Abstract: A remote desktop can be displayed with controllable transparency over a local desktop. The transparency may be varied using hotkeys. Hotkeys may also be used to control/switch the direction of user input, such as mouse and keyboard events, so as to direct the user input to the remote desktop or to the local desktop.

Abstract: Example methods and systems for security threat analysis are described. One example may involve a first computer system configuring a test packet that includes malicious content for forwarding along a network path between (a) a first network element that is connected with a first virtualized computing instance and (b) a second network element that is connected with a second virtualized computing instance. The test packet may be injected at the first network element and forwarded towards the second network element. In response to a security checkpoint detecting the test packet, the security checkpoint may apply one or more security policies on the test packet; and generate and send report information towards a management entity. The report information may indicate whether the malicious content in the test packet is detectable based on the one or more security policies.

Abstract: A method comprises: in response to detecting a new expression in a policy rule, updating a global version number to a new value; identifying a particular IP address that corresponds to an FQDN matching on the new expression; storing an entry comprising the particular IP address, the new expression, and an entry version number in a first data structure, the entry version number being assigned the new value; in response to detecting a new connection to a destination IP address: finding a matching entry in the first data structure corresponding to the destination IP address; determining whether the global version number matches the entry version number for the matching entry; and in response to determining that the global version number does not match the entry version number for the matching entry, sending update information to a slowpath process that associates an updated configuration information for the matching entry.

Abstract: The disclosure provides a method for measuring network latency between hosts in a cluster. The method generally includes receiving, by a first host, a first ping list indicating the first host is to engage in a first ping round with a second host; executing the first ping round with the second host, wherein executing the first ping round comprises: transmitting first ping requests to the second host; calculating a network latency for each of the first ping requests; and determining a first average network latency between the first host and the second host based on each of the network latencies calculated; determining the first average network latency is above a threshold; determining a cause of the first average network latency being above the threshold; and selectively triggering or not triggering an alarm based on whether the cause is determined to be a hardware or software layer impact, or neither.

Abstract: An example method for a first host, being an owner of an object stored in a virtual storage area network (vSAN) cluster, to perform encryption and decryption operations during a rekey in the vSAN cluster is disclosed. The method includes obtaining a first encryption key and a first key identifier (ID) of the first encryption key; transmitting the first key ID and an active key index to a second host; using the first encryption key to perform encryption and decryption operations; and in response to a determination of receiving a key change notification from a master node of the vSAN cluster, terminating a connection with the second host.

Abstract: Examples of the present disclosure can include a method. The method may include (1) obtaining, by an network function virtualization orchestrator (“NFVO”), path computation information from the integrated network, the integrated network including a virtual source and a virtual destination, (2) generating, using the path computation information, segments identifying portions of a virtual network path originating at the virtual source and terminating at the virtual destination, (3) generating, by a virtual infrastructure manager (“VIM”), a plurality of labels associated with physical links on the physical network corresponding to the identified portions of the virtual network path, and (4) determining, by the NFVO and using the plurality of labels, a network path for data transfer over the integrated network, the network path identifying virtual and physical network elements.

Abstract: Example methods and systems for media access control (MAC) address assignment for virtual network interface cards (VNICs) are described. One example may involve a first computer system may determining a first MAC address portion that is uniquely associated with the first computer system. A first VNIC may be assigned with a first MAC address that includes (a) the first MAC address portion and (b) a third MAC address portion that is uniquely associated with the first VNIC on the first computer system. A second VNIC may be assigned with a second MAC address that includes (a) the first MAC address portion and (b) a fourth MAC address portion that is uniquely associated with the second VNIC on the first computer system. The first computer system may perform traffic handling by processing packets specifying the first MAC address or the second MAC address.

Abstract: The disclosure provides an example method for implementing a network policy in a software defined networking environment. The method generally includes receiving a manifest defining a plurality of pods, wherein: for a first pod, the manifest defines a first environment value, a first port number for a first container of the first pod, and a name for the first port number; for a second pod, the manifest defines the first environment value, a second port number for a second container of the second pod, and the name for the second port number; and the manifest defines a security policy applied to a third pod which defines a first egress policy indicating the first environment value and the name; and creating, based on the manifest indicating different port numbers, but the same name, for the different containers of the different pods, separate egress firewall rules for the first and second pods.

Abstract: For a distributed storage system that has an active-active configuration for hosts and which uses an Internet small computer system interface (iSCSI) protocol, techniques are provided to identify/select a plurality of paths to a target. An active optimized path is selected for a host that is an object owner, and an active non-optimized path is selected for a host that is a component owner. The selection of the optimized path for a host is further based on whether that host has sufficient processor and memory resources to service input/output for the target. A standby path is selected for any other host that is neither an object owner or a component owner. The selected paths are provided to an initiator so as to enable the initiator to choose at least one of the paths to access the target for the input/output.

Abstract: Example methods and systems to support accessibility to a web page are disclosed. One example method includes examining a document to be rendered to the web page and determining whether an accessibility issue exists in the document. In response to determining that the accessibility issue exists in the document, the example method further includes determining whether a first remediation of the document corresponding to the accessibility issue exists. In response to determining that the first remediation exists, the example method further includes performing the first remediation to the document to generate a first remediated document to be rendered to the web page. After performing the first remediation, the example method includes examining the first remediated document and determining whether an additional accessibility issue exists in the first remediated document.

