Abstract: Some embodiments provide a novel method for monitoring health of an SMN that includes multiple networking components. A health analytics manager identifies a set of one or more metrics associated with the network components of the SMN. The health analytics manager uses the set of metrics to compute a first health score for the SMN. Then, the health analytics manager presents the first health score in a UI along with (1) data regarding how the first health score was computed, and (2) a set of one or more parameters for a user to modify how the health for the SMN is computed. After receiving from the user one or more modifications to at least one of the parameters, the health analytics manager computes a second health score for the SMN based on the modified set of parameters.

Abstract: A method for the reverse deletion of a plurality of snapshots in a chain of snapshots is provided. The method includes in reverse order, starting from a latest snapshot in time to an earliest snapshot in time of the plurality of snapshots: identifying at least one of a first set of one or more data blocks of a snapshot that are shared with an earlier snapshot in time in the chain of snapshots or a second set of one or more data blocks of the snapshot that are owned by the snapshot and processing the second set of one or more data blocks and skipping processing the first set of one or more data blocks, wherein processing the second set of one or more data blocks comprises performing one or more actions to maintain and/or delete data blocks of the second set of one or more data blocks.

Abstract: Techniques for implementing improved USB redirection of USB HID class devices are provided. In one set of embodiments a client system can receive, from a virtual desktop running on a server system, a poll message directed to an HID interface of a USB HID class device plugged into the client system and identify a polling thread associated with the HID interface. The client system can further save a copy of the poll message in the polling thread and initiate local polling of the HID interface, where the local polling comprises providing, via the polling thread, the copy of the poll message to the HID interface.

Abstract: In an embodiment, a statistical approach for augmenting signature detection in a Web application firewall includes receiving a new request including a parameter in a uniform resource identifier (URI), tokenizing the new request, and determining a compound probability that tokens in a value that is associated with the parameter of the URI and that is included in the new request are associated with an attack. The compound probability is determined based at least in part on component probabilities of tokens of historical values associated with the parameter of the URI.

Abstract: Examples described herein include systems and methods for providing secure access to an email server. A gateway server can receive a request for email notification information from a notification server and parse the request to identify at least one user device associated with the request. The gateway server can then determine whether the identified devices comply with any applicable compliance rules, for example by requesting a compliance status from a management server at which the identified devices are enrolled. If at least one of the identified devices is in compliance, the gateway can pass the request through to the email server. The gateway can then receive a response from the email server and provide it to the notification server.

Abstract: Various examples are disclosed for transitioning usage forecasting in a computing environment. Usage of computing resources of a computing environment are forecasted using a first forecasting data model and usage measurements obtained from the computing resources. A use of the first forecasting data model in forecasting the usage is transitioned to a second forecasting data model without incurring downtime in the computing environment. After the transition, the usage of the computing resources of the computing environment is forecasted using the second forecasting data model and the usage measurements obtained from the computing resources. The second forecasting data model exponentially decays the usage measurements based on a respective time period at which the usage measurements were obtained.

Abstract: To provide a low latency near RT RIC, some embodiments separate the RIC's functions into several different components that operate on different machines (e.g., execute on VMs or Pods) operating on the same host computer or different host computers. Some embodiments also provide high speed interfaces between these machines. Some or all of these interfaces operate in non-blocking, lockless manner in order to ensure that critical near RT RIC operations (e.g., datapath processes) are not delayed due to multiple requests causing one or more components to stall. In addition, each of these RIC components also has an internal architecture that is designed to operate in a non-blocking manner so that no one process of a component can block the operation of another process of the component. All of these low latency features allow the near RT RIC to serve as a high speed IO between the E2 nodes and the xApps.

Abstract: The present disclosure is related to methods, systems, and machine-readable media for log-structured file system management operations. An aggregate amount of over-provisioned computing resources assigned to a plurality of log-structured file system (LFS) objects that are allocated for performance of memory management operations associated with a virtual storage area network (vSAN) can be determined. A subset of LFS objects that are candidates for performance of a particular memory management operation based on an amount of over-provisioned computing resources consumed by one or more LFS objects among the plurality of LFS objects exceeding a resource consumption threshold associated with the determined amount of over-provisioned computing resources assigned to the plurality of LFS objects can be selected. The particular memory management operation using one or more of the candidate LFS objects can be performed.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for executing concurrent writes to a data store. One of the systems includes a data store comprising a plurality of storage segments, wherein each storage segment comprises a plurality of blocks; and an allocator system comprising: a plurality of threads, and a plurality of bitmaps each corresponding to a respective storage segment of the data store, wherein the allocator system is configured to perform operations comprising: assigning a respective bitmap to each thread of the plurality of threads; and executing, by each thread of the plurality of threads, one or more write requests to one or more blocks of the storage segment corresponding to the thread using the bitmap assigned to the thread, wherein executing a write request by a thread includes updating the bitmap assigned to the thread.

