Abstract: Disclosed are various approaches for providing touchless visitor management. A visitor can complete a visitor registration process using a client device of the visitor and obtain a virtual badge credential to a visitor's device. A physical access control system credential as well as a visitor badge can also be obtained to the visitor's device.

Abstract: Methods and systems are described for intelligently managing hero cards generated for a user profile. In an example, a server can collect user interaction data that measures how a user interacts with system components. The system components can include emails, hero cards, and software applications. The server can analyze the user interaction data to determine whether a new hero card type should be enabled for a user profile, whether an active hero card type should be disabled for the user profile, and whether parameters for action options on hero cards should be changed for the user profile. The server can make changes to hero cards for the user profile so that the user can receive customized hero cards based on the user's behavior.

Abstract: In an embodiment, a computer-implemented method for enabling enhanced firewall rules via ARP-based annotations is described. In an embodiment, a method comprises detecting, by a hypervisor implemented in a first host, that a first process is executing on the first host. The hypervisor determines first context information for the first process, generates a first request, encapsulates the first request and the first context information in a first packet, and transmits the first packet to a central controller to cause the central controller to update the controller's table to indicate that the first process is executing on the first host. In response to receiving a second packet from the central controller and determining that the second packet comprises a first response, the hypervisor extracts second context information from the second packet and, based on the second context information, determines that a second process is executing on a second host.

Abstract: Systems and methods are described for providing recommendations for an improved user experience in online meetings. A recommendation engine can aggregate data from user devices to make recommendations before, during and after online meetings. Before a meeting, the recommendation engine can recommend which of a user's devices to use for the meeting. During the meeting, the recommendation engine can identify current or anticipated issues and recommend changes the user can make to correct or prevent the issue. After meetings, the recommendation engine can aggregate data and identify an ongoing issue for one or multiple users. The recommendation engine can identify the cause of the issue and make recommendations to the user or an administrator accordingly.

Abstract: Computer-implemented methods and systems described herein perform intelligent sampling of application traces generated by an application. Computer-implemented methods and systems determine different sampling rates based on frequency of occurrence of trace types and/or frequency of occurrence of durations of the traces. Each sampling rate corresponds to a different trace type and/or different duration. The sampling rates for low frequency trace types and durations are larger than the sampling rates for high frequency trace types and durations. The relatively larger sampling rates for low frequency trace types and low frequency durations ensures that low frequency trace types and low frequency durations are sampled in sufficient numbers and are not passed over during sampling of the application traces. The set of sampled traces are stored in a data storage device.

Abstract: A deployment system enables a developer to generate a deployment plan according to a logical, multi-tier application blueprint defined by application architects. The deployment plan includes tasks to be executed for deploying application components on virtual computing resource provided in a cloud infrastructure. The deployment plan includes time dependencies that determine an execution order of the tasks according to dependencies between application components specified in the application blueprint. The deployment plan enables system administrators to view the application blueprint as an ordered workflow view that facilitates collaboration between system administrators and application architects.

Abstract: An administrator agent and local worker agents are provided in nodes of a distributed system to support dynamic tracing of runtime data. Trace profiles are associated with the nodes on which the local worker agents reside. The local worker agents monitor the runtime data for an error, and the administrator agent adjusts the trace profile(s) in response to the error(s). The administrator agent sends the adjusted trace profile(s) to the local worker agents, so as to enable trace output data of traces performed by the nodes to be increased or decreased.

Abstract: Example methods are provided for configuring a hyper-converged infrastructure (HCI) cluster managed by a cluster manager. The method may comprise retrieving, by a workflow session from the cluster manager. The workflow session may include a plurality of workflow operations, and a first workflow operation selected from the plurality of workflow operations is marked as incomplete. The method may transmit o the cluster manager a request to invoke the first workflow operation. The cluster manager may be configured to perform the first workflow operation by batch-configuring a plurality of nodes in the HCI cluster. In response to a determination that the first workflow operation is completed, the method may request the cluster manager to mark the first work operation in the workflow session as completed.

Abstract: Some embodiments provide a method for implementing a software-defined private mobile network (SD-PMN) for an entity. At a physical location of the entity, the method deploys a first set of control plane components for the SD-PMN, the first set of control plane components including a security gateway, a user-plane function (UPF), an AMF (access and mobility management function), and an SMF (session management function). At an SD-WAN (software-defined wide area network) PoP (point of presence) belonging to a provider of the SD-PMN, the method deploys a second set of control plane components for the SD-PMN that includes a subscriber database that stores data associated with users of the SD-PMN. The method uses an SD-WAN edge router located at the physical location of the entity and a SD-WAN gateway located at the SD-WAN PoP to establish a connection from the physical location of the entity to the SD-WAN PoP.

