Abstract: An intent compiler is disclosed. The intent compiler includes a backend services layer having at least one service application programming interface (API) specification. The intent compiler also includes a service adapter layer to receive the at least one service API specification and automatically generate at least one service adapter based on the at least one service API specification. The intent compiler additionally includes an application layer to automatically generate an application.

Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.

Abstract: Techniques for supporting invocations of the RDTSC (Read Time-Stamp Counter) instruction, or equivalents thereof, by guest program code running within a virtual machine (VM), including guest program code running within a secure hardware enclave of the VM, are provided. In one set of embodiments, a hypervisor can activate time virtualization heuristics for the VM, where the time virtualization heuristics cause accelerated delivery of system clock timer interrupts to a guest operating system (OS) of the VM. The hypervisor can further determine a scaling factor to be applied to timestamps generated by one or more physical CPUs, where the timestamps are generated in response to invocations of a CPU instruction made by guest program code running within the VM, and where the scaling factor is based on the activated time virtualization heuristics. The hypervisor can then program the scaling factor into the one or more physical CPUs.

Abstract: In an embodiment, a computer-implemented method for DHCP-communications monitoring by a network controller in software defined networks is disclosed. A method comprises detecting that a virtualized compute instance is instantiated on a host computer; generating, and transmitting to a port manager executing on the host computer, instructions to set a BLOCK-EXCEPT-DHCP status on a port assigned to the virtualized compute instance; determining whether an IP address has been assigned to the port by a DHCP service; and if it has: generating, and transmitting to the port manager, instructions to set a NORMAL status on the port; generating, and transmitting to the port manager, a SpoofGuard configured with the IP address assigned to the port; based on notifications received from the SpoofGuard, determining whether the IP address assigned to the port of the virtualized compute instance has been misused, expired or spoofed; and if it has, transmitting instructions to set the BLOCK-EXCEPT-DHCP status on the port.

Abstract: Exemplary methods, apparatuses, and systems include a file system process inserting a first key/value pair and a second key/value pair into a first tree. The second key is a duplicate of the first key and the value of the second key/value pair is an operation changing the value. In response to a request for a range of key/value pairs, the process reads the second key/value pair and inserts it in a second tree. The process reads the first pair and determines, while inserting the first pair in the second tree, that the second key is a duplicate of the first key. The file system process determines an updated value of the first value by applying the operation in the second value to first value. The file system operation updates the second key/value pair in the second tree with the updated value and returns the requested range of key/value pairs.

Abstract: A method of attestation of a host machine based on runtime configuration of the host machine is provided. The method receives, at an attestation machine, a request from the host machine for attestation of a software executing on the host machine, the request including at least one security-related configuration of the software at launch time and a corresponding runtime behavior of the software when the security-related configuration changes. The method then generates a claim based on evaluating a value associated with the at least one security-related configuration and the corresponding runtime behavior of the software when the value changes. The method also generates an attestation token after a successful attestation of the software and include in the attestation token the generated claim. The method further transmits the attestation token to the host machine.

Abstract: Techniques for efficiently storing client data blocks on a distributed-computing system are provided. The system includes a fast performance tier and a large capacity tier. The capacity tier stores the client data blocks in erasure encoded data stripes. The performance tier stores logical map data including an address map indicating a correspondence between logical addresses associated with a first layer of the system and physical addresses associated with a second layer. A method includes receiving a request to include additional client data blocks in the client blocks. The request indicates logical addresses for additional blocks. Corresponding physical addresses for additional block are determined. Each additional block is stored at the physical address. Additional logical map data is stored in the performance tier. Storing the additional logical map data includes updating the address map to indicate the correspondence between the logical addresses and the physical addresses for the additional blocks.

Abstract: One example method to perform object-based load balancing in a distributed storage system of a virtualization system supported by a cluster of host machines may include determining, by a first host machine in the cluster, whether any host machine in the cluster has affinity to a site. The method may also include determining, by the first host machine, whether to distribute affinity Internet small computer system interface (iSCSI) targets owned by the first host machine to at least the second machine based on a first balance objective associated with the site, and after having considered the first balance objective, determining, by the first host machine, whether to distribute iSCSI targets without affinity owned by the first host machine to other host machines in the cluster based on a second balance objective associated with the cluster.

Abstract: Disclosed are various examples for managing firmware passwords, such as BIOS passwords. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

Abstract: Techniques for generating a stream processing pipeline are provided. In one embodiment, a method includes generating a plurality of pipeline stages of a stream processing pipeline in accordance with a configuration file. The plurality of pipeline stages includes a first processing stage designated for a first data service and a second processing stage designated for a second data service and operating in parallel to the first processing stage.

Abstract: Disclosed are various approaches for authenticating a user through a voice assistant device and creating an association between the device and a user account. The request is associated with a network or federated service. The user is prompted to use a client device, such as a smartphone, to initiate an authentication flow. A soundwave is played through the voice assistant device that contains a secret key, which is then sent to an assistant connection service along with a token identifying the user or the user's device. An association between the user account and the voice assistant device can then be created.

