Abstract: This disclosure describes processes for performing direct memory access (“DMA”) between memory of a host and memory of a smart network interface controller (“SNIC”) connected to a bus of the host. The host runs a host thread in a processor of the host and the SNIC runs a SNIC thread in a processor of the SNIC. The host thread and the SNIC thread facilitate direct access of the SNIC thread to memory locations in the memory of the host. The SNIC thread can fetch data directly from and/or write data directly to the memory locations of the memory of the host over the bus.

Abstract: The current document is directed to methods and systems that generate recommendations for resource specifications used in virtual-machine-hosting requests. When distributed applications are submitted to distributed-computer-system-based hosting platforms for hosting, the hosting requester generally specifies the computational resources that will need to be provisioned for each virtual machine included in a set of virtual machines that correspond to the distributed application, such as the processor bandwidth, memory size, local and remote networking bandwidths, and data-storage capacity needed for supporting execution of each virtual machine. In many cases, the hosting platform reserves the specified computational resources and accordingly charges for them. However, in many cases, the specified computational resources significantly exceed the computational resources actually needed for hosting the distributed application.

Abstract: A method for executing an application over a plurality of nodes in each of which an application monitor and a runtime are executing includes executing a first portion of the application by first threads of the runtime of the first node and a second portion of the application by second threads of the runtime of the second node, and under control of the application monitors of the first and second nodes and while executing the first portions and second portions of the application, migrating workloads of one or more of the first threads from the first node to the second node for execution by the second threads.

Abstract: The present disclosure is related to devices, systems, and methods for a cloud scheduler. An example method can include receiving a schedule associated with an automation task to be performed in a virtualized environment via a REST API, wherein the task is associated with a target, associating the schedule with a partition, storing the schedule in a cache store responsive to determining that the schedule is to be invoked within a threshold time period, and receiving the schedule from the cache store and invoking the target responsive to the schedule becoming overdue.

Abstract: Cloning a cloud-agnostic deployment is described herein. One example method includes receiving modifications to an existing deployment created using a blueprint in a virtualized environment, and performing a deployment clone operation responsive to receiving a request to clone the deployment. The deployment clone operation can include creating an image associated with a virtual computing instance (VCI) of the deployment, creating a snapshot associated with a disk of the deployment, generating a clone blueprint based on the image and the snapshot, and deploying the clone blueprint in the virtualized environment.

Abstract: provisioning cloud-agnostic resource instances by sharing cloud resources is described herein. One example method includes creating a blueprint using a development platform, wherein the blueprint includes a definition of a resource, and wherein provisioning the resource includes provisioning a first cloud resource and a second cloud resource provided by a cloud provider, provisioning a first instance of the resource of the blueprint by provisioning a first instance of the first cloud resource and a first instance of the second cloud resource, and provisioning a second instance of the resource of the blueprint, wherein provisioning the second instance of the resource includes provisioning a second instance of the first cloud resource and sharing the first instance of the second cloud resource.

Abstract: An asynchronous mechanism for processing synchronous operation flows is described herein. One example method includes receiving a request from an orchestrator engine to determine a state of a cloud resource of a cloud automation platform, propagating the request to the cloud automation platform, caching a task identifier received from the cloud automation platform responsive to the request, receiving data indicative of the state of the cloud resource from the cloud automation platform wherein the data is associated with the task identifier, and providing the data to the orchestrator engine.

Abstract: The current document is directed to distributed-computer-systems and, in particular, to management of distributed applications and cloud infrastructure using artificial-life agents. The artificial-life agents are organized into a population, the size of which is stabilized as individual artificial-life agents predict system-control parameters, receive rewards based on the predictions, thrive and propagate as they learn to provide better predictions while adapting to a constantly changing environment, and expire when they fail to provide useful predictions over periods of time. The predictions output by individual artificial-life agents are used to provide consensus predictions by the artificial-life-agent population to a cloud-infrastructure-management or distributed-application-management controller.

Abstract: Methods and systems are directed to performing application diagnostics via distributed tracing with enhanced observability. Methods are executed by an operations manager that collects spans of microservices of a distributed application executing in a cloud infrastructure. The operations manager forms traces from the spans for each request for services from the application. The operations manager reduces the dimensionality of the traces by generating a behavioral map of points in a two-dimensional space, each point represents one of the traces. The behavior map is displayed in a graphical user interface having functionalities that enables a user to investigate properties of the traces by trace type and duration and investigate of erroneous traces or clusters of traces and determine which optimization tasks to execute.

Abstract: A method receives a request packet from a workload at a first logical interface of a logical router and determines that a source address is a first link local address for the workload and a destination address is a second link local address for the first logical interface. A second logical interface includes the second link local address. The method stores an identifier for the first logical interface as an egress interface. The identifier distinguishes the first logical interface from the second logical interface. A service is performed for the request packet and a response packet is generated. The response packet includes the source address of the second link local address for the first logical interface and the destination address of the first link local address for the workload. The method uses the identifier to select the first logical interface as the egress interface to send the response packet.