Abstract: Firmware passwords, such as BIOS passwords can be managed by a remotely executed management service. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Abstract: Some embodiments provide a method, for a software-defined wide area network (SD-WAN) that handles (i) traffic for a 5G network and (ii) traffic outside of the 5G network. The SD-WAN is established by a set of edge nodes and a set of gateways. At a particular edge node of the SD-WAN, the method identifies whether a received data message is a 5G message that includes a tunnel header of a particular type associated with the 5G network. When the data message is a 5G message, the method examines a set of header fields within the tunnel header to identify a specified traffic priority applicable to the 5G message. The method applies the identified traffic priority within the SD-WAN.

Abstract: Various approaches for exposing a virtual Non-Uniform Memory Access (NUMA) locality table to the guest OS of a VM running on NUMA system are provided. These approaches provide different tradeoffs between the accuracy of the virtual NUMA locality table and the ability of the system's hypervisor to migrate virtual NUMA nodes, with the general goal of enabling the guest OS to make more informed task placement/memory allocation decisions.

Abstract: In some embodiments, a method adds a specific route for an IP address that is associated with a first workload into a routing table for a first network device in a first site in response to the first workload being migrated from a second site to the first site. The first network device receives a packet from a second workload for the first workload and determines that a destination of the packet matches the specific route in the routing table. The method routes the packet from the second workload to the first workload using the specific route in the routing table without sending the packet to the second site.

Abstract: Some embodiments provide a method for reporting potential root causes of incidents within a network. The method identifies a first network entity as a potential root cause of an incident affecting a second network entity. For each network entity of a set of network entities in a dependency chain beginning with the first network entity and ending with the second network entity, the method assigns a label to the network entity based on measured metrics of the network entity. The method uses a state machine that encodes causality between different network entity labels to generate a human-readable explanation for the first network entity causing the incident affecting the second network entity.

Abstract: Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other security program) that has been prevented/delayed in its execution by malicious code that has occupied the pages, thereby providing the executable code with sufficient memory resources to enable the executable code to at least partially complete execution.

Abstract: The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

Abstract: The disclosure provides an approach for seamless hand-off of data traffic in public cloud environments. Techniques are provided for activating an edge services gateway (ESG) virtual computing instance (VCI) on a new host. Prior to activating the ESG VCI on the new host, an underlay routing table is reprogrammed to associate a first IP address of a first tunnel endpoint (TEP) with a first network interface of an old host and to associate a second IP address of a second TEP with a second network interface of the new host. The routing table associates a third IP address of the ESG VCI with the first network interface. After activating the ESG VCI, a packet having as a destination address the third IP address is received at the first network interface and is encapsulated, by the first TEP, with an outer header having as a destination address the second IP address.

Abstract: Systems and methods are described for providing recommendations for a user experience in online meetings. A recommendation engine can aggregate data from user devices to make recommendations before, during and after online meetings. Before a meeting, the recommendation engine can recommend which of a user's devices to use for the meeting. During the meeting, the recommendation engine can identify current or anticipated issues and recommend changes the user can make to correct or prevent the issue. After meetings, the recommendation engine can aggregate data and identify an ongoing issue for one or multiple users. The recommendation engine can identify the cause of the issue and make recommendations to the user or an administrator accordingly.

Abstract: The disclosure provides an example method for live packet tracing. Some embodiments of the method include configuring a first network interface of a first pod to mark each of a plurality of packets, with a corresponding flow tag and a corresponding packet identifier, receiving, from one or more observation points, at least one of copies or metadata of the plurality of packets each marked with the corresponding flow tag and the corresponding packet identifier. In some embodiments, the method further includes displaying data indicative of the at least one of the copies or the metadata of the plurality of packets.

Abstract: Disclosed are various approaches for workflow service application searching. In some aspects, a search query is entered through a search element of a workflow application on a client device. A request is transmitted from a workflow application to a workflow service, to search within an application based on the search query. Application content corresponding to the search query and the application is received from the workflow service. A search result is provided based on the application content and without opening the application on the client device.