Abstract: Described herein are systems and methods that manage configuration updates for networking manager virtual machines. In one example, a method includes identifying an update for at least one networking manager virtual machine. In response to identifying the update, the method notifies a daemon on the host with the networking manager virtual machine to establish a channel with a control plane agent to receive communications in place of the networking manager virtual machine. The method further identifies when the configuration modification is complete for the networking manager virtual machine and notifies the daemon on the host to break the channel with the control plane agent.

Abstract: Examples described herein include systems and methods for automatically configuring a VM on a server using information from a switch located remotely from the server. The switch can provide the configuration information in a Link Layer Discovery Protocol (“LLDP”) type-length-value (“TLV”) data structure. The configuration information can include various information related to configuring a VM, such as a VM identifier, an indication of a physical port of the server, a VM interface that corresponds to the identified physical port, and a virtual local area network (“VLAN”) identifier indicating that a particular VLAN corresponds to the VM, VM interface, or the physical port. The hypervisor can use this configuration information to automatically configure a newly instantiated VM, or reconfigure a VM for a new task, without manual user input.

Abstract: Example methods and systems for packet flow monitoring are described. In one example, a first computer system may detect a flow of packets along a datapath between a source and a destination and determine source attribute information associated with the source and destination attribute information associated with the destination. The first computer system may perform attribute-to-identifier mapping by (a) mapping the source attribute information to a source identifier having a reduced size compared to the source attribute information, and/or (b) mapping the destination attribute information to a destination identifier having a reduced size compared to the destination attribute information.

Abstract: Example methods and systems for decentralized network topology adaptation in a in a peer-to-peer (P2P) network are described. In one example, a first computer system may obtain first attribute information associated with the first computer system; and second attribute information associated with a second computer system. Based on the first and second attribute information, the first computer system may generate a connection confidence prediction associated with a connection between the first computer system and the second computer system. The connection confidence prediction may indicate whether the connection is a suboptimal connection associated with a suboptimal network topology. In response to determination that the connection confidence prediction satisfies a break condition, the first computer system may break the connection between the first computer system and the second computer system, but otherwise maintain the connection.

Abstract: Certain embodiments described herein relate to methods and systems for detecting unexpected behavior associated with a process. In certain embodiments, a method comprises receiving a memory allocation request, the request indicating one or more memory segments to be allocated in memory of a computing system. The method further comprises allocating the one or more memory segments in the memory based on the memory allocation request. The method further comprises allocating one or more decoy memory segments in the memory based on the memory allocation request. The method further comprises trapping an input/output (I/O) operation. The method further comprises detecting an unexpected behavior associated with the I/O operation based on determining that the I/O operation impacts at least one of the one or more decoy memory segments. The method further comprises performing one or more actions based on the detection.

Abstract: An example virtualized computing system includes a host cluster having a virtualization layer directly executing on hardware platforms of hosts, the virtualization layer supporting execution of virtual machines (VMs), the VMs including pod VMs, the pod VMs including container engines supporting execution of containers in the pod VMs; an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server and pod VM controllers, the pod VM controllers executing in the virtualization layer external to the VMs, the pod VM controllers configured as agents of the master server to manage the pod VMs; pod VM agents, executing in the pod VMs, configured as agents of the pod VM controllers to manage the containers executing in the pod VMs.

Abstract: A system and method of communicating between computing devices including pairing a first computing device with a second computing device. The first computing device and the computing second device are configured to communicate with an application workspace system. The first computing device provides token and application information to a second computing device. The second computing device is authenticated with the application workspace system using the token and launches an application corresponding to the application information.

Abstract: Disclosed are various embodiments for implementing a key escrow system without disclosure of a client's encryption key to third parties. An encryption key is split into a plurality of key segments pursuant to a shared secret protocol. A plurality of peer client devices are then identified. Each peer client device in the plurality of peer client devices is then verified and the respective one of the plurality of key segments are sent to a respective one of the plurality of peer client devices. A response is then received from each respective one of the plurality of peer client devices, the response confirming receipt of the respective one of the plurality of key segments. A list identifying the plurality of peer client devices is finally provided to a key escrow service, the list comprising key-value pairs that identify each respective one of the plurality of peer client devices and the respective one of the plurality of key segments.

Abstract: Software development kit (“SDK”) applications may be implemented with user data on an enterprise end-user or shared device subsequent to a single check-out process on the device. A user profile and a context ID for a user can be accessed based on user provided credentials. An agent application can set a value of an agent context ID to a server context ID corresponding to the context ID for the user profile. A status of a local context ID (“LCID”) of an SDK application can be determined in response to an application launch. Using the LCD, a context ID comparison can be performed on the device with a value of a context ID from one of the SDK application, the server, and the agent application based on the LCID status. The SDK application can be implemented with user specific user data obtained from one of the SDK application and the agent application based on a result of the context ID comparison.

