Abstract: Managing an entryway for a building includes a computer system accessing identity data providing unique biometric identifications and associated names for respective people. Roles are stored and associated with people. Rules are stored and configured to define roles or people and define conditions and actions. A certain rule includes presence of a person at an entryway and a person in at a different location than the entryway as a condition. A named person is identified by the computer system comparing identity data to biometric data received for a person at the entryway. The computer system performs a defined action for the certain rule responsive to determining that the certain rule defines a role associated with the identified, named person at the entryway and responsive to detecting by a sensor in the building that a person is present in the building at a different location than the entryway.

Abstract: Embodiments of the present invention provide systems and methods for enhancing the processing of workloads. The method includes identifying features associated with a workload. The method further includes separating the workload into parts, determining a respective zone is suitable for the parts, and migrating the parts to the respective zone determined to be suitable.

Abstract: Managing an entryway for a building includes a computer system accessing identity data providing unique biometric identifications and associated names for respective people. Roles are stored and associated with people. Rules are stored and configured to define roles or people and define conditions and actions. A certain rule includes presence of a person at an entryway and a person in at a different location than the entryway as a condition. A named person is identified by the computer system comparing identity data to biometric data received for a person at the entryway. The computer system performs a defined action for the certain rule responsive to determining that the certain rule defines a role associated with the identified, named person at the entryway and responsive to detecting by a sensor in the building that a person is present in the building at a different location than the entryway.

Abstract: The present embodiments relate to security in a virtualized operating system environment with an active host based Intrusion Detection System (IDS). More specifically, the IDS identifies any infected container operating on the shared kernel and remedies the infected container. In an operating system virtualization, one or more containers are started in virtual memory utilizing the same operating system kernel. When a container starts any resource not specified in the container configuration is shared with the host operating system. The shared IDS provides security of the namespaces of all containers operating on the shared kernel.

Abstract: The present embodiments relate to security in a virtualized operating system environment with an active host based Intrusion Detection System (IDS). More specifically, the IDS identifies any infected container operating on the shared kernel and remedies the infected container. In an operating system virtualization, one or more containers are started in virtual memory utilizing the same operating system kernel. When a container starts any resource not specified in the container configuration is shared with the host operating system. The shared IDS provides security of the namespaces of all containers operating on the shared kernel.

Abstract: A first computing system may identify a security threat located at least at a first virtual server. The first virtual server may be within a second computing system. The first computing system may provision, in response to the identifying, a first firewall associated with the first virtual server. The first firewall may include a rule to deny all communication transmitted from the first virtual server. The first computing system may execute, in response to the provisioning, a first repair operation to repair the first virtual server.

Abstract: A first computing system may identify a security threat located at least at a first virtual server. The first virtual server may be within a second computing system. The first computing system may provision, in response to the identifying, a first firewall associated with the first virtual server. The first firewall may include a rule to deny all communication transmitted from the first virtual server. The first computing system may execute, in response to the provisioning, a first repair operation to repair the first virtual server.

Abstract: A method, a computer program product, and a computer system for a security fix of a container in a VM (virtual machine) environment. A computer detects a container in a container environment, determines whether the container has a security issue performs live migration of the container to a created VM, fixes the security issue of the container in the created VM, and determines whether the security issue is fixed. In response to determining that the security issue is fixed, the computer performs live migration of the created VM to the container environment.

Abstract: As disclosed herein a method, executed by a computer, for providing improved multi-protocol traffic processing includes receiving a data packet, determining if a big processor is activated, deactivating a little processor and activating the big processor if the big processor is not activated and an overflow queue is full, and deactivating the big processor and activating the little processor if the big processor is activated and a current throughput for the big processor is below a first threshold or a sustained throughput for the big processor remains below a second threshold. The big and little processors may be co-located on a single integrated circuit. An overflow queue, managed with a token bucket algorithm, may be used to enable the little processor to handle short burst of data packet traffic. A computer program product and an apparatus corresponding to the described method are also disclosed herein.

Abstract: As disclosed herein a method, executed by a computer, for providing improved multi-protocol traffic processing includes receiving a data packet, determining if a big processor is activated, deactivating a little processor and activating the big processor if the big processor is not activated and an overflow queue is full, and deactivating the big processor and activating the little processor if the big processor is activated and a current throughput for the big processor is below a first threshold or a sustained throughput for the big processor remains below a second threshold. The big and little processors may be co-located on a single integrated circuit. An overflow queue, managed with a token bucket algorithm, may be used to enable the little processor to handle short burst of data packet traffic. A computer program product and an apparatus corresponding to the described method are also disclosed herein.

