Abstract: A method to offload network function packet processing from a virtual machine onto an offload destination is disclosed. In an embodiment, a method comprises: defining an application programing interface (“API”) for capturing, in a packet processor offload, a network function packet processing for a data flow by specifying how to perform the network function packet processing on data packets that belong to the data flow. Based on capabilities of the packet processor offload and available resources, a packet processing offload destination is selected. Based at least on the API, the packet processor offload for the packet processing offload destination is generated. The packet processor offload is downloaded to the packet processing offload destination to configure the packet processing offload destination to provide the network function packet processing on the data packets that belong to the data flow. The packet processing offload destination is a PNIC or a hypervisor.

Abstract: The disclosure provides an example method for live packet tracing. Some embodiments of the method include configuring a first network interface of a first pod to mark each of a plurality of packets, with a corresponding flow tag and a corresponding packet identifier, receiving, from one or more observation points, at least one of copies or metadata of the plurality of packets each marked with the corresponding flow tag and the corresponding packet identifier. In some embodiments, the method further includes displaying data indicative of the at least one of the copies or the metadata of the plurality of packets.

Abstract: Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other security program) that has been prevented/delayed in its execution by malicious code that has occupied the pages, thereby providing the executable code with sufficient memory resources to enable the executable code to at least partially complete execution.

Abstract: Example methods for a network device to perform address resolution handling. The method may comprise: in response to a first distributed router (DR) port of a first DR instance detecting an address resolution request from a second DR port of a second DR instance, generating a modified address resolution request that is addressed from a first address associated with the first DR port instead of a second address associated with the second DR port. The modified address resolution request may be broadcasted within a logical network that is connected to the first DR instance through network extension. The method may also comprise: in response to detecting an address resolution response that includes protocol-to-hardware address mapping information associated with an endpoint located on the logical network, generating and sending a modified address resolution response towards the second DR port of the second DR instance.

Abstract: The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

Abstract: The disclosure provides an approach for seamless hand-off of data traffic in public cloud environments. Techniques are provided for activating an edge services gateway (ESG) virtual computing instance (VCI) on a new host. Prior to activating the ESG VCI on the new host, an underlay routing table is reprogrammed to associate a first IP address of a first tunnel endpoint (TEP) with a first network interface of an old host and to associate a second IP address of a second TEP with a second network interface of the new host. The routing table associates a third IP address of the ESG VCI with the first network interface. After activating the ESG VCI, a packet having as a destination address the third IP address is received at the first network interface and is encapsulated, by the first TEP, with an outer header having as a destination address the second IP address.

Abstract: A system and method for capturing resource usage information in a network for namespaces in which pods operate are described herein. A data structure specifies a topology that includes a gateway and routing addresses in a network whose usage is to be captured. The data structure is provided to an API of a master node controlling the pods. A controller in the master node enforces the data structure and reports results back to the API.

Abstract: Disclosed are various approaches for workflow service application searching. In some aspects, a search query is entered through a search element of a workflow application on a client device. A request is transmitted from a workflow application to a workflow service, to search within an application based on the search query. Application content corresponding to the search query and the application is received from the workflow service. A search result is provided based on the application content and without opening the application on the client device.

Abstract: Systems and methods are described for providing recommendations for a user experience in online meetings. A recommendation engine can aggregate data from user devices to make recommendations before, during and after online meetings. Before a meeting, the recommendation engine can recommend which of a user's devices to use for the meeting. During the meeting, the recommendation engine can identify current or anticipated issues and recommend changes the user can make to correct or prevent the issue. After meetings, the recommendation engine can aggregate data and identify an ongoing issue for one or multiple users. The recommendation engine can identify the cause of the issue and make recommendations to the user or an administrator accordingly.

Abstract: Systems and methods for inspection and repair of VSAN object metadata. A user-space indirection layer is maintained to map logical addresses of VSAN objects to physical memory addresses of their metadata. Commands may then be sent from the user space to distributed object manager (DOM) clients, with the physical addresses of metadata of objects to be inspected. DOM owners thus may bypass their own indirection layers to retrieve object metadata directly from received user commands. Retrieved information is then used to reconstruct and repair object metadata. Repaired metadata may be written back to the VSAN by transmitting a write request containing the physical address at which the repaired metadata is to be written. DOM owners may be placed in a specified mode in which received I/O instructions are ignored unless they are designated as being for metadata repair purposes, such as by including a physical address.

