Abstract: Page request interface overhead reduction for virtual machine migration and write protection in memory may be provided by generating a page table associated with the memory; in response to receiving a write-protection command to prevent write-access to data from a portion of the memory, write-protecting a first range of memory addresses comprising the data write protected from the portion of the memory, wherein a second range of memory addresses comprises data not write protected in the memory; and modifying the page table to include a page table entry associated with the first range of memory addresses being write-protected, wherein write access to a memory address in the first range of memory addresses by a device during write-protection is tracked.

Abstract: Systems and methods of the disclosure include: publishing, by a first host computer system of a computing cluster comprising a plurality of host computer systems running a plurality of virtual machines, a list of memory page identifiers, wherein each memory page identifier is associated with a corresponding content identifier; receiving, from a second host computer system of the computing cluster, a memory page request comprising a first memory page identifier; and sending, to the first host computer system, a first memory page identified by the first memory page identifier.

Abstract: Preventing quantum errors using a Quantum Error Correction Algorithm Trainer (QECAT) table is disclosed herein. In one example, a processor device of a computing device is to identify a subset of a plurality of QECAT table entries of a QECAT table, wherein each QECAT table entry of the subset corresponds to an occurrence of a quantum error. The processor device is further to obtain metadata from each QECAT table entry of the subset. The processor device identifies, based on the metadata from each QECAT table entry of the subset, a common characteristic of each occurrence of the quantum error. The processor device then determines, based on the common characteristic, a preventative action to prevent a future occurrence of the quantum error.

Abstract: Techniques of scheduling workload(s) on partitioned resources of host systems are described. The techniques can be used, for example, in a container-orchestration system. One technique includes retrieving information characterizing at least one schedulable partition and determining an availability and a suitability of one or more of the schedulable partition(s) for executing a workload in view of the information. Each of the schedulable partition(s) includes resources of one or more host systems. The technique also includes selecting one or more of the schedulable partition(s) to execute the workload in view of the availability and the suitability.

Abstract: Heterogeneous memory management and services. A memory metadata service obtains memory configuration information that identifies one or more sharable load-store memory segments available on each of a plurality of computing devices. The memory metadata service generates a memory metadata repository that comprises memory metadata that identifies, for each computing device of the plurality of computing devices, the one or more sharable load-store memory segments available on the computing device and, for each sharable load-store memory segment, a memory size of the sharable load-store memory segment and at least one memory attribute. The memory metadata service receives, from a first requesting computing device, a first memory allocation request that requests a first quantity of load-store memory. The memory metadata service sends, to the first requesting computing device, memory allocation information that identifies a first sharable load-store memory segment based on the memory metadata repository.

Abstract: Systems and methods for configuration file editing during the execution of the configuration process can include initiating a configuration process using a configuration file referencing a sequence of tasks and receiving a command to edit the configuration file. They can also include, responsive to the receipt of the command, pausing the configuration process and modifying one or more tasks in the sequence of tasks to generate a modified configuration file. They can further include resuming the configuration process using the modified configuration file from a point at which the execution was paused.

Abstract: A system includes a memory and a processor, where the processor is in communication with the memory. The processor is configured to receive a request to compress a schema. The schema is analyzed to determine whether to apply a first type of compression or a second type of compression, where analyzing the schema includes determining whether the schema exceeds a threshold level. Upon determining that the schema exceed the threshold level, a compressed schema is generated by performing the second type of compression. Next, the processor responds to the request with the compressed schema.

Abstract: Data can be prefetched in a distributed storage system. For example, a computing device can receive a message with metadata associated with at least one request for an input/output operation from a message queue. The computing device can determine, based on the message from the message queue, an additional IO operation predicted to be requested by a client subsequent to the at least one request for the IO operation. The computing device can send a notification to a storage node of a plurality of storage nodes associated with the additional IO operation for prefetching data of the additional IO operation prior to the client requesting the additional IO operation.

Abstract: Systems and methods for generating asynchronous application programming interface (API) documents are generally described. In various examples, a topic discovery request may be sent to a message broker. A list of topics may be received from the message broker. First identifier data identifying a first topic of the list of topics may be received from the message broker. A first message may be received from the message broker, where the first message pertains to the first topic. First schema may be determined using the first message. The first schema data may describe content of the first message and organization of the content of the first message. The first identifier data may be stored in a first data structure in association with the first schema data.

Abstract: Systems and methods for memory management for virtual machines. An example method may include receiving, by a host computing system, a memory access request initiated by a peripheral component interconnect (PCI) device, wherein the memory access request comprises a memory address and an address translation flag specifying an address space associated with the memory address; and responsive to determining that the address translation flag is set to a first value indicating a host address space, causing a host system input/output memory management unit (IOMMU) to pass-through the memory access request.

