Abstract: Disclosed are various approaches for providing touchless visitor management. A visitor can complete a visitor registration process using a client device of the visitor and obtain a virtual badge credential to a visitor's device. A physical access control system credential as well as a visitor badge can also be obtained to the visitor's device.

Abstract: A deployment system enables a developer to generate a deployment plan according to a logical, multi-tier application blueprint defined by application architects. The deployment plan includes tasks to be executed for deploying application components on virtual computing resource provided in a cloud infrastructure. The deployment plan includes time dependencies that determine an execution order of the tasks according to dependencies between application components specified in the application blueprint. The deployment plan enables system administrators to view the application blueprint as an ordered workflow view that facilitates collaboration between system administrators and application architects.

Abstract: Example methods are provided for configuring a hyper-converged infrastructure (HCI) cluster managed by a cluster manager. The method may comprise retrieving, by a workflow session from the cluster manager. The workflow session may include a plurality of workflow operations, and a first workflow operation selected from the plurality of workflow operations is marked as incomplete. The method may transmit o the cluster manager a request to invoke the first workflow operation. The cluster manager may be configured to perform the first workflow operation by batch-configuring a plurality of nodes in the HCI cluster. In response to a determination that the first workflow operation is completed, the method may request the cluster manager to mark the first work operation in the workflow session as completed.

Abstract: Computer-implemented methods and systems described herein perform intelligent sampling of application traces generated by an application. Computer-implemented methods and systems determine different sampling rates based on frequency of occurrence of trace types and/or frequency of occurrence of durations of the traces. Each sampling rate corresponds to a different trace type and/or different duration. The sampling rates for low frequency trace types and durations are larger than the sampling rates for high frequency trace types and durations. The relatively larger sampling rates for low frequency trace types and low frequency durations ensures that low frequency trace types and low frequency durations are sampled in sufficient numbers and are not passed over during sampling of the application traces. The set of sampled traces are stored in a data storage device.

Abstract: Firmware passwords, such as BIOS passwords can be managed by a remotely executed management service. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Abstract: An administrator agent and local worker agents are provided in nodes of a distributed system to support dynamic tracing of runtime data. Trace profiles are associated with the nodes on which the local worker agents reside. The local worker agents monitor the runtime data for an error, and the administrator agent adjusts the trace profile(s) in response to the error(s). The administrator agent sends the adjusted trace profile(s) to the local worker agents, so as to enable trace output data of traces performed by the nodes to be increased or decreased.

Abstract: In some embodiments, a method adds a specific route for an IP address that is associated with a first workload into a routing table for a first network device in a first site in response to the first workload being migrated from a second site to the first site. The first network device receives a packet from a second workload for the first workload and determines that a destination of the packet matches the specific route in the routing table. The method routes the packet from the second workload to the first workload using the specific route in the routing table without sending the packet to the second site.

Abstract: Some embodiments provide a method for implementing a software-defined private mobile network (SD-PMN) for an entity. At a physical location of the entity, the method deploys a first set of control plane components for the SD-PMN, the first set of control plane components including a security gateway, a user-plane function (UPF), an AMF (access and mobility management function), and an SMF (session management function). At an SD-WAN (software-defined wide area network) PoP (point of presence) belonging to a provider of the SD-PMN, the method deploys a second set of control plane components for the SD-PMN that includes a subscriber database that stores data associated with users of the SD-PMN. The method uses an SD-WAN edge router located at the physical location of the entity and a SD-WAN gateway located at the SD-WAN PoP to establish a connection from the physical location of the entity to the SD-WAN PoP.

Abstract: Various approaches for exposing a virtual Non-Uniform Memory Access (NUMA) locality table to the guest OS of a VM running on NUMA system are provided. These approaches provide different tradeoffs between the accuracy of the virtual NUMA locality table and the ability of the system's hypervisor to migrate virtual NUMA nodes, with the general goal of enabling the guest OS to make more informed task placement/memory allocation decisions.

Abstract: Systems and methods are described for providing recommendations for an improved user experience in online meetings. A recommendation engine can aggregate data from user devices to make recommendations before, during and after online meetings. Before a meeting, the recommendation engine can recommend which of a user's devices to use for the meeting. During the meeting, the recommendation engine can identify current or anticipated issues and recommend changes the user can make to correct or prevent the issue. After meetings, the recommendation engine can aggregate data and identify an ongoing issue for one or multiple users. The recommendation engine can identify the cause of the issue and make recommendations to the user or an administrator accordingly.

Abstract: Some embodiments provide a method, for a software-defined wide area network (SD-WAN) that handles (i) traffic for a 5G network and (ii) traffic outside of the 5G network. The SD-WAN is established by a set of edge nodes and a set of gateways. At a particular edge node of the SD-WAN, the method identifies whether a received data message is a 5G message that includes a tunnel header of a particular type associated with the 5G network. When the data message is a 5G message, the method examines a set of header fields within the tunnel header to identify a specified traffic priority applicable to the 5G message. The method applies the identified traffic priority within the SD-WAN.

