Abstract: The current document is directed to automated methods and systems that monitor system-call execution by operating systems in order to detect operating-system corruption. A disclosed implementation of the currently disclosed automated system-call-integrity monitor generate operational system-call fingerprints for randomly selected system calls executed by guest operating systems of randomly selected virtual machines and compares the operational system-call fingerprints to reference system-call fingerprints in order to detect operational anomalies of guest operating systems that are likely to represent guest-operating-system corruption. In disclosed implementations, a system-call fingerprint includes a system-call execution time, the number of instructions executed during execution of the system call, and a snapshot of the call stack taken during execution of the system call.

Abstract: Embodiments disclosed include a method and apparatus for global traffic control and optimization for software-defined networks. In an embodiment, data traffic is optimized by distributing predefined metrics (data traffic information) to all controllers in the network. The predefined metrics are specific to local network switches and controllers, but are distributed to all peers at configurable intervals. “Local” as used herein implies one POP and its associated switch and controller. The method of distribution of local POP metrics is strictly in band using a packet as defined by the protocol used by the data network.

Abstract: Examples of enterprise management using managed virtual machines are described. Virtual machine files can be extracted from a virtual machine package and stored on a host device. The virtual machine files can include a managed virtual machine configuration file, an NVRAM file, and a virtual disk file, as well as other files. A digital signature of the managed virtual machine package can be verified. The digital signature can be based on the managed virtual machine configuration file, the NVRAM file, and a virtual disk file. The managed virtual machine can be added to a virtual machine inventory of the host desktop hypervisor and executed.

Abstract: Some embodiments of the invention provide a method of remediating anomalies in an SD-WAN implemented by multiple forwarding elements (FEs) located at multiple sites connected by the SD-WAN. The method is performed iteratively. The method receives multiple performance metrics that over a duration of time express a performance of the SD-WAN for at least one particular application associated with flows that traverse the SD-WAN during the time duration. The method uses the received performance metrics to update generated weight values for a topology graph that includes (1) multiple nodes representing the multiple FEs and (2) multiple edges between the multiple nodes representing paths traversed between the FEs by the flows associated with the particular application, said generated weight values associated with said paths.

Abstract: Some embodiments provide a method of load balancing data message flows across multiple secure connections. The method receives a data message having source and destination addresses formatted according to a first protocol. Based on the source and destination addresses, the method selects one of the multiple secure connections for the data message. Each of the secure connections handles a first set of connections formatted according to the first protocol and a second set of connections formatted according to a second protocol that is an alternative to the first protocol. The method securely encapsulates the data message and forwards the encapsulated data message onto a network. The encapsulation includes an identifier for the selected secure connection.

Abstract: A system may include multiple software components of a software application running on multiple nodes in a distributed computing system, a patch execution server including a patch build server including a structured patch execution module connected to the distributed computing system via a network. The patch execution module receives an uploaded patch, a patch definition file, and a workflow template from a global patch repository. Further, the patch execution module creates a patch definition file for the patch using an associated patch master file, an associated build definition file, and an associated product definition file. Furthermore, the patch execution module creates a workflow template using the patch definition file and the patch. Also, the patch execution module creates a workflow file using node information associated with the multiple nodes and the workflow template.

Abstract: Techniques for reducing the startup latency of functions in a Functions-as-a-Service (FaaS) infrastructure are provided. In one set of embodiments, a function manager of the FaaS infrastructure can receive a request to invoke a function uploaded to the infrastructure and can retrieve information associated with the function. The retrieved information can include an indicator of whether instances of the function may be sticky (i.e., kept in host system primary memory after function execution is complete), and a list of zero or more host systems in the FaaS infrastructure that currently have an unused sticky instance of the function in their respective primary memories. If the indicator indicates that instances of the function may be sticky and if the list identifies at least one host system with an unused sticky instance of the function in its primary memory, the function manager can select the at least one host system for executing the function.

Abstract: The present disclosure is related to methods, systems, and machine-readable media for force provisioning using available resources. A request can be received to provision a virtual computing instance by a software defined data center according to a storage policy specified as part of the request. An insufficiency of storage policy resources to satisfy the storage policy specified for the VCI can be determined. A best-match storage policy can be determined for the VCI based on available storage policy resources, and the VCI can be force provisioned according to the best-match storage policy using the available storage policy resources.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a command is transmitted causing a client device to present a workflow action to perform. A user command to perform the workflow action is identified using the client device. Authentication data including user credentials and a navigation action for a visual user interface is identified. The user credentials are transmitted to the network service and an emulation of the navigation action is performed. A command that performs the workflow action is transmitted to the network service.

Abstract: Systems and methods can enable select virtual session capabilities on a user device configured to access a virtual session, which is an instance of a virtual machine. The user device can receive and forward to a gateway sever, a request to launch a virtual session. Based on the virtual session launch request, the gateway server can obtain a compliance profile determined from operational data. The gateway can permit user device access a virtual session hosted on a virtual machine (“VM”) server. The VM server can use the compliance profile and security data from the user device to determine a risk profile of the user device. The virtual session can be configured at the VM server based on the risk profile so as to allow access to a subset of available applications and functions within the applications for the virtual session.