Abstract: Systems and methods are described for compiling a specified instruction from a first virtual application to a second virtual application. Each virtual application may be associated with different programming languages. In an example method, a computing device receives a request to execute the specified instruction in the second virtual application. A target data structure may be created, using a library of the second virtual application, where a template directory may be stored. First syntax features, each defining a respective variable may be identified. An abstract syntax tree may be used to derive, for each first syntax feature, a modified definition for the respective variable. Second syntax features may be generated that define the respective variables more precisely than the first syntax features. The specified instruction may be rendered the second virtual application and may be expressed via the second syntax features and their respective variables.

Abstract: Systems and methods for extending a container orchestration engine API in-process are disclosed. The method includes compiling each of one or more custom resource definition (CRD) controllers that are created in a cluster at run-time into a respective isolation module to generate one or more isolation modules, wherein the one or more isolation modules are all hosted in a service. The method also includes, in response to detecting an API event serviced by a CRD controller of the one or more CRD controllers, executing a respective isolation module of the CRD controller.

Abstract: The technology disclosed herein enable a consumer to verify the integrity of services running in trusted execution environments. An example method may include: receiving, by a broker device, a request to verify that a service is executing in a trusted execution environment, wherein the request comprises data identifying the service; determining, by the broker device, a computing device that is executing the service; initiating, by the broker device, a remote integrity check of the computing device executing the service; receiving, by the broker device, integrity data of the trusted execution environment of the computing device; and providing, by the broker device, the integrity data to a consumer device associated with the service.

Abstract: Systems and methods for implementing a build-time, automatic, exporter configuration rule generator that removes the need for manual definition of exporter configurations are described. A processing device may perform a scan of source code of an application to identify one or more classes of the application, each of the one or more classes enabling an exporter to access metrics generated by the class. For each of the one or more classes, the processing device may analyze source code of the class with a set of templates and heuristics to generate a set of configuration rules for the class. The processing device may then generate an exporter configuration for the exporter based on the set of configuration rules for each of the one or more classes.

Abstract: Systems and methods for implementing multi-factor system-to-system authentication using secure execution environments. An example method comprises: determining, by a first computing system, using a secure execution environment, a measure of one or more computing processes running on the first computing system; presenting, to a second computing system, a first authentication factor derived from the measure; computing, using the secure execution environment, a second authentication factor derived from at least one of: one or more first data items received from the second computing system, one or more confidential second data items received from one or more third computing systems, or one or more public data items received from one or more fourth computing systems; and presenting the second authentication factor to the second computing system.

Abstract: An application programming interface (API) gateway device receives an API request from a client device, the API gateway to provide access to a plurality of services provided by a plurality of compute nodes. A cluster manifest is created based on metadata associated with the API request and characteristics of the plurality of services, the cluster manifest identifying a logical view of a subset of the plurality of services provided by a subset of the plurality of compute nodes. The API request is routed to one of the subset of the plurality of services based on the cluster manifest.

Abstract: A sliding window cache can be used for data storage in a data grid. For example, a computing device can receive a request from a client device for storing a data entry in a data grid. The computing device can store the data entry in a first data set including a plurality of data entries distributed across a plurality of nodes of the data grid. The computing device can also store the data entry in a second data set in a sliding window cache that is embedded in the data grid. The second data set can include a subset of the plurality of data entries synchronized with the plurality of data entries of the first data set. The computing device can determine a statistic measurement associated with the sliding window cache and output the statistic measurement to the client device.

Abstract: The technology disclosed herein enables efficient launching of trusted execution environments. An example method can include: receiving, by a first computing device, a request from a second computing device to establish a set of trusted execution environments (TEEs) in the first computing device; establishing a first TEE of the set of TEEs in the first computing device, wherein the trusted execution environment comprises an encrypted memory area and executable code; receiving, by the first TEE, cryptographic key data from the first computing device; establishing, by the first TEE, a second TEE of the set of TEEs in the first computing device, wherein the second TEE comprises a copy of the executable code; providing, by the first TEE, the cryptographic key data to the second TEE; and causing the executable code of the second TEE to communicate with the first computing device using the cryptographic key data.

Abstract: The technology disclosed herein enables performing data correlation to optimize continuous integration environments.

Abstract: A method includes detecting a change in control of a peripheral device from a first security domain to a second security domain of a computer system and in response to detecting the change in control of the peripheral device, reading a current firmware version of the peripheral device and determining whether the current firmware version of the peripheral device is trusted by the computer system. The method further includes in response to determining that the current firmware version is trusted by the computer system, providing control of the peripheral device to the second security domain.