Abstract: The present disclosure relates to extending workload provisioning using a low-code development platform. Some embodiments include a medium having instructions to provide an interface for creating a custom resource in a virtualized environment, the interface including a first portion configured to receive summary information corresponding to the custom resource, and a second portion configured to receive a schema corresponding to the custom resource. Some embodiments include creating the custom resource according to the summary information and the schema.

Abstract: The present disclosure relates to development platform validation with simulation. Some embodiments include instructions to recognize a simulation of a management system as an endpoint of a development platform in a virtualized environment, and execute performance testing on the development platform using the simulation.

Abstract: Systems and methods for inspection and repair of VSAN object metadata. A user-space indirection layer is maintained to map logical addresses of VSAN objects to physical memory addresses of their metadata. Commands may then be sent from the user space to distributed object manager (DOM) clients, with the physical addresses of metadata of objects to be inspected. DOM owners thus may bypass their own indirection layers to retrieve object metadata directly from received user commands. Retrieved information is then used to reconstruct and repair object metadata. Repaired metadata may be written back to the VSAN by transmitting a write request containing the physical address at which the repaired metadata is to be written. DOM owners may be placed in a specified mode in which received I/O instructions are ignored unless they are designated as being for metadata repair purposes, such as by including a physical address.

Abstract: Systems and methods for 3D printer management can verify the printing of a 3D object based on instructions inserted into the 3D object file that cause the 3D printer to perform extra actions, thus emitting certain sounds while printing. In one example, a print server can receive a request to print a 3D object. The print server can insert snippets of instructions at random into the 3D object file. A recording device can record audio of the 3D printer printing the 3D object. The recording device can send the audio to the print server. The print server can verify that the audio emitted by the 3D printer while printing the 3D object match up with the snippets inserted into the 3D object file.

Abstract: In an embodiment, a computer-implemented method for highly-scalable, in-network multicasting of statistics data is disclosed. In an embodiment, a method comprises: receiving, from an underlay controller, a match-and-action table that is indexed using one or more multicast (“MC”) group identifiers and includes one or more special MC headers; detecting a packet carrying statistics data; determining whether the packet includes an MC group identifier; in response to determining that the packet includes the MC group identifier: using the MC group identifier, retrieving a special MC header, of the one or more special MC headers, from the match-and-action table; generating an encapsulated packet by encapsulating the packet with the special MC header; and providing the encapsulated packet to an interface controller for transmitting the encapsulated packet to one or more physical switches.

Abstract: A method for protecting an OS disk of a computing device without block encrypting the OS disk. The method identifies one or more files that store configuration data associated with OS binaries executed on the computing device. The method encrypts the configuration data stored in the one or more files using an encryption key and seals the encryption key to a TPM of the computing device. The method then boots the computing device by attempting to unseal the encryption key by authenticating one or more of the OS binaries with the TPM. When authenticating the one or more of the OS binaries is successful, the method completes boot of the computing device by decrypting the configuration data using the encryption key. If authentication of the one or more of the OS binaries is not successful, however, the method aborts boot of the computing device.

Abstract: The disclosure provides an approach for virtual computing instance (VCI) migration. Embodiments include scanning logical segments associated with a customer gateway to identify network addresses associated with the logical segments. Embodiments include determining one or more recommended supernets based on the network addresses associated with the logical segments. Embodiments include providing output to a user based on the one or more recommended supernets. Embodiments include based on the output, receiving input from the user configuring an aggregation supernet for the customer gateway. Embodiments include advertising the aggregation supernet to one or more endpoints separate from the customer gateway.

Abstract: Aspects of managing inventory for data transport connections within a virtualized computing environment are described. A virtualized management system managing a cluster of host devices obtains a data transport capacity parameter and an aggregate memory consumption value from respective host devices. The virtualized management system further identifies an update status associated with each of the host devices. In response to receiving a data transport connection request, the virtualized management system selects a host from the cluster of hosts to satisfy the data transport connection request based at least in part on the upgrade status, data transport capacity parameter and aggregate memory consumption value.

Abstract: Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a workflow service identifies a workflow action and a user account that is responsible for the workflow action. A command to present the workflow action for user authorization is transmitted to a client device associated with the user account. The workflow service transmits a command to perform the workflow action based on an identification of the user authorization.

Abstract: An in-guest agent in a virtual machine (VM) operates in conjunction with a replication module. The replication module performs continuous data protection (CDP) by saving images of the VM as checkpoints at a disaster recovery site over time. Concurrently, the in-guest agent monitors for behavior in the VM that may be indicative of the presence of malicious code. If the in-guest agent identifies behavior (at a particular point in time) at the VM that may be indicative of the presence of malicious code, the replication module can tag a checkpoint that corresponds to the same particular point in time as a security risk. One or more checkpoints generated prior to the particular time may be determined to be secure checkpoints that are usable for restoration of the VM.