Abstract: An example method of propagating fault domain topology information in a distributed container orchestration system includes: receiving, at control plane software executing in a data center, the fault domain topology, which includes tags for a protection group and fault domains for remote sites in communication with the data center; deploying, by a master server of the distributed container orchestration system that executes in the data center, a node pool comprising virtual machines (VMs) executing in servers of the remote sites, the VMs being nodes of the distributed container orchestration system in which containers execute; determining, by a controller of the master server, relationships among the VMs, the servers, the protection group, and the fault domains based on state of resources maintained by the master server; and providing, by the controller, labels to the servers for associating the tags of the protection group and the fault domains to the VMs.

Abstract: A scanning preview method for a remote desktop system that includes a client computing device that has running therein a remote desktop client application including a scanner redirection module, and a host server, the scanner redirection module including a scanner core that is configured to communicate with a physical scanner, includes the steps of: receiving from an application running on the host server, a request for a preview of a scanned image; in response to the request for the preview of the scanned image, transmitting to the scanner core a request to acquire the scanned image from the physical scanner; and upon receiving the scanned image from the scanner core, transmitting the scanned image to the application, and in response thereto, receiving from the application an image of a remote desktop that includes the scanned image.

Abstract: A method of prefetching memory pages from remote memory includes detecting that a cache-line access made by a processor executing an application program is an access to a cache line containing page table data of the application program, identifying data pages that are referenced by the page table data, initiating a fetch of a data page, which is one of the identified data pages, and starting a timer. If the fetch completes prior to expiration of the timer, the data page is stored in a local memory. On the other hand, if the fetch does not complete prior to expiration of timer, a presence bit of the data page in the page table data is set to indicate that the data page is not present.

Abstract: Some embodiments provide a method for configuring logical routers of a logical network. The logical routers are implemented in a Kubernetes cluster as a first set of Pods that each perform logical forwarding operations for the logical routers and a second set of Pods that each perform L7 service operations for a respective logical router. From a Kubernetes control plane component, the method receives a notification that the first set requires scaling to include an additional Pod. The first-set Pods process data messages between the logical network and external networks. Within the network management system, the method defines at least one new interface for processing data messages between the logical network and external networks. The method configures the at least one interface on the additional Pod to communicate with external physical routers to receive traffic from the external networks and send traffic to the external networks.

Abstract: A method of managing configurations of SDDCs of a tenant includes the steps of: retrieving a base configuration document, a first supplemental configuration document of a first SDDC, and a second supplemental configuration document of a second SDDC; issuing, to the first SDDC, a first instruction to update a running configuration state thereof according to the base configuration document and the first supplemental configuration document; and issuing, to the second SDDC, a second instruction to update a running configuration state thereof according to the base configuration document and the second supplemental configuration document, wherein the base configuration document includes settings of first configuration properties common across all of the tenant's SDDCs, the first supplemental configuration document includes first settings of second configuration properties only applicable to the first SDDC, and the second supplemental configuration document includes second settings of the second configuration proper

Abstract: The present disclosure is related to methods, systems, and machine-readable media for force provisioning virtual objects in degraded stretched clusters. A request to provision a virtual object by a stretched cluster according to a storage policy specified as part of the request can be received by a software defined data center (SDDC). The cluster can include a plurality of sites. An insufficiency of storage policy resources to satisfy the storage policy specified for the virtual object can be determined. The virtual object can be force provisioned responsive to determining storage policy resources sufficient to satisfy the storage policy at one of the plurality of sites.

Abstract: A system is described for establishing a nested bridge to improve data exchange between a client device and a second virtual desktop accessed by the client device through a first virtual desktop in a nested mode configuration. The nested bridge can be established between a virtual desktop agent of the first virtual desktop and a virtual desktop client of the second virtual desktop, both of which can run in the first virtual desktop, to enable fast and efficient exchange of data between the agent and client within the first virtual desktop. The nested bridge can be utilized in conjunction with virtual channels connecting the client device to the first virtual desktop and virtual channels connecting the first virtual desktop to the second virtual desktop for exchanging data between the client device and the second virtual desktop to enable various features.

Abstract: Some embodiments of the invention provide a method for configuring multiple hardware offload units of a host computer to perform operations on packets associated with machines (e.g., virtual machines or containers) executing on the host computer and to pass the packets between each other efficiently. For instance, in some embodiments, the method configures a program executing on the host computer to identify a first hardware offload unit that has to perform a first operation on a packet associated with a particular machine and to provide the packet to the first hardware offload unit. The packet in some embodiments is a packet that the particular machine has sent to a destination machine on the network, or is a packet received from a source machine through a network and destined to the particular machine.

Abstract: In a method for managing an upgrade of a virtualization infrastructure component, a plurality of metadata manifests corresponding to a plurality of software upgrade bundles is received, a software upgrade bundle for upgrading a virtualization infrastructure component from a source version to a target version, a metadata manifest comprising a listing of applications comprised within a corresponding software upgrade bundle and installation instructions for the applications comprised within the corresponding software upgrade bundle for upgrading the virtualization infrastructure component from a particular source version to a particular target version.

Abstract: Viewing and editing operations on a file having an unsupported file type are enabled through a method of opening the file through a remoting session. The method includes the steps of receiving login information from a user and determining if there is a recent open file request. In response to determining there is a recent open file request, the method includes the step of determining whether the file is synchronized. If the file is synchronized, the method includes the steps of launching an application within which the file can be opened, and opening the file within the application.