Abstract: In an embodiment, a computer-implemented method for enabling enhanced firewall rules via ARP-based annotations is described. In an embodiment, a method comprises detecting, by a hypervisor implemented in a first host, that a first process is executing on the first host. The hypervisor determines first context information for the first process, generates a first request, encapsulates the first request and the first context information in a first packet, and transmits the first packet to a central controller to cause the central controller to update the controller's table to indicate that the first process is executing on the first host. In response to receiving a second packet from the central controller and determining that the second packet comprises a first response, the hypervisor extracts second context information from the second packet and, based on the second context information, determines that a second process is executing on a second host.

Abstract: Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Abstract: Some embodiments provide a novel method for assigning a unique internet protocol version 6 (IPv6) link-local address to each interface of a software router implementing a plurality of logical interfaces for a corresponding plurality of logical networks. In some embodiments, the method, for each logical interface, determines a logical network identifier for a logical network corresponding to the logical interface and generates the link-local address based on that logical network identifier (e.g., a virtual network identifier (VNI)).

Abstract: A disclosed example includes determining that first virtual machines (VMs) corresponding to a first percentage resource utilization indicative of resource usage of a first rack cause the first rack to generate a threshold amount of heat; determining, based on a second percentage resource utilization indicative of resource usage of a second rack, to migrate the first VMs to the second rack to reduce a temperature in a first room by at least the threshold amount of heat; migrating the first VMs from the first rack of the first room to the second rack of a second room; placing the first rack in a low-power state based on the migration of the first VMs to the second rack; and sending a temperature control signal to a climate control system to adjust a cooling process of the climate control system based on the first rack being in the low-power state.

Abstract: Some embodiments provide a method of replicating messages for a logical network. At a particular tunnel endpoint in a particular datacenter, the method receives a message to be replicated to members of a replication group. The method replicates the message to a set of tunnel endpoints of the replication group located in a same segment of the particular datacenter as the particular tunnel endpoint. The method replicates the message to a first set of proxy endpoints of the replication group, each of which is located in a different segment of the particular datacenter and for replicating the message to tunnel endpoints located in its respective segment of the particular datacenter. The method replicates the message to a second set of proxy endpoints of the replication group, each of which is located in a different datacenter and for replicating the message to tunnel endpoints located in its respective datacenter.

Abstract: Systems and methods for performing selection of non-uniform memory access (NUMA) nodes for mapping of virtual central processing unit (vCPU) operations to physical processors are provided. A CPU scheduler evaluates the latency between various candidate processors and the memory associated with the vCPU, and the size of the working set of the associated memory, and the vCPU scheduler selects an optimal processor for execution of a vCPU based on the expected memory access latency and the characteristics of the vCPU and the processors. The systems and methods further provide for monitoring system characteristics and rescheduling the vCPUs when other placements provide improved performance and efficiency.

Abstract: The current document is directed to systems, and methods incorporated within the systems, that execute queries against log-file entries. A monitoring subsystem within a distributed computer system uses query results during analysis of log-file entries in order to detect changes in the state of the distributed computer system, identify problems or potential problems, and predict and forecast system characteristics. Because of the large numbers of log-file-entry containers that may need to be opened and processed in order to execute a single query, and because opening and reading through the entries in a log-file-entry container is a computationally expensive and time-consuming operation, the currently disclosed systems employ event-type metadata associated with log-file-entry containers to avoid opening and reading through the log-file entries of log-file-entry containers that do not contain log-file entries with event types relevant to the query.

Abstract: A server computer can be quickly allocated to and made ready for use by users of a tenant by adding and starting, on that server computer, copies of a process implementing the tenant's virtual machine, based on a gold image virtual machine for that tenant. The gold image virtual machine also has an associated gold image virtual disk. The virtual machines on the server computer are associated with virtual disks that are linked clones based on the gold image virtual disk, such as linked clones of a replica of the gold image virtual disk. Each virtual machine for a tenant on the new server computer also is added to the tenant computer network. Server computers for multiple tenants can be grouped into a cluster, and can use anti-affinity rules to limit instantiation of virtual machines of each tenant only on server computers dedicated to the tenant.

Abstract: Various examples for performing automated enrollments of client devices with a management service after being accessed by a staging user account are described. A client device can be configured to identify a user account active on the client device and determine whether the user account is a staging user account or an end user account associated with an intended recipient of the client device. In an instance in which the user account is the staging user account, the client device can create an event listener on the client device that monitors a subsequent login of a user account performed through an operating system of the client device, the subsequent login of the user account being the end user account. In an instance in which the subsequent login of the user account is detected by the event listener, the client device can perform an automated enrollment with a remote management service.

Abstract: In a computer-implemented method of presenting a temporal topology graph of a computing environment at a graphical user interface, a temporal topology graph of a computing environment including a plurality of managed components is accessed at a service provider, wherein the temporal topology graph includes managed component relationship data for the plurality of managed components over an available time range, wherein the service provider is remote to the computing environment. A selected time of the available time range for displaying a visualization of the temporal topology graph is determined. A visualization of the temporal topology graph of the computing environment is displayed at the selected time in a graphical user interface, wherein the visualization includes a topology of the plurality of managed components and parent/child relationships interconnecting the plurality of managed components at the selected time.

