Abstract: Methods and apparatus to manage virtual machines are disclosed. An example method includes determining that a deployment of a first virtual machine has halted because the first virtual machine is dependent on a second virtual machine that has not been fully deployed and in response to detecting that the second virtual machine has been deployed, notifying, via a processor, the first virtual machine that deployment of the first virtual machine may continue.

Abstract: Some embodiments provide a novel method for deploying different virtual networks over several public cloud datacenters for different entities. For each entity, the method (1) identifies a set of public cloud datacenters of one or more public cloud providers to connect a set of machines of the entity, (2) deploys managed forwarding nodes (MFNs) for the entity in the identified set of public cloud datacenters, and then (3) configures the MFNs to implement a virtual network that connects the entity's set of machines across its identified set of public cloud datacenters. In some embodiments, the method identifies the set of public cloud datacenters for an entity by receiving input from the entity's network administrator. In some embodiments, this input specifies the public cloud providers to use and/or the public cloud regions in which the virtual network should be defined. Conjunctively, or alternatively, this input in some embodiments specifies actual public cloud datacenters to use.

Abstract: Example methods and systems for context-aware network policy enforcement are described. In one example, a computer system may detect a request for a client device to access a destination server. The computer system may extract, from the request, connection information identifying a connection to be established for the client device to access the destination server; and map the connection information to contextual information associated with the client device or a user operating the client device, or both. Based on the contextual information, the computer system may apply one or more network policies to determine whether to allow or deny access by the client device to the destination server. In response to determination to allow the access, a first response may be generated and sent to allow establishment of the connection. Otherwise, a second response may be generated and sent to block establishment of the connection.

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node.

Abstract: The current document is directed to automated application-release-management facilities that, in a described implementation, coordinate continuous development and release of cloud-computing applications. The application-release-management process is specified, in the described implementation, by application-release-management pipelines, each pipeline comprising one or more stages, with each stage comprising one or more tasks. The currently described methods and systems employ configuration files to specify configuration of the execution environment for application-release-management pipelines, application-release-management-pipeline stages, and application-release-management-pipeline-stage tasks and apply policies to configuration files to further specify the execution environments for application-release-management pipelines.

Abstract: The current document is directed to an efficient and non-blocking mechanism for flow control within a multi-processor or multi-core processor with hierarchical memory caches. Traditionally, a centralized shared-computational-resource access pool, accessed using a locking operation, is used to control access to a shared computational resource within a multi-processor system or multi-core processor. The efficient and non-blocking mechanism for flow control, to which the current document is directed, distributes local shared-computational-resource access pools to each core of a multi-core processor and/or to each processor of a multi-processor system, avoiding significant computational overheads associated with cache-controller contention-control for a traditional, centralized access pool and associated with use of locking operations for access to the access pool.

Abstract: Examples described herein include systems and methods for automatically configuring a VM on a server using information from a switch located remotely from the server. The switch can provide the configuration information in a Link Layer Discovery Protocol (“LLDP”) type-length-value (“TLV”) data structure. The configuration information can include various information related to configuring a VM, such as a VM identifier, an indication of a physical port of the server, a VM interface that corresponds to the identified physical port, and a virtual local area network (“VLAN”) identifier indicating that a particular VLAN corresponds to the VM, VM interface, or the physical port. The hypervisor can use this configuration information to automatically configure a newly instantiated VM, or reconfigure a VM for a new task, without manual user input.

Abstract: Disclosed are various embodiments that relate to a system or a method for managing individual actions. In one example, among others, a system includes a client device and program instructions executable in the client device. The program instructions, when executed, cause the client device to identify an action that stores an image in a memory associated with the client device, where the action is executed by way of the client computing device. The program instructions also cause the client device to generate an image tag that describe the image. The client device can determine that the image has enterprise content based on the image tag and determine that a policy applies to the enterprise content. An enterprise action can be performed based on the enterprise policy.

Abstract: A system and method for managing a monitoring agent in an operating system of a virtual computing instance uses a monitoring agent lifecycle service of the monitoring agent that is started as part of a startup process of the operating system of the virtual computing instance. When needed, a monitoring agent core of the monitoring agent is downloaded and installed from an external service to the virtual computing instance by the monitoring agent lifecycle service so that a monitoring operation of the virtual computing instance is performed by the monitoring agent core.

Abstract: Example methods are provided for a host to perform packet handling based on a microprocessor architecture configuration that includes a first node and a second node. One example method may comprise detecting, from a virtualized computing instance supported by the host, an egress packet for transmission to a destination via one of multiple physical network interface controllers (PNICs) of the host. The method may also comprise: identifying the first node assigned to the virtualized computing instance and selecting a first PNIC associated with the first node assigned to the virtualized computing instance. The multiple PNICs may include the first PNIC, and a second PNIC associated with the second node. The method may further comprise sending the egress packet to the destination via the first PNIC associated with the first node.

