Abstract: Boot failure protection on smartNICs and other computing devices is described. During a power-on stage of a booting process for a computing device, a boot loading environment is directed to install an application programming interface (API) able to be invoked to control operation of a hardware-implemented watchdog. During an operating system loading stage of the booting process, the application programming interface is invoked to enable the hardware-implemented watchdog. During an operating system hand-off stage of the booting process, a last watchdog refresh of the hardware-implemented watchdog is performed, and execution of the boot loading environment is handed off to a kernel boot loader of an operating system. The application programming interface may not be accessible after the hand off to the kernel boot loader.

Abstract: In some embodiments, a method inserts, by a first computing device, a first value for a capability in a first message that is used in a process to automatically exchange capability values with a second computing device. The first value for the capability indicates the first computing device requires a default route to reach the second computing device as a next hop for sending a packet to a destination. The first computing device sends the first message to the second computing device; and receives a second value for the capability in a second message from the second computing device. The second value indicating the second computing device will send the default route to reach the second computing device. When the default route is received from the second computing device, the first computing device stores the default route from the second computing device in a route table.

Abstract: Disclosed are various examples of providing efficient bit compression for direct mapping of physical memory addresses. In some examples, a hypervisor operating system component generates a mask of used address space bits indicated by memory map entries for a computing device. A longest range of unused address space bits is identified using the mask. The memory map entries are transformed to omit the longest range of unused address space bits.

Abstract: Disclosed are various approaches for workflow service email integration. In some examples, an email application executed on a client device receives an email message that includes a workflow micro application. The workflow micro application has a workflow information component, and evaluation component, and a workflow actions component. The evaluation component identifies a presence or an absence of a management software development kit (SDK) on the client device. The email application renders a user interface that shows or hides a workflow actions interface area based on the presence or absence of the management SDK.

Abstract: Automated processes and systems troubleshoot and optimize performance of applications running in distributed computing systems. An automated computer-implemented processes train an inference model for an application based on metrics associated with the application and a key performance indicator (“KPI”) of the application. When a run-time performance problem is detected in run-time KPI values of KPI, the trained inference model is applied to run-time metrics and run-time KPI values to identify relevant run-time metrics that can be used to identify the root cause of the performance problem. The root cause of the performance problem can be used to generate a recommendation for correcting the performance problem. An alert identifying the root cause of the performance problem and the recommendation for correcting the performance problem are displayed on an interface of a display, thereby enabling correction of the performance problem and optimization of the application.

Abstract: Systems and methods are described for establishing trust between two devices for secure peer-to-peer communication. In an example, a first and a second device can each possess a digital signature issued by the same certificate authority and a hash function issued by the same trusted entity. The devices can exchange public keys that include their respective digital signatures. The second device can verify the first device's digital signature, encrypt an encryption key with the second device's public key, hash the encryption key using its hash function, and encrypt the hash using its private key. The second device can send the encrypted hash and encryption key to the first device. The first device can verify the second device's digital signature, decrypt the encryption key, and decrypt the encrypted hash. The first device can hash the encryption key using its hashing function and compare the two hashes to verify the second device.

Abstract: Examples described herein include systems and methods for brokerless reliable totally ordered many-to-many inter-process communication on a single node. A messaging protocol is provided that utilizes shared memory for one of the control plane and data plane, and multicast for the other plane. Readers and writers can store either control messages or message data in the shared memory, including in a ring buffer. Write access to portions of the shared memory can be controlled by a robust futex, which includes a locking mechanism that is crash recoverable. In general, the writers and readers can control the pace of communications and the crash of any process does not crash the overall messaging on the node.

Abstract: Some embodiments of the invention provide a method for connecting deployed machines in a set of one or more software-defined datacenters (SDDCs) to a virtual private cloud (VPC) in an availability zone (AZ). The method deploys network plugin agents (e.g. listening agents) on multiple host computers and configures the network plugin agents to receive notifications of events related to the deployment of network elements from a set of compute deployment agents executing on the particular deployed network plugin agent's host computer. The method, in some embodiments, is performed by a network manager that receives notifications from the deployed network plugin agents regarding events relating to the deployed machines and, in response to the received notifications, configures network elements to connect one or more sets of the deployed machines.

Abstract: Some embodiments provide a method for associating data message flows from applications executing on a host computer with network interfaces of the computer. The method of some embodiments identifies a set of applications operating on a machine executing on the host computer, identifies candidate teaming policies for associating each identified application with a subset of one or more interfaces, and generates a report to display the identified candidate teaming policies per application to a user. In response to user input selecting a first teaming policy for a first application, the method generates a rule, and distributes the rule, to the host computer to associate the first application with a first subset of the network interfaces specified by the first teaming policy.

