffer is increased and the background hash bucket growth process is initiated, wherein the process is configured to rehash hash bucket entries of the hash bucket buffer in the increased quantity of hash buckets. A data entry is stored in the data buffer using the allocated first memory portion of the data cache and metadata associated with the data entry is stored using the allocated second memory portion of the metadata buffer, wherein a hash bucket entry associated with the data entry is stored in the increased quantity of hash buckets.
G06F 12/0864 - Adressage d’un niveau de mémoire dans lequel l’accès aux données ou aux blocs de données désirés nécessite des moyens d’adressage associatif, p.ex. mémoires cache utilisant des moyens pseudo-associatifs, p.ex. associatifs d’ensemble ou de hachage
26.
MULTI-CLOUD RECOMMENDATION ENGINE FOR CUSTOMER WORKLOADS
System and computer-implemented method for generating multi-cloud recommendations for workloads uses costs and performance metrics of appropriate instance types in specific public clouds for target workloads to produce recommendation results. The appropriate instance types in the specific public clouds are determined based on instance capabilities and the workload type of the target workloads. In addition, a recommended cloud resource offering is determined for the target workloads, which is sent as a notification with the recommendation results of the appropriate instance types in the specific public clouds.
H04L 41/5061 - Gestion des services réseau, p.ex. en assurant une bonne réalisation du service conformément aux accords caractérisée par l’interaction entre les fournisseurs de services et leurs clients réseau, p.ex. la gestion de la relation client
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
27.
EFFICIENTLY AVOIDING PACKET LOOPS WHEN ROUTES ARE AGGREGATED IN A SOFTWARE DEFINED DATA CENTER
The disclosure provides an approach for avoiding packet loops when routes are aggregated in a data center. Embodiments include scanning logical segments associated with a customer gateway to identify network addresses associated with the logical segments. Embodiments include determining one or more recommended supernets based on the network addresses associated with the logical segments. Embodiments include providing output to a user based on the one or more recommended supernets. Embodiments include, based on the output, receiving input from the user configuring an aggregation supernet for the customer gateway. Embodiments include advertising the aggregation supernet to one or more endpoints separate from the customer gateway.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
28.
MANAGING EVENTS FOR SERVICES OF A CLOUD PLATFORM IN A HYBRID CLOUD ENVIRONMENT
A method of delivering cloud services from a cloud platform to management appliances of one or more software-defined data centers (SDDCs) through recipe execution agents running on an agent platform appliance, includes the steps of: downloading a first recipe corresponding to a first event initiated by a first cloud service, wherein the first event is associated with a task to be performed for the first cloud service; and executing first commands defined in the downloaded first recipe in one of the recipe execution agents to perform a task of the first cloud service on a first management appliance, said executing of the first commands in the one of the recipe execution agents including transmitting a first command to the first management appliance, receiving a first response from the first management appliance, and reporting the first response to the cloud platform.
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
29.
Coordinating a distributed vulnerability network scan
The disclosure provides an approach for coordinating a distributed vulnerability network scan. Embodiments include sending, by a computing node, a check-in message to a scanning coordinator, the check-in message indicating attributes of the computing node. Embodiments include receiving, by the computing node, a scan configuration message from the scanning coordinator, the scan configuration message comprising: scan timing information for the computing node; and a list of scanning targets for the computing node. Embodiments include determining, by the computing node, a scanning time window based on the scan timing information for the computing node. Embodiments include scanning, by the computing node, one or more scanning targets in the list of scanning targets for the computing node during the scanning time window.
Computer-implemented methods, media, and systems for context-sensitive defragmentation and aggregation of containerized workloads running on edge devices are disclosed. One example method includes monitoring telemetry data from multiple software defined wide area network (SD-WAN) edge devices that run multiple workloads, where the telemetry data includes at least one of resource utilization at the multiple SD-WAN edge devices, inter-workload trigger dependency, or inter-workload data dependency among the multiple workloads. It is determined, based on the telemetry data, that at least two of the multiple workloads running on at least two SD-WAN edge devices have the inter-workload trigger dependency or the inter-workload data dependency. In response to the determination that the at least two of the multiple workloads have the inter-workload trigger dependency or the inter-workload data dependency, a first process of migrating the at least two of the multiple workloads to a first SD-WAN edge device of is initiated.
H04L 41/0897 - Capacité à monter en charge au moyen de ressources horizontales ou verticales, ou au moyen d’entités de migration, p.ex. au moyen de ressources ou d’entités virtuelles
H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p.ex. entités SDN ou NFV
31.
REMEDIATION OF CONTAINERIZED WORKLOADS BASED ON CONTEXT BREACH AT EDGE DEVICES
Computer-implemented methods, media, and systems for remediation of containerized workloads based on context breach at edge devices are disclosed. One example computer-implemented method includes monitoring telemetry data from a first software defined wide area network (SD-WAN) edge device, where the telemetry data includes multiple context elements at the first SD-WAN edge device. It is determined that a context change occurs for at least one of the context elements at the first SD-WAN edge device. It is determined that due to the context change, the first SD-WAN edge device does not satisfy one or more requirements for running one or more workloads scheduled to run. In response to the determination that the first SD-WAN edge device does not satisfy the one or more requirements, the at least one of the one or more workloads is offloaded from the first SD-WAN edge device to a second SD-WAN edge device.
H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p.ex. entités SDN ou NFV
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p.ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
32.
AUTO-CONFIGURATION OF ROUTES BETWEEN NEIGHBOR DEVICES
In some embodiments, a method inserts, by a first computing device, a first value for a capability in a first message that is used in a process to automatically exchange capability values with a second computing device. The first value for the capability indicates the first computing device requires a default route to reach the second computing device as a next hop for sending a packet to a destination. The first computing device sends the first message to the second computing device; and receives a second value for the capability in a second message from the second computing device. The second value indicating the second computing device will send the default route to reach the second computing device. When the default route is received from the second computing device, the first computing device stores the default route from the second computing device in a route table.