Abstract: Computational methods and systems that proactively manage usage of computational resources of a distributed computing system are described. A sequence of metric data representing usage of a resource is detrended to obtain a sequence of non-trendy metric data. Stochastic process models, a pulse wave model and a seasonal model of the sequence of non-trendy metric data are computed. When a forecast request is received, a sequence of forecasted metric data is computed over a forecast interval based on the estimated trend and one of the pulse wave or seasonal model that matches the periodicity of the sequence of non-trendy metric data. Alternatively, the sequence of forecasted metric data is computed based on the estimated trend and the stochastic process model with a smallest accumulated residual error. Usage of the resource by virtual objects of the distributed computing system may be adjusted based on the sequence of forecasted metric data.

Abstract: System and method for managing multiple data storages using a file system of a computer system utilize a primary data storage to cache objects of logical object containers stored in a secondary data storage in caching-tier volumes. When an access request for an object stored in the secondary data storage is received at the file system and the object is not currently cached in the primary data storage, a caching-tier volume in the primary data storage is created that corresponds to a logical object container in the secondary data storage that includes the requested object. The caching-tier volume is used to cache the object as an inflated file so that the inflated file is available at the primary data storage in the caching-tier volume for a subsequent access request for the object stored in the secondary data storage.

Abstract: Described herein are systems, methods, and software to enhance network traffic management. In one implementation, upon initialization of a computing system, the computing system may select one or more processing queues from a plurality of processing of processing queues to filter control packets of at least one software defined network. The computing system may further configure a network interface to filter the control packets to the identified one or more processing queues.

Abstract: Described herein is technology for, among things, a distributed transaction system. The distributed transaction system includes a number of computing entities and a data storage unit in communication with the computing entities. The data storage unit is operable to store a file system that is accessible by the computing entities. The data storage unit is also operable to store a number of transaction journals corresponding to respective computing entities. The transaction journals describe transactions of the computing entities on the file system. A particular computing entity is operable to maintain a respective transaction journal without communicating with the other computing entities.

Abstract: An example method of accessing a computing system includes: providing serial terminal driver configured to interface a serial port in a hardware platform of the computer system; providing a console object configured to communicate with an operating system (OS) in a software platform of the computer system and the serial terminal driver; connecting to the console object through the serial port via a computer terminal; sending text and commands from the console object to the computer terminal; and rendering, by the computer terminal, a console for presentation on a display of the computer terminal.

Abstract: Methods, apparatus, and systems to perform transparent database switching using master-replica high availability setup in relational databases are disclosed. An example system includes a first virtual appliance including a first proxy and a master database, the first proxy to forward service traffic to the master database, the master database to read and/or write data based on the service traffic; a second virtual appliance including a second proxy and a first replica database, the second proxy to determine data stored in the master database, the first replica database to replicate the master database; and a third virtual appliance including a third proxy and a second replica database, the third proxy to, in response to determining the master database of the first virtual appliance is to power down, promote the second replica database to the master database.

Abstract: Providing high availability in a distributed networking platform includes detecting that an original primary service engine is unavailable, wherein: the original primary service engine and a plurality of secondary service engines are configured to provide one or more network applications associated with a virtual Internet Protocol (VIP) address; the original primary service engine and the plurality of secondary service engines are in active-active configuration mode; and the original primary service engine is configured to respond to Address Resolution Protocol (ARP) requests designating the VIP address. Additionally, providing high availability in a distributed networking platform further includes determining that a controller is unavailable; and configuring a selected secondary service engine as the next primary service engine.

Abstract: Embodiments of the disclosure provide techniques for updating a distributed transaction log on a previously offline resource object component using distributed transaction logs from active host computer nodes from separate RAID mirror configurations. Each component object maintains a journal (log) where distributed transactions are recorded. If a component object goes offline and subsequently returns (e.g., if the node hosting the component object reboots), the component object is marked as stale. To return the component object to an active state, a distributed resources module retrieves the journals from other resource component objects from other RAID configurations where the data is mirrored. The module filters corresponding data that is missing in the journal of the previously offline corresponding object and merges the filtered data to the journal.

Abstract: Application-manager software authenticates a user of a client device over a channel. The authentication operation is performed using a directory service. The application-manager software presents a plurality of applications in a GUI displayed by the client device. The plurality of applications depends on the authentication, the client device, and the channel. And the plurality of applications includes a thin application and a software-as-a-service (SaaS) application. The application-manager software receives a selection as to an application from the user. If the selection is for the SaaS application, the application-manager software provisions the SaaS application. The provision includes automatically logging the user onto an account with a provider of the SaaS application using a single sign-on and connecting the user to the account so that the user can interact with the SaaS application. If the selection is for the thin application, the application manager software launches the thin application.

Abstract: A virtual computer system includes virtualization software, and one or more physical network interfaces for connecting to one or more computer networks. The visualization software supports one or more virtual machines (VMs), and exports one or more virtual network interfaces to the VM(s) to enable the VM(s) to access the computer network(s) through the physical network interface(s). The virtualization software modifies and filters network data frames from the VM(s) and from the physical network interfaces) to restrict one or more VMs to one or more virtual local area networks (VLANs) that are implemented within a VLAN topology. Restricting a VM to a VLAN Omits the broadcast domain to which the VM belongs, which may reduce security risks facing the VM. implementing the VLAN functionality within the virtualization software provides the functionality to every VM in the computer system, without requiring every VM to provide the functionality.