Abstract: Disclosed herein are systems and method for providing a File System (FS) without redundancy for one or more services. In one aspect, an exemplary method comprises, mounting a base image of microservices to a directory, for each of the one or more services, union-mounting a service image on top of the base image, identifying all dependencies associated with the service image, and creating one or more sub-directories for each dependency associated with the service image, for each identified dependency, creating a link between the dependency and the union-mounted service image and base image, and creating, one or more micro-services.

Abstract: Disclosed are systems and methods for execution of applications in a container. An exemplary method comprises receiving, by at least one computing device, a request to an application, wherein the application includes a set of instructions for processing the request, determining whether a state snapshot is available for the computing device, restoring state of the process from the state snapshot in a container on the computing device and processing the request based on the set of instructions by the process when the state snapshot is available, preparing at least one new process in the container on the computing device for processing the request, creating a new state snapshot for the application and processing the request based on the set of instructions by the new process when the state snapshot is not available, wherein creating the new state snapshot is performed after preparing the new process and before processing the request.

Abstract: A system and method is provided for switching file systems based on an instruction from a user application. An exemplary method includes receiving an instruction from a user application to replace a first file system by a second file system, identifying and temporarily suspending all processes that are working with one or more files on the first file system, obtaining information about all files that are used by a temporarily suspended process, the obtained information including at least information on corresponding memory mappings or file descriptors, replacing resources of the first file system by matching resources of the second file system, synchronizing attributes of the first and second file systems, and resuming execution of suspended processes.

Abstract: Disclosed herein are systems and method for live migration of a guest OS, the method comprising: interrupting execution of the guest OS in the hypervisor on a source computing device, transferring a state of the guest OS from the hypervisor on the source computing device to a hypervisor on a target computing device, and resuming execution of the guest OS in the hypervisor on the target computing device without waiting for completion of pending I/O requests on the source, wherein the pending I/O requests are generated by the guest OS in the hypervisor on the source and have not been completed before the interruption of execution of the guest OS, and wherein after resuming execution of the guest OS, the guest OS in the hypervisor on the target computing device is allowed to generate new I/O requests without waiting for completion of pending I/O requests on the source computing device.

Abstract: Disclosed herein are systems and method for detecting problematic performance on a software instance. In one aspect, the method includes: receiving, from a first software instance, a log file that lists actions performed on a computing device over a period of time; parsing the log file to identify, from the actions, a first sequence of actions performed on a given object; analyzing similarity between the first sequence of actions performed on the given object and at least one other sequence of actions performed on at least one other object of a same type, wherein the at least one other sequence of actions is indicative of problematic performance; in response to determining, based on the analysis of similarity, that the first sequence of actions is similar to the at least one other sequence of actions, generating an alert indicating the problematic performance on the first software instance.

Abstract: Disclosed herein are systems and methods for updating software object instances on a plurality of nodes. An exemplary method may comprise monitoring a software repository for an update to the software object instance installed on the plurality of nodes. In response to detecting the update, the method may comprise initiating installation of the update to the software object instance on a first subset of the plurality of nodes in accordance with an installation schedule. The method may comprise determining whether a functionality or performance issue in the software object instance or a respective node of the first subset was detected subsequent to updating the software object instance. In response to determining that the functionality or performance issue was not detected, the method may comprise updating the software object instance on a second subset of the plurality of nodes in accordance with the installation schedule.

Abstract: A system and method is provided for providing distributed computing platform on untrusted hardware. An exemplary method includes launching a hypervisor on an untrusted computing node and receiving a request generated to provide a computing function using hardware of the untrusted computing node. Upon receiving the request, an enclave in memory of the untrusted computing node is created and a virtual machine is launched in the memory enclave. Moreover, a guest operating system of the virtual machine verifies the security of the untrusted computing node. Finally, the guest operating system performs the computing function using the hardware of the untrusted computing node upon the guest operating system verifying the security of the untrusted computing node and the hypervisor.

Abstract: Disclosed herein are systems and method for generating a guest Operating System (OS) crash dump. In one aspect, an exemplary method comprises, obtaining information about a guest physical memory and a state of a guest CPU, determining guest page tables including a data structure for mapping between the guest physical memory and guest virtual pages using registers of the guest CPU, identifying an interrupt handler and determining an address of the interrupt handler using the guest page tables and the registers of guest CPU, finding a location of a kernel image in memory by scanning virtual addresses backward starting from the interrupt handler until a beginning of an executable kernel module is found, identifying and fetching debug symbols, determining system task descriptors using the debug symbols, determining debugger relevant data using the debug symbols, and generating the crash dump header using the system task descriptors and the debugger relevant data.

Abstract: Disclosed herein are systems and method for moving a process from a host to a virtual machine (VM). In one exemplary aspect, a method comprises freezing the process at a host operating system (OS) of the host; transferring at least one kernel object of the process from the host OS to a VM OS of the VM; reconfiguring at least one input-output (IO) resource of the process to point to a host-VM channel such that data flow between the host and the VM is enabled; mapping memory utilized by the process to the VM by remapping at least one page of the memory into the VM OS; and unfreezing the process at the VM OS.

Abstract: Disclosed herein are systems and method for gradually updating software object instances on a plurality of computer nodes. In an exemplary aspect, in response to receiving a notification from a software object instance, a system may register the software object instance at an update server. The system may store and deploy a plurality of links, wherein each deployed link uniquely corresponds to a registered software object instance. The system may then associate two or more subsets of the plurality of links with two or more update locations, in accordance with an update policy. The system may place an update to the software object instance at the two or more update locations in accordance with an update policy. In response to receiving an update request via a link from a computing node, the system may further redirect the update request to an update location associated with the link.

