Abstract: Systems and methods for providing RDMA (remote direct memory access) read requests as a restricted feature in a high performance computing environment. An exemplary method can provide, at one or more microprocessors, a first subnet, the first subnet comprising a plurality of switches, a plurality of host channel adapters, wherein each of the host channel adapters comprise at least one host channel adapter port, and wherein the plurality of host channel adapters are interconnected via the plurality of switches, and a plurality of end nodes, including a plurality of virtual machine. The method can associate a host channel adapter with a selective RDMA restriction. The method can host a virtual machine of the plurality of virtual machines at the host channel adapter that comprises a selective RDMA restriction.

Abstract: Systems and methods for providing bandwidth congestion control in a private fabric in a high performance computing environment. An exemplary method can provide, at one or more microprocessors, a first subnet, the first subnet comprising a plurality of switches, and a plurality of host channel adapters, wherein each of the host channel adapters comprise at least one host channel adapter port, and wherein the plurality of host channel adapters are interconnected via the plurality of switches, and a plurality of end nodes. The method can provide, at a host channel adapter, an end node ingress bandwidth quota associated with an end node attached to the host channel adapter. The method can receive, at the end node of the host channel adapter, ingress bandwidth, the ingress bandwidth exceeding the ingress bandwidth quota of the end node.

Abstract: According to one or more embodiments, lookup, insertion, and deletion operations are allowed to continue during actions required for collision remediation. When relocation operations are used to resolve a collision, information encoded in header portions of the hash table entries that store the key-value pairs indicates when the associated key-value pairs are undergoing relocation. This information facilitates continued access to the RKVS during the relocation process by allowing other processes that access the RKVS to handle relocations without failure. Furthermore, when hash table expansion is needed in order to resolve a collision, a second, larger, hash table is allocated, and lookup operations continue on both the old hash table and the new hash table. One or more embodiments further prevent insertion, lookup, and deletion failures in the RKVS using flags, encoded in header information in hash table entries, that reflect the state of the respective key-value pairs in the store.

Abstract: Techniques are provided to allow more sophisticated operations to be performed remotely by machines that are not fully functional. Operations that can be performed reliably by a machine that has experienced a hardware and/or software error are referred to herein as Remote Direct Memory Operations or “RDMOs”. Unlike RDMAs, which typically involve trivially simple operations such as the retrieval of a single value from the memory of a remote machine, RDMOs may be arbitrarily complex. The techniques described herein can help applications run without interruption when there are software faults or glitches on a remote system with which they interact.

Abstract: Techniques are provided to allow more sophisticated operations to be performed remotely by machines that are not fully functional. Operations that can be performed reliably by a machine that has experienced a hardware and/or software error are referred to herein as Remote Direct Memory Operations or “RDMOs”. Unlike RDMAs, which typically involve trivially simple operations such as the retrieval of a single value from the memory of a remote machine, RDMOs may be arbitrarily complex. The techniques described herein can help applications run without interruption when there are software faults or glitches on a remote system with which they interact.

Abstract: Techniques are provided to allow more sophisticated operations to be performed remotely by machines that are not fully functional. Operations that can be performed reliably by a machine that has experienced a hardware and/or software error are referred to herein as Remote Direct Memory Operations or “RDMOs”. Unlike RDMAs, which typically involve trivially simple operations such as the retrieval of a single value from the memory of a remote machine, RDMOs may be arbitrarily complex. The techniques described herein can help applications run without interruption when there are software faults or glitches on a remote system with which they interact.

Abstract: Techniques are provided to allow more sophisticated operations to be performed remotely by machines that are not fully functional. Operations that can be performed reliably by a machine that has experienced a hardware and/or software error are referred to herein as Remote Direct Memory Operations or “RDMOs”. Unlike RDMAs, which typically involve trivially simple operations such as the retrieval of a single value from the memory of a remote machine, RDMOs may be arbitrarily complex. The techniques described herein can help applications run without interruption when there are software faults or glitches on a remote system with which they interact.

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list.

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list.

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list.

Abstract: A security solution provides secure communication in a multi-tenant environment which includes a connection-based fabric, storage cells holding data associated with different tenants, database servers which provide a plurality of database services using said data, application servers hosting database service consumers. The fabric is configured into partitions isolating the storage cells from the database service consumers. The application servers securely associate unique database service consumer identities with each database service consumer and all communications with the database servers. The database servers reject all communications from the application servers which do not include an identity and use an access control list to control access from the database service consumers to the database services using address resolution access control, connection establishment access control, and data exchange access control based on said access control list.

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list.

Abstract: A security solution provides secure communication in a multi-tenant environment which includes a connection-based fabric, storage cells holding data associated with different tenants, database servers which provide a plurality of database services using said data, application servers hosting database service consumers. The fabric is configured into partitions isolating the storage cells from the database service consumers. The application servers securely associate unique database service consumer identities with each database service consumer and all communications with the database servers. The database servers reject all communications from the application servers which do not include an identity and use an access control list to control access from the database service consumers to the database services using address resolution access control, connection establishment access control, and data exchange access control based on said access control list.