Abstract: A system and method for connecting virtual computer networks in a public cloud computing environment using a transit virtual computer network uses a cloud gateway device in the transit virtual computer network that includes a first-tier logical router and a plurality of second-tier logical routers connected to the virtual computer networks. A source Internet Protocol (IP) address of outgoing data packets from a particular virtual computer network is translated at a particular second-tier logical router of the cloud gateway device from an IP address of the particular virtual computer network to an internal IP address from a particular pool of IP addresses. The outgoing data packets are then routed to the first-tier logical router of the cloud gateway device, where the outgoing data packets are transmitted a destination network from a particular interface of the first-tier logical router of the cloud gateway device.

Abstract: Embodiments are described for placing a watermark over application windows in a desktop. For each application window that is opened in the desktop, the system can determine whether the application requires a watermark, for example, based on a predefined list that specifies which applications require watermarks. For each application window that requires a watermark, a uncovered watermark region can be calculated where the watermark will appear. An overlay can be placed over the application windows, for example in a top-level window that does not receive mouse and keyboard inputs, and the watermark can be drawn in the overlay over the location of the uncovered watermark region of each application. As a result, watermarks can be placed over a plurality of specified application windows in an efficient and convenient manner.

Abstract: Disclosed are various embodiments for delegating authentication to certificate authorities. A connector service identifies a certificate request from a messenger service. The certificate request includes a credential identifier for a certificate authority. An authentication credential is retrieved using the credential identifier. A certificate request and the certificate authority authentication credential are transmitted to the certificate authority. A certificate is retrieved and provided as a response to the certificate request.

Abstract: Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to authenticate a user on the computing device in order to unlock an operating system based on a first recovery key. A key rotation command can be received from the management service. The key rotation command can include an instruction to rotate the first recovery key. The computing device can generate a second recovery key and transmit the second recovery key to the management service.

Abstract: A feature selection methodology is disclosed. In a computer-implemented method, components of a computing environment are automatically monitored, and have a feature selection analysis performed thereon. Provided the feature selection analysis determines that features of the components are well defined, a classification of the features is performed. Provided the feature selection analysis determines that features of the components are not well defined, a similarity analysis of the features is performed. Results of the feature selection methodology are generated.

Abstract: Some embodiments of the invention provide a method for performing intrusion detection operations on a host computer. The method receives a data message sent by a machine executing on the host computer. For the data message's flow, the method identifies a set of one or more contextual attributes that are different than layers 2, 3 and 4 header values of the data message. The identified set of contextual attributes are provided to an intrusion detection system (IDS) engine that executes on the host computer to enforce several IDS rules. The IDS engine uses the identified set of contextual attributes to identify a subset of the IDS rules that are applicable to the received data message and that do not include all of the IDS rules enforced by the IDS engine. The IDS engine then examines the subset of IDS rules for the received data message to ascertain whether the data message is associated with a network intrusion activity.

Abstract: Examples described herein include systems and methods for managing user interaction within a virtual space. An example method can include installing management software on one or more user devices and requesting a digital ID that represents a combination of a user and at least one user device. The method can further include configuring a virtual reality (“VR”) space including virtual meeting rooms and a notification service. An administrator can set the number of rooms, place virtual objects within each room, and set requirements for entering each room based on the digital IDs. The administrator can also configure a notification service to provide guided notifications to users during their VR experiences. For example, the notification service can utilize the digital ID to identify the appropriate instructions to provide to the user as they are navigating the VR space.

Abstract: A method of securely exchanging a session token for a claims-based token by a plug-in integrated into an extensible system includes the steps of: transmitting, to an extensible system server of the extensible system, the session token and a request for a first claims-based token that corresponds to the session token and that is cryptographically signed by an authentication server; acquiring, from the extensible system server, the first claims-based token; transmitting, to the authentication server, the first claims-based token and a request for a second claims-based token; and receiving, from the authentication server, the second claims-based token, wherein the second claims-based token is cryptographically signed by the authentication server, and wherein if the second claims-based token is transmitted to a resource provider server hosting a resource provider service, the resource provider service performs a requested operation on behalf of an interactive user of the extensible system.

Abstract: An example method may include receiving a first GUI selection of a first management server corresponding to a first cluster of virtual infrastructure objects, receiving a second GUI selection of one or more first virtual infrastructure object tags to be assigned to at least one virtual infrastructure object from the first cluster of virtual infrastructure objects after a creation process of a first policy, wherein the first policy is configured to regulate the at least one virtual infrastructure object from the first cluster of virtual infrastructure objects with the one or more first virtual infrastructure object tags, receiving first real-time feedback associated with the first cluster of virtual infrastructure objects and the one or more first virtual infrastructure object tags from the first management server, and displaying a object count in a first GUI element supported by the configuration client.

Abstract: Example methods and systems for request handling with automatic scheduling are described. In one example, a computer system may receive, from multiple client devices, respective multiple requests that are generated and sent according to a first set of control parameters. Based on the multiple requests, request characteristic(s) may be monitored to determine whether an automatic scheduling condition is satisfied. In response to determination that the automatic scheduling condition is satisfied, the computer system may assign a second set of control parameters to the respective client devices and instruct the client devices to generate and send respective multiple subsequent requests according to the second set of control parameters to cause a modification of the request characteristic(s).