Distributed storage system and method for transmitting storage-related messages between host computers in a distributed storage system uses a handshake operation of a first-type communication connection between a source data transport daemon of a source host computer and a target data transport daemon of a target host computer to derive a symmetric key at each of the source and target data transport daemons. The two symmetric keys are sent to a source data transport manager of the source host computer and to a target data transport manager of the target host computer. The source and target data transport managers then use the same symmetric keys to encrypt and decrypt storage-related messages that are transmitted from the source data transport manager to the target data transport manager through multiple second-type communication connections between the source and target data transport managers.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Anomalies are detected in a distributed application that runs on a plurality of nodes to execute at least first and second workloads. The method of detecting anomalies includes collecting first network traffic data of the first workload and second network traffic data of the second workload during a first period of execution of the first and second workloads, collecting third network traffic data of the first workload and fourth network traffic data of the second workload during a second period of execution of the first and second workloads, and detecting an anomaly in the distributed application based on a comparison of the third network traffic data against the first network traffic data or a comparison of the fourth network traffic data against the second network traffic data. Anomalies may also be detected by comparing network traffic data of two groups of containers executing the same workload.
H04L 67/1029 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués en utilisant des données liées à l'état des serveurs par un répartiteur de charge
H04L 67/1031 - Commande du fonctionnement des serveurs par un répartiteur de charge, p.ex. en ajoutant ou en supprimant de serveurs qui servent des requêtes
H04L 43/062 - Génération de rapports liés au trafic du réseau
H04L 47/783 - Allocation distribuée des ressources, p.ex. courtiers en bande passante
H04L 43/04 - Traitement des données de surveillance capturées, p.ex. pour la génération de fichiers journaux
H04L 67/1008 - Sélection du serveur pour la répartition de charge basée sur les paramètres des serveurs, p.ex. la mémoire disponible ou la charge de travail
35.
INTER-CLUSTER AUTOMATED FAILOVER AND MIGRATION OF CONTAINERIZED WORKLOADS ACROSS EDGES DEVICES
Computer-implemented methods, media, and systems for inter-cluster automated failover and migration of containerized workloads across edges devices are disclosed. One example method includes monitoring telemetry data received from a first software defined wide area network (SD-WAN) edge device that has a workload scheduled, where the telemetry data includes at least one of a health status of the workload or multiple runtime context elements at the first SD-WAN edge device. It is determined that a failure associated with either the first SD-WAN edge device or the workload occurs. A mode of the failure is determined. A remediation process based on the determined mode of the failure and a current state of the workload is performed.
G06F 11/20 - Détection ou correction d'erreur dans une donnée par redondance dans le matériel en utilisant un masquage actif du défaut, p.ex. en déconnectant les éléments défaillants ou en insérant des éléments de rechange
H04L 41/0654 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant la reprise sur incident de réseau
36.
CONTEXT BASED META SCHEDULING OF CONTAINERIZED WORKLOADS ACROSS EDGE DEVICES
Computer-implemented methods, media, and systems for context based meta scheduling of containerized workloads across edge devices are disclosed. One example computer-implemented method includes receiving a manifest file that includes multiple context requirements of a workload, where the multiple context requirements include multiple runtime service level agreement (SLA) requirements of the workload. Telemetry data is received from multiple software defined wide area network (SD-WAN) edge devices, where the telemetry data includes respective context data of each of the multiple SD-WAN edge devices. A SD-WAN edge device is selected, based on the telemetry data and the multiple context requirements of the workload, from the multiple SD-WAN edge devices for placing the workload on the selected SD-WAN edge device, where the context data of the selected SD-WAN edge device meets the multiple context requirements of the workload. The workload is run on the selected SD-WAN edge device.
H04L 41/5019 - Pratiques de respect de l’accord du niveau de service
H04L 41/122 - Découverte ou gestion des topologies de réseau des topologies virtualisées, p.ex. les réseaux définis par logiciel [SDN] ou la virtualisation de la fonction réseau [NFV]
H04L 41/5054 - Déploiement automatique des services déclenchés par le gestionnaire de service, p.ex. la mise en œuvre du service par configuration automatique des composants réseau
37.
GENERATING INSTALLATION IMAGES BASED UPON DPU-SPECIFIC CAPABILITIES
Disclosed are various embodiments provisioning a data processing unit in a host machine. There can be multiple data processing units within the host machine with varying hardware or software requirements for an installation image that can be utilized to provision the device. Multiple installation images can be generated for different data processing units having varying requirements in a heterogeneous environment.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
System and computer-implemented method for managing multi-availability zone (AZ) clusters of host computers in a cloud computing environment automatically detects a degraded state of a first AZ in the cloud computing environment based on host failure events for host computers in a first cluster section of a multi-AZ cluster of host computers located in the first AZ and a recovered state of the first AZ based a successful scale-in operation of another multi-AZ cluster located partially in the first AZ. In response to the detection of the degraded state of the first AZ, a second cluster section of the multi-AZ cluster of host computers located in a second AZ is scaled out. In response to the detection of the recovered state of the first AZ, the second cluster section of the multi-AZ cluster of host computers located in the second AZ is scaled in.
G06F 11/20 - Détection ou correction d'erreur dans une donnée par redondance dans le matériel en utilisant un masquage actif du défaut, p.ex. en déconnectant les éléments défaillants ou en insérant des éléments de rechange
39.
WORKLOAD PLACEMENT FOR VIRTUAL GPU ENABLED SYSTEMS
Disclosed are aspects of workload selection and placement in systems that include graphics processing units (GPUs) that are virtual GPU (vGPU) enabled. In some aspects, workloads are assigned to virtual graphics processing unit (vGPU)-enabled graphics processing units (GPUs). A number of vGPU placement neural networks are trained to maximize a composite efficiency metric based on workload data and GPU data for the plurality of vGPU placement models. A combined neural network selector is generated using the vGPU placement neural networks, and utilized to assign a workload to a vGPU-enabled GPU.
Computer-implemented methods, media, and systems for automating secured deployment of containerized workloads on edge devices are disclosed. One example computer-implemented method includes receiving, by a software defined wide area network (SD-WAN) edge device and from a remote manager, resource quotas for a compute service to be enabled at the SD-WAN edge device. Pre-deployment sanity checks are performed by confirming availability of resources satisfying the resource quotas, where the resources are at the SD-WAN edge device. In response to the confirmation of the availability of resources satisfying the resource quotas, one or more security constructs are set up to isolate SD-WAN network functions at the SD-WAN edge device from the compute service at the SD-WAN edge device. The compute service is attached to a SD-WAN network by the SD-WAN edge device. An acknowledgement that the compute service is enabled at the SD-WAN edge device is sent to the remote manager.
