Abstract: Described herein are systems, methods, and software to manage time calibration associated with an oscillator of a computing system. In one example, a computing system monitors clock cycles for an oscillator on the computing system, receives timing messages from a server, and calculates the frequency of the oscillator at intervals based on the monitored clock cycles and timing messages. The computing system further identifies a temperature from a temperature sensor at each of the intervals and generates a function to demonstrate frequency of the oscillator versus temperatures from the temperature sensor based on the identified temperatures and frequencies at the intervals.

Abstract: Container images are managed in a clustered container host system with a shared storage device. Hosts of the system each include a virtualization software layer that supports execution of virtual machines (VMs), one or more of which are pod VMs that have implemented therein a container engine that supports execution of containers within the respective pod VM. A method of deploying containers includes determining, from pod objects published by a master device of the system and accessible by all hosts of the system, that a new pod VM is to be created, creating the new pod VM, and spinning up one or more containers in the new pod VM using images of containers previously spun up in another pod VM, wherein the images of the containers previously spun up in the other pod VM are stored in the storage device.

Abstract: The disclosure provides an approach for providing a software-defined networking recommendation. A method includes obtaining, by a network manager, existing network topology information for a set of one or more hosts. The method includes analyzing, by the network manager, the existing network topology information to identify usable network resources and to identify at least one virtual switch configuration common to the set of one or more hosts. The method includes generating, by the network manager, the software-defined networking recommendation based on one or more recommendation rules.

Abstract: The present disclosure is related to devices, systems, and methods for TLS server certificate replacement using a notification mechanism. An example method can include establishing a first secure TLS connection between a client and a server verified by a first TLS certificate, creating a subscription for the client to receive a notification associated with a TLS certificate change, loading a second certificate to replace the first certificate, providing a notification to the client, wherein the notification includes the second certificate and a web token scoped to the client, and establishing a second secure TLS connection verified by the second TLS certificate responsive to the client verifying the web token.

Abstract: An example method of handling, at a hypervisor on a host in a virtualized computing system, a write input/output (IO) operation to a file on a storage device having a virtual machine file system (VMFS) is described. The method includes: generating logical transactions for the write IO operation having updates to metadata of the VMFS for the file; estimating, for the logical transactions, common space reservations for those of the updates to common fields in the metadata for the file; estimating, for the logical transactions, exclusive space reservations for those of the updates to exclusive fields in the metadata for the file; batching the logical transactions into a physical transaction, which includes a single reservation of space in a journal of the VMFS based on the common space reservations and a reservations of space in the journal for each of the exclusive space reservations, respectively.

Abstract: Disclosed are various examples for to generating personalized user experiences in the form of short-form videos that summarize informational topics that are selected to present to a user according at least one of a user context or a user interest. As the informational topics are identified for a given user, the informational topics can be applied as inputs to a recommendation model that is trained to recommend one or more of the topics to summarize and present to a user in visual form based on at least one of the user context or the user interest. Once a topic is recommended by the recommendation model, a video or other type of visual content can be automatically generated and presented to a user to allow the user to consume the information in the summarized form.

Abstract: The present disclosure is related to devices, systems, and methods for selectively preventing resource overallocation in a virtualized computing environment. One example includes instructions to receive a request to prevent overallocation of a resource in a software-defined datacenter associated with a customer, determine an amount of the resource available to the customer, and assign a respective portion of the amount of the resource available to the customer to each of a plurality of virtual computing instances (VCIs) irrespective of a power state of each of the plurality of VCIs.

Abstract: The present disclosure relates to workload placement responsive to fault. One embodiment includes instructions to remove a first host from a first cluster of a software-defined datacenter (SDDC) responsive to a determination of a fault in a hypervisor of the first host, place the first host into a second cluster of the SDDC, wherein the second cluster is designated to run stateless workloads, and add a second host to the first cluster.

Abstract: Some embodiments of the invention provide a method for cloning a set of one or more applications implemented by a first set of machines connected through a first logical network that defines a virtual private cloud in a set of one or more datacenters. The method instantiates a cloned, second set of machines that is a replicated copy of the first set of machines. The method identifies a set of network configuration data that configures a set of logical forwarding elements (LFEs) of the first logical network. The method uses the identified set of network configuration data to define a cloned, second logical network to connect the cloned, second set of machines.

Abstract: A method of transmitting multicast traffic to workloads of tenants communicating over overlay networks provisioned on top of a physical network includes the steps of: detecting the multicast traffic; determining that the multicast traffic is bound for workloads of a first tenant and workloads of a second tenant; encapsulating one instance of the multicast traffic using a Layer 2 (L2) over Layer 3 (L3) encapsulation protocol to generate encapsulated traffic, wherein the encapsulated traffic includes an identifier of a first backplane network corresponding to the first tenant and an identifier of a second backplane network corresponding to the second tenant in a header portion of each packet of the encapsulated traffic; and transmitting, to a first host computing device, the encapsulated traffic with the identifiers of the first and second overlay networks.