Abstract: Embodiments of the present invention provide methods, systems, and computer program products for container communication. In an embodiment, it is determined whether a message is going to a container on a same machine or to a container on a machine at a geographically different location. If it is determined that the message is going to a container on a machine at a geographically different location, then it is determined whether a predetermined threshold has been reached. If it is determined that the predetermined threshold has been reached, then the container from a first machine is migrated to the container on the container on the machine at the geographically different location. A data tracking structure is used to visually represent the migration of containers to other machines.

Abstract: A first set of data may be received indicating that an object of interest has been identified. A second set of data may be received indicating a first location of where the object of interest was identified. The first location may correspond to a geographical area. In response to the receiving of the first set of data and the second set of data, the first location may be associated with a first transceiver base station. In response to the associating, a first list of one or more mobile devices may be obtained that are within an active range of the first transceiver base station.

Abstract: The method includes identifying, by one or more computer processors, a first container with first software stack and a valid multipath configuration, wherein the first software stack is a first path of the valid multipath configuration. The method further includes creating, by one or more computer processors, a second container, wherein the second container has the same rules as the first container. The method further includes creating, by one or more computer processes, a second software stack in the second container, wherein the software stack is a redundant software stack of the first software stack. The method further includes creating, by one or more computer processors, a second path from the first container to the second software stack, wherein the second path bypasses the first software stack.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for a method for a system for deploying compute instances for processing a workload. Receiving a workload to be processed by a computer and determining an architecture for a compute instance that is required to process the workload, wherein the compute instance is an instance of computer system being spawned from a computing device. Setting growth rules for the compute instance, wherein the growth rules determines when the number of compute instances needs to be increased or decreased and deploying the compute instance to process the workload. The computer monitors a demand for the deployed compute instance to process the workload and automatically increasing or decreasing the number of deployed compute instances, based on the monitored demand for the deployed compute instances and the growth rules for the compute instances.

Abstract: A first set of data may be received indicating that an object of interest has been identified. A second set of data may be received indicating a first location of where the object of interest was identified. The first location may correspond to a geographical area. In response to the receiving of the first set of data and the second set of data, the first location may be associated with a first transceiver base station. In response to the associating, a first list of one or more mobile devices may be obtained that are within an active range of the first transceiver base station.

Abstract: In an approach for testing software, a computer receives a series of two or more revisions to a set of software code. The computer identifies modifications between the series of two or more revisions. The computer categorizes the series of two or more revisions into one or more categories of revisions based on the identified modifications. The computer tests at least one of the series of two or more revisions from at least one of the one or more categories of revisions.

Abstract: A method, system, and computer program product are disclosed for creating an in-memory application image. Embodiments can include receiving an application from a storage. Embodiments can also include loading the received application into a memory storage pool. Embodiments can also include receiving an indication of a request to execute the in-memory application image on a first virtual machine of a plurality of virtual machines. Embodiments can also include receiving an indication to execute the in-memory application image on the first virtual machine. Embodiments can also include removing the in-memory application image from the memory storage pool, in response to the receiving the indication to execute the in-memory application. Embodiments can also include assigning the removed in-memory application image to the first virtual machine.

Abstract: A method, system, and computer program product are disclosed for creating an in-memory application image. Embodiments can include receiving an application from a storage. Embodiments can also include loading the received application into a memory storage pool. Embodiments can also include receiving an indication of a request to execute the in-memory application image on a first virtual machine of a plurality of virtual machines. Embodiments can also include receiving an indication to execute the in-memory application image on the first virtual machine. Embodiments can also include removing the in-memory application image from the memory storage pool, in response to the receiving the indication to execute the in-memory application. Embodiments can also include assigning the removed in-memory application image to the first virtual machine.

Abstract: Operating a dual chipset network interface controller (‘NIC’) that includes a high performance media access control chipset and a low performance media access control chipset, including: determining, by a NIC control module, an amount of network traffic being processed by the NIC; determining, by the NIC control module, whether the amount of network traffic being processed by the NIC exceeds a predetermined threshold; responsive to determining that the amount of network traffic being processed by the NIC exceeds a predetermined threshold, configuring, by the NIC control module, the NIC to utilize the high performance media access control chipset for data communications operations; and responsive to determining that the amount of network traffic being processed by the NIC does not exceed the predetermined threshold, configuring, by the NIC control module, the NIC to utilize the low performance media access control chipset for data communications operations.

Abstract: Operating a dual chipset network interface controller (‘NIC’) that includes a high performance media access control chipset and a low performance media access control chipset, including: determining, by a NIC control module, an amount of network traffic being processed by the NIC; determining, by the NIC control module, whether the amount of network traffic being processed by the NIC exceeds a predetermined threshold; responsive to determining that the amount of network traffic being processed by the NIC exceeds a predetermined threshold, configuring, by the NIC control module, the NIC to utilize the high performance media access control chipset for data communications operations; and responsive to determining that the amount of network traffic being processed by the NIC does not exceed the predetermined threshold, configuring, by the NIC control module, the NIC to utilize the low performance media access control chipset for data communications operations.