H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p.ex. entités SDN ou NFV
H04L 41/342 - Canaux de signalisation pour la communication dédiée à la gestion du réseau entre entités virtuelles, p.ex. orchestrateurs, SDN ou NFV
H04L 41/0894 - Gestion de la configuration du réseau basée sur des règles
41.
END USER PRIVACY MANAGEMENT OF ACCESSED DEVICE DATA
Disclosed are various examples for controlling and managing data access to increase user privacy and minimize intentional or inadvertent misuse of accessed information. Upon detecting a request for an administrator review of a user client device, permission for administrator access can be obtained from a user associated with the user client device. The client device identifier can be obfuscated such that the administrator accessing the data is not provided the actual device identifier. An administrator review session between the user client device and an administrator client device can be established to allow the administrator client device access to the permitted client device data.
Disclosed are various approaches for exposing peripheral component interconnect express (PCIe) configuration space implementations as Enhanced Configuration Access Mechanism (ECAM)-compatible. In some examples, a bridge device is identified on a segment corresponding to a root complex of a computing device. An endpoint device is connected to a bus downstream from the bridge device. A synthetic segment identifier is assigned to the bus once the endpoint device is identified as connected to the bus. Synthetic address data is generated for the endpoint device. The synthetic address data includes the synthetic segment identifier for the bus and sets a bus identifier of the bus to zero regardless of a hierarchical position of the bus in a standard peripheral component interconnect express (PCIe) bus hierarchy.
Systems and methods are described for linking Kubernetes resources with underlying infrastructure. An agent running in a Kubernetes cluster can collect data about the cluster. The agent can add universal identifiers (“UIDs”) corresponding to specific characteristics of the Kubernetes cluster. The agent can send the data with the UIDs to a backend service. The backend service can identify a cluster on a host platform that corresponds to the Kubernetes cluster based on the UIDs. The backend service can then link components of the Kubernetes cluster to host machines in the host platform that they are running on. Using the links, a graph model can be displayed in a graphical user interface. The graph model can visually illustrate how the components in the Kubernetes cluster and the host cluster connect to each other.
Aspects of remote edge virtualization management are described. An edge hypervisor shadow application is executed. The edge hypervisor shadow application acts as an Input/Output for an edge hypervisor that is IP inaccessible to a virtualization service. The edge hypervisor shadow application receives a hypertext transport protocol (HTTP) communication from the virtualization service. A Message Queue Telemetry Transport (MQTT) message is generated to include the HTTP request, and is published to an MQTT broker service, the MQTT message comprising the HTTP request.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
45.
DIAGNOSING REMOTE SITES OF A DISTRIBUTED CONTAINER ORCHESTRATION SYSTEM
An example method of diagnosing remote sites of a distributed container orchestration system includes: receiving, at a management cluster, definition of a test suite custom resource; deploying, in response to the test suite custom resource, a first pod in the management cluster; deploying, by the first pod, a second pod in a server of a first remote site of the remote sites; checking, by the second pod, configuration of the server that includes an additional pod executing alongside the second pod, at least one virtual machine (VM) in which the second pod and the additional pod execute, a hypervisor configured to support the at least one VM, and a hardware platform on which the hypervisor executes; and returning test data from the second pod to the first pod, the test data including results of the step of checking the configuration of the server.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
G06F 11/36 - Prévention d'erreurs en effectuant des tests ou par débogage de logiciel
46.
PROPAGATING FAULT DOMAIN TOPOLOGY TO NODES IN A DISTRIBUTED CONTAINER ORCHESTRATION SYSTEM
An example method of propagating fault domain topology information in a distributed container orchestration system includes: receiving, at control plane software executing in a data center, the fault domain topology, which includes tags for a protection group and fault domains for remote sites in communication with the data center; deploying, by a master server of the distributed container orchestration system that executes in the data center, a node pool comprising virtual machines (VMs) executing in servers of the remote sites, the VMs being nodes of the distributed container orchestration system in which containers execute; determining, by a controller of the master server, relationships among the VMs, the servers, the protection group, and the fault domains based on state of resources maintained by the master server; and providing, by the controller, labels to the servers for associating the tags of the protection group and the fault domains to the VMs.
G06F 11/07 - Réaction à l'apparition d'un défaut, p.ex. tolérance de certains défauts
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
47.
CENTRALIZED SERVICE INSERTION IN AN ACTIVE-ACTIVE LOGICAL SERVICE ROUTER (SR) CLUSTER
Example methods and systems for centralized service insertion in an active-active cluster are described. In one example, a first service endpoint may operate in an active mode on a first logical service router (SR) supported by the computer system. The first service endpoint may be associated with a second service endpoint operating on the second logical SR in a standby mode. The first logical SR and the second logical SR may be assigned to a first sub-cluster of the active-active cluster. In response to receiving a service request originating from a virtualized computing instance, the service request may be processed using the first service endpoint according to a centralized service that is implemented by both the first service endpoint and the second service endpoint. A processed service request may be forwarded towards a destination capable of generating and sending a service response in reply to the processed service request.
Example methods and systems for cluster add-on lifecycle management are described. In one example, a computer system may obtain cluster add-on definition information specifying multiple add-ons that are each capable of extending functionality of at least a first cluster and a second cluster. In response to receiving a first instruction to perform a first management action, a first validation operation may be performed based on the cluster add-on definition information and multiple first configuration values associated the multiple first configuration fields. In response to receiving a second instruction to perform a second management action associated with the second add-on, a second validation operation may be performed based on the cluster add-on definition information and multiple second configuration values associated the multiple second configuration fields. The first/second management action may be performed in response to determination that the first/second validation operation is successful.
