Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: The disclosure herein describes enhancing data durability of a base component using a delta component. A delta component is generated based on the base component becoming unavailable. The delta component is configured to include unwritten storage space with an address space matching the base component and a tracking bitmap associated with data blocks of the address space of the delta component. Write operations targeted for the base component are routed to the delta component. Based on the routed write operations, bits associated with data blocks affected by the write operations are changed in the tracking bitmap. Based on the base component becoming available, data blocks affected by routed write operations are identified based on the tracking bitmap and the identified data blocks are synchronized from the delta component to the base component. The delta component is then removed.

Abstract: Methods and systems are described for intelligently managing hero cards generated for a user profile. In an example, a server can collect user interaction data that measures how a user interacts with system components. The system components can include emails, hero cards, and software applications. The server can analyze the user interaction data to determine whether a new hero card type should be enabled for a user profile, whether an active hero card type should be disabled for the user profile, and whether parameters for action options on hero cards should be changed for the user profile. The server can make changes to hero cards for the user profile so that the user can receive customized hero cards based on the user's behavior.

Abstract: A device is connected via a coherence interconnect to a CPU with a cache. The device monitors cache coherence events via the coherence interconnect, where the cache coherence events relate to the cache of the CPU. The device also includes a buffer that can contain representations, such as addresses, of cache lines. If a coherence event occurs on the coherence interconnect indicating that a cache line in the CPU's cache is dirty, then the device is configured to add an entry to the buffer to record the dirty cache line.

Abstract: Disclosed are various approaches for providing touchless visitor management. A visitor can complete a visitor registration process using a client device of the visitor and obtain a virtual badge credential to a visitor's device. A physical access control system credential as well as a visitor badge can also be obtained to the visitor's device.

Abstract: In an embodiment, a computer-implemented method for enabling enhanced firewall rules via ARP-based annotations is described. In an embodiment, a method comprises detecting, by a hypervisor implemented in a first host, that a first process is executing on the first host. The hypervisor determines first context information for the first process, generates a first request, encapsulates the first request and the first context information in a first packet, and transmits the first packet to a central controller to cause the central controller to update the controller's table to indicate that the first process is executing on the first host. In response to receiving a second packet from the central controller and determining that the second packet comprises a first response, the hypervisor extracts second context information from the second packet and, based on the second context information, determines that a second process is executing on a second host.

Abstract: Example methods are provided for configuring a hyper-converged infrastructure (HCI) cluster managed by a cluster manager. The method may comprise retrieving, by a workflow session from the cluster manager. The workflow session may include a plurality of workflow operations, and a first workflow operation selected from the plurality of workflow operations is marked as incomplete. The method may transmit o the cluster manager a request to invoke the first workflow operation. The cluster manager may be configured to perform the first workflow operation by batch-configuring a plurality of nodes in the HCI cluster. In response to a determination that the first workflow operation is completed, the method may request the cluster manager to mark the first work operation in the workflow session as completed.

Abstract: Various approaches for exposing a virtual Non-Uniform Memory Access (NUMA) locality table to the guest OS of a VM running on NUMA system are provided. These approaches provide different tradeoffs between the accuracy of the virtual NUMA locality table and the ability of the system's hypervisor to migrate virtual NUMA nodes, with the general goal of enabling the guest OS to make more informed task placement/memory allocation decisions.

Abstract: A deployment system enables a developer to generate a deployment plan according to a logical, multi-tier application blueprint defined by application architects. The deployment plan includes tasks to be executed for deploying application components on virtual computing resource provided in a cloud infrastructure. The deployment plan includes time dependencies that determine an execution order of the tasks according to dependencies between application components specified in the application blueprint. The deployment plan enables system administrators to view the application blueprint as an ordered workflow view that facilitates collaboration between system administrators and application architects.

Abstract: Firmware passwords, such as BIOS passwords can be managed by a remotely executed management service. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Abstract: Systems and methods are described for providing recommendations for an improved user experience in online meetings. A recommendation engine can aggregate data from user devices to make recommendations before, during and after online meetings. Before a meeting, the recommendation engine can recommend which of a user's devices to use for the meeting. During the meeting, the recommendation engine can identify current or anticipated issues and recommend changes the user can make to correct or prevent the issue. After meetings, the recommendation engine can aggregate data and identify an ongoing issue for one or multiple users. The recommendation engine can identify the cause of the issue and make recommendations to the user or an administrator accordingly.

