Abstract: A learning-based computer network security system may include a service delivery controller executing on one or more of hardware processors that receives requests for transmitting network flows to one or more destination machines via a communication network. The service delivery controller may group the network flows into one or more similarity groups, and direct the network flows in a particular similarity group to a learning-based security appliance instance designated for the particular similarity group. Based on receiving feedback from the security appliance instance, the service delivery controller may regroup the similarity groups, and/or redirect the network flows, and/or redistribute the training results between the appliances, and/or modify assignment of appliances to similarity groups.

Abstract: Embodiments of the present invention provide methods, computer program products, and systems for fulfilling a service chain request. Embodiments of the present invention can be used to collect network data of a plurality of instances of services and connections between the plurality of instances of services and redefine service chains to direct flow to an alternative instance of a service responsive to determining that an instance of a service in a service chain has become inaccessible. Embodiments of the present invention can be used to fulfill a service chain request and avoid one or more instances of services (and/or connections there between) that could cause a delay between transmitting data packets through the service chain.

Abstract: Machines, systems and methods for managing quality of service (QoS) in a multi-tenant virtualized computing environment, the method comprising: collecting transmission rate statistics associated with data communicated in a virtual network, wherein at least one virtual switch monitors communications initiated by at least a virtual machine (VM) executed on a host machine serviced by the virtual switch; determining, by way of the virtual switch, profile parameters associated with a first communication initiated by the VM belonging to at least a first group, wherein a connection request is submitted by the virtual switch to a traffic controller to assist in establishing the first communication; classifying the connection request for establishing the first communication according to the profile parameters associated with the first communication; determining a first aggregated transmission rate associated with the VM that initiated the first communication based on the classifying.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include defining, for a request processing system, a first homogeneous auto-scaling group including a first monitored resource, a first set of processing systems, a first minimum threshold, a first maximum threshold, and a first system configuration. Subsequent to defining the first homogeneous auto-scaling group, a second auto-scaling group is defined for the request processing system, the second auto-scaling group including a second monitored resource different from the first monitored resource, a second set of processing systems, a second minimum threshold, a second maximum threshold, and a second system configuration different from the first system configuration. In embodiments of the present invention, a load balancer for the request processing system manages the first and the second sets of processing systems as a single heterogeneous auto-scaling group.

Abstract: Machines, systems and methods for managing quality of service (QoS) in a multi-tenant virtualized computing environment, the method comprising: collecting transmission rate statistics associated with data communicated in a virtual network, wherein at least one virtual switch monitors communications initiated by at least a virtual machine (VM) executed on a host machine serviced by the virtual switch; determining, by way of the virtual switch, profile parameters associated with a first communication initiated by the VM belonging to at least a first group, wherein a connection request is submitted by the virtual switch to a traffic controller to assist in establishing the first communication; classifying the connection request for establishing the first communication according to the profile parameters associated with the first communication; determining a first aggregated transmission rate associated with the VM that initiated the first communication based on the classifying.

Abstract: A learning-based computer network security system may include a service delivery controller executing on one or more of hardware processors that receives requests for transmitting network flows to one or more destination machines via a communication network. The service delivery controller may group the network flows into one or more similarity groups, and direct the network flows in a particular similarity group to a learning-based security appliance instance designated for the particular similarity group.

Abstract: A method includes converting, by a computer, a set of context-aware data forwarding policies to a set of network configuration forwarding rules for one or more data forwarding devices in a network having a dynamic context, and conveying, to the data forwarding devices, the set of network configuration forwarding rules. Upon detecting a change in the dynamic context of the network, the set of network configuration forwarding rules ae updated based on the set of context-aware data forwarding policies and the change in the dynamic context, and the updated set of network configuration forwarding rules are conveyed to the data forwarding devices.

Abstract: Techniques for adjusting the frequency of data backups and initiating event-driven backups in a storage system are disclosed herein. In one embodiment, a self-adjusting backup frequency, known as a “Change Rate Objective,” is defined to conduct or delay backups for one or more volumes in the storage system on the basis of an associated policy value. The Change Rate Objective may be tied to one or more business or data activity events, such as the amount and type of data changes since a last backup. The storage system may also be tailored to conduct or delay full or incremental backups on the basis of a Change Rate Objective that measures whether a full or incremental or differential backup is more appropriate. Various data or system failures, or data or business events may also be used to adjust the retention periods of continuous data protection (CDP) data and delay a rollup of CDP data.

Abstract: A learning-based computer network security system may include a service delivery controller executing on one or more of hardware processors that receives requests for transmitting network flows to one or more destination machines via a communication network. The service delivery controller may group the network flows into one or more similarity groups, and direct the network flows in a particular similarity group to a learning-based security appliance instance designated for the particular similarity group. Based on receiving feedback from the security appliance instance, the service delivery controller may regroup the similarity groups, and/or redirect the network flows, and/or redistribute the training results between the appliances, and/or modify assignment of appliances to similarity groups.

Abstract: Machines, systems and methods for efficient data communication are provided. The method comprises receiving a data packet to be transmitted to a destination node in a overlay-based communications network, wherein the destination information is included in a virtual header that includes a virtual address of the destination node; determining a physical address of the destination node based on the virtual address of the destination node; replacing the virtual header for the received data packet with a physical header that includes the physical address; and transmitting the data packet over the communications network to a destination host based on the physical address included in the physical header.

