Abstract: Encryption operations are securely offloaded to a network interface controller (NIC). Encryption keys are securely transferred from a virtual machine (VM) to the NIC and data is securely transferred from encrypted VM memory to secure buffers in the NIC. The NIC handles the encryption and decryption operations in hardware, greatly increasing encryption performance while not reducing security. This is especially useful in cloud server environments, so the cloud service provider does not have access to the encryption keys or the unencrypted data. The offloaded operations are performed with numerous different communication protocols, including RDMA, QUIC, IPsec underlay and WireGuard.

Abstract: Encryption operations are securely offloaded to a network interface controller (NIC). Encryption keys are securely transferred from a virtual machine (VM) to the NIC and data is securely transferred from encrypted VM memory to secure buffers in the NIC. The NIC handles the encryption and decryption operations in hardware, greatly increasing encryption performance while not reducing security. This is especially useful in cloud server environments, so the cloud service provider does not have access to the encryption keys or the unencrypted data. The offloaded operations are performed with numerous different communication protocols, including RDMA, QUIC, IPsec underlay and WireGuard.

Abstract: Encryption operations are securely offloaded to a network interface controller (NIC). Encryption keys are securely transferred from a virtual machine (VM) to the NIC and data is securely transferred from encrypted VM memory to secure buffers in the NIC. The NIC handles the encryption and decryption operations in hardware, greatly increasing encryption performance while not reducing security. This is especially useful in cloud server environments, so the cloud service provider does not have access to the encryption keys or the unencrypted data. The offloaded operations are performed with numerous different communication protocols, including RDMA, QUIC, IPsec underlay and WireGuard.

Abstract: Encryption operations are securely offloaded to a network interface controller (NIC). Encryption keys are securely transferred from a virtual machine (VM) to the NIC and data is securely transferred from encrypted VM memory to secure buffers in the NIC. The NIC handles the encryption and decryption operations in hardware, greatly increasing encryption performance while not reducing security. This is especially useful in cloud server environments, so the cloud service provider does not have access to the encryption keys or the unencrypted data. The offloaded operations are performed with numerous different communication protocols, including RDMA, QUIC, IPsec underlay and WireGuard.

Abstract: Encryption operations are securely offloaded to a network interface controller (NIC). Encryption keys are securely transferred from a virtual machine (VM) to the NIC and data is securely transferred from encrypted VM memory to secure buffers in the NIC. The NIC handles the encryption and decryption operations in hardware, greatly increasing encryption performance while not reducing security. This is especially useful in cloud server environments, so the cloud service provider does not have access to the encryption keys or the unencrypted data. The offloaded operations are performed with numerous different communication protocols, including RDMA, QUIC, IPsec underlay and WireGuard.

Abstract: Encryption operations are securely offloaded to a network interface controller (NIC). Encryption keys are securely transferred from a virtual machine (VM) to the NIC and data is securely transferred from encrypted VM memory to secure buffers in the NIC. The NIC handles the encryption and decryption operations in hardware, greatly increasing encryption performance while not reducing security. This is especially useful in cloud server environments, so the cloud service provider does not have access to the encryption keys or the unencrypted data. The offloaded operations are performed with numerous different communication protocols, including RDMA, QUIC, IPsec underlay and WireGuard.

Abstract: Methods, systems and software products for configuring a virtual port for a physical server to support packets transfer between the physical server and other network nodes over a virtual network, comprising transmitting one or more configuration Protocol Data Units (PDU) of an extended Link Layer Data Protocol (LLDP) to a Network Interface Card (NIC) of a physical server connected to a network, the configuration PDU(s) comprising one or more extension Type Length Values (TLV) defining one or more virtual network settings for a virtual network port mapping the physical server in a virtual network. The NIC is configured to deploy the virtual network port to support exchange of packets between the physical server and one or more of a plurality of nodes of the virtual network by processing outgoing and incoming packets according to one or more virtual network virtualization protocols using one or more of the virtual network settings.

