Abstract: Systems, computer-implemented methods, and computer program products that facilitate container inspection components of a container-based virtualization environment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a container inspection control component that can define one or more constrained capabilities of a container inspection. The computer executable components can further comprise a container inspection component that can inspect a virtual container based on the one or more constrained capabilities.

Abstract: A sandbox component, operatively coupled to a host and a guest container, the sandbox component securely extends systems data collection software with potentially untrusted third-party code. A secure environment is enabled where plugins will run inside a sidecar container that is separate from a guest container. A container consists of an entire runtime environment: an application, plus its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package. A sidecar service is not necessarily part of the application but is connected to the guest container and follows the parent application. A sidecar is independent from its primary application in terms of runtime environment and programming language. The sidecar plugin will be given a sparse/limited set of privileges required to simply perform its intended function and the Linux kernel constructs will control data access and transfer.

Abstract: Techniques facilitating representing and analyzing cloud computing data as pseudo systems are provided. A system comprises a memory that stores, and a processor that executes, computer executable components. The computer executable components comprise a framework component and a generation component. The framework component can recreate a system state of a computing device as a pseudo system state for the computing device. The pseudo system state can be decoupled from an original operating state of the computing device and can comprise data abstracted from the original operating state. The data abstracted can mimic an operation of the computing device. The generation component can create the pseudo system state and can facilitate black-box execution of software over the pseudo system state. The black-box execution of software can comprise running applications in the pseudo system state as if the applications were executing in the original operating state of the computing device.

Abstract: Techniques facilitating compliance aware service registry and load balancing are provided. A system can comprise a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can comprise an extraction component that removes a service from a load balancer ring based on a first determination by a verification component that a compliance state of the service is a non-compliant state. Further, the computer executable components can comprise an insertion component that adds the service to the load balancer ring based on a second determination by the verification component that, after a defined amount of time, the compliance state of the service is a compliant state.

Abstract: A container cloud platform that allows software functions to be shared by multiple applications in different application containers is provided. The service functions are containerized and disaggregated from the application containers. The containerized services are delivered as a capsule for applications that invoke the service functions at application runtime. The images of the service containers are deployed at the host computing devices operating the corresponding application containers. The container cloud platform monitors the deployed service containers for their execution as well as their termination.

Abstract: Techniques are provided for discovery and monitoring of an environment using a plurality of robots. A plurality of robots navigate an environment by determining a navigation buffer for each of the robots; and allowing each of the robots to navigate within the environment while maintaining a substantially minimum distance from other robots, wherein the substantially minimum distance corresponds to the navigation buffer, and wherein a size of each of the navigation buffers is reduced over time based on a percentage of the environment that remains to be navigated. The robots can also navigate an environment by obtaining a discretization of the environment to a plurality of discrete regions; and determining a next unvisited discrete region for one of the plurality of robots to explore in the exemplary environment using a breadth-first search. The plurality of discrete regions can be, for example, a plurality of real or virtual tiles.

Abstract: A system and method for providing quality of service during live migration includes determining one or more quality of service (QoS) specifications for one or more virtual machines (VMs) to be live migrated. Based on the one or more QoS specifications, a QoS is applied to a live migration of the one or more VMs by controlling; resources including at least one of live migration network characteristics and VM execution parameters.

Abstract: Techniques facilitating cloud-native extensibility provided to security analytics are provided. A system comprises a memory that stores, and a processor that executes, computer executable components. The computer executable components can comprise a security component that implements an instance of an encapsulated security application. The encapsulated security application can be embedded into a container image as an extended analytic script. The computer executable components can also comprise an execution component that applies the instance of the encapsulated security application to a simulated system state of a computing device during subsequent scanning operations that result in respective analytics for scanning operations of the subsequent scanning operations.

Abstract: A system and method for providing quality of service during live migration includes determining one or more quality of service (QoS) specifications for one or more virtual machines (VMs) to be live migrated. Based on the one or more QoS specifications, a QoS is applied to a live migration of the one or more VMs by controlling resources including at least one of live migration network characteristics and VM execution parameters.

Abstract: Techniques are provided for discovery and monitoring of an environment using a plurality of robots. A plurality of robots navigate an environment by determining a navigation buffer for each of the robots; and allowing each of the robots to navigate within the environment while maintaining a substantially minimum distance from other robots, wherein the substantially minimum distance corresponds to the navigation buffer, and wherein a size of each of the navigation buffers is reduced over time based on a percentage of the environment that remains to be navigated. The robots can also navigate an environment by obtaining a discretization of the environment to a plurality of discrete regions; and determining a next unvisited discrete region for one of the plurality of robots to explore in the exemplary environment using a breadth-first search. The plurality of discrete regions can be, for example, a plurality of real or virtual tiles.