Abstract: Embodiments of the present invention provide methods, computer program products, and systems for fulfilling a service chain request. Embodiments of the present invention can be used to collect network data of a plurality of instances of services and connections between the plurality of instances of services and redefine service chains to direct flow to an alternative instance of a service responsive to determining that an instance of a service in a service chain has become inaccessible. Embodiments of the present invention can be used to fulfill a service chain request and avoid one or more instances of services (and/or connections there between) that could cause a delay between transmitting data packets through the service chain.

Abstract: A method includes converting, by a computer, a set of context-aware data forwarding policies to a set of network configuration forwarding rules for one or more data forwarding devices in a network having a dynamic context, and conveying, to the data forwarding devices, the set of network configuration forwarding rules. Upon detecting a change in the dynamic context of the network, the set of network configuration forwarding rules ae updated based on the set of context-aware data forwarding policies and the change in the dynamic context, and the updated set of network configuration forwarding rules are conveyed to the data forwarding devices.

Abstract: Machines, systems and methods for backing up data, the method comprising retrieving identifying information about target data storage volumes from which target data is to be backed up; communicating the identifying information to a proxy application installed on a backup computing system utilized to backup the target data stored on the target data storage volumes, wherein the proxy application uses the identifying information to place the target data storage volumes in a first state in which write operations may not be performed to the target data storage volumes, wherein the proxy application causes snapshots to be taken of the target data storage volumes of a first type and a second type, in response to determining that the target data storage volumes are placed in the first state.

Abstract: Embodiments of the present invention provide a scalable, efficient way to backup data in a block-level incremental-forever backup system such that backup and expiration of data can be achieved at the granularity of a single backup version, without having to read or move data that is stored in backup storage.

Abstract: Machines, systems and methods for efficient data communication are provided. The method comprises receiving a data packet to be transmitted to a destination node in a overlay-based communications network, wherein the destination information is included in a virtual header that includes a virtual address of the destination node; determining a physical address of the destination node based on the virtual address of the destination node; replacing the virtual header for the received data packet with a physical header that includes the physical address; and transmitting the data packet over the communications network to a destination host based on the physical address included in the physical header.

Abstract: A mechanism is provided for increasing the efficiency of block-level processes. Responsive to detecting an I/O write to a storage volume, a determination is made as to whether the I/O write matches one or more suspicious I/O reads in a plurality of suspicious I/O reads previously recorded in a memory. Responsive to the I/O write matching one or more suspicious I/O reads in the plurality of suspicious I/O reads, an identification is made that there is a data relocation associated with the sector associated with the I/O write. A data relocation application is informed of the data relocation of the sector associated with the one or more suspicious I/O reads associated with the sector indicated by the I/O write. Each sector associated with the one or more suspicious I/O reads is then released in a file system for reuse.

Abstract: Machines, systems and methods for I/O monitoring in a plurality of compute nodes and a plurality of service nodes utilizing a Peripheral Component Interconnect express (PCIe) are provided. In one embodiment, the method comprises assigning at least one virtual function to a services node and a plurality of compute nodes by the PCIe interconnect and a multi-root I/O virtualization (MR-IOV) adapter. The MR-IOV adapter enables bridging of a plurality of compute node virtual functions with corresponding services node virtual functions. A front-end driver on the compute node requests the services node virtual function to send data and the data is transferred to the services node virtual function by the MR-IOV adapter. A back-end driver running in the services node receives and passes the data to a software service to modify/monitor the data. The back-end driver sends the data to another virtual function or an external entity.

Abstract: A system, method, and computer program product for performing a bare-metal restore, the system including a target storage device, and a target computer configured to boot independent of the target storage device, expose the target storage device to a restoring computer after the target computer has booted, and act as a conduit for the restoring computer to perform a bare-metal restore of backup data onto the target storage device, and the method including booting a target computer independent of a target storage device, exposing the target storage device to a restoring computer after the target computer has booted, and causing the target computer to act as a conduit for the restoring computer to perform a bare-metal restore of backup data onto the target storage device.

Abstract: Machines, systems and methods for backing up data, the method comprising retrieving identifying information about target data storage volumes from which target data is to be backed up; communicating the identifying information to a proxy application installed on a backup computing system utilized to backup the target data stored on the target data storage volumes, wherein the proxy application uses the identifying information to place the target data storage volumes in a first state in which write operations may not be performed to the target data storage volumes, wherein the proxy application causes snapshots to be taken of the target data storage volumes of a first type and a second type, in response to determining that the target data storage volumes are placed in the first state.

Abstract: Machines, systems and methods for managing quality of service (QoS) in a multi-tenant virtualized computing environment, the method comprising: collecting transmission rate statistics associated with data communicated in a virtual network, wherein at least one virtual switch monitors communications initiated by at least a virtual machine (VM) executed on a host machine serviced by the virtual switch; determining, by way of the virtual switch, profile parameters associated with a first communication initiated by the VM belonging to at least a first group, wherein a connection request is submitted by the virtual switch to a traffic controller to assist in establishing the first communication; classifying the connection request for establishing the first communication according to the profile parameters associated with the first communication; determining a first aggregated transmission rate associated with the VM that initiated the first communication based on the classifying.