Abstract: A version control interface for data provides a layer of abstraction that permits multiple readers and writers to access data lakes concurrently. An overlay file system, based on a data structure such as a tree, is used on top of one or more underlying storage instances to implement the interface. Each tree node tree is identified and accessed by means of any universally unique identifiers. Copy-on-write with the tree data structure implements snapshots of the overlay file system. The snapshots support a long-lived master branch, with point-in-time snapshots of its history, and one or more short-lived private branches. As data objects are written to the data lake, the private branch corresponding to a writer is updated. The private branches are merged back into the master branch using any merging logic, and conflict resolution policies are implemented. Readers read from the updated master branch or from any of the private branches.

Abstract: Systems and methods are described for efficient ways to manage storage of data in virtual desktops on writable volumes contained in attachable virtual disks. Multiple writeable volumes can be attached to a user's virtual desktop and data writes on the virtual desktop can be allocated among the writeable volumes based on preset policies or criteria, allowing the storage of different types of data in different writable volumes located on different storage devices.

Abstract: Examples of device-driven management are described. A management console can include a set of workflow objects to use in a workflow creation user interface. Workflow objects can be positioned in the workflow creation user interface area based on user manipulation. A device state criteria overlay can be painted on a connector workflow object to indicates that a branch of executable instructions corresponding to the connector workflow object is performed where a client device corresponds to the specified device state criteria.

Abstract: The disclosure provides an approach for implementing a distributed firewall within a data center. The firewall is implemented as a kernel space filter driver within the operating system of virtual machines. Each virtual machine hosts several user sessions. The firewall may be dynamically updated with new security policies, either by an administrator or a component of the data center.

Abstract: System and method for managing migration of trusted execution environments (TEEs) based on migration policies utilizes a source migration agent in the source host computer and a destination migration agent in a destination host computer to migrate a source TEE in the source host computer to the destination host computer. A migration policy data of the source TEE is first transmitted to the destination migration agent from the source migration agent to determine whether the destination host computer satisfies migration policies specified in the migration policy data. In response to a determination that the destination host computer satisfies the migration policies specified in the migration policy data, a destination TEE is created in the destination host computer and memory pages of the source TEE are transmitted to the destination TEE. The memory pages are then restored at the destination TEE for execution.

Abstract: The disclosure provides an approach for cryptographic agility. Embodiments include establishing, by a proxy component associated with a cryptographic agility system, a first secure connection with an application. Embodiments include receiving, by the proxy component, via the first secure connection, a communication from the application directed to an endpoint. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information related to the communication. Embodiments include establishing, by the proxy component, a second secure connection with the endpoint based on the cryptographic technique. Embodiments include transmitting, by the proxy component, a secure communication to the endpoint via the second secure connection based on the communication.

Abstract: Techniques are described providing improved ways to benchmark and validate virtual desktop deployments where targeted workloads are delivered to virtual desktops based on parameters such as the desktop type and origin, and where workload operations can be triggered from the client device. Client instructions for performing workload operations can be encoded into a digital image such as a Quick Response (QR) code on the virtual desktop and inserted into the virtual desktop graphical user interface (GUI). The client decodes the digital image in the received GUI to obtain the instructions and actuate the operations. Completion of operations can be tracked to benchmark desktop performance.

Abstract: In an embodiment, a computer-implemented method for providing dynamic mechanisms for resource-path-based, dynamic group membership support for local and external membership groups is described. A method comprises: detecting, by a group resolver implemented in a management and control plane, that information about an object stored in the plane was created or updated; determining whether a URI of the object matches a URI regular expression and other conditions specified in membership criteria created for a membership group; in response to determining that a URI of the object matches a URI regular expression and other conditions specified in membership criteria created for a membership group: distributing the information about the object to network agents implemented in transport nodes to cause the network agents to automatically update a group membership policy associated with the membership group; and wherein the group membership policy affects packet forwarding behavior of a forwarding node.

Abstract: Disclosed are various examples of providing AI accelerator access as a service at the edge. In some embodiments an artificial intelligence (AI) accelerator device identifier is transmitted to register an AI accelerator with the AI broker service. An AI processing request for the AI accelerator is received from a networked computing device. A bus redirect of the AI accelerator to the networked device is enabled. An AI workload is performed controlled by the networked device through the bus redirect.