Abstract: Techniques are provided for discovery and monitoring of an environment using a plurality of robots. A plurality of robots navigate an environment by determining a navigation buffer for each of the robots; and allowing each of the robots to navigate within the environment while maintaining a substantially minimum distance from other robots, wherein the substantially minimum distance corresponds to the navigation buffer, and wherein a size of each of the navigation buffers is reduced over time based on a percentage of the environment that remains to be navigated. The robots can also navigate an environment by obtaining a discretization of the environment to a plurality of discrete regions; and determining a next unvisited discrete region for one of the plurality of robots to explore in the exemplary environment using a breadth-first search. The plurality of discrete regions can be, for example, a plurality of real or virtual tiles.

Abstract: Techniques facilitating cloud-native extensibility provided to security analytics are provided. A system comprises a memory that stores, and a processor that executes, computer executable components. The computer executable components can comprise a security component that implements an instance of an encapsulated security application. The encapsulated security application can be embedded into a container image as an extended analytic script. The computer executable components can also comprise an execution component that applies the instance of the encapsulated security application to a simulated system state of a computing device during subsequent scanning operations that result in respective analytics for scanning operations of the subsequent scanning operations.

Abstract: Techniques facilitating compliance aware service registry and load balancing are provided. A system can comprise a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can comprise an extraction component that removes a service from a load balancer ring based on a first determination by a verification component that a compliance state of the service is a non-compliant state. Further, the computer executable components can comprise an insertion component that adds the service to the load balancer ring based on a second determination by the verification component that, after a defined amount of time, the compliance state of the service is a compliant state.

Abstract: Systems, computer-implemented methods, and computer program products that facilitate container inspection components of a container-based virtualization environment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a container inspection control component that can define one or more constrained capabilities of a container inspection. The computer executable components can further comprise a container inspection component that can inspect a virtual container based on the one or more constrained capabilities.

Abstract: A mechanism is provided in a data processing system for monitoring a virtual machine in a distributed computing system. An out-of-virtual machine monitor receives, via an out-of-band path, disk and memory state data of the virtual machine exposed in a hypervisor hosting the virtual machine. The out-of-virtual machine monitor interprets logical information from the virtual machine disk and memory state data. The out-of-virtual machine monitor parses the logical information to extract related system or log information for a monitoring endpoint. The out-of-virtual machine monitor translates the system or log information to a standard format expected by the monitoring endpoint. The out-of-virtual machine monitor forwards a monitoring data stream to the monitoring endpoint.

Abstract: Techniques facilitating compliance aware service registry and load balancing are provided. A system can comprise a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can comprise an extraction component that removes a service from a load balancer ring based on a first determination by a verification component that a compliance state of the service is a non-compliant state. Further, the computer executable components can comprise an insertion component that adds the service to the load balancer ring based on a second determination by the verification component that, after a defined amount of time, the compliance state of the service is a compliant state.

Abstract: Techniques facilitating representing and analyzing cloud computing data as pseudo systems are provided. A system comprises a memory that stores, and a processor that executes, computer executable components. The computer executable components comprise a framework component and a generation component. The framework component can recreate a system state of a computing device as a pseudo system state for the computing device. The pseudo system state can be decoupled from an original operating state of the computing device and can comprise data abstracted from the original operating state. The data abstracted can mimic an operation of the computing device. The generation component can create the pseudo system state and can facilitate black-box execution of software over the pseudo system state. The black-box execution of software can comprise running applications in the pseudo system state as if the applications were executing in the original operating state of the computing device.

Abstract: Techniques facilitating representing and analyzing cloud computing data as pseudo systems are provided. A system comprises a memory that stores, and a processor that executes, computer executable components. The computer executable components comprise a framework component and a generation component. The framework component can recreate a system state of a computing device as a pseudo system state for the computing device. The pseudo system state can be decoupled from an original operating state of the computing device and can comprise data abstracted from the original operating state. The data abstracted can mimic an operation of the computing device. The generation component can create the pseudo system state and can facilitate black-box execution of software over the pseudo system state. The black-box execution of software can comprise running applications in the pseudo system state as if the applications were executing in the original operating state of the computing device.

Abstract: A sandbox component, operatively coupled to a host and a guest container, the sandbox component securely extends systems data collection software with potentially untrusted third-party code. A secure environment is enabled where plugins will run inside a sidecar container that is separate from a guest container. A container consists of an entire runtime environment: an application, plus its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package. A sidecar service is not necessarily part of the application but is connected to the guest container and follows the parent application. A sidecar is independent from its primary application in terms of runtime environment and programming language. The sidecar plugin will be given a sparse/limited set of privileges required to simply perform its intended function and the Linux kernel constructs will control data access and transfer.

Abstract: In an approach for determining optimal performance-related configurations of applications by analyzing peer data, a processor monitors instances of an application, wherein the instances of the application are running on a plurality of devices. A processor receives data related to: configuration parameters of the application, system parameters of the plurality of devices, and performance metrics of the plurality of devices. A processor determines correlation and dependencies between the configuration parameters with associated system parameters, using: an all pair analysis and a Pearson product-moment correlation coefficient (PPMCC). A processor determines dependencies between the configuration parameters with performance metrics. A processor recommends to a user, configuration settings of the application, based on the analysis of the data.