Patents by Inventor Constantinos Kassimis
Constantinos Kassimis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230102654Abstract: A system may include a memory and a processor in communication with the memory. The processor may be configured to perform operations. The operations may include analyzing a host system, detecting one or more specifications of the host system, and determining a displaceable capacity of the host system. The determining a displaceable capacity of the host system may include identifying a workload on the host system, establishing a workload priority for the workload, and defining a task priority of a task. The operations may include computing service metrics of the host system. The operations may include displacing a portion of the workload using the displaceable capacity.Type: ApplicationFiled: September 28, 2021Publication date: March 30, 2023Inventors: Ahilan Rajadeva, Constantinos Kassimis, Al Chakra, Chao Jun Wei, Yu Zhuo Sun
-
Virtualizing specific values in a guest configuration based on the underlying host symbol repository
Patent number: 11544234Abstract: A method, system, and computer program product are provided for virtualizing specific values in a guest configuration based on the underlying host symbol substitution values. A symbolic link located in a traditional file system in a virtual guest is opened. Each symbol is extracted from a symbol-based file located in a symbol-based file system. The symbol-based file is accessed through a symbolic link from the traditional file system. The virtual guest issues a privileged instruction to a hypervisor for each symbol in the symbol-based file to retrieve a substitution value from a symbol table that is stored in hypervisor storage. The substitution value for each symbol is returned to the virtual guest, and it replaces the symbol in the symbol-based file. In response to a file read request for the traditional file, the substitution value is retrieved from the symbol-based file using the symbolic link from the traditional file.Type: GrantFiled: November 12, 2020Date of Patent: January 3, 2023Assignee: International Business Machines CorporationInventors: Ahilan Rajadeva, Al Chakra, Constantinos Kassimis, Christopher Meyer -
Publication number: 20220197680Abstract: Techniques for integrated authentication for a container-based environment are described herein. An aspect includes accessing, by an application that is running in a container in a container environment that is hosted by a hypervisor on a host system, an authentication module that is located in the container environment. Another aspect includes invoking an authentication handler in the container environment based on the accessing of the authentication module. Another aspect includes passing control to the hypervisor from the authentication handler. Another aspect includes retrieving a security artifact from a security database of the host system by the hypervisor. Another aspect includes providing the retrieved security artifact to the application via the authentication handler. Another aspect includes performing an authentication operation by the application using the security artifact.Type: ApplicationFiled: December 21, 2020Publication date: June 23, 2022Inventors: Ahilan Rajadeva, Al Chakra, Constantinos Kassimis, Christopher Meyer
-
VIRTUALIZING SPECIFIC VALUES IN A GUEST CONFIGURATION BASED ON THE UNDERLYING HOST SYMBOL REPOSITORY
Publication number: 20220147496Abstract: A method, system, and computer program product are provided for virtualizing specific values in a guest configuration based on the underlying host symbol substitution values. A symbolic link located in a traditional file system in a virtual guest is opened. Each symbol is extracted from a symbol-based file located in a symbol-based file system. The symbol-based file is accessed through a symbolic link from the traditional file system. The virtual guest issues a privileged instruction to a hypervisor for each symbol in the symbol-based file to retrieve a substitution value from a symbol table that is stored in hypervisor storage. The substitution value for each symbol is returned to the virtual guest, and it replaces the symbol in the symbol-based file. In response to a file read request for the traditional file, the substitution value is retrieved from the symbol-based file using the symbolic link from the traditional file.Type: ApplicationFiled: November 12, 2020Publication date: May 12, 2022Inventors: Ahilan Rajadeva, Al Chakra, Constantinos Kassimis, Christopher Meyer -
Patent number: 10728146Abstract: According to one or more embodiments, a computer implemented method includes receiving, by an operating system of a computer server, a request to execute an instance of a computer application. The method further includes, based on a determination that the computer application is a non-native application for the operating system, deploying, by the operating system, a virtual container for the instance of the computer application, the virtual container is allocated a dynamic virtual internet protocol address (DVIPA). The method further includes instantiating, by the operating system, an application instance of the computer application in the virtual container. The method further includes setting, by the operating system, a VC-attribute of the DVIPA of the virtual container to a first state, the first state of the VC-attribute indicative that the virtual container is hosting the application instance of the non-native application.Type: GrantFiled: February 26, 2019Date of Patent: July 28, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jerry Stevens, Constantinos Kassimis, David Anthony Herr
-
Patent number: 10567372Abstract: A system for establishing a secure connection is described. The system includes a remote direct memory access over converged Ethernet (RoCE) adapter and host device. The host device includes a processor configured to establish a Transmission Control Protocol (TCP) connection between the host device and a client device via the host device network adapter. The host device forwards Internet Protocol Security (IPSec) Security Associations (SAs) and related keys to a host device Remote Direct Memory Access over Converged Ethernet (RoCE) adapter operatively connected with the host device for remote direct memory access. The RoCE adapter communicates protected data to and from the client device over an RoCE connection using the IPSec SAs and related keys.Type: GrantFiled: June 16, 2017Date of Patent: February 18, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Constantinos Kassimis, Chris Meyer, Linwood H. Overby, Jr., Jerry Stevens
