Abstract: A method and apparatus for efficiently executing guest programs in a virtualized computing environment are presented. The method includes executing a virtual machine on a computing hardware; executing a single hypervisor in a first security ring on the virtual machine; executing a single guest program on the virtual machine, wherein the single guest program includes a single kernel being executed in the first security ring and at least one application being executed in a second security ring; and executing at least an instruction issued by the at least one application without trapping the single hypervisor.

Abstract: A computerized method for efficient handling of a privileged instruction executed by a virtual machine (VM). The method comprises identifying when the privileged instruction causes a VM executed on a computing hardware to perform a VM exit; replacing a first virtual-to-physical address mapping to a second virtual-to-physical address mapping respective of a virtual pointer associated with the privileged instruction; and invalidating at least a cache entry in a cache memory allocated to the VM, thereby causing a new translation for the virtual pointer to the second virtual-to-physical address, wherein the second virtual-to-physical address provides a pointer to a physical address in a physical memory in the computing hardware allocated to the VM.

Abstract: A method for operating a virtualized network that communicatively connects between a plurality of communication ports, instantiated for a plurality of guest operating systems executed over a plurality of hosts. The method comprises instantiating a communication port for each of the plurality of guests; performing a discovery media access control (MAC) address process of at least one destination guest of the plurality of guests by a source guest; sending a ping request from the source request to the at least one destination guest; and creating the virtualized network to allow communication between the source guest with the at least one destination guest, wherein the virtualized network is created over the physical network.

Abstract: In a computing system where a plurality of processing units may execute a shared code independently, it is necessary to address data issues related to execution of the shared code and separate data. According to various embodiments disclosed herein, the per-processing unit data can be efficiently addressed in a program counter relative mode where data is accessed using a data offset value for each processing unit when the data blocks are positioned at spaces of a predetermined offset value. Further, the per-processing unit of common code in different virtual addresses is mapped to a common physical address. As a result, while each of the processing units access the exact same instruction code in physical memory it accesses a different area in memory for manipulation of data.

Abstract: An apparatus and method of operation in a para-virtualized environment. The method includes executing a first hypervisor on a hardware platform of a computing device; and executing a second hypervisor over the first hypervisor, the second hypervisor is configured to capture at least a privileged instruction called by an unmodified guest program executed over the second hypervisor and cause the first hypervisor to execute an instruction corresponding to the captured privileged instruction, wherein the unmodified guest program and the second hypervisor operate in a user space protection domain, e.g., Ring 3, and the at least privileged instruction should be executed in a kernel space protection domain, e.g., Ring 0.

Abstract: A method for efficient execution of a guest in a virtualized computing environment is provided. The method comprises causing an execution of at least one virtual machine on a computing hardware, the virtual machine executes a hypervisor in a first security ring; and causing an execution of a single guest program on one of the at least one virtual machines, the single guest program comprises a kernel being executed in the first security ring and at least one application being executed in a second security ring.