Systems and methods are provided for dynamically optimizing and configuring various aspects of virtual desktops in virtual desktop infrastructure. Data collectors can be installed on and operate on various components in the virtual desktop infrastructure, such as on the virtual desktops running on the server, on the virtual desktop clients running on user devices, and on the connection server. The data collectors can operate to collect various types of information from corresponding components, such as application usage data and status, device performance, networking environment and speed, application or system crash data, and so on. The collected data can be logged, tracked, and analyzed to perform various actions on the virtual desktop.
A computer-implemented method for electing a leader in a computing system is provided. In one aspect, a method includes identifying a computing resource for multiple container groups that each include one or more containers. A determination is made, from applications running in containers of the container groups, of multiple election candidate applications. Each election candidate application has an instance deployed in a corresponding container in each container group. For each container group, an election runner process is established within the container group. For each instance of each of the election candidate applications, a corresponding election watcher process is established. A communication link is established between the election runner process and each election watcher process. A request for leader election is transmitted from the election runner process to the computing resource. A response received from the computing resource. The response is transmitted to each election watcher process via the communication link.
Example methods and systems for identity firewall with context information tracking are described. In one example, a first computer system may detect establishment of a connection with a virtualized computing instance, and track context information associated with the connection. The context information may include (a) first identity information that is associated with a prior connection between the client device and a second computer system, and (b) second identity information that is associated with the connection with the virtualized computing instance. Further, the first computer system may obtain a first identity firewall policy associated with the first identity information. In response to detecting a packet associated with a flow originating from, or destined for, the virtualized computing instance, the first computer system may allow or block forwarding of the packet based on the first identity firewall policy.
Systems and methods are provided for efficiently registering cloned VMs while preventing unnecessary subsequent registrations. Two independent threads can execute on a cloned VM and control different variables indicating whether registration is needed or has already been performed. A first thread can set a first variable based on an internal identifier of the cloned VM relative to the parent VM. It can also check a second variable, set by a second thread, based on an external identifier of the cloned VM not being updated at a backend cloud service. It can then set a third variable indicating whether registration has been triggered or not, based on the other variables. To avoid duplication, the second thread sets the second variable based on both the external identifier as well as a status of the first variable. The variables can be atomic variables to avoid multi-thread interference and undesirable thread locks.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
53.
VIRTUAL PRIVATE NETWORK ENHANCEMENT USING MULTIPLE CORES
Embodiments described herein relate to load balancing using multiple CPUs. A method for tunnel creation according to a security protocol at a source tunnel endpoint (TEP) includes exchanging messages with a destination TEP to create a security association (SA) for the tunnel creation; sending a message to the destination TEP, wherein the message is an encrypted message based on the first message exchange, and the message includes a traffic selector of the source TEP and a number of available CPUs of the source TEP; receiving a message from the destination TEP, wherein the message is an encrypted message based on the first message exchange, and the message includes a traffic selector of the destination TEP and a number of available CPUs of the destination TEP; and determining a number of SAs to create with the destination TEP, wherein the determination is based on the traffic selectors and the number of available CPUs.
An example method of deploying an application by a telecommunications platform in a multi-cloud computing system includes: receiving, at the telecommunications platform executing in a first software-defined data center (SDDC), an application deployment specification for a first application; receiving, at the telecommunications platform, selection of a virtual infrastructure (VI) template for the first application, the VI template defining a configuration of SDDC resources in the multi-cloud computing system; and deploying the first application based on the application deployment specification of the first application and the VI template.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
Disclosed are various approaches for dynamically scheduling meetings for user groups. Users participating in an email thread can provide feedback regarding whether they would like for a meeting to be scheduled. A meeting service can automatically schedule a meeting based upon user feedback or an analysis of the email thread.
Disclosed are various examples of control plane lifecycle management using data processing unit (DPU) devices. In some examples, a passthrough between a control plane virtual machine and a data processing unit (DPU) is enabled using a DPU management hypervisor executed by a DPU device. The DPU device is installed to the host device. The DPU device receives a control plane update command with instructions to update a control plane that includes the control plane virtual machine. The control plane update command is performed. Control plane data for the update is transmitted through the passthrough.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
Systems, methods, devices and non-transitory, computer-readable storage mediums are disclosed for simulating nodes of a container orchestration system. An example method includes: deploying a mock node for taking on a role of actual worker nodes, wherein the mock node is provided with a first set of resources providing a first compute capacity and the mock node includes an interface for interacting with an API server of the container orchestration system; configuring the interface to present to the container orchestration system an available compute capacity of a second compute capacity; registering the mock node as an actual worker node of the cluster with the API server based on the interface of the mock node; causing the container orchestration system to deploy a plurality of application pods to the mock node; and obtaining events generated by the interface in the mock node indicating deployment and running statuses of the application pods.
Systems and methods are described herein for dynamic debug logging during application runtime. In an example, a wrapper can be added to the code for functions of the application. During runtime, the wrapper can cause the functions to retain certain debug data. In one example, a function call graph can be constructed, which can include all the possible function call paths for the application. When an error occurs, if the application does not have a stack trace tool or API available, the application can use the function call graph to determine all possible function call paths between the entrant function and the errored function. If an application does have a stack trace tool or API, then the application can retrieve the actual function call path that led to the error. The application can enable a debug flag in the wrapper for each function in the function call path, which can cause those functions to log runtime debug data.
Systems and methods are described herein for dynamic debug logging during application runtime. In an example, a wrapper can be added to the code for functions of the application. During runtime, the wrapper can cause the functions to retain certain debug data. In one example, a function call graph can be constructed, which can include all the possible function call paths for the application. When an error occurs, if the application does not have a stack trace tool or API available, the application can use the function call graph to determine all possible function call paths between the entrant function and the errored function. If an application does have a stack trace tool or API, then the application can retrieve the actual function call path that led to the error. The application can enable a debug flag in the wrapper for each function in the function call path, which can cause those functions to log runtime debug data.
The present disclosure relates to translation of voice commands using machine learning. Command text corresponding to a voice command can be received, and at least one error can be identified in the command text. A comparison can be performed between the at least one error and at least one lexical pattern corresponding to a user associated with the voice command. Modified command text can be generated based at least in part on the comparison between the at least one error and the at least one lexical pattern. The modified command text can be determined to fail to comprise an additional error.
