Abstract: Techniques for detecting anomalies in a distributed application based on process data are provided. This process data can include, e.g., the hierarchy (i.e., tree) of processes created and run by the application, the file system operations performed by each process, the network access operations performed by each process.

Abstract: Anomalies are detected in a distributed application that runs on a plurality of nodes to execute at least first and second workloads. The method of detecting anomalies includes collecting first network traffic data of the first workload and second network traffic data of the second workload during a first period of execution of the first and second workloads, collecting third network traffic data of the first workload and fourth network traffic data of the second workload during a second period of execution of the first and second workloads, and detecting an anomaly in the distributed application based on a comparison of the third network traffic data against the first network traffic data or a comparison of the fourth network traffic data against the second network traffic data. Anomalies may also be detected by comparing network traffic data of two groups of containers executing the same workload.

Abstract: Anomalies are detected in a distributed application that runs on a plurality of nodes to execute at least first and second workloads. The method of detecting anomalies includes collecting first network traffic data of the first workload and second network traffic data of the second workload during a first period of execution of the first and second workloads, collecting third network traffic data of the first workload and fourth network traffic data of the second workload during a second period of execution of the first and second workloads, and detecting an anomaly in the distributed application based on a comparison of the third network traffic data against the first network traffic data or a comparison of the fourth network traffic data against the second network traffic data. Anomalies may also be detected by comparing network traffic data of two groups of containers executing the same workload.

Abstract: Anomalies are detected in a distributed application that runs on a plurality of nodes to execute at least first and second workloads. The method of detecting anomalies includes collecting first network traffic data of the first workload and second network traffic data of the second workload during a first period of execution of the first and second workloads, collecting third network traffic data of the first workload and fourth network traffic data of the second workload during a second period of execution of the first and second workloads, and detecting an anomaly in the distributed application based on a comparison of the third network traffic data against the first network traffic data or a comparison of the fourth network traffic data against the second network traffic data. Anomalies may also be detected by comparing network traffic data of two groups of containers executing the same workload.

Abstract: Anomalies are detected in a distributed application that runs on a plurality of nodes to execute at least first and second workloads. The method of detecting anomalies includes collecting first network traffic data of the first workload and second network traffic data of the second workload during a first period of execution of the first and second workloads, collecting third network traffic data of the first workload and fourth network traffic data of the second workload during a second period of execution of the first and second workloads, and detecting an anomaly in the distributed application based on a comparison of the third network traffic data against the first network traffic data or a comparison of the fourth network traffic data against the second network traffic data. Anomalies may also be detected by comparing network traffic data of two groups of containers executing the same workload.

Abstract: Anomalies are detected in a distributed application that runs on a plurality of nodes to execute at least first and second workloads. The method of detecting anomalies includes collecting first network traffic data of the first workload and second network traffic data of the second workload during a first period of execution of the first and second workloads, collecting third network traffic data of the first workload and fourth network traffic data of the second workload during a second period of execution of the first and second workloads, and detecting an anomaly in the distributed application based on a comparison of the third network traffic data against the first network traffic data or a comparison of the fourth network traffic data against the second network traffic data. Anomalies may also be detected by comparing network traffic data of two groups of containers executing the same workload.

Abstract: Anomalies are detected in a distributed application that runs on a plurality of nodes to execute at least first and second workloads. The method of detecting anomalies includes collecting first network traffic data of the first workload and second network traffic data of the second workload during a first period of execution of the first and second workloads, collecting third network traffic data of the first workload and fourth network traffic data of the second workload during a second period of execution of the first and second workloads, and detecting an anomaly in the distributed application based on a comparison of the third network traffic data against the first network traffic data or a comparison of the fourth network traffic data against the second network traffic data. Anomalies may also be detected by comparing network traffic data of two groups of containers executing the same workload.

Abstract: A system which includes at least one host, wherein the host is configured to implement at least one container group including a first container, a data communication module, an interface, and a malicious detection module, wherein the data communication module is configured to collect data based on data communication of the container group, and transmit collected data, or data representative thereof, to the interface, the interface being configured to transmit collected data, or data representative thereof, to the malicious detection module, for detecting malicious data.

Abstract: Anomalies are detected in a distributed application that runs on a plurality of nodes to execute at least first and second workloads. The method of detecting anomalies includes collecting first network traffic data of the first workload and second network traffic data of the second workload during a first period of execution of the first and second workloads, collecting third network traffic data of the first workload and fourth network traffic data of the second workload during a second period of execution of the first and second workloads, and detecting an anomaly in the distributed application based on a comparison of the third network traffic data against the first network traffic data or a comparison of the fourth network traffic data against the second network traffic data. Anomalies may also be detected by comparing network traffic data of two groups of containers executing the same workload.

Abstract: A system which includes at least one host, wherein the host is configured to implement at least one container group including a first container, a data communication module, an interface, and a malicious detection module, wherein the data communication module is configured to collect data based on data communication of the container group, and transmit collected data, or data representative thereof, to the interface, the interface being configured to transmit collected data, or data representative thereof, to the malicious detection module, for detecting malicious data.