Abstract: Example methods and systems for decentralized network topology adaptation in a in a peer-to-peer (P2P) network are described. In one example, a first computer system may obtain first attribute information associated with the first computer system; and second attribute information associated with a second computer system. Based on the first and second attribute information, the first computer system may generate a connection confidence prediction associated with a connection between the first computer system and the second computer system. The connection confidence prediction may indicate whether the connection is a suboptimal connection associated with a suboptimal network topology. In response to determination that the connection confidence prediction satisfies a break condition, the first computer system may break the connection between the first computer system and the second computer system, but otherwise maintain the connection.

Abstract: A recommendation system reuses user interface (UI) strings in a virtualized computing environment based on semantic information. The recommendation system receives an input UI string query, and searches indexed and validated UI strings for candidate UI strings. The candidate UI strings are identified based on a relevance score and then ranked based on a semantic similarity score. The ranked UI strings are provided as a recommendation for a UI string in UI content of a user interface.

Abstract: Disclosed are various approaches for exposing peripheral component interconnect express (PCIe) configuration space implementations as Enhanced Configuration Access Mechanism (ECAM)-compatible. In some examples, a bridge device is identified on a segment corresponding to a root complex of a computing device. An endpoint device is connected to a bus downstream from the bridge device. A synthetic segment identifier is assigned to the bus once the endpoint device is identified as connected to the bus. Synthetic address data is generated for the endpoint device. The synthetic address data includes the synthetic segment identifier for the bus and sets a bus identifier of the bus to zero regardless of a hierarchical position of the bus in a standard peripheral component interconnect express (PCIe) bus hierarchy.

Abstract: The current document is directed to automated methods and systems that monitor system-call execution by operating systems in order to detect operating-system corruption. A disclosed implementation of the currently disclosed automated system-call-integrity monitor generate operational system-call fingerprints for randomly selected system calls executed by guest operating systems of randomly selected virtual machines and compares the operational system-call fingerprints to reference system-call fingerprints in order to detect operational anomalies of guest operating systems that are likely to represent guest-operating-system corruption. In disclosed implementations, a system-call fingerprint includes a system-call execution time, the number of instructions executed during execution of the system call, and a snapshot of the call stack taken during execution of the system call.

Abstract: Computer-implemented methods, media, and systems for inter-cluster automated failover and migration of containerized workloads across edges devices are disclosed. One example method includes monitoring telemetry data received from a first software defined wide area network (SD-WAN) edge device that has a workload scheduled, where the telemetry data includes at least one of a health status of the workload or multiple runtime context elements at the first SD-WAN edge device. It is determined that a failure associated with either the first SD-WAN edge device or the workload occurs. A mode of the failure is determined. A remediation process based on the determined mode of the failure and a current state of the workload is performed.

Abstract: Disclosed are various examples of intelligent provisioning management. In some examples, device configuration signatures are received for a group of client devices. A user interface shows at least one of a recommended configuration with a recommended set of hardware components, a recommended hardware specification, a recommended set of applications, and a recommended set of firmware based on a superset of firmware identified from the device configuration signatures. A request to configure a client device according to the recommendation is transmitted.

Abstract: The efficiency of segment cleaning for a log-structured file system (LFS) is enhanced at least by storing additional information in a segment usage table (SUT). Live blocks (representing portions of stored objects) in an LFS are determined based at least on the SUT. Chunk identifiers associated with the live blocks are read. The live blocks are coalesced at least by writing at least a portion of the live blocks into at least one new segment. A blind update of at least a portion of the chunk identifiers in a chunk map is performed to indicate the new segment. The blind update includes writing to the chunk map without reading from the chunk map. In some examples, the objects comprise virtual machine disks (VMDKs) and the SUT changes between a list format and a bitmap format, to minimize size.

Abstract: User profiles of remote desktops are managed in a crash-consistent manner. When a user logs into a remote desktop, metadata of the user profile is loaded from persistent storage while registry settings and files of the user profile are loaded asynchronously with respect to the login. During the remote desktop session, snapshots of the remote desktop image in persistent storage are generated periodically, and a change log that indicates changes to the user profile is created therefrom. The user profile stored in persistent storage is updated lazily using the change log at opportunistic times after snapshot generation. When the user logs out of the remote desktop, the user profile stored in the persistent storage is updated with any additional changes to the user profile by extracting the changes from the copy-on-write cache associated with the most recent snapshot.

Abstract: Examples can include (1) identifying, on a network, a source node and a destination node, the source node including at least one source node virtual machine (“VM”) to be replicated as a destination node VM on the destination node, (2) performing a full synchronization by copying disks used by the source node VM in a current operational state to the destination node VM, (3) scheduling start times for multiple update synchronizations of changed data between the source node VM and the destination node VM, the start times being scheduled at different time intervals, wherein a first time interval is greater than a second time interval, and (4) performing, at a switch-over time, a shutdown of the source node VM and transmitting data changes that are pending on the disk to the destination node. Various corresponding systems, methods, and non-transitory computer-readable media are also disclosed.

Abstract: The capability to print to a portable document format (PDF) file is provided in a virtualized computing environment that supports a virtual desktop infrastructure (VDI). Printing-related properties, of local printers coupled to a client device, are provided to a host, so that virtual printers at the host can be configured with the printing-related properties. A simulator may be provided at the host to receive the printing-related properties from the client device and to receive a query from a virtualized computing instance for the printing-related properties, instead of the query being directly sent to the client device.