Computer-implemented methods, media, and systems for automatic discovery of application resources for application backup in a container orchestration platform (e.g., a Kubernetes system) are disclosed. In an example method, a pod of an application deployed in a container orchestration platform is identified. Then an owner object of the pod is determined. Resources mounted on the pod and on the owner object of the pod in the container orchestration platform are checked. Based on the pod, the owner object of the pod, and the resources mounted on the pod and on the owner object of the pod, a resource hierarchy of the application is constructed. A backup specification for backup of the application is identified. Based on the backup specification and the resource hierarchy of the application, resources of the application are backed up.
G06F 11/14 - Détection ou correction d'erreur dans les données par redondance dans les opérations, p.ex. en utilisant différentes séquences d'opérations aboutissant au même résultat
To implement secure block cloning on file systems that support block cloning, a computer security application is executed on a computer system deploying a file system that supports block cloning. The computer security application receives a block cloning command to clone a source file to a target file. Before the computer system executes the block cloning command, the computer security application identifies a trust status associated with the source file. The trust status is identified by looking up a base inventory that stores trust data associated with multiple files stored on the file system. The multiple files include the source file. Based on the trust status associated with the source file, the computer security application determines that the trust status associated with the source file is trustworthy. In response to determining that the source file is trustworthy, the computer security application applies the trust status associated with the source file to the target file.
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
63.
LOG FORWARDING FOR AN AGENT PLATFORM APPLIANCE AND SOFTWARE-DEFINED DATA CENTERS THAT ARE MANAGED THROUGH THE AGENT PLATFORM APPLIANCE
A method of forwarding logs of a software-defined data center (SDDC) and logs of an agent platform appliance to a cloud platform through the agent platform appliance, the agent platform appliance having deployed thereon a plurality of agents of cloud services that are delivered to the SDDC, includes the steps of: collecting first log data from one or more management appliances of the SDDC; collecting second log data from one or more of the agents of cloud services; acquiring one or more access tokens for communicating with the cloud platform; and transmitting log data generated from the collected first log data and the collected second log data, along with the one or more access tokens, to a log monitoring service running in the cloud platform, wherein the log monitoring service is configured to generate alerts separately for different tenants of the computer system from log data of the different tenants.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
64.
PROVIDING SMART ALARM INFORMATION IN A COMPUTING SYSTEM USING DETECTED ALARMS
The disclosure herein describes managing smart alarms based on an associated set of alarms and/or events. The alarms are detected in a computing system and the detected alarms are used to identify a smart alarm definition with which the detected alarms are associated. A condition of the identified smart alarm definition is evaluated, and it is determined that the condition is satisfied at least in part by the set of alarms. Smart alarm information is then provided using the smart alarm definition and the detected set of alarms. Providing smart alarm information associated with the detected set of alarms and/or events provides additional context to enable efficient interpretation of detected alarms in a computing system. Further, managing the smart alarms as described reduces the quantity of individual alarms that must be processed and reduces the likelihood of errors occurring as those alarms are processed.
G08B 19/00 - Alarmes réagissant à plusieurs conditions différentes, indésirables ou anormales, p.ex. cambriolage et incendie, température anormale et débit d'écoulement anormal
The disclosure provides an approach for simulating a virtual environment. A method includes simulating, using a virtualization simulator, a plurality of hosts; simulating, using the virtualization simulator, a plurality of virtual computing instances (VCIs) associated with the plurality of simulated hosts, based on information obtained from a cluster application programming interface (API) provider; creating, using a virtualization simulator operator, one or more node simulator schedulers; creating, using the one or more node schedulers, a node simulator; simulating, using the node simulator, a plurality of guest operating systems (OSs) associated with the plurality of simulated VCIs; and joining the plurality of simulated guest OSs to one or more node clusters in a data center via an API server.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
Disclosed herein is a system and method for controlling network traffic among namespaces in which various entities, such as virtual machines, pod virtual machines, and a container orchestration system, such as Kubernetes, reside and operate. The entities have access to a network that includes one or more firewalls. The traffic that is permitted to flow over the network among and between the namespaces is defined by a security policy definition. The security policy definition is posted to a master node in a supervisor cluster that supports and provisions the namespaces. The master node invokes a network manager to generate a set of firewall rules and program the one or more firewalls in the network to enforce the rules.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
67.
VIRTUALIZED CACHE ALLOCATION IN A VIRTUALIZED COMPUTING SYSTEM
An example method of virtualized cache allocation for a virtualized computing system includes: providing, by a hypervisor for a virtual machine (VM), a virtual shared cache, the virtual shared cache backed by a physical shared cache of a processor; providing, by the hypervisor to the VM, virtual service classes and virtual service class bit masks; mapping, by the hypervisor, the virtual service classes to physical service classes of the processor; associating, by the hypervisor, a shift factor with the virtual service class bit masks with respect to physical service class bit masks of the processor; and configuring, by the hypervisor, service class registers and service class bit mask registers of the processor based on the mapping and the shift factor in response to configuration of the virtual shared cache by the VM.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 12/084 - Systèmes de mémoire cache multi-utilisateurs, multiprocesseurs ou multitraitement avec mémoire cache partagée
68.
GRAPH-BASED VISUALIZATIONS OF NETWORK FLOWS USING ENTITY CLUSTERING
Systems and methods are described for providing a graphical user interface (“GUI”) for graph-based visualizations of network flows using entity clustering. In an example, an application service can periodically execute a job for assigning network entities to clusters according to a clustering type. The job can also include creating metadata about each cluster. The application service can store the assignments in a cache. A user can select to display a visualization of the network in the GUI based on the clustering type. The application service can detect any entities without cluster assignments and create a best guess assignment for them. The GUI can then display a visualization of the network according to the selected clustering type.
