Abstract: Automated, computer-implemented methods and systems for resolving performance problems with objects executing in a data center are described. The automated methods use machine learning to train a model that comprises rules defining relationships between probabilities of event types of in log messages and values of a key performance indictor (“KPI”) of the object over a historical time period. When a KPI violates a corresponding threshold, the rules are used to evaluate run time log messages that describe the probable root cause of the performance problem. An alert identifying the KPI threshold violation, and the log messages are displayed in a graphical user interface of an electronic display device.

Abstract: Example methods and systems for cluster add-on lifecycle management are described. In one example, a computer system may obtain cluster add-on definition information specifying multiple add-ons that are each capable of extending functionality of at least a first cluster and a second cluster. In response to receiving a first instruction to perform a first management action, a first validation operation may be performed based on the cluster add-on definition information and multiple first configuration values associated the multiple first configuration fields. In response to receiving a second instruction to perform a second management action associated with the second add-on, a second validation operation may be performed based on the cluster add-on definition information and multiple second configuration values associated the multiple second configuration fields. The first/second management action may be performed in response to determination that the first/second validation operation is successful.

Abstract: A script for execution in a software-defined data center (SDDC) can be received. The script can include an object identifier of an SDDC resource object. A validation of the object identifier can be performed before the script is executed. The script can be executed responsive to the validation being successful. A notification can be provided responsive to the validation being unsuccessful.

Abstract: The current document is directed to methods and subsystems that manage submitted code changes for processing by continuous-integration/continuous-delivery/deployment systems. In disclosed implementations, code changes are processed as quickly as possible, when the code changes are flagged as being urgent. Non-urgent code changes are evaluated for the possibility of merging the non-urgent code changes with additional, subsequently submitted code changes in order to more efficiently employ computational resources needed for processing the code changes. When there is a code change, waiting for processing, with which a submitted code change can be merged, the submitted code change is merged with the waiting code change so that the merged code changes can be together verified.

Abstract: Automated computer-implemented methods and systems for resolving performance problems with objects executing in a data center are described. The automated methods use machine learning to obtain rules defining relationships between probabilities of event types of in log messages and performance problems identified by a key performance indictor (“KPI”) of the object. When a KPI violates a corresponding threshold, the rules are used to evaluate run time log messages that describe the probable root cause of the performance problem. An alert identifying the KPI threshold violation, and the log messages are displayed in a graphical user interface of an electronic display device.

Abstract: Example methods and systems for cluster add-on lifecycle management are described. In one example, a computer system may obtain cluster add-on definition information specifying multiple add-ons that are each capable of extending functionality of at least a first cluster and a second cluster. User interface(s) may be generated based on the cluster add-on definition information to allow a user to request for a management action associated. In response to receiving a first request for a first management action associated with the first add-on, a first instruction may be generated and sent to cause the first management action to be performed in the first cluster. In response to receiving a second request for a second management action associated with the second add-on, a second instruction may be generated and sent to cause the second management action to be performed in the first cluster or the second cluster.

Abstract: Automated, computer-implemented methods and systems describe herein resolve performance problems with objects executing in a data center. The operations manager uses machine learning to train an inference model that relates probability distributions of event types of log messages of the object to a key performance indicator (“KPI”) of the object. The operations manager monitors the KPI for run-time KPI values that violates a KPI threshold. When the KPI violates the threshold, the operations manager determines probabilities of event types of log messages recorded in a run-time interval and uses the inference model to determine event types of the probabilities of event types of log messages in the run-time interval to determine a root cause of the performance problem. The inference models can be used to identify log messages of event types that correspond to potential performance problems with data center objects and execute appropriate remedial measures to avoid the problems.

Abstract: The generation, actuation, and enforcement of policies within a distributed computing system is provided. The policies are employed to manage the resources of the system. The resources include virtualized resources, such as virtual machines (VMs) and virtual storage disks (VSDs). A policy includes a rule and scope. Enforcing a policy includes applying the rule to resources that are within the policy's scope. Policies are employed to constrain the leasing period and reclaim leased resources, as well constrain the access of certain users to specific operations on the leased resources. Policies may be created via a UI that automatically generates a policy encoding. The policy is registered and accessed via a policy store. When multiple policies target a particular resource, merging strategies are applied to the multiple policies, to generate an effective policy that is consistent with the multiple policies and is enforced on the particular resource.

Abstract: Some embodiments provide a method for performing data traffic monitoring. The method processes a packet through a packet processing pipeline that includes multiple stages. At a filtering stage, the method tags the packet with a set of monitoring actions for subsequent stages to perform on the packet based on a determination that the packet matches a particular filter. For each stage of a set of packet processing stages subsequent to the filtering stage, the method (i) executes any monitoring actions specified for the stage to perform on the packet and (ii) sends the packet to a next stage in the packet processing pipeline.

Abstract: Example methods and systems for centralized service insertion in an active-active cluster are described. In one example, a first service endpoint may operate in an active mode on a first logical service router (SR) supported by the computer system. The first service endpoint may be associated with a second service endpoint operating on the second logical SR in a standby mode. The first logical SR and the second logical SR may be assigned to a first sub-cluster of the active-active cluster. In response to receiving a service request originating from a virtualized computing instance, the service request may be processed using the first service endpoint according to a centralized service that is implemented by both the first service endpoint and the second service endpoint. A processed service request may be forwarded towards a destination capable of generating and sending a service response in reply to the processed service request.