Abstract: Methods, apparatus and articles of manufacture to provide client extensibility during provisioning of a composite blueprint are disclosed. An example virtual appliance in a cloud computing environment includes an orchestrator to facilitate provisioning of a virtual computing resource based on a blueprint, the provisioning associated with an event defined by the blueprint. The example virtual appliance also includes an event broker to maintain a set of subscribers to the event broker, each of the set of subscribers further subscribing to at least one event topic through the event broker, the event broker to trigger a notification of a first subscriber to a first event topic associated with the event when the event broker determines that the first subscriber is a blocking subscriber for the first event topic, the event broker to facilitate modification of the event by a blocking subscriber but not by a non-blocking subscriber.

Abstract: A system can include a network analysis platform for a two-level grid-based anomaly area identification and solution nomination in a radio access network. The network analysis platform can map key performance indicators for user sessions in the network to a grid that overlays a geographic area. The grid can be based on a military grid reference system. A machine-learning model can take a vector of key performance indicator samples as input and identify a problem for the grid. The network analysis platform can nominate cells to attempt to remediate based on ranking poor performing bins in the grid and determining the cells that contribute most to the problem in each bin. For a nominated cell, the network analysis platform can perform remediation actions to solve a coverage problem, throughput problem, or both. The problem can be solved for the grid while preventing conflicts between individual cells.

Abstract: Techniques for managing energy use of a computing deployment are provided. In one embodiment, a computer system can establish a performance model for one or more components of the computing deployment, where the performance model models a relationship between one or more tunable parameters of the one or more components and an end-to-end performance metric, and where the end-to-end performance metric reflects user-observable performance of a service provided by the computing deployment. The computer system can further execute an algorithm to determine values for the one or more tunable parameters that minimize power consumption of the one or more components, where the algorithm guarantees that the determined values will not cause the end-to-end performance metric, as calculated by the performance model, to cross a predefined threshold. The computer system can then enforce the determined values by applying changes to the one or more components.

Abstract: Methods and apparatus to manage a dynamic deployment environment including one or more virtual machines.

Abstract: Some embodiments provide a method for a global manager that manages a logical network configuration for multiple datacenters that each have a local manager for managing the logical network configuration within the datacenter. Based on detecting that a connection to a particular local manager of a particular datacenter has been restored after a period of unavailability, the method identifies a portion of the logical network configuration that is relevant to the particular datacenter. In a series of transactions, the method transfers the identified portion of the logical network configuration to the particular local manager. During the series of transactions, the method identifies modifications to the identified portion of the logical network configuration to be included in the series of transactions. Upon completion of the series of transactions, the method transfers a notification to the particular local manager indicating completion of the series of transactions.

Abstract: Methods and apparatus to clone an agent in a distributed environment are disclosed. An example apparatus includes a first management agent associated with a first component server in a virtualization environment, the first management agent configured to facilitate communication between the first component server and a virtual appliance, the virtual appliance to authenticate the first management agent based on first credentials including a first identifier and a first certificate. The example apparatus includes a second management agent associated with a second component server in the virtualization environment, the second management agent cloned from the first management agent and including a copy of the first credentials. The example second management agent is to: generate second credentials including a second identifier and a second certificate; authenticate with the virtual appliance based on the first identifier and the first certificate; and delete the copy of the first credentials.

Abstract: Some embodiments of the invention provide a method of facilitating routing through a software-defined wide area network (SD-WAN) defined for an entity. A first edge forwarding node located at a first multi-machine site of the entity, the first multi-machine site at a first physical location and including a first set of machines, serves as an edge forwarding node for the first set of machines by forwarding packets between the first set of machines and other machines associated with the entity via other forwarding nodes in the SD-WAN. The first edge forwarding node receives configuration data specifying for the first edge forwarding node to serve as a hub forwarding node for forwarding a set of packets from a second set of machines associated with the entity and operating at a second multi-machine site at a second physical location to a third set of machines associated with the entity and operating at a third multi-machine site at a third physical location.

Abstract: Disclosed are various examples for offline detection of Internet of Things (IoT) devices or any type of devices that report a heartbeat or status indication. A linked hash map be utilized as a data structure in which heartbeat message are stored. The oldest heartbeat message is stored at the head of the data structure so that only the head of the data structure requires checking if the oldest node is designated as online.

Abstract: In accordance with one embodiment, the present invention provides the ability to embed and edit rich content into a browser document. Embedded objects are not backed by installed desktop applications. Instead, in one embodiment, the embedded objects are Asynchronous Javascript and XML (AJAX) components that adhere to a set of design patterns, which are embedded within editable HTML documents. For example, a user composing an email message can embed a spreadsheet into the email in accordance with an embodiment of the present invention. The spreadsheet is implemented, in one embodiment, as an AJAX component adhering to the Ajax Linking and Embedding (ALE) design pattern. Since it is an ALE component, the embedded object is fetched across the network so that it may be instantiated and used regardless of the user's location. The user can edit, manipulate, and save the embedded object while remaining in the context of the container document.