Abstract: A script for execution in a software-defined data center (SDDC) can be received. The script can include an object identifier of an SDDC resource object. A validation of the object identifier can be performed before the script is executed. The script can be executed responsive to the validation being successful. A notification can be provided responsive to the validation being unsuccessful.

Abstract: Example methods and systems for cluster add-on lifecycle management are described. In one example, a computer system may obtain cluster add-on definition information specifying multiple add-ons that are each capable of extending functionality of at least a first cluster and a second cluster. In response to receiving a first instruction to perform a first management action, a first validation operation may be performed based on the cluster add-on definition information and multiple first configuration values associated the multiple first configuration fields. In response to receiving a second instruction to perform a second management action associated with the second add-on, a second validation operation may be performed based on the cluster add-on definition information and multiple second configuration values associated the multiple second configuration fields. The first/second management action may be performed in response to determination that the first/second validation operation is successful.

Abstract: Automated, computer-implemented methods and systems describe herein resolve performance problems with objects executing in a data center. The operations manager uses machine learning to train an inference model that relates probability distributions of event types of log messages of the object to a key performance indicator (“KPI”) of the object. The operations manager monitors the KPI for run-time KPI values that violates a KPI threshold. When the KPI violates the threshold, the operations manager determines probabilities of event types of log messages recorded in a run-time interval and uses the inference model to determine event types of the probabilities of event types of log messages in the run-time interval to determine a root cause of the performance problem. The inference models can be used to identify log messages of event types that correspond to potential performance problems with data center objects and execute appropriate remedial measures to avoid the problems.

Abstract: Automated, computer-implemented methods and systems for resolving performance problems with objects executing in a data center are described. The automated methods use machine learning to train a model that comprises rules defining relationships between probabilities of event types of in log messages and values of a key performance indictor (“KPI”) of the object over a historical time period. When a KPI violates a corresponding threshold, the rules are used to evaluate run time log messages that describe the probable root cause of the performance problem. An alert identifying the KPI threshold violation, and the log messages are displayed in a graphical user interface of an electronic display device.

Abstract: The current document is directed to methods and subsystems that manage submitted code changes for processing by continuous-integration/continuous-delivery/deployment systems. In disclosed implementations, code changes are processed as quickly as possible, when the code changes are flagged as being urgent. Non-urgent code changes are evaluated for the possibility of merging the non-urgent code changes with additional, subsequently submitted code changes in order to more efficiently employ computational resources needed for processing the code changes. When there is a code change, waiting for processing, with which a submitted code change can be merged, the submitted code change is merged with the waiting code change so that the merged code changes can be together verified.

Abstract: Some embodiments provide a method of forwarding data messages between source and destination host computers that execute source and destination machines. At a source computer on which a source machine for a data message flow executes, the method in some embodiments identifies a source tunnel endpoint group (TEPG) associated with the source machine. For the flow, the method selects one TEP of the TEPG as the source TEP. The method then uses the selected source TEP to forward the flow to the destination computer on which the destination machine executes.

Abstract: Some embodiments provide a method for performing data traffic monitoring. The method processes a packet through a packet processing pipeline that includes multiple stages. At a filtering stage, the method tags the packet with a set of monitoring actions for subsequent stages to perform on the packet based on a determination that the packet matches a particular filter. For each stage of a set of packet processing stages subsequent to the filtering stage, the method (i) executes any monitoring actions specified for the stage to perform on the packet and (ii) sends the packet to a next stage in the packet processing pipeline.

Abstract: The present disclosure relates to providing availability of passthrough devices configured on VCIs according to one or more embodiments of the present disclosure. One method includes receiving a notification of a failure associated with a passthrough device configured on a VCI, communicating, to the VCI, a simulation of a surprise hot removal of the device from the VCI, resetting the device, communicating, to the VCI, a simulation of a surprise hot add of the device to the VCI, and hot adding the device to the VCI.

Abstract: Example methods and systems for cluster add-on lifecycle management are described. In one example, a computer system may obtain cluster add-on definition information specifying multiple add-ons that are each capable of extending functionality of at least a first cluster and a second cluster. User interface(s) may be generated based on the cluster add-on definition information to allow a user to request for a management action associated. In response to receiving a first request for a first management action associated with the first add-on, a first instruction may be generated and sent to cause the first management action to be performed in the first cluster. In response to receiving a second request for a second management action associated with the second add-on, a second instruction may be generated and sent to cause the second management action to be performed in the first cluster or the second cluster.

Abstract: The generation, actuation, and enforcement of policies within a distributed computing system is provided. The policies are employed to manage the resources of the system. The resources include virtualized resources, such as virtual machines (VMs) and virtual storage disks (VSDs). A policy includes a rule and scope. Enforcing a policy includes applying the rule to resources that are within the policy's scope. Policies are employed to constrain the leasing period and reclaim leased resources, as well constrain the access of certain users to specific operations on the leased resources. Policies may be created via a UI that automatically generates a policy encoding. The policy is registered and accessed via a policy store. When multiple policies target a particular resource, merging strategies are applied to the multiple policies, to generate an effective policy that is consistent with the multiple policies and is enforced on the particular resource.