Abstract: Some embodiments provide a method for an edge computing device in a first datacenter that implements a logical network gateway for processing data traffic for a particular LFE between the first datacenter and multiple other datacenters. For each particular other datacenter, the method stores a record that maps logical network addresses for DCNs connected to the particular LFE and operating in the particular datacenter to a group of TEP addresses corresponding to logical network gateways that handle data traffic for the particular LFE between the particular datacenter and the other datacenters, including the first datacenter. Upon receiving a data message for the particular LFE from a host computer in the first datacenter, the method uses a destination address of the data message to identify one of the groups of TEP addresses. The method encapsulates the data message with one of the TEP addresses from the identified group of TEP addresses.

Abstract: Systems herein allow a customer to provision an enterprise mobility management system (“EMM”) in a cloud service. A provisioning server can provide a portal for the customer to input an indication of a number of computing devices that the EMM system will service. The customer can also specify an EMM application version. Based on this information, the provisioning server can determine how many servers to instantiate in the cloud service and install the appropriate EMM application. The provisioning server can also monitor the number of devices and automatically instantiate additional servers as needed.

Abstract: Systems and methods are described for improved error logging during system boot and shutdown. A hardware initialization firmware on a computing device can include a logging module. When errors occur during early system booting or late system shutdown, the firmware can create error logs. The logging module can receive the error logs and prioritize them according to a set of rules. The logging module can select error logs of the highest priority up to a predetermined maximum amount. The logging module can modify the error logs using a shorthand form and write them to nonvolatile random-access memory. The firmware can initialize runtime services and launch an operating system. A system logger on the operating system can retrieve the error logs, save them to a file, and erase them from the memory.

Abstract: Example methods and computer systems for encapsulated encrypted packet handling for receive-side scaling (RSS). One example may comprise a first computer system performing encryption and encapsulation on a first inner packet to generate a first encapsulated encrypted packet that includes (a) a first security protocol header and (b) a first outer header configured based on a first security association (SA). The first encapsulated encrypted packet may be forwarded to cause receive-side processing using a first core of a second computer system based on the first outer header. The first computer system may further perform encryption and encapsulation on a second inner packet to generate a second encapsulated encrypted packet that includes (a) a second security protocol header (b) a second outer header configured based on a second SA. The second encapsulated encrypted packet may be forwarded to cause receive-side processing using a second core based on the second outer header.

Abstract: Examples described herein include systems and methods for test automation of a graphical user interface (GUI) using a screen element structure. The test automation can utilize a test script that identifies screen elements and corresponding actions to perform. The test script can identify screen elements with physical identifiers. The test automation can request the screen element structure from a server and retrieve one or more logical identifiers that correspond to the physical identifier. This can allow the test automation to use the logical identifier that is suitable for the particular GUI screen being tested and the automation platform itself. The test script can remain the same even when logical identifiers evolve since the screen element structure can be updated to include new logical identifiers.

Abstract: Some embodiments provide a novel method for performing network address translation to share a limited number of external source network addresses among a large number of connections. Instead of allocating an external source network address for an egressing packet just based on its internal source network address, the method of some embodiments allocates the external source network address based on the egressing packet's source network address and destination network address. This allows a limited number of external source network addresses to be re-used for different destination network address. For instance, in some embodiments, the method's network address allocation scheme allows the same 64K (e.g., 2{circumflex over (?)}16) external source ports to be used for 64K connections for each destination network address.

Abstract: One or more examples provide a method of performing a REST API operation at a server computing system includes receiving a request of a hypertext transfer protocol (HTTP) session from a client computing system. The request includes data for requesting performance of the REST API operation and issuance of progress updates. The method further includes sending a first part of a response of the HTTP session to the client computing system. The first part of the response acknowledges the request. The method further includes sending, while the REST API operation is performed, at least one additional part of the response to the client computing system, each additional part of the response having a progress update for the REST API operation. The method further includes sending, upon completion of the REST API operation, a final part of the response to the client computing system having a result of the REST API operation.

Abstract: The current document is directed to methods and systems that generate microsegmentation quotients for computational entities and components of a distributed-computer-system. In the described implementation, microsegmentation quotients are generated for each component, subsystem, or computational entity, collectively referred to as “system entities,” of a set of specified system-entity types within the distributed computer system. Microsegmentation quotients are generated for system entities at any of the various hierarchical levels within a distributed computer system, including for the entire distributed computer system. Microsegmentation quotients are generated by an iterative process that refines initial estimates of the microsegmentation quotients for system entities within the distributed computer system.

Abstract: A distributed system, such as a distributed storage system in a virtualized computing environment and having storage nodes arranged in a cluster, is provided by management server with a transition period between non-encryption and encryption modes of operation. The transition period enables all of the nodes to complete a transition from the non-encryption mode of operation to the encryption mode of operation, without loss of data-in-transit (DIT). An auto-remediation feature is provided by the management server to the cluster, so as to fix inconsistent state(s) of one or more nodes in the cluster.

Abstract: Various examples are disclosed for generating metrics for quantifying computing resource usage. A computing environment can identify a computing function that utilizes a plurality of computing services hosted in at least one virtual machine. The computing environment can determine a first cost metric for the at least one virtual machine based on hardware resources used by the at least one virtual machine and determine a second cost metric for individual ones of the computing services based on virtual machine resources used by the individual ones of the computing services and the first cost metric. A third cost metric can be determined for the computing function as a function of the second cost metric and a utilization ratio.