Abstract: According to an aspect, a network interface card having a processor, a set of resources, and a plurality of virtual functions is provided. Each virtual function of the network interface card is configured to provide network access to a workload. The processor of the network interface card is configured to allocate the set of resources among the plurality of virtual functions, and wherein the allocation of the set of resources is non-uniform across the plurality of virtual functions.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be accessed from a cryptographic service. The private session key can be communicated from the user space software to a network communication device. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can be configured to generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A protocol stack can be offloaded to a network communication device. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can be configured to process headers in the outbound session packets, generate encrypted outbound session packets by encrypting the outbound session packets using the private session key, and communicate to a client device via the secured communication tunnel, the encrypted outbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be accessed from a cryptographic service. The private session key can be communicated from the user space software to a network communication device. Outbound session backets can be communicated from the user space software to the network communication device. The network communication device can be configured to generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A network communication device can receive a private session key from a data processing system. A first work queue element can be received in a send queue of the network communication device. The first work queue element can indicate outbound session data to be communicated to a client device. Responsive to receiving the first work queue element, the network communication device can generate encrypted outbound session data by encrypting the outbound session data using the private session key. The network communication device can communicate, via remote directory memory access (RDMA) over a secured communication tunnel, the encrypted outbound session data to the client device.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: Various embodiments are directed to receiving, at a receiving device, a packet from a node in a first network. determining a version identifier for the packet, encoding the version identifier into the packet, and transmitting the packet containing the encoded version identifier to a load balancing device in a second network. The version identifier may be encoded into a destination port field of the packet. The receiving device may be a perimeter network address translation device. The packet is received at the load balancing device, where the version identifier is extracted and a hash of source address information is performed. The version and hash are used to select a back-end device in the second network. The packet is transmitted to the selected back-end device.

Abstract: Various embodiments are directed to receiving, at a receiving device, a packet from a node in a first network. determining a version identifier for the packet, encoding the version identifier into the packet, and transmitting the packet containing the encoded version identifier to a load balancing device in a second network. The version identifier may be encoded into a destination port field of the packet. The receiving device may be a perimeter network address translation device. The packet is received at the load balancing device, where the version identifier is extracted and a hash of source address information is performed. The version and hash are used to select a back-end device in the second network. The packet is transmitted to the selected back-end device.

Abstract: Embodiments of the present systems and methods may provide a consistent hash function that provides reduced memory use and complexity, reduced computational complexity, and relatively low numbers of keys that must be reshuffled compared to current techniques. For example, in an embodiment, a computer-implemented method for controlling computing resources may comprise storing a set of labels of potential resources comprising a plurality of labels of working resources allocated to actual resources and a plurality of labels of reserved resources available to be allocated, generating an initial assignment to one of the set of labels of potential resources, when the assignment to one of a set of labels of potential resources is to one of the labels of reserved resources, reassigning the request to another label of a resource selected from a subset of the labels of potential resources, and repeating the reassigning until the request is assigned to a label of a working resource.

Abstract: Switching from primary to backup data storage by preparing a backup copy of multiple data sets, where, prior to the preparing, the backup copy is updated in accordance with a backup protocol specifying synchronously updating the backup copy to reflect changes made to one type of data stored in a primary copy of the data sets, and asynchronously updating the backup copy to reflect changes made to another type of data stored in the primary copy, and where the preparing includes identifying any inconsistency in any interdependent data in the data sets of the backup copy in accordance with a predefined schema of interdependent data in the data sets, and correcting any identified inconsistency in the data sets of the backup copy in accordance with a predefined inconsistency correction protocol, and causing the backup copy to be used in place of the primary copy for directly servicing data transactions.

Abstract: A method, system and computer program product, the method comprising: in response to receiving a packet from a stream of packets transmitted to a computing platform, determining, based on a meta-data of the packet, whether to capture the packet or avoid capturing thereof, said determining comprising: subject to the meta-data indicating that a sequence number of the packet is within a first range or within a second range, wherein a distance between an end of the first range and a beginning of the second range is at least of a predetermined size, wherein a distance, through a wraparound, between an end of the second range and a beginning of the first range is at least of the predetermined size, thereby a wraparound situation is identifiable within the stream of packets; and in response to determining to capture the packet: capturing the packet; and transmitting the packet to analysis.