Abstract: Example methods and systems for centralized service insertion in an active-active cluster are described. In one example, a first service endpoint may operate in an active mode on a first logical service router (SR) supported by the computer system. The first service endpoint may be associated with a second service endpoint operating on the second logical SR in a standby mode. The first logical SR and the second logical SR may be assigned to a first sub-cluster of the active-active cluster. In response to receiving a service request originating from a virtualized computing instance, the service request may be processed using the first service endpoint according to a centralized service that is implemented by both the first service endpoint and the second service endpoint. A processed service request may be forwarded towards a destination capable of generating and sending a service response in reply to the processed service request.

Abstract: Automated computer-implemented methods and systems for resolving performance problems with objects executing in a data center are described. The automated methods use machine learning to obtain rules defining relationships between probabilities of event types of in log messages and performance problems identified by a key performance indictor (“KPI”) of the object. When a KPI violates a corresponding threshold, the rules are used to evaluate run time log messages that describe the probable root cause of the performance problem. An alert identifying the KPI threshold violation, and the log messages are displayed in a graphical user interface of an electronic display device.

Abstract: Improved tools and techniques for generating stateful rules for behavior-based threat detection enable threat analysts, who do not have advanced computer programming skills, to quickly and easily generate high-level representations of stateful behavioral rules, which are then compiled into a format suitable for execution by a stateful rule processing engine. In some examples, the high-level representations of stateful rules are coded in a high-level, domain specific language (DSL). The DSL may provide high-level primitives suitable for (1) expressing sequences of attack behaviors, (2) tagging computational entities (e.g., threads, processes, applications, systems, users, etc.) with states (e.g., user-defined states), and/or (3) performing operations on endpoint nodes (e.g., reporting activity, blocking activity, terminating processes, etc.).

Abstract: A method for reverse range lookup in an ordered data structure of keys, wherein each key comprises a logical block address (LBA) and a snapshot identifier (ID) of one of one or more snapshots in a snapshot hierarchy, is provided. The keys in the ordered data structure are in an order from smallest to largest LBA, wherein in the order, keys having a same LBA are ordered from smallest to largest snapshot ID. The method includes determining a range of LBAs and traversing the ordered data structure in reverse order until a key is found that: has an LBA and a snapshot ID that is less than or equal to the last LBA and the largest snapshot ID, respectively. The method further includes adding an extent corresponding to the located key to an extent result list if the snapshot ID of the located key is not within a deny list.

Abstract: Example methods and systems for input output (IO) request handling based on tracking information are described. One example may involve a computer system configuring, in a cache, a zero-filled logical memory page that is mappable to multiple logical block addresses of a virtual disk. In response to detecting a first IO request to perform zero writing at a logical block address, the computer system may store tracking information indicating that zero writing has been issued. In response to detecting a second IO request to perform a read at the logical block address, the computer system may determine that that zero writing has been issued for the logical block address based on the tracking information. The zero-filled logical memory page may be fetched from the cache to respond to the second IO request, thereby servicing the second IO request from the cache instead of the virtual disk.

Abstract: Disclosed are various examples for kernel level application data protection. In one example, a security label and a list of permitted applications are received. The security label is utilized to limit access to files that embed the security label. A security label map is written within a kernel layer of the client device. The security label map includes the security label and the list of permitted applications. A secured file is generated by embedding the security label within a file stored on the client device.

Abstract: Systems and methods are described for providing a virtual machine (“VM”) as a service. A user device can install a VM to enable itself as an edge node. The user device can then and use a portion of its computing resources to provide the service to the endpoint device by running the VM. In an example, an edge node can directly receive a request for a service from an endpoint device. The edge node can determine that it needs assistance from another device to jointly provide the service. Then another user device which is available to operate as an edge node can join the edge team.

Abstract: Example methods and systems to perform flow cache information update(s) for packet processing are described. In one example, a network element may configure flow cache information specifying a set of actions based on a sequence of stages that is executable during slow-path packet processing. The network element may configure dependency information specifying execution dependence or independence among the set of actions during fast-path packet processing. In response to detecting a configuration change associated with stage(s) from the sequence of stages, the network element may identify first action(s) affected by the configuration change and second action(s) not affected by the configuration change. This way, a granular update may be performed to the flow cache information by updating the at least one first action, but not the at least one second action.

Abstract: Distributed tracing is applied during an upgrade from a first management appliance to a second management appliance. The distributed tracing method includes generating a parent span that encapsulates states of the overall workflow, including a span context that contains a trace identifier and a span identifier, and generating a plurality of child spans. Each child span encapsulates states that represent a piece of the workflow and contains a reference to the parent span context. The states of the child spans include an error tag that indicates whether the piece of the workflow associated with the child span executed with an error. Because child spans may be generated for a piece of the workflow that is executed by a service running in the first or second management appliance, the span context for the parent span is persisted by the first management appliance and replicated for use by the second management appliance.

Abstract: The state of cache lines transferred into an out of caches of processing hardware is tracked by monitoring hardware. The method of tracking includes monitoring the processing hardware for cache coherence events on a coherence interconnect between the processing hardware and monitoring hardware, determining that the state of a cache line has changed, and updating a hierarchical data structure to indicate the change in the state of said cache line. The hierarchical data structure includes a first level data structure including first bits, and a second level data structure including second bits, each of the first bits associated with a group of second bits. The step of updating includes setting one of the first bits and one of the second bits in the group corresponding to the first bit that is being set, according to an address of said cache line.