-
Patent number: 10567373Abstract: A system for establishing a secure connection is described. The system includes a remote direct memory access over converged Ethernet (RoCE) adapter and host device. The host device includes a processor configured to establish a Transmission Control Protocol (TCP) connection between the host device and a client device via the host device network adapter. The host device forwards Internet Protocol Security (IPSec) Security Associations (SAs) and related keys to a host device Remote Direct Memory Access over Converged Ethernet (RoCE) adapter operatively connected with the host device for remote direct memory access. The RoCE adapter communicates protected data to and from the client device over an RoCE connection using the IPSec SAs and related keys.Type: GrantFiled: November 10, 2017Date of Patent: February 18, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Constantinos Kassimis, Chris Meyer, Linwood H. Overby, Jr., Jerry Stevens
-
Patent number: 10382490Abstract: A computer-implemented method includes monitoring a plurality of connections of a plurality of host applications at a host, where each connection of the plurality of connections carries network traffic associated with a respective host application of the plurality of host applications. A plurality of sets of security attributes are detected, and include a respective set of security attributes for each connection of the plurality of connections. The plurality of sets of security attributes are stored in a security database. From the security database, the respective set of security attributes of a first connection are compared to a centralized security policy. It is determined that the respective set of security attributes of the first connection do not meet the centralized security policy. A remedial action is performed on the first connection, responsive to the respective set of security attributes of the first connection not meeting the centralized security policy.Type: GrantFiled: January 24, 2017Date of Patent: August 13, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Constantinos Kassimis, Christopher Meyer, Linwood H. Overby, Jr., David J. Wierbowski
-
Patent number: 10326832Abstract: A method, apparatus and computer program product for improved load balancing provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.Type: GrantFiled: December 22, 2017Date of Patent: June 18, 2019Assignee: International Business Machines CorporationInventors: Michael Gerard Fitzpatrick, Andrew Hilliard Arrowood, Gary Owen McAfee, Andrea Lynn Fitzpatrick, Linwood Hugh Overby, Jr., Constantinos Kassimis
-
Patent number: 10250507Abstract: Disclosed is a computer-implemented method of rebalancing persistent client connections to a cluster of servers. The method comprises identifying an increase in a total client connection capacity of the cluster of servers with a network connection balancing component; and for each server in a selection of servers in the cluster of servers calculating a current client connection capacity utilization of the server from the number of persistent connections to the server and the current capacity of the server; comparing the current client connection capacity utilization with the target client connection capacity utilization; and terminating a selection of its persistent client connections by a server based on its current client connection capacity utilization exceeding the target client connection capacity utilization. Also disclosed are a computer program product and a computer system for utilizing the computer-implemented method.Type: GrantFiled: March 11, 2016Date of Patent: April 2, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Robert C. Jones, Constantinos Kassimis, Ian J. Mitchell, Philip I. Wakelin
-
Patent number: 10243854Abstract: Disclosed is a computer-implemented method of rebalancing persistent client connections to a cluster of servers. The method comprises identifying an increase in a total client connection capacity of the cluster of servers with a network connection balancing component; and for each server in a selection of servers in the cluster of servers calculating a current client connection capacity utilization of the server from the number of persistent connections to the server and the current capacity of the server; comparing the current client connection capacity utilization with the target client connection capacity utilization; and terminating a selection of its persistent client connections by a server based on its current client connection capacity utilization exceeding the target client connection capacity utilization. Also disclosed are a computer program product and a computer system for utilizing the computer-implemented method.Type: GrantFiled: December 9, 2015Date of Patent: March 26, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Robert C. Jones, Constantinos Kassimis, Ian J. Mitchell, Philip I. Wakelin
-
Publication number: 20180367527Abstract: A system for establishing a secure connection is described. The system includes a remote direct memory access over converged Ethernet (RoCE) adapter and host device. The host device includes a processor configured to establish a Transmission Control Protocol (TCP) connection between the host device and a client device via the host device network adapter. The host device forwards Internet Protocol Security (IPSec) Security Associations (SAs) and related keys to a host device Remote Direct Memory Access over Converged Ethernet (RoCE) adapter operatively connected with the host device for remote direct memory access. The RoCE adapter communicates protected data to and from the client device over an RoCE connection using the IPSec SAs and related keys.Type: ApplicationFiled: November 10, 2017Publication date: December 20, 2018Inventors: Constantinos Kassimis, Chris Meyer, Linwood H. Overby, JR., Jerry Stevens
-