Abstract: Example methods and systems to process input/output (I/O) requests in a distributed storage system in a virtualized computing environment are disclosed. One example method includes executing a first thread to destage one or more data writes, wherein the one or more data writes correspond to a first bucket; executing a second thread to destage the one or more data deletes, wherein the one or more data deletes correspond to a second bucket; in response to executing the first thread, buffering write I/Os associated with the one or more data writes in a logical queue; in response to executing the second thread, buffering delete I/Os associated with the one or more data deletes in the logical queue; and adjusting a number of slots in the logical queue dedicated to buffer the delete I/Os based on a relationship between the first bucket and the second bucket.

Abstract: The present disclosure relates to extending workload provisioning using a low-code development platform. Some embodiments include a medium having instructions to provide an interface for creating a custom resource in a virtualized environment, the interface including a first portion configured to receive summary information corresponding to the custom resource, and a second portion configured to receive a schema corresponding to the custom resource. Some embodiments include creating the custom resource according to the summary information and the schema.

Abstract: The present disclosure relates to development platform validation with simulation. Some embodiments include instructions to recognize a simulation of a management system as an endpoint of a development platform in a virtualized environment, and execute performance testing on the development platform using the simulation.

Abstract: The disclosure provides an approach for virtual computing instance (VCI) migration. Embodiments include scanning logical segments associated with a customer gateway to identify network addresses associated with the logical segments. Embodiments include determining one or more recommended supernets based on the network addresses associated with the logical segments. Embodiments include providing output to a user based on the one or more recommended supernets. Embodiments include based on the output, receiving input from the user configuring an aggregation supernet for the customer gateway. Embodiments include advertising the aggregation supernet to one or more endpoints separate from the customer gateway.

Abstract: In an embodiment, a computer-implemented method for highly-scalable, in-network multicasting of statistics data is disclosed. In an embodiment, a method comprises: receiving, from an underlay controller, a match-and-action table that is indexed using one or more multicast (“MC”) group identifiers and includes one or more special MC headers; detecting a packet carrying statistics data; determining whether the packet includes an MC group identifier; in response to determining that the packet includes the MC group identifier: using the MC group identifier, retrieving a special MC header, of the one or more special MC headers, from the match-and-action table; generating an encapsulated packet by encapsulating the packet with the special MC header; and providing the encapsulated packet to an interface controller for transmitting the encapsulated packet to one or more physical switches.

Abstract: Systems and methods for 3D printer management can verify the printing of a 3D object based on instructions inserted into the 3D object file that cause the 3D printer to perform extra actions, thus emitting certain sounds while printing. In one example, a print server can receive a request to print a 3D object. The print server can insert snippets of instructions at random into the 3D object file. A recording device can record audio of the 3D printer printing the 3D object. The recording device can send the audio to the print server. The print server can verify that the audio emitted by the 3D printer while printing the 3D object match up with the snippets inserted into the 3D object file.

Abstract: Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a workflow service identifies a workflow action and a user account that is responsible for the workflow action. A command to present the workflow action for user authorization is transmitted to a client device associated with the user account. The workflow service transmits a command to perform the workflow action based on an identification of the user authorization.

Abstract: Aspects of managing inventory for data transport connections within a virtualized computing environment are described. A virtualized management system managing a cluster of host devices obtains a data transport capacity parameter and an aggregate memory consumption value from respective host devices. The virtualized management system further identifies an update status associated with each of the host devices. In response to receiving a data transport connection request, the virtualized management system selects a host from the cluster of hosts to satisfy the data transport connection request based at least in part on the upgrade status, data transport capacity parameter and aggregate memory consumption value.

Abstract: A method for protecting an OS disk of a computing device without block encrypting the OS disk. The method identifies one or more files that store configuration data associated with OS binaries executed on the computing device. The method encrypts the configuration data stored in the one or more files using an encryption key and seals the encryption key to a TPM of the computing device. The method then boots the computing device by attempting to unseal the encryption key by authenticating one or more of the OS binaries with the TPM. When authenticating the one or more of the OS binaries is successful, the method completes boot of the computing device by decrypting the configuration data using the encryption key. If authentication of the one or more of the OS binaries is not successful, however, the method aborts boot of the computing device.