Abstract: The subject technology addresses the need in the art for improving provisioning and booting of virtual machines in a cloud computing environment. Different versions of boot volume images may be shared in a storage repository accessible by one or more host computers. When a virtual machine is created, a shared boot volume image, including confirmation information for the virtual machine, may be selected for booting the virtual machine. Over time, newer version(s) of boot volume images may be stored in the storage repository and new virtual machine(s) may use the newer version of the boot volume image for booting.

Abstract: In one embodiment, a method includes receiving static profiles each comprising one or more properties of an operating environment, receiving a dynamic profile for identifying a configuration of an interface based on the static profile associated with said dynamic profile, associating the dynamic profile with one of the static profiles based on the operating environment of the interface, and automatically updating the association upon identifying a change in the operating environment. An apparatus is also disclosed.

Abstract: In one embodiment, an apparatus includes a port profile manager for receiving a port configuration policy and creating a port profile for the port configuration policy. The apparatus further includes a management interface for transmitting the port profile to a management station operable to receive input mapping the port profile to one or more interfaces associated with virtual machines. The port profile manager receives and stores the mapping input at the management station, for use in configuring the interfaces according to the port configuration policy. A method for policy based configuration of interfaces in a virtual machine environment is also disclosed.

Abstract: In one embodiment, an apparatus includes a port profile manager for receiving a port configuration policy and creating a port profile for the port configuration policy. The apparatus further includes a management interface for transmitting the port profile to a management station operable to receive input mapping the port profile to one or more interfaces associated with virtual machines. The port profile manager receives and stores the mapping input at the management station, for use in configuring the interfaces according to the port configuration policy. A method for policy based configuration of interfaces in a virtual machine environment is also disclosed.

Abstract: In one embodiment, an apparatus includes a port channel manager for receiving information identifying switches connected to a group of physical ports at a network device and creating subgroups each comprising the physical ports connected to one of the switches. The apparatus further includes a virtual interface agent for assigning a virtual interface connecting a virtual switch to a virtual machine, to one of the subgroups. Traffic received from the virtual machine on the virtual interface is transmitted to one of the switches on one of the physical ports in the assigned subgroup. A method for grouping ports for association with virtual interfaces is also disclosed.

Abstract: In one embodiment, a method includes receiving static profiles each comprising one or more properties of an operating environment, receiving a dynamic profile for identifying a configuration of an interface based on the static profile associated with said dynamic profile, associating the dynamic profile with one of the static profiles based on the operating environment of the interface, and automatically updating the association upon identifying a change in the operating environment. An apparatus is also disclosed.

Abstract: In one embodiment, an apparatus includes a processor configured for operation in a control plane in a distributed virtual switch in communication with a plurality of virtual machines each having a virtual interface. The processor is operable to identify other control planes in the distributed virtual switch, assign a virtual interface identifier to one of the virtual interfaces, receive a configuration for the virtual interface, and share the configuration with the other control planes in the distributed virtual switch. The virtual interface identifier provides a unique identifier for the virtual interface across all of the control planes. The apparatus further includes memory for storing the configuration of the virtual interface. A method for operating a network device associated with a control in the distributed virtual switch is also disclosed.

Abstract: An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

Abstract: A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the v

Abstract: An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

Abstract: An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

Abstract: In one embodiment, an apparatus includes a port channel manager for receiving information identifying switches connected to a group of physical ports at a network device and creating subgroups each comprising the physical ports connected to one of the switches. The apparatus further includes a virtual interface agent for assigning a virtual interface connecting a virtual switch to a virtual machine, to one of the subgroups. Traffic received from the virtual machine on the virtual interface is transmitted to one of the switches on one of the physical ports in the assigned subgroup. A method for grouping ports for association with virtual interfaces is also disclosed.

Abstract: In one embodiment, an apparatus includes a processor configured for operation in a control plane in a distributed virtual switch in communication with a plurality of virtual machines each having a virtual interface. The processor is operable to identify other control planes in the distributed virtual switch, assign a virtual interface identifier to one of the virtual interfaces, receive a configuration for the virtual interface, and share the configuration with the other control planes in the distributed virtual switch. The virtual interface identifier provides a unique identifier for the virtual interface across all of the control planes. The apparatus further includes memory for storing the configuration of the virtual interface. A method for operating a network device associated with a control in the distributed virtual switch is also disclosed.

Abstract: A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the v

Abstract: A node (101, FIG. 1), within a networked computer system (100), is capable of supporting communications with other nodes relating to operating multiple application instances in a master-slave configuration. The node initiates (602, FIG. 6) and maintains (FIGS. 7, 8) a state diagram (FIG. 2) for each application instance currently running in the master-slave configuration on the node or the other nodes. In addition, the node listens for new application instances that are discovered on the node or on the other nodes. The nodes can be interconnected using multiple networks (104, FIG. 1), and redundant messages received by the node can be ignored (FIG. 11), if those redundant messages would adversely affect maintenance of the state diagram for an application instance. When a node determines that it should no longer operate as a master for an application instance, the node can initiate a resignation process (FIG. 4), during which another node will attempt to become the master for the application instance.

Abstract: A technique is described for facilitating block level access operations to be performed at a remote volume via a wide area network (WAN). The block level access operations may be initiated by at least one host which is a member of a local area network (LAN). The LAN includes a block cache mechanism configured or designed to cache block data in accordance with a block level protocol. A block level access request is received from a host on the LAN. In response to the block level access request, a portion of block data may be cached in the block cache mechanism using a block level protocol. In at least one implementation, portions of block data in the block cache mechanism may be identified as “dirty” data which has not yet been stored in the remote volume. Block level write operations may be performed over the WAN to cause the identified dirty data in the block cache mechanism to be stored at the remote volume.

Abstract: A computer-implemented system and method for performance profiling on a target device. The computer-implemented method includes configuring the target device to operate in a first mode or a second mode, and receiving a write command from a host device. When the target device is configured to operate in the first mode, the method includes sending an authorization to send write data to the host device, and receiving write data from the host device. When the target device is configured to operate in the second mode, the method includes allocating a reserved write buffer on the target device, and receiving write data from the host device using the write buffer.

Abstract: A computer-implemented system and method for performance profiling on a target device. The computer-implemented method includes configuring the target device to operate in a first mode or a second mode, and receiving a write command from a host device. When the target device is configured to operate in the first mode, the method includes sending an authorization to send write data to the host device, and receiving write data from the host device. When the target device is configured to operate in the second mode, the method includes allocating a reserved write buffer on the target device, and receiving write data from the host device using the write buffer.

Abstract: A computer-implemented system and method for performance profiling on a target device. The computer-implemented method includes configuring the target device to operate in a first mode or a second mode, and receiving a write command from a host device. When the target device is configured to operate in the first mode, the method includes sending an authorization to send write data to the host device, and receiving write data from the host device. When the target device is configured to operate in the second mode, the method includes allocating a reserved write buffer on the target device, and receiving write data from the host device using the write buffer.

Abstract: A method and system authenticates a storage device or storage router for use with driver software. The driver software may be permitted to be used with particular storage devices including storage routers and may be prohibited from being used with other storage devices or routers. In some cases, this may allow a vendor to restrict the use of its driver software, or at least certain functionality, to use with the vendor's storage devices or storage routers. A proof of purchase request is sent by a client device to a server over an IP network to authenticate the storage device or router (e.g., a server). The request may include a random number and one or more identifiers. The identifiers may include a server identifier, a software driver identifier and/or a client device identifier. The driver software may permit storage related communications with the server when a hash received from the server matches a hash internally generated by the software driver.