Abstract: Some embodiments of the invention provide a WAN optimization method for optimizing traffic flows through a WAN. The method is performed in a kernel space of a first router at a first site. From a second router at a second site, the method receives, in an optimized data stream from a second site source device to a first site destination device, a file including compressed segments not yet stored by the first router, and copies the compressed segments to a memory shared with a decompression program in the first router's user space. For each compressed segment, the method receives a notification that a decompressed segment obtained by decompressing the compressed segment has been written to a disk storage of the first router, the notification including a block address for the decompressed segment, and updates a cache of the first router with an entry mapping the decompressed segment to the block address.

Abstract: The disclosure provides a method for securing, by a hypervisor of a host, a first persistent volume used to maintain data for one or more first containers on the host. The method generally includes receiving a request to retain the first persistent volume when the one or more first containers are removed from the host, receiving a first container image associated with one of the one or more first containers, generating a first key for reserving the first persistent volume, the key based, at least in part, on the first container image, and reserving the first persistent volume for exclusive access by the hypervisor using the first key.

Abstract: Systems and methods for setting virtual machines (“VMs”) to desired configurations while the virtual machines are running. In some systems, a user can select a VM and a desired configuration. An agent can then set an attribute of the virtual machine to indicate that on guest operation system (“OS”) reboot of the VM, the VM will enter BIOS mode. The agent can also store the desired configuration in the database based on authenticating the user. When the VM reboots at a future time, the attribute can cause the VM to enter BIOS setup. The agent can be notified and can retrieve the desired configuration from a database using an identifier for the VM. Then the agent can apply the desired configuration to the VM during BIOS setup with a system process that does not require further user authentication.

Abstract: Systems and methods are included for causing a computing device to boot by retrieving hardware information from a device tree and further properties by utilizing a native access method call identified in the device tree. The access method can allow for getting a property, getting a property length, or setting a property. A table within firmware can identify the method, which then can retrieve the property information from memory. This Device tree Runtime (“DTRT”) mechanism can allow the computing device to retrieve the hardware configuration and act as a power management interface for turning on the correct hardware and hardware properties on the computing device.

Abstract: The disclosure provides for integrating virtual machine (VM) and host networking, forwarding port data and occupation status to host and VM endpoints. Examples synchronize, by a host agent, port reservations with a guest agent on a first VM on the host; receive an indication that a VM port on the first VM is occupied; based at least on receiving the indication that the VM port is occupied, update the port reservations to include that a host port corresponding to the VM port is occupied; receive incoming external traffic on the host port; and based at least on the port reservations and receiving the incoming external traffic on the host port, route the incoming external traffic to the VM port on the first VM. VM-based application behavior thus appears more similar to that of native applications.

Abstract: A method for containerized workload scheduling can include monitoring network traffic between a first containerized workload deployed on a node in a virtual computing environment to determine affinities between the first containerized workload and other containerized workloads in the virtual computing environment. The method can further include scheduling, based, at least in part, on the determined affinities between the first containerized workload and the other containerized workloads, execution of a second containerized workload on the node on which the first containerized workload is deployed.

Abstract: The disclosure herein describes deduplicating data chunks using chunk objects. A batch of data chunks is obtained from an original data object and a hash value is calculated for each data chunk. A first duplicate data chunk is identified using the hash value and a hash map. A chunk logical block address (LBA) of a chunk object is assigned to the duplicate data chunk. Payload data of the duplicate data chunk is migrated from the original data object to the chunk object, and a chunk map is updated to map the chunk LBA to a physical sector address (PSA) of the migrated payload data on the chunk object. A hash entry is updated to map to the chunk object and the chunk LBA. An address map of the original data object is updated to map an LBA of the duplicate data chunk to the chunk object and the chunk LBA.

Abstract: Dynamic supply of trusted certificates to a containerized environment by mounting a directory into a container image can be implemented as computer-readable methods, media and systems. The directory stores trusted certificates related to a tenant account at a platform system. The trusted certificates include user specific trusted certificates relevant for authentication at an external system and default certificates relevant for an operating system running at a containerized runtime environment of the tenant account. The trusted certificates are used during execution of functions requested by a user of the tenant account. A function that is defined for a tenant account is executed at a container instantiated at the containerized runtime environment of the platform system. The function dynamically uses the trusted certificates maintained at the directory that is mounted at the containerized runtime environment, where at least one of the trusted certificates is used for authentication at the external system.

Abstract: The current document is directed a resource-exchange system that facilitates resource exchange and sharing among computing facilities. The currently disclosed methods and systems employ efficient, distributed-search methods and subsystems within distributed computer systems that include large numbers of geographically distributed data centers to locate resource-provider computing facilities that match the resource needs of resource-consumer computing-facilities based on attribute values associated with the needed resources, the resource providers, and the resource consumers. Nested-hypervisor technology is employed, in disclosed implementations, to guarantee data security for, and prevent monitoring of operational states and characteristics of, resource-consumer virtual machines and virtual applications while they execute above leased computational resources in remote computing facilities.

Abstract: A software-defined wide area network (SD-WAN) environment that leverages network virtualization management deployment is provided. Edge security services managed by the network virtualization management deployment are made available in the SD-WAN environment. Cloud gateways forward SD-WAN traffic to managed service nodes to apply security services. Network traffic is encapsulated with corresponding metadata to ensure that services can be performed according to the desired policy. Point-to-point tunnels are established between cloud gateways and the managed service nodes to transport the metadata to the managed service nodes using an overlay logical network. Virtual network identifiers (VNIs) in the metadata are used by the managed service nodes to identify tenants/policies.