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 41/0893 - Affectation de groupes logiques aux éléments de réseau
G06F 9/451 - Dispositions d’exécution pour interfaces utilisateur
G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
A method of performing open and close input/output (I/O) requests targeting a directory of a client computing device includes the steps of: receiving a first I/O request to open the directory, from a driver of a host server, forwarding the first I/O request to the client computing device; in response to the first I/O request, receiving an identifier (ID) of the directory from the client computing device and transmitting the ID to the driver; in response to receiving a second I/O request to close the directory, from the driver, storing the ID in a cache, and not forwarding the second I/O request to the client computing device; and in response to receiving a third I/O request to open the directory, from the driver, retrieving the ID from the cache, and transmitting the ID to the driver again.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
An example method of upgrading remote sites of a distributed container orchestration system includes: deploying, by upgrade software executing in a data center remote from the remote sites, a second container orchestration (CO) control plane executing concurrently with a first CO control plane, the second CO control plane having a second version different than a first version of the first CO control plane, the first CO control plane initially managing all of the remote sites; upgrading, by the upgrade software, CO support software of a first portion of the remote sites; adding, by the upgrade software, the first portion of the remote sites to a second CO cluster managed by the second CO control plane; and removing, by the upgrade software, the first portion of the remote sites from a first CO cluster managed by the first CO control plane.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
Example methods and systems for cluster add-on lifecycle management are described. In one example, a computer system may obtain cluster add-on definition information specifying multiple add-ons that are each capable of extending functionality of at least a first cluster and a second cluster. User interface(s) may be generated based on the cluster add-on definition information to allow a user to request for a management action associated. In response to receiving a first request for a first management action associated with the first add-on, a first instruction may be generated and sent to cause the first management action to be performed in the first cluster. In response to receiving a second request for a second management action associated with the second add-on, a second instruction may be generated and sent to cause the second management action to be performed in the first cluster or the second cluster.
Disclosed are various embodiments for a unified boot image that can be used to install an operating system onto a host machine and a respective operating system onto a data processing units (DPU) installed on a host machine. The unified boot image contains installation files for installing an operating system on the host machine and an installation depot that can be used to create a boot image for installing the same or different operating system on the DPU. During installation of an operating system on a host machine, the installation workflow can also require installation of an additional operating system or other configuration of a DPU installed in a host machine. In response to determining that an operating system is to be installed on the DPU, the installation depot can be obtained and reformatted into a downloadable format that is compatible with the DPU.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
73.
SHARING SECURED FILES AMONG APPLICATIONS USING AN OPERATING SYSTEM FRAMEWORK
Disclosed are mechanisms that enable secure file sharing between applications using an operating system framework. In some examples, an extension map is received by a client device. The extension map relates a file extension to an alias file extension. A management software development kit (SDK) is used by an application. The management SDK identifies that the application originates a file comprising the file extension, stores the file as an extension-aliased file by changing its file extension to the alias file extension according to the extension map. The extension-aliased file is transferred to a recipient application using a file sharing utility of an operating system of the client device.
The disclosure provides an approach for virtual computing instance (VCI) placement. Embodiments include receiving, by a resource optimization system, physical network interface (NIC) queue availability information relating to a plurality of host computers. Embodiments include determining, by the resource optimization system, physical NIC queue requirements of a VCI. Embodiments include selecting, by the resource optimization system, a target host computer for the VCI from the plurality of host computers based on the physical NIC queue availability information and the physical NIC queue requirements of the VCI. Embodiments include loading, by the resource optimization system, the VCI on the target host computer.
The disclosure provides an approach for dynamic centralized model compilation. Embodiments include receiving, from a client, a request for a machine learning model, wherein the request indicates either one or more attributes comprising one or more of a hardware characteristic, a target precision, or a compiler characteristic, or that one or more default behaviors should be used to compile the machine learning model. Embodiments include determining a compiler for the machine learning model based on the one or more attributes or the one or more default behaviors, wherein the compiler is stored in a registry. Embodiments include compiling the machine learning model using the compiler. Embodiments include providing the compiled machine learning model to the client in response to the request.
An example method of entitling endpoint software in a multi-cloud environment having a public cloud in communication through a messaging fabric with a data center includes: determining, by an entitlement service executing as a cloud service in the public cloud, deployment information for the endpoint software executing on virtualized hosts of the data center; generating, by the entitlement service in response to an entitlement request, an entitlement task in response to verifying the entitlement request against the deployment information; sending, through the messaging fabric, the entitlement task from the entitlement service to an entitlement agent of an agent platform appliance executing in the data center; and applying, by the entitlement agent in cooperation with a licensing service of the endpoint software, a subscription entitlement as indicated in the entitlement task.
An example method of classifying alerts generated by endpoints in a virtualized computing system includes: receiving, at an alert processing engine executing in the virtualized computing system, a stream of the alerts generated by security agents executing in the endpoints; extracting fields from the alerts at the alert processing engine; computing, at the alert processing engine, features from the alerts based on the fields; computing, at the alert processing engine, a plurality of model scores for each alert using the features as parametric input to a plurality of models; aggregating, by the alert processing engine, the plurality of model scores into a final score for each alert; and annotating each of the alerts with a respective final score.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
Systems and methods are described for provisioning a desktop interface at a cloud service provider. An application service is introduced that selects a cloud service provider for provisioning a virtual machine (“VM”) that hosts the desktop interface. In an example, a user can request access to a virtual desktop from a client device. The application service can retrieve network latency data from multiple cloud service providers and select the provider with the lowest network latency for the client device. In some examples, the application service can select the cloud service provider on additional factors, such as the cost of provisioning the VM at each cloud service provider. The application service can provision the VM at the selected cloud service provider and facilitate access to the virtual desktop for the client device.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
79.
METHOD TO REALIZE SCANNER REDIRECTION BETWEEN A CLIENT AND AN AGENT
A scanner redirection method for a remote desktop system that includes a client computing device that has running therein a scanner redirection module, and a host server, the scanner redirection module including a data source manager for communicating with a data source that is configured to communicate with a physical scanner, includes the steps of: receiving from an application running on the host server, a request for a scanned image; in response to the request for the scanned image, transmitting to the data source a request to acquire the scanned image from the physical scanner; and upon receiving the scanned image from the data source, transmitting the scanned image to the application.