Publication number: 20180367525Abstract: A system for establishing a secure connection is described. The system includes a remote direct memory access over converged Ethernet (RoCE) adapter and host device. The host device includes a processor configured to establish a Transmission Control Protocol (TCP) connection between the host device and a client device via the host device network adapter. The host device forwards Internet Protocol Security (IPSec) Security Associations (SAs) and related keys to a host device Remote Direct Memory Access over Converged Ethernet (RoCE) adapter operatively connected with the host device for remote direct memory access. The RoCE adapter communicates protected data to and from the client device over an RoCE connection using the IPSec SAs and related keys.Type: ApplicationFiled: June 16, 2017Publication date: December 20, 2018Inventors: Constantinos Kassimis, Chris Meyer, Linwood H. Overby, JR., Jerry Stevens
-
Publication number: 20180212999Abstract: A computer-implemented method includes monitoring a plurality of connections of a plurality of host applications at a host, where each connection of the plurality of connections carries network traffic associated with a respective host application of the plurality of host applications. A plurality of sets of security attributes are detected, and include a respective set of security attributes for each connection of the plurality of connections. The plurality of sets of security attributes are stored in a security database. From the security database, the respective set of security attributes of a first connection are compared to a centralized security policy. It is determined that the respective set of security attributes of the first connection do not meet the centralized security policy. A remedial action is performed on the first connection, responsive to the respective set of security attributes of the first connection not meeting the centralized security policy.Type: ApplicationFiled: January 24, 2017Publication date: July 26, 2018Inventors: Constantinos Kassimis, Christopher Meyer, Linwood H. Overby, JR., David J. Wierbowski
-
Publication number: 20180124167Abstract: A method, apparatus and computer program product for improved load balancing provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.Type: ApplicationFiled: December 22, 2017Publication date: May 3, 2018Inventors: Michael Gerard Fitzpatrick, Andrew Hilliard Arrowood, Gary Owen McAfee, Andrea Lynn Fitzpatrick, Linwood Hugh Overby, JR., Constantinos Kassimis
-
Patent number: 9954979Abstract: Embodiments relate to protocol selection for transmission control protocol/internet protocol (TCP/IP). An aspect includes tracking connection data corresponding to a plurality of TCP/IP connections in a computer system. Another aspect includes determining, based on the tracked connection data, whether a particular connection of the plurality of TCP/IP connections is appropriate for sockets over remote direct memory access (RDMA) protocol. Another aspect includes, based on determining that the particular connection is appropriate for sockets over RDMA protocol, automatically enabling sockets over RDMA protocol for the connection. Yet another aspect includes, based on determining that the particular connection is not appropriate for sockets over RDMA protocol, automatically disabling sockets over RDMA protocol for the connection.Type: GrantFiled: September 21, 2015Date of Patent: April 24, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: David A. Herr, Constantinos Kassimis, Jerry W. Stevens
-
Patent number: 9912742Abstract: A method that provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.Type: GrantFiled: August 20, 2015Date of Patent: March 6, 2018Assignee: International Business Machines CorporationInventors: Michael Gerard Fitzpatrick, Andrew Hilliard Arrowood, Gary Owen McAfee, Andrea Lynn Fitzpatrick, Linwood Hugh Overby, Jr., Constantinos Kassimis
-
Patent number: 9888063Abstract: A method that provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.Type: GrantFiled: December 10, 2014Date of Patent: February 6, 2018Assignee: International Business Machines CorporationInventors: Michael Gerard Fitzpatrick, Andrew Hilliard Arrowood, Jr., Gary Owen McAfee, Andrea Lynn Fitzpatrick, Linwood Hugh Overby, Jr., Constantinos Kassimis
-
Publication number: 20170171086Abstract: Disclosed is a computer-implemented method of rebalancing persistent client connections to a cluster of servers. The method comprises identifying an increase in a total client connection capacity of the cluster of servers with a network connection balancing component; and for each server in a selection of servers in the cluster of servers calculating a current client connection capacity utilization of the server from the number of persistent connections to the server and the current capacity of the server; comparing the current client connection capacity utilization with the target client connection capacity utilization; and terminating a selection of its persistent client connections by a server based on its current client connection capacity utilization exceeding the target client connection capacity utilization. Also disclosed are a computer program product and a computer system for utilizing the computer-implemented method.Type: ApplicationFiled: March 11, 2016Publication date: June 15, 2017Inventors: Robert C. Jones, Constantinos Kassimis, Ian J. Mitchell, Philip I. Wakelin
-
Publication number: 20170171305Abstract: Disclosed is a computer-implemented method of rebalancing persistent client connections to a cluster of servers. The method comprises identifying an increase in a total client connection capacity of the cluster of servers with a network connection balancing component; and for each server in a selection of servers in the cluster of servers calculating a current client connection capacity utilization of the server from the number of persistent connections to the server and the current capacity of the server; comparing the current client connection capacity utilization with the target client connection capacity utilization; and terminating a selection of its persistent client connections by a server based on its current client connection capacity utilization exceeding the target client connection capacity utilization. Also disclosed are a computer program product and a computer system for utilizing the computer-implemented method.Type: ApplicationFiled: December 9, 2015Publication date: June 15, 2017Inventors: Robert C. Jones, Constantinos Kassimis, Ian J. Mitchell, Philip I. Wakelin