Abstract: The disclosure provides an approach for alarm state restoration. Embodiments include determining a plurality of alarm definitions applicable to an inventory of a plurality of entities in a computing environment. Embodiments include assigning each given alarm definition of the plurality of alarm definitions to a given alarm category of a plurality of alarm categories. Embodiments include restoring declared states of the plurality of alarms definition on the inventory based on the assigning, wherein the restoring comprises, for each given alarm category of the plurality of alarm categories, performing a single traversal of the inventory to identify all respective entities of the plurality of entities that correspond to one or more alarm definitions assigned to the given alarm category.

Abstract: Example methods are provided to use a guest monitoring mode (GMM) module in a hypervisor to monitor for attempts to maliciously modify operating system (OS) kernel objects in a virtualized computing environment. A created OS kernel object is migrated to a memory space where the GMM module can detect an attempt to modify the OS kernel object. The GMM module uses reference information to determine whether the modification is authorized by trusted OS kernel code or is being attempted by malicious code.

Abstract: Disclosed are aspects of workload selection and placement in systems that include graphics processing units (GPUs) that are virtual GPU (vGPU) enabled. In some aspects, workloads are assigned to virtual graphics processing unit (vGPU)-enabled graphics processing units (GPUs) based on a variety of vGPU placement models. A number of vGPU placement neural networks are trained to maximize a composite efficiency metric based on workload data and GPU data for the plurality of vGPU placement models. A combined neural network selector is generated using the vGPU placement neural networks, and utilized to assign a workload to a vGPU-enabled GPU.

Abstract: Disclosed are various implementations of approaches for continuous delivery of management configurations. In some examples, a management configuration delivery workflow is retrieved from a source environment. The management configuration is transmitted to a destination environment specified in the management configuration delivery workflow. The destination environment us updated to apply the management configuration.

Abstract: The disclosure provides an approach for certificate management for cryptographic agility. Embodiments include receiving, by a cryptographic agility system, a cryptographic request related to an application. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information associated with the cryptographic request. Embodiments include determining, by the cryptographic agility system, based on the cryptographic request, a certificate for authenticating a key related to the cryptographic technique. Embodiments include providing, by the cryptographic agility system, the certificate to an endpoint related to the cryptographic request for use in authenticating the key.

Abstract: Automated methods and systems for identifying problems associated with objects of a data center are described. Automated methods and systems are performed by an operations management server. For each object, the server determines a baseline distribution from historical events that are associated with a normal operational state of an object. The server determines a runtime distribution of runtime events that are associated with the object and detected in a runtime window of the object. The management server monitors runtime performance of the object while the object is running in the datacenter. When a performance problem is detected, the management server determines a root cause of a performance problem based on the baseline distribution and the runtime distribution and displays an alert in a graphical user interface of a display.

Abstract: Examples described herein include systems and methods for managing slices in a Telco network by using a graphical user interface (“GUI”) with augmented reality (“AR”). A user device can scan a code that is related to physical hardware in a datacenter. Based on the code, the GUI can display at least one virtual component that resides on that hardware. The user can move the virtual component from one slice to another, such as by dragging it to a displayed slice region. Similarly, the user can drag the virtual component to new physical hardware. This can cause an AR engine to contact an orchestrator to route traffic to the virtual component according to the new slice identifier and new hardware. The GUI can also provide a datacenter map to related physical or virtual components, allowing the user to locate and inspect other hardware relied on by a slice.

Abstract: Example methods and systems for logical network packet handling are described. In one example, a physical network interface controller (PNIC) may receive an egress packet associated with a packet flow via a first virtual function supported by the PNIC. The PNIC may steer the egress packet towards a processing pipeline by applying a filter associated with the first virtual function or content of the egress packet, or both. The egress packet may be processed using the processing pipeline to generate a processed packet by (a) retrieving a logical network policy associated with the packet flow from a datastore on the PNIC and (b) performing one or more actions according to the logical network policy. The processed packet may be forwarded towards the destination via a second virtual function supported by the PNIC or a physical network connected to the PNIC.

Abstract: When a user attempts to access a first application installed on a user device, it can send an authentication request to an authentication server. The authentication server can assign a unique request token to the request and load a script to a component of the operating system executing on the user device that displays content within the first application. The script can cause a portal application to launch on the user device. The portal application can send a request to the authentication server on behalf of the user, including the unique request token and an access token stored by, or accessible to, the portal application. The authentication server can receive the request from the portal application and validate the request based on the unique request token and the access token. Upon validating the request, the authentication server can authenticate the user at the first application.

Abstract: Techniques are described for storing a virtual disk in an object store comprising a plurality of physical storage devices housed in a plurality of host computers. A profile is received for creation of the virtual disk wherein the profile specifies storage properties desired for an intended use of the virtual disk. A virtual disk blueprint is generated based on the profile such that that the virtual disk blueprint describes a storage organization for the virtual disk that addresses redundancy or performance requirements corresponding to the profile. A set of the physical storage devices that can store components of the virtual disk in a manner that satisfies the storage organization is then determined.

Abstract: The present disclosure is directed to a leader-based partially synchronous BFT SMR protocol that improves upon existing protocols by exhibiting two rounds of communication latency, linear authenticator complexity, and optimistic responsiveness. This is achieved through the novel use of an aggregate signature scheme as part of the protocol's view-change procedure.