An example method of updating device firmware in a distributed container orchestration system includes: receiving, at a master server executing in a data center, a definition for a firmware custom resource; obtaining, by an operator of the master server in response to the firmware custom resource, a firmware file set; providing, from the operator to a plurality of remote sites in communication with the data center, the firmware file set; and executing, by servers at the plurality of remote sites, updates of firmware for devices of the servers.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
The disclosure provides a method of seamlessly launching at least one of applications or files located on remote desktops. The method generally includes receiving, at a connection server, application information for an application located on a first remote desktop in response to a first request from a client device to add the application to the connection server, receiving, at the connection server, from the client device, a second request to launch the application, validating, at the connection server, the second request based on credentials included in the second request, and forwarding, to the first remote desktop, the second request based on validating the second request, wherein, based on the second request, the first remote desktop launches the application for display at the client device.
G06F 9/451 - Dispositions d’exécution pour interfaces utilisateur
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
82.
INPUT/OUTPUT (I/O) PERFORMANCE IN REMOTE COMPUTING ENVIRONMENTS USING A MINI-FILTER DRIVER
The disclosure provides a method of associating thread identifiers (IDs) to input/output (I/O) requests in a remote computing environment. The method generally includes receiving, by a mini-filter on a remote device that is remote from a client device, a request from an application on the remote device to access resources at the client device, determining, by the mini-filter, a thread identifier (ID) associated with the request, the thread ID corresponding to an application thread of the application that generated the request, determining, by the mini-filter, one or more parameters of the request, and transmitting, by the mini-filter, to a redirection server process on the remote device, a message comprising the thread ID and the one or more parameters of the request, wherein the thread ID and the one or more parameters of the request are added to a cache maintained by the redirection server process.
Disclosed are various embodiments for coordinating the rollback of installed operating systems to an earlier, consistent state. In response to determining that a data processing unit (DPU) installed on a computing device has failed to successfully boot a first time, the computing device can be power cycled for a first time. In response to determining that the DPU has successfully booted a second time, a first version of a host operating system can be booted. A DPU operating system (DPU OS) is then booted from a DPU alternate boot image. In response to determining that the first version of the host operating system fails to match an executing version of the DPU OS, the computing device can be power cycled a second time and the host operating system is then booted from a host alternate boot image.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
Disclosed are various embodiments for identifying a connection to an external user or organization based upon analysis of data sources within an enterprise. User activity within communications applications can be assessed to identify a closest connection to the external user or organization based upon frequency of communication, age of communication, and/or a sentiment analysis.
G06Q 50/00 - Systèmes ou procédés spécialement adaptés à un secteur particulier d’activité économique, p.ex. aux services d’utilité publique ou au tourisme
Computer-implemented methods, media, and systems for providing container security manageability are disclosed. In one computer-implemented method, a host device connected to a cloud server detects an event of a plurality of events generated by a plurality of containers hosted in the host device. The host device identifies container context data of the event, associates the container context data with the event, sends the container context data to the cloud server for security analysis. The host device receives, from the cloud server, security rules based on the security analysis and implements the security rules.
Example methods and systems for malicious process termination are described. In one example, a computer system may detect a first instance of a malicious network activity associated with a first virtualized computing instance. Termination of a first process implemented by the first virtualized computing instance may be triggered, the first instance of the malicious network activity being associated with the first process. The computer system may obtain event information associated with the first process and/or the first instance of the malicious network activity, and trigger termination of a second process implemented by a second virtualized computing instance based on the event information. Examples of the present disclosure may be implemented to leverage the detection of the first instance of the malicious network activity to terminate both the first process and the second process, and to block a second instance of a malicious network activity associated with the second process.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
Example methods and systems for load balancing with service-tier awareness are described. One example may involve a computer system receiving, from a client system, a service request that requires processing by one of multiple server pools that are reachable via the computer system. The multiple server pools may be associated with respective multiple service tiers. The computer system may obtain identity information identifying a user associated with the service request from the client system; and based on the identity information, mapping the service request to a particular service tier from the multiple service tiers. Next, a particular server pool that is associated with the particular service tier may be identified from the multiple server pools. The service request may be steered towards a destination server for processing, the destination server being selected from the particular server pool associated with the particular service tier.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
88.
SMART EMAIL TEMPLATE GENERATION BASED ON ATTACHMENTS
Disclosed are various embodiments of identifying a reusable email template for use in an email client based on a file attachment, an email recipient, and/or other factors, such as date and time. Various embodiments can identify an unsent email, the unsent email comprising at least a body and an attachment file, analyze the attachment file to determine one or more attachment categories, select an email template from a plurality of email templates based at least on the one or more attachment categories, and populate the body of the unsent email with the selected email template.
An example method of remote access to on-premises software executing in a data center by a cloud service executing in a public cloud includes: sending a request from the cloud service to a connection service executing in the public cloud, the request being for delegated access to the on-premises software in the data center; creating, by cooperation between the connection service and a connection agent executing in a gateway of the data center, a connection over a network between the public cloud and the data center; establishing a first local connection between the cloud service and the connection service; establishing a second local connection between the connection agent and the on-premises software; and exchanging data between the cloud service and the on-premises software over a tunnel comprising the first local connection, the connection over the network, and the second local connection.
An example method of upgrading an application in a software-defined data center (SDDC) includes: deploying, by lifecycle management software executing in the SDDC, a second appliance, a first appliance executing services of the application at a first version, the second appliance having services of the application at a second version, the services in the first appliance being active and the services in the second appliance being inactive; setting, by the lifecycle management software, the first and second appliances as a preemptive pair, where the first appliance is protected and the second appliance is unprotected by fault domain management (FDM) software executing in the SDDC; performing, by the lifecycle management software, a switchover to stop the services of the first appliance and start the services of the second appliance; and setting, by the lifecycle management software, the first appliance as unprotected and the second appliance as protected by the FDM software.
G06F 8/71 - Gestion de versions ; Gestion de configuration
G06F 11/20 - Détection ou correction d'erreur dans une donnée par redondance dans le matériel en utilisant un masquage actif du défaut, p.ex. en déconnectant les éléments défaillants ou en insérant des éléments de rechange
91.
