Abstract: Techniques for routing a request based on a vulnerability in a processing node are disclosed. A vulnerability analyzer determines a set of detected vulnerabilities in each of a set of processing nodes. Based on the detected vulnerabilities, the vulnerability analyzer determines a respective vulnerability score for each processing node. A routing engine receives a request to be processed by at least one of the set of processing nodes. The routing engine selects a particular node for processing the request based on the detected vulnerabilities in one or more of the set of processing nodes. The routing engine may select the particular node based on the vulnerability scores of the set of processing nodes. Additionally or alternatively, the routing engine may select the particular node based on whether the particular node includes any vulnerability that may be exploited by the request.

Abstract: Techniques for routing a request based on a vulnerability in a processing node are disclosed. A vulnerability analyzer determines a set of detected vulnerabilities in each of a set of processing nodes. Based on the detected vulnerabilities, the vulnerability analyzer determines a respective vulnerability score for each processing node. A routing engine receives a request to be processed by at least one of the set of processing nodes. The routing engine selects a particular node for processing the request based on the detected vulnerabilities in one or more of the set of processing nodes. The routing engine may select the particular node based on the vulnerability scores of the set of processing nodes. Additionally or alternatively, the routing engine may select the particular node based on whether the particular node includes any vulnerability that may be exploited by the request.

Abstract: Techniques for routing a request based on a vulnerability in a processing node are disclosed. A vulnerability analyzer determines a set of detected vulnerabilities in each of a set of processing nodes. Based on the detected vulnerabilities, the vulnerability analyzer determines a respective vulnerability score for each processing node. A routing engine receives a request to be processed by at least one of the set of processing nodes. The routing engine selects a particular node for processing the request based on the detected vulnerabilities in one or more of the set of processing nodes. The routing engine may select the particular node based on the vulnerability scores of the set of processing nodes. Additionally or alternatively, the routing engine may select the particular node based on whether the particular node includes any vulnerability that may be exploited by the request.

Abstract: Systems, methods, and other embodiments associated with placing a virtual machine or workload on one of a plurality of hosts are described. In one embodiment, a method includes analyzing the hosts to identify a set of candidate hosts. Each candidate host is analyzed and a threat score is calculated for each candidate host that is indicative of a degree of vulnerability of the candidate host to information-security threats. The corresponding threat scores from the candidate hosts are compared and a host with a lowest threat score is selected, and the virtual machine is placed on the selected host. Thereafter, the selected host is reanalyzed to calculate an updated threat score based at least in part upon the placement of the virtual machine, and in response to determining that the updated threat score exceeds a threshold, the virtual machine is moved to a different host.

Abstract: Systems, methods, and other embodiments associated with placing a virtual machine or workload on one of a plurality of hosts are described. In one embodiment, a method includes analyzing the hosts to identify a set of candidate hosts. Each candidate host is analyzed and a threat score is calculated for each candidate host that is indicative of a degree of vulnerability of the candidate host to information-security threats. The corresponding threat scores from the candidate hosts are compared and a host with a lowest threat score is selected, and the virtual machine is placed on the selected host. Thereafter, the selected host is reanalyzed to calculate an updated threat score based at least in part upon the placement of the virtual machine, and in response to determining that the updated threat score exceeds a threshold, the virtual machine is moved to a different host.

Abstract: Systems, methods, and other embodiments associated with placing a workload on one of a plurality of hosts are described. In one embodiment, a method includes analyzing hosts to identify a first host and a second host determined to meet resource requirements of the workload. The example method may also include analyzing the first host to calculate a first threat score, and analyzing the second host to calculate a second threat score. The example method may also include selecting a host with a lowest threat score and placing the workload on the selected host. The example method may also include reanalyzing the selected host to calculate an updated threat score. The example method may also include in response to determining that the updated threat score exceeds a threshold threat score, moving the workload to a third host.

Abstract: Techniques for routing a request based on a vulnerability in a processing node are disclosed. A vulnerability analyzer determines a set of detected vulnerabilities in each of a set of processing nodes. Based on the detected vulnerabilities, the vulnerability analyzer determines a respective vulnerability score for each processing node. A routing engine receives a request to be processed by at least one of the set of processing nodes. The routing engine selects a particular node for processing the request based on the detected vulnerabilities in one or more of the set of processing nodes. The routing engine may select the particular node based on the vulnerability scores of the set of processing nodes. Additionally or alternatively, the routing engine may select the particular node based on whether the particular node includes any vulnerability that may be exploited by the request.

Abstract: Systems, methods, and other embodiments associated with placing a workload on one of a plurality of hosts are described. In one embodiment, a method includes analyzing hosts to identify a first host and a second host determined to meet resource requirements of the workload. The example method may also include analyzing the first host to calculate a first threat score, and analyzing the second host to calculate a second threat score. The example method may also include selecting a host with a lowest threat score and placing the workload on the selected host. The example method may also include reanalyzing the selected host to calculate an updated threat score. The example method may also include in response to determining that the updated threat score exceeds a threshold threat score, moving the workload to a third host.

Abstract: In a general aspect, a computer-implemented method can include provisioning a virtual network on a hypervisor server. The method can also include querying the hypervisor server to determine an allowable range for a number of virtual ports of a first port group of a virtual switch implemented on the hypervisor server, the first port group being associated with the virtual network. The method can further include provisioning at least one virtual machine on the virtual network including assigning a respective virtual port of the first port group to the virtual machine. The method can still further include monitoring usage of the virtual ports of the first port group and, in response to the usage of the virtual ports of the first port group exceeding a threshold, instructing the hypervisor server to provision a second port group on the virtual switch, the second port group being associated with the virtual network.

Abstract: In a general aspect, a computer-implemented method can include provisioning a virtual network on a hypervisor server. The method can also include querying the hypervisor server to determine an allowable range for a number of virtual ports of a first port group of a virtual switch implemented on the hypervisor server, the first port group being associated with the virtual network. The method can further include provisioning at least one virtual machine on the virtual network including assigning a respective virtual port of the first port group to the virtual machine. The method can still further include monitoring usage of the virtual ports of the first port group and, in response to the usage of the virtual ports of the first port group exceeding a threshold, instructing the hypervisor server to provision a second port group on the virtual switch, the second port group being associated with the virtual network.