Abstract: According to an aspect, a network interface card having a processor, a set of resources, and a plurality of virtual functions is provided. Each virtual function of the network interface card is configured to provide network access to a workload. The processor of the network interface card is configured to allocate the set of resources among the plurality of virtual functions, and wherein the allocation of the set of resources is non-uniform across the plurality of virtual functions.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be accessed from a cryptographic service. The private session key can be communicated from the user space software to a network communication device. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can be configured to generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be accessed from a cryptographic service. The private session key can be communicated from the user space software to a network communication device. Outbound session backets can be communicated from the user space software to the network communication device. The network communication device can be configured to generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A network communication device can receive a private session key from a data processing system. A first work queue element can be received in a send queue of the network communication device. The first work queue element can indicate outbound session data to be communicated to a client device. Responsive to receiving the first work queue element, the network communication device can generate encrypted outbound session data by encrypting the outbound session data using the private session key. The network communication device can communicate, via remote directory memory access (RDMA) over a secured communication tunnel, the encrypted outbound session data to the client device.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A protocol stack can be offloaded to a network communication device. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can be configured to process headers in the outbound session packets, generate encrypted outbound session packets by encrypting the outbound session packets using the private session key, and communicate to a client device via the secured communication tunnel, the encrypted outbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: Various embodiments are directed to receiving, at a receiving device, a packet from a node in a first network. determining a version identifier for the packet, encoding the version identifier into the packet, and transmitting the packet containing the encoded version identifier to a load balancing device in a second network. The version identifier may be encoded into a destination port field of the packet. The receiving device may be a perimeter network address translation device. The packet is received at the load balancing device, where the version identifier is extracted and a hash of source address information is performed. The version and hash are used to select a back-end device in the second network. The packet is transmitted to the selected back-end device.

Abstract: A method and a system for checking permissions compatibility between a configuration management system and an orchestration system of a computing cluster are disclosed. The method comprises: identifying a request to approve a change in at least one file of the computing cluster. Retrieving from a repository of the configuration management system an identity of a user for performing the change. Acquiring a denial response or an approval response received in response to a query provisioned to the orchestration system, the query is for rights to change the at least one file using the identity of the user. In response to the approval response, entering the approval response, into the configuration management system for confirming the checking permissions compatibility is approved. In response to the denial received, sending a message to the configuration management system, the message is indicative that the checking permissions compatibility is not approved.

Abstract: Various embodiments are directed to receiving, at a receiving device, a packet from a node in a first network. determining a version identifier for the packet, encoding the version identifier into the packet, and transmitting the packet containing the encoded version identifier to a load balancing device in a second network. The version identifier may be encoded into a destination port field of the packet. The receiving device may be a perimeter network address translation device. The packet is received at the load balancing device, where the version identifier is extracted and a hash of source address information is performed. The version and hash are used to select a back-end device in the second network. The packet is transmitted to the selected back-end device.

Abstract: A method and a system for checking permissions compatibility between a configuration management system and an orchestration system of a computing cluster are disclosed. The method comprises: identifying a request to approve a change in at least one file of the computing cluster. Retrieving from a repository of the configuration management system an identity of a user for performing the change. Acquiring a denial response or an approval response received in response to a query provisioned to the orchestration system, the query is for rights to change the at least one file using the identity of the user. In response to the approval response, entering the approval response, into the configuration management system for confirming the checking permissions compatibility is approved. In response to the denial received, sending a message to the configuration management system, the message is indicative that the checking permissions compatibility is not approved.

Abstract: A data security method may include storing user data to a first device and storing metadata corresponding to the user data to a second device. The method may further include making a first determination that at least one device selected from the group of the first device and the second device is not in communication with a third device. The method may further include disabling utilization of the user data in response to the first determination.

Abstract: A data security method may include storing user data to a first device and storing metadata corresponding to the user data to a second device. The method may further include making a first determination that at least one device selected from the group of the first device and the second device is not in communication with a third device. The method may further include disabling utilization of the user data in response to the first determination.

Abstract: Examples of techniques for selectively providing mTLS using alternative server names are described herein. An example system includes a processor to generate an alternative server name in response to detecting a legacy indicator. The processor is to also associate the alternative server name with an address of a pod. The processor is to further configure a proxy associated with the pod to selectively provide mutual transport layer security (mTLS) based on the alternative server name.

Abstract: In an example computer-implemented method, a trusted root certificate for an application running in a container is dynamically generated. The generated trusted root certificate is injected at runtime. The generated certificate is dynamically added to a list of trusted root certificates. A proxy associated with the application instance is authenticated based on the generated root trust certificate.

Abstract: An example system and method includes a processor to receive an image ID corresponding to a container image of a container to be run. The processor is to also send the image ID to a registry. The processor is also to receive an image metadata corresponding to the image ID from the registry. The processor is to store the image metadata on a local file system. The processor is to generate a container comprising an application. The processor is to execute the application using the image metadata.

Abstract: A system for executing one or more operating-system-level virtualization software objects (virtualization containers), comprising at least one controller hardware processor, adapted to: receive a request to connect one or more target virtualization containers, executed by at least one target hardware processor, to at least one digital storage connected to the at least one target hardware processor via at least one data communication network interface; and instruct execution of one or more management virtualization containers on the at least one target hardware processor, such that executing the one or more management virtualization containers configures the one or more target virtualization containers to direct at least one access to the at least one file system of the one or more target virtualization containers to the at least one digital storage.

Abstract: Examples of techniques for selectively providing mTLS using alternative server names are described herein. An example system includes a processor to generate an alternative server name in response to detecting a legacy indicator. The processor is to also associate the alternative server name with an address of a pod. The processor is to further configure a proxy associated with the pod to selectively provide mutual transport layer security (mTLS) based on the alternative server name.