Abstract: A method, system and computer program product, the method comprising: in response to receiving a packet from a stream of packets transmitted to a computing platform, determining, based on a meta-data of the packet, whether to capture the packet or avoid capturing thereof, said determining comprising: subject to the meta-data indicating that a sequence number of the packet is within a first range or within a second range, wherein a distance between an end of the first range and a beginning of the second range is at least of a predetermined size, wherein a distance, through a wraparound, between an end of the second range and a beginning of the first range is at least of the predetermined size, thereby a wraparound situation is identifiable within the stream of packets; and in response to determining to capture the packet: capturing the packet; and transmitting the packet to analysis.

Abstract: Switching from primary to backup data storage by preparing a backup copy of multiple data sets, where, prior to the preparing, the backup copy is updated in accordance with a backup protocol specifying synchronously updating the backup copy to reflect changes made to one type of data stored in a primary copy of the data sets, and asynchronously updating the backup copy to reflect changes made to another type of data stored in the primary copy, and where the preparing includes identifying any inconsistency in any interdependent data in the data sets of the backup copy in accordance with a predefined schema of interdependent data in the data sets, and correcting any identified inconsistency in the data sets of the backup copy in accordance with a predefined inconsistency correction protocol, and causing the backup copy to be used in place of the primary copy for directly servicing data transactions.

Abstract: Embodiments of the present systems and methods may provide a consistent hash function that provides reduced memory use and complexity, reduced computational complexity, and relatively low numbers of keys that must be reshuffled compared to current techniques. For example, in an embodiment, a computer-implemented method for controlling computing resources may comprise storing a set of labels of potential resources comprising a plurality of labels of working resources allocated to actual resources and a plurality of labels of reserved resources available to be allocated, generating an initial assignment to one of the set of labels of potential resources, when the assignment to one of a set of labels of potential resources is to one of the labels of reserved resources, reassigning the request to another label of a resource selected from a subset of the labels of potential resources, and repeating the reassigning until the request is assigned to a label of a working resource.

Abstract: Embodiments of the present systems and methods may provide a consistent hash function that provides reduced memory use and complexity, reduced computational complexity, and relatively low numbers of keys that must be reshuffled compared to current techniques. For example, in an embodiment, a computer-implemented method for controlling computing resources may comprise storing a set of labels of potential resources comprising a plurality of labels of working resources allocated to actual resources and a plurality of labels of reserved resources available to be allocated, generating an initial assignment to one of the set of labels of potential resources, when the assignment to one of a set of labels of potential resources is to one of the labels of reserved resources, reassigning the request to another label of a resource selected from a subset of the labels of potential resources, and repeating the reassigning until the request is assigned to a label of a working resource.

Abstract: Embodiments of the present systems and methods may provide a consistent hash function that provides reduced memory use and complexity, reduced computational complexity, and relatively low numbers of keys that must be reshuffled compared to current techniques. For example, in an embodiment, a computer-implemented method for controlling computing resources may comprise storing a set of labels of potential resources comprising a plurality of labels of working resources allocated to actual resources and a plurality of labels of reserved resources available to be allocated, generating an initial assignment to one of the set of labels of potential resources, when the assignment to one of a set of labels of potential resources is to one of the labels of reserved resources, reassigning the request to another label of a resource selected from a subset of the labels of potential resources, and repeating the reassigning until the request is assigned to a label of a working resource.

Abstract: An embodiment of the invention may include a method, computer program product, and system for data transfer management. The embodiment may include receiving a data packet, by a first server, from a load balancer. The received data packet is part of a data flow. The embodiment may include determining, by the first server, whether the received data packet is part of an existing data flow connection served by the first server. Based on determining that the received data packet is not part of an existing data flow served by the first server, the embodiment may include determining, by the first server, whether the received data packet is part of a new data flow connection. Based on determining that the received data packet is not part of a new data flow connection, the embodiment may include notifying, by the first server, the load balancer.