Abstract: Some embodiments provide a method, for a software-defined wide area network (SD-WAN) that handles (i) traffic for a 5G network and (ii) traffic outside of the 5G network. The SD-WAN is established by a set of edge nodes and a set of gateways. At a particular edge node of the SD-WAN, the method identifies whether a received data message is a 5G message that includes a tunnel header of a particular type associated with the 5G network. When the data message is a 5G message, the method examines a set of header fields within the tunnel header to identify a specified traffic priority applicable to the 5G message. The method applies the identified traffic priority within the SD-WAN.

Abstract: Computer-implemented methods and systems described herein perform intelligent sampling of application traces generated by an application. Computer-implemented methods and systems determine different sampling rates based on frequency of occurrence of trace types and/or frequency of occurrence of durations of the traces. Each sampling rate corresponds to a different trace type and/or different duration. The sampling rates for low frequency trace types and durations are larger than the sampling rates for high frequency trace types and durations. The relatively larger sampling rates for low frequency trace types and low frequency durations ensures that low frequency trace types and low frequency durations are sampled in sufficient numbers and are not passed over during sampling of the application traces. The set of sampled traces are stored in a data storage device.

Abstract: In some embodiments, a method adds a specific route for an IP address that is associated with a first workload into a routing table for a first network device in a first site in response to the first workload being migrated from a second site to the first site. The first network device receives a packet from a second workload for the first workload and determines that a destination of the packet matches the specific route in the routing table. The method routes the packet from the second workload to the first workload using the specific route in the routing table without sending the packet to the second site.

Abstract: Some embodiments provide a method for implementing a software-defined private mobile network (SD-PMN) for an entity. At a physical location of the entity, the method deploys a first set of control plane components for the SD-PMN, the first set of control plane components including a security gateway, a user-plane function (UPF), an AMF (access and mobility management function), and an SMF (session management function). At an SD-WAN (software-defined wide area network) PoP (point of presence) belonging to a provider of the SD-PMN, the method deploys a second set of control plane components for the SD-PMN that includes a subscriber database that stores data associated with users of the SD-PMN. The method uses an SD-WAN edge router located at the physical location of the entity and a SD-WAN gateway located at the SD-WAN PoP to establish a connection from the physical location of the entity to the SD-WAN PoP.

Abstract: An administrator agent and local worker agents are provided in nodes of a distributed system to support dynamic tracing of runtime data. Trace profiles are associated with the nodes on which the local worker agents reside. The local worker agents monitor the runtime data for an error, and the administrator agent adjusts the trace profile(s) in response to the error(s). The administrator agent sends the adjusted trace profile(s) to the local worker agents, so as to enable trace output data of traces performed by the nodes to be increased or decreased.

Abstract: Some embodiments provide a method for reporting potential root causes of incidents within a network. The method identifies a first network entity as a potential root cause of an incident affecting a second network entity. For each network entity of a set of network entities in a dependency chain beginning with the first network entity and ending with the second network entity, the method assigns a label to the network entity based on measured metrics of the network entity. The method uses a state machine that encodes causality between different network entity labels to generate a human-readable explanation for the first network entity causing the incident affecting the second network entity.

Abstract: Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other security program) that has been prevented/delayed in its execution by malicious code that has occupied the pages, thereby providing the executable code with sufficient memory resources to enable the executable code to at least partially complete execution.

Abstract: The disclosure provides an example method for live packet tracing. Some embodiments of the method include configuring a first network interface of a first pod to mark each of a plurality of packets, with a corresponding flow tag and a corresponding packet identifier, receiving, from one or more observation points, at least one of copies or metadata of the plurality of packets each marked with the corresponding flow tag and the corresponding packet identifier. In some embodiments, the method further includes displaying data indicative of the at least one of the copies or the metadata of the plurality of packets.

Abstract: Example methods for a network device to perform address resolution handling. The method may comprise: in response to a first distributed router (DR) port of a first DR instance detecting an address resolution request from a second DR port of a second DR instance, generating a modified address resolution request that is addressed from a first address associated with the first DR port instead of a second address associated with the second DR port. The modified address resolution request may be broadcasted within a logical network that is connected to the first DR instance through network extension. The method may also comprise: in response to detecting an address resolution response that includes protocol-to-hardware address mapping information associated with an endpoint located on the logical network, generating and sending a modified address resolution response towards the second DR port of the second DR instance.