Abstract: Configuring network packet event related execution is disclosed, including: receiving a set of virtual service configuration information associated with a specified virtual service; using the set of virtual service configuration information to generate a set of event context information corresponding to the virtual service; and storing the set of event context information in a shared memory. Executing scripts related to a network packet event is disclosed, including: determining, using a service engine data path (SEDP) executing at the core, an event associated with a received network packet directed to a virtual service; determining a set of scripts to be executed corresponding to the event; generating a child interpreter context corresponding to the parent interpreter context corresponding to the virtual service; and using the child interpreter context to execute the set of scripts in the core specific memory corresponding to the core.

Abstract: A first server can generate user profiles and receive requests from user devices for enrollment in a first server-managed system that includes user groups. The first server can provide a unique key to a user device during an enrolment process based on a user group the user device is assigned to. The first server can include an enrollment notification for the user device in a first notification transmitted to a messaging service. The messaging service can transmit a second notification to the user device, and the user device can request a user profile from a second server based on second server access information included in the second notification. The second server can use the unique key to access user profile information which it transmits to the user device based on the request. The user device can access the user profile from the profile information using the unique key.

Abstract: Examples of scheduled and on-demand volume encryption suspension are described. In some examples, volume encryption is to be suspended for a client device. A suspension limit is identified for a volume encryption suspension for the client device. A suspend encryption command is generated to include instructions for the client device to apply the volume encryption suspension according to the suspension limit. The suspend encryption command is transmitted to the client device for execution.

Abstract: Some embodiments provide policy-driven methods for deploying edge forwarding elements in a public or private SDDC for tenants or applications. For instance, the method of some embodiments allows administrators to create different traffic groups for different applications and/or tenants, deploys edge forwarding elements for the different traffic groups, and configures forwarding elements in the SDDC to direct data message flows of the applications and/or tenants through the edge forwarding elements deployed for them. The policy-driven method of some embodiments also dynamically deploys edge forwarding elements in the SDDC for applications and/or tenants after detecting the need for the edge forwarding elements based on monitored traffic flow conditions.

Abstract: Some embodiments provide a method for performing radio access network (RAN) functions in a cloud at a medium access control (MAC) scheduler application that executes on a machine deployed on a host computer in the cloud. The method receives data, via a RAN intelligent controller (RIC), from a first RAN component. The method uses the received data to generate a MAC scheduling output. The method provides the MAC scheduling output to a second RAN component via the RIC.

Abstract: Techniques are described for auditing print content during printer redirection in a virtual desktop. The ability to audit redirected print content allows an organization to pre-define certain sensitive data and to track whether print redirection requests in the virtual desktop environment contain any such sensitive data. If such sensitive data is contained in a printer redirection request, a file is generated containing information about the sensitive data, as well as a watermark that encodes information about the printer redirection request, such the user identifier of the user who initiated the print request and a timestamp of when the print request occurred. The generated file is transmitted to one or more registered recipients.

Abstract: The present invention is a highly available system comprising a system to send a plurality of bootstrap requests, at least one cloud proxy fit to receive the plurality of bootstrap requests, wherein each instance of the at least one cloud proxy is coupled with an adapter, and at least one host fit to communicate with one of the at least one cloud proxy.

Abstract: Intelligent capacity planning is provided for storage in a hyperconverged infrastructure environment. The storage may be a logical storage unit that is supported by storage space of a plurality of hardware disks in a virtualized computing environment. Failure predictions can be obtained for each individual hardware disk, and a failure prediction for a number of hardware disk in a hardware disk set can also be obtained. A failure prediction and/or a reduced availability prediction for the logical storage unit can be generated based at least on a configuration state of the logical storage unit, a prediction for one or more hardware disks of the logical storage unit, and a prediction time. Predictions based on what-if operations are also able to be generated.

Abstract: Capacity forecasting may be performed for distributed storage resources in a virtualized computing environment. Historical data indicative of usage of the storage resources is transformed into a privacy-preserving format and is preprocessed to remove outliers, to fill in missing values, and to perform normalization. The preprocessed historical data is inputted into a machine-learning model, which applies a piecewise regression to the historical data to generate a prediction output.

Abstract: The current document is directed to methods and systems that automatically instantiate complex distributed applications by deploying distributed-application instances across the computational resources of one or more distributed computer systems and that automatically manage instantiated distributed applications. The current document discloses decentralized, distributed automated methods and systems that instantiate and manage distributed applications using multiple agents installed within the computational resources of one or more distributed computer systems. The agents exchange distributed-application instances among themselves in order to locally optimize the set of distributed-application instances that they each manage. In addition, agents organize themselves into groups with leader agents to facilitate efficient, decentralized exchange of control information acquired by employing machine-learning methods.

Abstract: Intelligent capacity planning is provided for storage in a hyperconverged infrastructure environment. The storage may be a logical storage unit that is supported by storage space of a plurality of hardware disks in a virtualized computing environment. Failure predictions can be obtained for each individual hardware disk, and a failure prediction for a number of hardware disk in a hardware disk set can also be obtained. A failure prediction and/or a reduced availability prediction for the logical storage unit can be generated based at least on a configuration state of the logical storage unit, a prediction for one or more hardware disks of the logical storage unit, and a prediction time. Predictions based on what-if operations are also able to be generated.