Abstract: A system and method for executing a method generating a binary patch file for live patching of an application is disclosed. In one exemplary aspect, the method comprises creating shared object by compiling source code patch file that contains source code of a new function corresponding to an old function, a global external symbol referenced in the source code of the new function, and at least one link to a symbol in an application binary code corresponding to the global external symbol, wherein the shared object contains binary code of the new function for replacing the old function during the live patching, and the result of a compilation of the link, generating metadata usable to facilitate the live patching, creating bindings between calculated relative addresses and the global external symbol referenced by the shared object, and creating the binary patch file by adding metadata to the shared object.

Abstract: Disclosed are systems and method for managing blocks of data and metadata. In an exemplary aspect, a method comprises receiving, by a first virtual block device on a computing device, a request from a file system. In response to identifying an indication that the request for a block of data, the method comprises accessing, by the first virtual block device, at least one backing block device dedicated to storing data to perform a requested operation on the block of data. In response to identifying an indication that the request for metadata, the method comprises instructing a second virtual block device to perform the requested operation on the metadata of the file system, wherein the second virtual block device accesses at least another one backing block device dedicated to storing metadata to perform the requested operation on the metadata of the file system and caches the metadata in Random Access Memory.

Abstract: Disclosed are methods and systems for upgrading a container to another version of an operating system while preserving user applications and data of the container. In a general aspect, the method comprises: copying, from a first container host to an auxiliary host, an operating system kernel of the first container host, and system files and user applications and data of the container; upgrading on the auxiliary host the operating system, including the kernel of the operating system and system files of the container, from one version of the operating system to another version of the operating system, while preserving user applications and data; and copying, from the auxiliary host to a second container host, the system files of the upgraded operating system, and the preserved user applications and data.

Abstract: Disclosed herein are systems and method for recovering a computing device after an intrusion is detected. In one aspect, an exemplary method comprises, by a minimalistic operating system running on the computing device, deploying a master container, wherein the deploying of the master container comprises creating and starting the master container from a container image, providing, to the master container, access to a storage area network (SAN) volume, providing, to the master container, read-only access to a Distributed Configuration Management (DCM) module domain, the domain being where a configuration of the computing device is stored, and invoking an Intrusion Detection Module (IDM) to start detecting intrusions into the master container; and upon receiving a notification from the IDM, re-deploying, by the minimalistic OS, the master container from the container image, wherein the deployed master container acts as a default runtime environment on the computing device.

Abstract: Disclosed herein are systems and method for deploying servers in a distributed storage to improve fault tolerance. In one aspect, an exemplary method comprises, on a hardware server, installing an OS on a virtual disk, putting the virtual disk on the distributed storage, configuring the hardware server so that at least two physical block devices of the hardware server are bootable by putting, on each physical block device of the at least two physical block devices, a boot component, and configuring the boot component on any one physical block device of the at least two physical block devices, the configuration of the boot component including enabling the boot component to perform at least one of: mounting the virtual disk as a root file system of the OS, and booting the OS from the mounted virtual disk during a booting of the hardware server.

Abstract: Disclosed herein are systems and methods for secure authentication of a managed application. In one aspect, an exemplary method comprises receiving, by a cloud platform, a request from a managed application to connect to a middleware service, determining that the managed application is authenticated to use the middleware service based on the secret, obtaining a secret associated with the managed application and the middleware service from a secret store, connecting to the middleware service using the secret to establish a secure connection, and delegating, to the managed application, the secure connection between the managed application and the middleware service.

Abstract: Disclosed herein are systems and method for collecting an optimal set of log files for generating error reports. In one aspect, a method may comprise detecting an error in a software component and retrieving a function call trace associated with the software component. The method may comprise comparing the retrieved function call trace with a plurality of known call traces, wherein each respective known call trace of the plurality of known call traces is associated with a respective set of log files to be collected for error analysis. The method may comprise identifying, based on the comparison, a known call trace for which a similarity value with the retrieved function call trace is greater than a threshold similarity value. The method may comprise collecting a set of log files for the error based on an associated set of log files for the known call trace and generating an error report.

Abstract: Disclosed are systems and methods for encryption of an ephemeral layer of one or more containers. An exemplary method comprises detecting a container starting execution in an operating system, generating a temporary encryption key and storing the temporary encryption key in memory of a kernel of the operating system, creating an encrypted area as the ephemeral layer in a storage device, the encrypted area accessible only by the container, providing to the container access to the encrypted area, and responsive to stopping execution of the container, destroying the temporary encryption key.

Abstract: Disclosed are systems and methods for execution of applications in a virtual execution environment. An exemplary method comprises receiving from a client, a request for execution of an application in at least one virtual execution environment on at least one hardware node, determining whether there is a state snapshot of an application in the virtual execution environment, restoring a state of the application from a state snapshot in the virtual execution environment when the state snapshot of the application is found, starting the application without restoring the state of the application from the state snapshot and creating a new state snapshot of the application when the state snapshot of the application is not found, continuing execution of the application in the virtual execution environment and returning a response of the application to the client.

Abstract: Disclosed herein are systems and methods for providing a platform for micro-service-based applications with unified management of infrastructure and client containers. An exemplary system may comprise the platform running on at least one computing device. The platform may comprise at least one client micro-service container and a plurality of infrastructure micro-service containers. Each infrastructure micro-service container may run infrastructure services for the at least one client micro-service container and for other infrastructure micro-service containers, wherein infrastructure micro-service containers are used by the platform to run client micro-service containers. The platform may also comprise a single unified management software layer that is responsible for unified management of the plurality of infrastructure micro-service containers and the at least one client micro-service container.