Abstract: Some embodiments provide a method for reporting potential root causes of incidents within a network. The method identifies a first network entity as a potential root cause of an incident affecting a second network entity. For each network entity of a set of network entities in a dependency chain beginning with the first network entity and ending with the second network entity, the method assigns a label to the network entity based on measured metrics of the network entity. The method uses a state machine that encodes causality between different network entity labels to generate a human-readable explanation for the first network entity causing the incident affecting the second network entity.

Abstract: A system and method for creating a secure overlay network on top of the public Internet, optionally by creating an identity-based network in which user identities are the identifiers rather than IP addresses, and whereas only authenticated and authorized users whose identity has been established have visibility and access to the network; establishing fully encrypted and private network segments; providing superior performance through improved protocols and routing; and implementing a decentralized topology that allows any two nodes on it to communicate regardless of each node's location or network settings—as if the two nodes are on the same local area network.

Abstract: The method for a virtual machine to use a port and loopback IP addresses allocation scheme for full-mesh communications with transparent transport layer security tunnels is presented. In an embodiment, the method comprises detecting, at a redirect agent implemented in a first machine, a packet that is sent from a client application executing on the first machine toward a server application executing on a second machine; and determining, by the redirect agent, whether a first redirect rule matches the packet. In response to determining that the first redirect rule matches the packet, the redirect agent applies the first redirect rule to the packet to translate the packet into a translated packet, and provides the translated packet to a client agent implemented in the first machine to cause the client agent to transmit the translated packet to a server agent implemented in the second machine.

Abstract: Example methods for a network device to perform address resolution handling. The method may comprise: in response to a first distributed router (DR) port of a first DR instance detecting an address resolution request from a second DR port of a second DR instance, generating a modified address resolution request that is addressed from a first address associated with the first DR port instead of a second address associated with the second DR port. The modified address resolution request may be broadcasted within a logical network that is connected to the first DR instance through network extension. The method may also comprise: in response to detecting an address resolution response that includes protocol-to-hardware address mapping information associated with an endpoint located on the logical network, generating and sending a modified address resolution response towards the second DR port of the second DR instance.

Abstract: Some embodiments provide a method for providing a resource to a particular virtual private cloud that is deployed in a set of datacenters that host multiple virtual private clouds. At a resource issuer, the method receives a resource request from a particular machine deployed in the particular virtual private cloud, the resource request including a first set of cloud-specific data. The method obtains a cloud identifier for the particular machine from a registry service of the particular virtual private cloud that interacts with a datacenter-set cloud service that deploys machines in the datacenter set for different virtual private clouds. The method uses the obtained cloud identifier to obtain a second set of cloud-specific data for the particular machine from the datacenter-set cloud service. Upon determining that the first and second sets of cloud-specific data match, the method authenticates the particular machine and issues the resource for the particular machine.

Abstract: A method of copying at least first and second files stored in a client computing device to a host server, includes the steps of: generating at the host server a first read I/O request for data of the first file based on responses to pre-read I/O requests for the first file, received from the client computing device; transmitting a merged I/O request that includes the first read I/O request for data of the first file and pre-read I/O requests for the second file from the host server to the client computing device; generating at the host server a second read I/O request for data of the second file based on responses to the pre-read I/O requests for the second file, received from the client computing device; and transmitting the second read I/O request for data of the second file from the host server to the client computing device.

Abstract: Disclosed are various approaches for workflow service application searching. In some aspects, a search query is entered through a search element of a workflow application on a client device. A request is transmitted from a workflow application to a workflow service, to search within an application based on the search query. Application content corresponding to the search query and the application is received from the workflow service. A search result is provided based on the application content and without opening the application on the client device.

Abstract: Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other security program) that has been prevented/delayed in its execution by malicious code that has occupied the pages, thereby providing the executable code with sufficient memory resources to enable the executable code to at least partially complete execution.

Abstract: A method to offload network function packet processing from a virtual machine onto an offload destination is disclosed. In an embodiment, a method comprises: defining an application programing interface (“API”) for capturing, in a packet processor offload, a network function packet processing for a data flow by specifying how to perform the network function packet processing on data packets that belong to the data flow. Based on capabilities of the packet processor offload and available resources, a packet processing offload destination is selected. Based at least on the API, the packet processor offload for the packet processing offload destination is generated. The packet processor offload is downloaded to the packet processing offload destination to configure the packet processing offload destination to provide the network function packet processing on the data packets that belong to the data flow. The packet processing offload destination is a PNIC or a hypervisor.