Abstract: A method for service level agreement allocation of permanent storage layer resources of a storage system, the method may include monitoring, by a control layer of the storage system, actual performances of the storage system that are related to multiple logical volumes; calculating actual-to-required relationships between the actual performances and service level agreement defined performances of the multiple logical volumes; allocating, for different logical volumes of the multiple logical volumes, allowable amounts of pending access requests; wherein the allocating is based on, at least, the actual-to-required relationships; receiving, by the control layer, received access requests aimed to one or more logical volumes of the logical volumes; and sending to the permanent storage layer requests to serve at least some of the received access requests, based on the allowable amounts of pending access requests.

Abstract: A method for service level agreement (SLA) allocation of resources of a cache memory of a storage system, the method may include monitoring, by a control layer of the storage system, actual performances of the storage system that are related to multiple logical volumes; calculating actual-to-required relationships between the actual performances and SLA defined performances of the multiple logical volumes; assigning caching priorities, to different logical volumes of the multiple logical volumes; wherein the assigning is based on, at least, the actual-to-required relationships; and managing, based on at least the caching priorities, a pre-cache memory module that is upstream to the cache module and is configured to store write requests that (i) are associated with one or more logical volumes of the different logical volumes and (ii) are received by the pre-cache memory module at points in time when the cache memory is full; wherein the managing comprises transferring one or more write requests from the pre-ca

Abstract: Embodiments of the invention relate to storage systems, and for recording event records into a log. Different statistics may be tallied from the log, with the different statistics generating different statistical measurements. The aspect of processing of I/O and preparation of statistical measurements are separated, thereby enabling data structures and algorithms which would not be considered feasible for use as part of I/O processing, because they may compromise the performance or other essential characteristic of I/O processing, to be employed.

Abstract: A method for data storage includes defining a host cluster within a group of host computers, which access a storage system that includes multiple logical volumes. The host cluster includes two or more of the host computers. Responsively to a single mapping instruction, each of the host computers in the host cluster is mapped to access the logical volumes in the set. In another disclosed method, a single control instruction, which specifies the host cluster and a configuration operation to be applied to the host computers in the host cluster, is accepted. Responsively to the single control instruction, the configuration operation is applied to each of the host computers in the host cluster. The configuration operation may comprise assigning a specified level of service to each host computer in one of the first subset of the host computers and the second subset of the host computers.

Abstract: A method includes computing, in a local storage system having a local volume with a plurality of local regions, respective local checksum signatures over the local regions, and computing, in a remote storage system having a remote volume with remote regions in a one-to-one correspondence with the local regions, respective remote checksum signatures over the remote regions. A given remote region is identified, the given remote region having a given remote signature and a corresponding local region with a given local signature that does not match the given remote signature. The data in the given remote region is then replaced with data from the corresponding local region.

Abstract: A method for data storage includes defining a host cluster within a group of host computers, which access a storage system that includes multiple logical volumes. The host cluster includes two or more of the host computers. Responsively to a single mapping instruction, each of the host computers in the host cluster is mapped to access the logical volumes in the set. In another disclosed method, a single control instruction, which specifies the host cluster and a configuration operation to be applied to the host computers in the host cluster, is accepted. Responsively to the single control instruction, the configuration operation is applied to each of the host computers in the host cluster. The configuration operation may comprise assigning a specified level of service to each host computer in one of the first subset of the host computers and the second subset of the host computers.

Abstract: Disclosed is a data processing and/or storage system. The data processing and/or storage system includes at least two interfaces, wherein each of the at least two interfaces includes a non-dedicated communication port for communicating data to and form external data systems or clients based on a rule base.

Abstract: Disclosed is a data processing and/or storage system. The data processing and/or storage system includes at least two interfaces, wherein each of the at least two interfaces includes a non-dedicated communication port for communicating data to and form external data systems or clients based on a rule base.

Abstract: A method for data storage includes defining a host cluster within a group of host computers, which access a storage system that includes multiple logical volumes. The host cluster includes two or more of the host computers. Responsively to a single mapping instruction, each of the host computers in the host cluster is mapped to access the logical volumes in the set. In another disclosed method, a single control instruction, which specifies the host cluster and a configuration operation to be applied to the host computers in the host cluster, is accepted. Responsively to the single control instruction, the configuration operation is applied to each of the host computers in the host cluster.

Abstract: Systems and methods are disclosed for traffic engineering and traffic flow control in a datacenter. Flow agents may be provided at hosts that may be operable to control a rate at which a traffic flow is sent from one point to another within a datacenter to facilitate differing levels of Quality of Service (QoS). The differing levels of QoS may be implemented by differing sizes of bandwidth allocations assigned remotely by a traffic engineering controller. The traffic engineering controller may distribute the differing allocations of bandwidth to the flow agents corresponding to the traffic flows to keep the traffic flow rates within the bandwidth allocation. An augmenting function may also be applied at the traffic engineering controller to maximize bandwidth utilization by checking for unutilized bandwidth and reallocating such bandwidth in accordance with one or more QoS.