Abstract: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.

Abstract: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.

Abstract: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.

Abstract: A method, system, and computer program product for safe management of data storage using a VM are provided in the illustrative embodiments. An I/O request is received from the VM. A determination is made whether the I/O request requests a data manipulation on the data storage in an address range that overlaps with an address range of a VM signature stored on the data storage. In response to determining that the address range of the data manipulation overlaps with the address range of the VM signature, a determination is made whether an identifier of the VM matches an identifier of a second VM associated with the signature. In response to determining that the identifier of the VM does not match the identifier of the second VM, the I/O request is failed, thereby preventing an unsafe overwriting of the signature on the data storage.

Abstract: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.

Abstract: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.

Abstract: A computer implemented method and computer program product for obtaining a secure route. A trusted host sets a node security association for a trusted host. The trusted host receives, at the trusted host, a client communication request directed to a destination host. The trusted host builds a secure route query comprising a trusted host address, a destination host address, and at least one security level, to form at least one secure route. The trusted host sends packets from the trusted host to the destination host based on the at least one secure route. The packets are responsive to the client communication request, and the packets each have a security label that matches the security level.

Abstract: A computer implemented method for obtaining a secure route. A trusted host sets a node security association for a trusted host. The trusted host receives, at the trusted host, a client communication request directed to a destination host. The trusted host builds a secure route query comprising a trusted host address, a destination host address, and at least one security level, to form at least one secure route. The trusted host sends packets from the trusted host to the destination host based on the at least one secure route. The packets are responsive to the client communication request, and the packets each have a security label that matches the security level.

Abstract: A computer implemented method, system and apparatus for rebooting a host having a plurality of network interfaces. A server reboots the host by stopping an NFS server process on the host. The server sends at least one consolidated notification to a plurality of clients identified in a consolidated notification table, wherein the consolidated notification comprises at least two addresses of network interfaces of the host. The server determines that an acknowledgement is received from each of the plurality of clients. The server halts resending of consolidated notifications, responsive to determining that an acknowledgement is received from the each of the plurality of clients.

Abstract: A kernel extension is configured to intercept a call to associate a socket with a port of a node in a network. The call originates from a kernel of the node. The kernel extension is configured to determine the port from the call. The kernel extension is configured to determine that the port is one of a plurality of ports for which the node has authority to modify firewall rules of a firewall of the network. The kernel extension is configured to modify firewall rules maintained by the firewall to allow communications for the port to the node through the firewall.

Abstract: A computer implemented method and computer program product for obtaining a secure route. A trusted host sets a node security association for a trusted host. The trusted host receives, at the trusted host, a client communication request directed to a destination host. The trusted host builds a secure route query comprising a trusted host address, a destination host address, and at least one security level, to form at least one secure route. The trusted host sends packets from the trusted host to the destination host based on the at least one secure route. The packets are responsive to the client communication request, and the packets each have a security label that matches the security level.

Abstract: A computer implemented method for obtaining a secure route. A trusted host sets a node security association for a trusted host. The trusted host receives, at the trusted host, a client communication request directed to a destination host. The trusted host builds a secure route query comprising a trusted host address, a destination host address, and at least one security level, to form at least one secure route. The trusted host sends packets from the trusted host to the destination host based on the at least one secure route. The packets are responsive to the client communication request, and the packets each have a security label that matches the security level.

Abstract: A computer implemented method, system and apparatus for rebooting a host having a plurality of network interfaces. A server reboots the host by stopping an NFS server process on the host. The server sends at least one consolidated notification to a plurality of clients identified in a consolidated notification table, wherein the consolidated notification comprises at least two addresses of network interfaces of the host. The server determines that an acknowledgement is received from each of the plurality of clients. The server halts resending of consolidated notifications, responsive to determining that an acknowledgement is received from the each of the plurality of clients.

Abstract: A kernel extension is configured to intercept a call to associate a socket with a port of a node in a network. The call originates from a kernel of the node. The kernel extension is configured to determine the port from the call. The kernel extension is configured to determine that the port is one of a plurality of ports for which the node has authority to modify firewall rules of a firewall of the network. The kernel extension is configured to modify firewall rules maintained by the firewall to allow communications for the port to the node through the firewall.

Abstract: A method, system, and computer program product for safe management of data storage using a VM are provided in the illustrative embodiments. An I/O request is received from the VM. A determination is made whether the I/O request requests a data manipulation on the data storage in an address range that overlaps with an address range of a VM signature stored on the data storage. In response to determining that the address range of the data manipulation overlaps with the address range of the VM signature, a determination is made whether an identifier of the VM matches an identifier of a second VM associated with the signature. In response to determining that the identifier of the VM does not match the identifier of the second VM, the I/O request is failed, thereby preventing an unsafe overwriting of the signature on the data storage.

Abstract: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.

Abstract: A computer implemented method and apparatus for rebooting a host having a plurality of network interfaces. A server reboots the host by stopping an NFS server process on the host. The server sends at least one consolidated notification to a plurality of clients identified in a consolidated notification table, wherein the consolidated notification comprises at least two addresses of network interfaces of the host. The server determines that an acknowledgement is received from each of the plurality of clients. The server halts resending of consolidated notifications, responsive to determining that an acknowledgement is received from the each of the plurality of clients.

Abstract: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.

Abstract: A computer implemented method and apparatus for rebooting a host having a plurality of network interfaces. A server reboots the host by stopping an NFS server process on the host. The server sends at least one consolidated notification to a plurality of clients identified in a consolidated notification table, wherein the consolidated notification comprises at least two addresses of network interfaces of the host. The server determines that an acknowledgement is received from each of the plurality of clients. The server halts resending of consolidated notifications, responsive to determining that an acknowledgement is received from the each of the plurality of clients.

Abstract: A computer implemented method and computer program product for obtaining a secure route. A trusted host sets a node security association for a trusted host. The trusted host receives, at the trusted host, a client communication request directed to a destination host. The trusted host builds a secure route query comprising a trusted host address, a destination host address, and at least one security level, to form at least one secure route. The trusted host sends packets from the trusted host to the destination host based on the at least one secure route. The packets are responsive to the client communication request, and the packets each have a security label that matches the security level.