Abstract: The disclosure provides an approach for a non-disruptive system upgrade. Embodiments include installing an upgraded version of an operating system (OS) on a computing system while a current version of the OS continues to run. Embodiments include entering a maintenance mode on the computing system, including preventing the addition of new applications and modifying the handling of storage operations on the computing system for the duration of the maintenance mode. Embodiments include, during the maintenance mode, configuring the upgraded version of the OS. Embodiments include, after configuring the upgraded version of the OS, suspending a subset of applications running on the computing system, transferring control over resources of the computing system to the upgraded version of the OS, and resuming the subset of the applications running on the computing system. Embodiments include exiting the maintenance mode on the computing system.

Abstract: Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application.

Abstract: The present disclosure relates to techniques for handling of bidirectional command protocols via a unidirectional communication connection established between a client computing environment and a cloud-services computing environment. In one embodiment, a command request message is pushed from a service component of the cloud-services computing environment to a client gateway of the client computing environment via the unidirectional communication connection. A token indicating routing information to the service component is embedded in the pushed command request message. A command response message is received at the cloud gateway from the client gateway via a bidirectional communication connection established between the client computing environment and the cloud-services computing environment. The command response message includes the token and data associated with executing the command request message at the client computing environment.

Abstract: A system and method for deploying a virtual network function (VNF) are disclosed. Deploying a VNF includes receiving a request to instantiate a VNF in a network virtualization infrastructure, obtaining input from a user providing parameters needed for performing the instantiation of the VNF, determining a type of deployment for the VNF, and adding parameters inferred from the type of deployment to the user data to complete the parameters needed for deployment of the VNF, wherein the added parameters are inferred based on stored data regarding previous instantiations of the VNF. Determining the type of deployment for the VNF includes determining a number of instances of the VNFs to be deployed and a number of virtual infrastructure managers that will be instructed to deploy resources needed by the VNF.

Abstract: A scanner redirection method for a remote desktop system that includes a client computing device and a host server, includes the steps of: acquiring properties of a physical scanner from a data source; generating a user interface (UI) for the acquired properties of the physical scanner; in response to a first user selection made on the UI, transmitting a request to the physical scanner to update a scanner property that is one of the acquired properties of the physical scanner; and in response to a second user selection made on the UI, receiving from an application running on the host server, a request for a scanned image, transmitting to the data source a request to acquire the scanned image from the physical scanner, and upon receiving the scanned image from the data source, transmitting the scanned image to the application.

Abstract: The disclosure provides an approach for high-availability admission control. Embodiments include determining a number of slots present on the cluster of hosts. Embodiments include receiving an indication of a number of host failures to tolerate. Embodiments include determining a number of slots that are assigned to existing computing instances on the cluster of hosts. Embodiments include determining an available cluster capacity based on the number of slots present on the cluster of hosts, the number of host failures to tolerate, and the number of slots that are assigned to existing computing instances on the cluster of hosts. Embodiments include determining whether to admit a given computing instance to the cluster of hosts based on the available cluster capacity.

Abstract: An example method of upgrading a host in a cluster under management of a lifecycle manager in a virtualized computing system includes: receiving, from the lifecycle manager at a host in the cluster being upgraded, a desired software specification for a hypervisor of the host; determining, by the host, a list of required software installation bundles (SIBs) to satisfy the desired software specification; identifying a neighboring host in the cluster for the host; downloading, from the neighboring host to the host, at least at portion of the required SIBs; and executing an upgrade of the hypervisor in the host using the required SIBs.

Abstract: This application relates generally to validating cybersecurity standard compliance of a computer system within a protected execution environment. An example method includes, obtaining one or more messages from a first component while the first component is operating in a protected execution environment created by applying cybersecurity requirements of a security standard, wherein the one or more messages include information about the cybersecurity requirements, and wherein the one or more messages are encrypted; decrypting the one or more messages; comparing the information contained in the one more messages with corresponding cybersecurity requirements of the security standard for the first component; and determining whether the first component is in compliance with the security standard based on the comparing of the information contained in the one more messages with corresponding cybersecurity requirements of the security standard.

Abstract: Log information is retrieved from a log of a container running in a virtual machine in response to a request for the log information, by accessing a virtual disk of the virtual machine, reading the log of the container from the virtual disk and preparing the requested log information from the log, and transmitting the requested log information to a virtual machine (VM) management process running in a host computer of the virtual machine for the VM management process to forward to a requestor of the log information. Alternatively, log data of the container running in the virtual machine may be streamed to the VM management process over a virtual socket communication channel that is established between the virtual machine and the VM management process.

Abstract: Example methods and systems for printing ink consumption estimation are described. In one example, a computer system may obtain printing content associated with a document that is printable using a printer. Based on the printing content, the computer system may generate an image representation of the document, wherein the image representation includes an array of multiple pixels associated with first color information from a first color space. Color conversion may be performed by converting (a) the first color information from the first color space to (b) second color information from a second color space associated with the printer. The computer system may estimate an amount of printing ink required for printing the document based on the second color information and provide the estimated amount of printing ink to a user via a user interface.

Abstract: A feature selection methodology is disclosed. In a computer-implemented method, the feature selection methodology automatically monitors components of a computing environment. The feature selection methodology then determines the importance of various components of the computing environment. The feature selection methodology further outputs results of the determining of the importance of the components within the computing device.