Abstract: Various examples for discovering policy bindings between group policy rules in a legacy management framework and unified endpoint management rules that are utilized in a modern mobile device management (MDM) device management framework. A configuration state view can allow an administrator to understand inconsistencies or conflicts between group policy rules and UEM rules.

Abstract: An example method of identifying an equal cost multipath (ECMP)-enabled route-based virtual private networks (RBVPN) in a virtualized computing system, comprises: obtaining, at a telemetry agent executing in an edge server of a data center, learned routes; identifying, by the telemetry agent from the routes, a destination network and a plurality of next hops associated therewith and a plurality of virtual tunnel interfaces (VTIs); identifying, by the telemetry agent for each of the plurality of VTIs, an associated VPN session; grouping, by the telemetry agent, the VPN sessions identified as associated with the plurality of VTIs into an ECMP-enabled RBVPN; adding, by the telemetry agent, a description of the ECMP-enabled RBVPN to telemetry data; and sending, by the telemetry agent, the telemetry data to a telemetry service.

Abstract: Various examples for providing an enrollment barcode to a staging client are provided. Enrollment data can be provided to a barcode service, which generates an enrollment barcode. Interpreting the enrollment barcode by a client device causes a management component installed on the client device to authenticate to a management service using a staging credential encrypted or secured in the enrollment barcode, and causes the enrollment of the client device with the management service.

Abstract: The method of some embodiments selects a set of links to forward packets of a data flow from an application running on a machine connected to an SD-WAN that has multiple exits. The method, based on computed sets of attributes for a first set of links and a second set of links, selects between the first set of links and the second set of links. At least the first set of links has multiple links and at least one attribute of the first set of links is an attribute that is computed by aggregating an attribute of each of the links in the first set of links. The method uses the selected set of links to forward the packets of the data flow of the application to an egress managed forwarding element of the SD-WAN.

Abstract: A method of deleting a first pointer block of a plurality of pointer blocks of a file system from a storage device used by a plurality of applications, wherein the plurality of pointer blocks are each subdivided into sub-blocks, includes the steps of: determining that a first sub-block of the first pointer block is marked as being empty of any addresses of the file system at which storage space is allocated to files of the applications; determining that a second sub-block of the first pointer block has not been marked as being empty; in response to the determining that the second sub-block has not been marked as being empty, determining that the second sub-block does not contain any addresses of the file system at which storage space is allocated to the files of the applications; and deleting the first pointer block from the storage device.

Abstract: Some embodiments provide a method for an agent executing on a Kubernetes node in a cluster. The method instructs a forwarding element that also executes on the node to process a flow tracing packet. From the forwarding element, the method receives a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet. For each flow entry of at least a subset of the flow entries matched by the flow tracing packet, the method generates mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster. The method reports data regarding the set of flow entries along with the generated mapping data.

Abstract: An algorithm for efficiently maintaining a globally uniform-in-time execution schedule for a dynamically changing set of periodic workload instances is provided. At a high level, the algorithm operates by gradually adjusting execution start times in the schedule until they converge to a globally uniform state. In certain embodiments, the algorithm exhibits the property of “quick convergence,” which means that regardless of the number of periodic workload instances added or removed, the execution start times for all workload instances in the schedule will typically converge to a globally uniform state within a single cycle length from the time of the addition/removal event(s) (subject to a tunable “aggressiveness” parameter).

Abstract: Examples herein describe systems and methods for application-specific compliance enforcement. An example method can include receiving, at a user device, profiles containing application-specific restrictions. When a first application is opened, a management agent compares the corresponding application-specific restrictions with current device settings. This can be done with a checksum comparison where the checksums are created based on a hash with an application- or profile-specific identifier. If they differ, the management agent stores the current device settings and prompts for, or automatically changes, the device settings to new compliant values before allowing the first application to operate in the foreground of the user device screen. If the first application is closed or minimized, the stored device settings can be restored. The management agent can compare those against application-specific restrictions of the second application before allowing the second application to run in the foreground.

Abstract: The present disclosure provides techniques for deduplicating files. The techniques include creating a cache or subset of a large data structure. The large data structure organizes information by random hash values. The random hash values result in a random organization of information within the data structure, with the information spanning a large number of storage blocks within a storage system. The cache, however, is within memory and is small relative to the data structure. The cache is created so as to contain information that is likely to be needed during deduplication of a file. Having needed information within memory rather than in storage results in faster read and write operations to that information, improving the performance of a computing system.

Abstract: To provide a low latency near RT RIC, some embodiments separate the RIC's functions into several different components that operate on different machines (e.g., execute on VMs or Pods) operating on the same host computer or different host computers. Some embodiments also provide high speed interfaces between these machines. Some or all of these interfaces operate in non-blocking, lockless manner in order to ensure that critical near RT RIC operations (e.g., datapath processes) are not delayed due to multiple requests causing one or more components to stall. In addition, each of these RIC components also has an internal architecture that is designed to operate in a non-blocking manner so that no one process of a component can block the operation of another process of the component. All of these low latency features allow the near RT RIC to serve as a high speed IO between the E2 nodes and the xApps.