CLOUD-DISTRIBUTED APPLICATION RUNTIME - AN EMERGING LAYER OF MULTI-CLOUD APPLICATION SERVICES FABRIC
A cloud distributed application runtime is deployed to execute a cloud infrastructure. During deployment of an application service by the cloud infrastructure, each action implemented in the cloud infrastructure is traced, from an initiation of the application service to a termination of the application service. Level objectives associated with the cloud infrastructure and associated with the application service deployed by the cloud infrastructure are tracked. In response to tracing an action implemented in the cloud infrastructure and in response to tracking the level objectives, a scaling decision associated with the application service is determined. The scaling decision incudes either an upscaling or a downscaling. In response to determining the scaling decision, the scaling decision is implemented to match the level objectives associated with the cloud infrastructure and associated with the application service.
Disclosed herein is a system and method for determining whether a system build is being interfered with by a suspicious process running during the system build. An agent captures the cache access timing pattern during the system build and asks a neural network to determine whether the cache access timing pattern for the build is similar to cache access timing patterns of other previous system builds on which the neural network is trained. The neural network generates a score that quantifies the similarity. If the score indicates too great a non-similarity, the system build is declared abnormal.
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
A method for network address management is provided. Embodiments include determining a creation of a namespace associated with a cluster of computing devices, wherein a subset of computing resources of the cluster of computing devices is allocated to the namespace. Embodiments include assigning, to the namespace, a network address pool comprising a plurality of network addresses in a subnet, wherein the assigning causes the plurality of network addresses to be reserved exclusively for the namespace. Embodiments include receiving an indication that a pod is added to the namespace. Embodiments include, in response to the receiving of the indication, assigning a network address from the network address pool to the pod.
Dynamic supply of trusted certificates to a containerized environment by mounting a directory into a container image can be implemented as computer-readable methods, media and systems. The directory stores trusted certificates related to a tenant account at a platform system. The trusted certificates include user specific trusted certificates relevant for authentication at an external system and default certificates relevant for an operating system running at a containerized runtime environment of the tenant account. The trusted certificates are used during execution of functions requested by a user of the tenant account. A function that is defined for a tenant account is executed at a container instantiated at the containerized runtime environment of the platform system. The function dynamically uses the trusted certificates maintained at the directory that is mounted at the containerized runtime environment, where at least one of the trusted certificates is used for authentication at the external system.
An example method of selecting a primary instance of a horizontally scaled service executing in a public cloud, comprising: querying, by a first instance of a plurality of instances of the horizontally scaled service, a database for a value of an identifier of a primary instance, the primary instance configured to perform an exclusive task, each of the plurality of instances other than the primary instance configured to defer the exclusive task to the primary instance; setting, by the first instance, the value of the identifier of the primary instance to a first identifier of the first instance in response to the value of the identifier of the primary instance being unset in the database; and updating data associated with the identifier of the primary instance in the database, by the first instance while performing the exclusive task, to the exclusion of each other instance of the plurality of instances.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
96.
CONSERVING COMPUTING RESOURCES FOR MACHINE LEARNING PIPELINES WITH A FEATURE SERVICE
The disclosure herein describes managing the execution of ML pipelines based at least in part on a dependency graph using a feature service. A plurality of feature creator processes are scheduled for execution using a set of feature creation resources. The scheduling is based at least in part on a dependency graph which describes dependency relationships between the plurality of feature creator processes and raw data sets stored in a raw data cache. The scheduled feature creator processes are then executed, wherein feature sets are created from the executed feature creator processes. The features sets are stored in a feature cache and the stored feature sets are exposed to a feature consumer using a feature interface. The use of the dependency graph and the raw data and feature caches enables the disclosure to reduce duplicated effort and resource usage across multiple pipelines that are executed on the system.
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
G06F 12/123 - Commande de remplacement utilisant des algorithmes de remplacement avec listes d’âge, p.ex. file d’attente, liste du type le plus récemment utilisé [MRU] ou liste du type le moins récemment utilisé [LRU]
97.
END-TO-END TESTING IN A MULTI-CLOUD COMPUTING SYSTEM
An example method of end-to-end testing in a multi-cloud environment having a public cloud in communication through a messaging fabric with a data center, the method including: deploying, by a testbed management service executing in the public cloud, a testbed in the data center, the testbed including an agent platform appliance and endpoint software executing on virtualized hosts of the data center, the agent platform appliance in communication with the end point software and the messaging fabric of the public cloud; executing, by a test service in the public cloud, tests against the testbed; and verifying, in response to results of the tests, operation of cloud services executing in the public cloud and configured to interact with the endpoint software.
G06F 11/36 - Prévention d'erreurs en effectuant des tests ou par débogage de logiciel
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
A scanning preview method for a remote desktop system that includes a client computing device that has running therein a remote desktop client application including a scanner redirection module, and a host server, the scanner redirection module including a scanner core that is configured to communicate with a physical scanner, includes the steps of: receiving from an application running on the host server, a request for a preview of a scanned image; in response to the request for the preview of the scanned image, transmitting to the scanner core a request to acquire the scanned image from the physical scanner; and upon receiving the scanned image from the scanner core, transmitting the scanned image to the application, and in response thereto, receiving from the application an image of a remote desktop that includes the scanned image.
A scanner redirection method includes the steps of: receiving from an application running on a host server, a request for scanner properties; acquiring properties of the physical scanner; converting the properties of the physical scanner that are described according to a first scanning protocol to properties of the physical scanner that are described according to a second scanning protocol; transmitting the properties of the physical scanner that are described according to the second scanning protocol to the application; in response to detecting a user selection made on an image of a user interface, transmitting the user selection to the application; and in response to the user selection, receiving from the application, a request for a scanned image, and transmitting a request to an image capture core to acquire the scanned image from the physical scanner.
A method enables events associated with local applications to be handled at a user device while a remote desktop is being used at the user device. A notification of an event is presented on a display screen of the user device, over the remote desktop. The notification prompts a user to handle the event now or handle the event later. In response to the user selecting to handle the event now, a window of a local application associated with the event is displayed over the remote desktop and may be used by the user to handle the event.
G06F 3/14 - Sortie numérique vers un dispositif de visualisation
H04L 67/143 - Interruption ou inactivation de sessions, p.ex. fin de session contrôlée par un événement
H04L 41/069 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant des journaux de notifications; Post-traitement des notifications
G06F 3/0482 - Interaction avec des listes d’éléments sélectionnables, p.ex. des menus
G06F 9/451 - Dispositions d’exécution pour interfaces utilisateur
brevets