Abstract: In a computer-implemented method for configuring an appliance in a virtualization infrastructure via a graphical user-interface a list of hosts and a centralized management tool of the virtualization infrastructure is displayed via the graphical user-interface. The hosts are for hosting one or more virtual machines. The centralized management tool is for centrally managing the virtualization infrastructure. In response to selecting one of the hosts, displaying host configuration properties associated with the selected hosts via the graphical user-interface. The host configuration properties are associated with a displayed user input field.

Abstract: A system and method for managing logs from computing environments uses a rate change in a rate of occurrence of same event type logs from a base time window to a current time window for each of the event types to identify candidate event types for a particular tier log storage. The rate changes of the event types are checked against a threshold rate change range to identify the candidate event types. In response to selection of some of the candidate event types, the logs in the selected candidate event types are transferred to the particular tier log storage.

Abstract: System and method for executing scan operations on computing systems use a sparse file that represents a storage device of a computing system to scan a file stored in the storage device. The sparse file is created and mounted to a scanner appliance such that the sparse file appears to a scan engine of the scanner appliance as a local storage device. When a read request for the file stored in the storage device is issued from the scan engine that results in an implicit read request to the sparse file, the implicit read request is trapped. While the implicit read request is trapped, data of the file is retrieved from the storage device of the computing system to the scanner appliance using a communication transport. The retrieved data of the file is then scanned using the scan engine at the scanner appliance.

Abstract: Methods and systems for balancing resources in a virtual machine computing environment are disclosed. A server can receive data illustrating the configuration of host machines and virtual machines in client computing environment. A simulated computing environment can be created that mirrors the configuration of the client computing environment. Data relating to resource usage (e.g., processor, memory, and storage) of the host machines can be received. The resource usage can be simulated in the simulated computing environment to mirror the usage of the client computing environment. A recommendation to execute a migration of a virtual machine can be received from the simulated computing environment. Instructions to execute a migration corresponding to the recommended migration can be generated and sent to the client computing environment.

Abstract: Persistent connections are provided between components in a container environment. A hypertext transfer protocol (HTTP) client may include a monitoring service and a proxy service. To obtain information regarding containers in the container environment, the monitoring service communicates a request to the proxy service. The proxy service in turn maintains a persistent connection for a session with a container management service using an authentication token, and communicates the request to the container management service during the session. The container management service obtains the requested information from the container(s) and returns the information in a response to the proxy service, which in turn returns the response to the monitoring service. The session is destroyed/ended only under certain error conditions—otherwise, the session between the proxy service and the container management system is kept persistent.

Abstract: System and computer-implemented method for analyzing software-defined data center (SDDC) components in a computing environment uses network traffic data, which is correlated with an inventory of SDDC components in the computing environment to calculate a metric collection parameter for each SDDC component in the computing environment based on data flow associated with that SDDC component. Relevant metrics from each of the SDDC components in the computing environment are collected according to the metric collection parameter for that SDDC component to analyze the SDDC components.

Abstract: Techniques for ingesting data streams to a distributed-computing system using a multi-directional data ingestion pipeline are provided. In one embodiment, a method for ingesting data streams includes, at a client gateway, receiving a plurality of messages; assigning the plurality of messages to one or more data streams; obtaining stream routing configurations; and identifying one or more receivers. The method further includes determining whether at least one of the one or more data streams is to be delivered to one or more receivers operating in the first computing environment; and if so, delivering the at least one of the one or more data streams to the one or more receivers operating in the first computing environment. The method further includes delivering the one or more data streams to a data ingress gateway operating in a second computing environment.

Abstract: Network-efficient isolation environment redistribution is described. In one example, network communications are surveyed among isolation environments, such as virtual machines (VMs) and containers, hosted on a cluster. An affinity for network communications between the isolation environments can be identified based on the survey. Pairs or groups of the isolation environments can be examined to identify ones which have an affinity for network communications between them but are also hosted on different host machines in the cluster. The identification of the affinity for network communications provides network-level context for migration decisions by a distributed resource scheduler. Certain VMs and/or containers can then be migrated by the distributed resource scheduler to reduce the network communications in the cluster based on the network-level context information.

Abstract: An example system includes memory, programmable circuitry, and machine readable instructions to program the programmable circuitry to: obtain utilization metric information corresponding to utilization metrics collected over a time interval, the utilization metrics corresponding to allocated resources utilized by containers, the containers associated with a cluster, obtain a request to generate priority classes for the containers in the cluster, the priority classes indicative of which containers have a greater priority in the cluster, and generate the priority classes for the containers based on the utilization metric information and a count of network interactions corresponding to the containers for the time interval.

Abstract: In some embodiments, a method detects a state of a first session between a first workload and a second workload. The first workload and the second workload send packets in the first session via a first path to maintain a state of the first session. When the state of the first session indicates the first workload is down, the method receives information for network metrics of network traffic being sent in the first path. The method determines when the second workload should transition from a standby mode to an active mode to take over as an active workload in an active/standby configuration between the first workload and the second workload based on the information for the network metrics.