Abstract: Systems and methods are described for providing a virtual machine (“VM”) as a service. A user device can install a VM to enable itself as an edge node. The user device can then and use a portion of its computing resources to provide the service to the endpoint device by running the VM. In an example, an edge node can directly receive a request for a service from an endpoint device. The edge node can determine that it needs assistance from another device to jointly provide the service. Then another user device which is available to operate as an edge node can join the edge team.

Abstract: The current document is directed to methods and systems that employ call traces collected by one or more call-trace services to generate call-trace-classification rules to facilitate root-cause analysis of distributed-application operational problems and failures. In a described implementation, a set of automatically labeled call traces is partitioned by the generated call-trace-classification rules. Call-trace-classification-rule generation is constrained to produce relatively simple rules with greater-than-threshold confidences and coverages. The call-trace-classification rules may point to particular services and service failures, which provides useful information to distributed-application and distributed-computer-system managers and administrators attempting to diagnose operational problems and failures that arise during execution of distributed applications within distributed computer systems.

Abstract: Distributed tracing is applied during an upgrade from a first management appliance to a second management appliance. The distributed tracing method includes generating a parent span that encapsulates states of the overall workflow, including a span context that contains a trace identifier and a span identifier, and generating a plurality of child spans. Each child span encapsulates states that represent a piece of the workflow and contains a reference to the parent span context. The states of the child spans include an error tag that indicates whether the piece of the workflow associated with the child span executed with an error. Because child spans may be generated for a piece of the workflow that is executed by a service running in the first or second management appliance, the span context for the parent span is persisted by the first management appliance and replicated for use by the second management appliance.

Abstract: Improved tools and techniques for generating stateful rules for behavior-based threat detection enable threat analysts, who do not have advanced computer programming skills, to quickly and easily generate high-level representations of stateful behavioral rules, which are then compiled into a format suitable for execution by a stateful rule processing engine. In some examples, the high-level representations of stateful rules are coded in a high-level, domain specific language (DSL). The DSL may provide high-level primitives suitable for (1) expressing sequences of attack behaviors, (2) tagging computational entities (e.g., threads, processes, applications, systems, users, etc.) with states (e.g., user-defined states), and/or (3) performing operations on endpoint nodes (e.g., reporting activity, blocking activity, terminating processes, etc.).

Abstract: The current document is directed to methods and systems that employ call traces collected by one or more call-trace services to generate call-trace-classification rules to facilitate root-cause analysis of distributed-application operational problems and failures. In a described implementation, a set of automatically labeled call traces is partitioned by the generated call-trace-classification rules. Call-trace-classification-rule generation is constrained to produce relatively simple rules with greater-than-threshold confidences and coverages. The call-trace-classification rules may point to particular services and service failures, which provides useful information to distributed-application and distributed-computer-system managers and administrators attempting to diagnose operational problems and failures that arise during execution of distributed applications within distributed computer systems.

Abstract: An enhanced robust input protocol for secure multi-party computation (MPC) via pseudorandom secret sharing is provided. With this enhanced protocol, the servers that participate in MPC can generate and send a single random sharing [R] to a client with k inputs (rather than a separate random sharing per input), and the client can derive k pseudorandom sharings from [R] without any further server interactions.

Abstract: Techniques for enabling efficient guest OS access to PCIe configuration space are provided. In one set of embodiments, a hypervisor can reserve a single host physical memory page in the host physical memory of a host system and can populate the single host physical memory page with a value indicating non-presence of PCIe device functions. The hypervisor can then create, for each guest physical memory page in a guest physical memory of a virtual machine (VM) corresponding to a PCIe configuration space of an absent PCIe device function in the VM, a mapping in the hypervisor's second-level page tables that maps the guest physical memory page to the single host physical memory page.

Abstract: The state of cache lines transferred into an out of caches of processing hardware is tracked by monitoring hardware. The method of tracking includes monitoring the processing hardware for cache coherence events on a coherence interconnect between the processing hardware and monitoring hardware, determining that the state of a cache line has changed, and updating a hierarchical data structure to indicate the change in the state of said cache line. The hierarchical data structure includes a first level data structure including first bits, and a second level data structure including second bits, each of the first bits associated with a group of second bits. The step of updating includes setting one of the first bits and one of the second bits in the group corresponding to the first bit that is being set, according to an address of said cache line.

Abstract: Example methods and systems to perform flow cache information update(s) for packet processing are described. In one example, a network element may configure flow cache information specifying a set of actions based on a sequence of stages that is executable during slow-path packet processing. The network element may configure dependency information specifying execution dependence or independence among the set of actions during fast-path packet processing. In response to detecting a configuration change associated with stage(s) from the sequence of stages, the network element may identify first action(s) affected by the configuration change and second action(s) not affected by the configuration change. This way, a granular update may be performed to the flow cache information by updating the at least one first action, but not the at least one second action.

Abstract: In some embodiments, a method instantiates a proxy that stores first state information for first workloads running on a first computing device. The first computing device receives a migrated workload from a second computing device and second state information for a session associated with the migrated workload. The second state information is generated by a proxy on the second computing device that processed one or more packets for the migrated workload on the second computing device. The method stories the second state information for the proxy on the first computing device and resumes the session associated with the migrated workload using the proxy on the first computing device.