Abstract: Methods, systems and software program products for configuring a virtual network port for a physical server to support packets transfer between the physical server and other network nodes in a virtual network, comprising transmitting one or more configuration Protocol Data Units (PDU) comprising extension configuration message(s) of a network management protocol to a network circuitry connecting a physical server to a network. One or more of the extension configuration message comprise one or more virtual network settings for a virtual network port mapping the physical server in a virtual network. The network circuitry is configured to deploy the virtual network port to support exchange of packets between the physical server and one or more of a plurality of nodes of the virtual network by encapsulating and de-capsulating outgoing and incoming packets according to one or more virtual network encapsulation protocols using one or more of the virtual network settings.

Abstract: Methods, systems and software products for configuring a virtual port for a physical server to support packets transfer between the physical server and other network nodes over a virtual network, comprising transmitting one or more configuration Protocol Data Units (PDU) of an extended Link Layer Data Protocol (LLDP) to a Network Interface Card (NIC) of a physical server connected to a network, the configuration PDU(s) comprising one or more extension Type Length Values (TLV) defining one or more virtual network settings for a virtual network port mapping the physical server in a virtual network. The NIC is configured to deploy the virtual network port to support exchange of packets between the physical server and one or more of a plurality of nodes of the virtual network by processing outgoing and incoming packets according to one or more virtual network virtualization protocols using one or more of the virtual network settings.

Abstract: Methods, systems and software program products for configuring a virtual network port for a physical server to support packets transfer between the physical server and other network nodes in a virtual network, comprising transmitting one or more configuration Protocol Data Units (PDU) comprising extension configuration message(s) of a network management protocol to a network circuitry connecting a physical server to a network. One or more of the extension configuration message comprise one or more virtual network settings for a virtual network port mapping the physical server in a virtual network. The network circuitry is configured to deploy the virtual network port to support exchange of packets between the physical server and one or more of a plurality of nodes of the virtual network by encapsulating and de-capsulating outgoing and incoming packets according to one or more virtual network encapsulation protocols using one or more of the virtual network settings.

Abstract: A physical host executes a virtual machine monitor (VMM) that instantiates a source virtual machine (VM). In response to the VMM receiving from the source VM a packet specifying a first destination address of a destination VM and a second destination address of a default gateway, the VMM determines whether the packet can be communicated to the destination VM without the packet being routed by the default gateway. In response to the VMM determining that the packet can be communicated to the destination VM without the packet being routed by the default gateway, the VMM forwards the packet to the destination VM such that the packet bypasses routing by the default gateway.

Abstract: A physical host executes a virtual machine monitor (VMM) that instantiates a source virtual machine (VM). In response to the VMM receiving from the source VM a packet specifying a first destination address of a destination VM and a second destination address of a default gateway, the VMM determines whether the packet can be communicated to the destination VM without the packet being routed by the default gateway. In response to the VMM determining that the packet can be communicated to the destination VM without the packet being routed by the default gateway, the VMM forwards the packet to the destination VM such that the packet bypasses routing by the default gateway.

Abstract: A physical host executes a virtual machine monitor (VMM) that instantiates a source virtual machine (VM). In response to the VMM receiving from the source VM a packet specifying a first destination address of a destination VM and a second destination address of a default gateway, the VMM determines whether the packet can be communicated to the destination VM without the packet being routed by the default gateway. In response to the VMM determining that the packet can be communicated to the destination VM without the packet being routed by the default gateway, the VMM forwards the packet to the destination VM such that the packet bypasses routing by the default gateway.

Abstract: A physical host executes a virtual machine monitor (VMM) that instantiates a source virtual machine (VM). In response to the VMM receiving from the source VM a packet specifying a first destination address of a destination VM and a second destination address of a default gateway, the VMM determines whether the packet can be communicated to the destination VM without the packet being routed by the default gateway. In response to the VMM determining that the packet can be communicated to the destination VM without the packet being routed by the default gateway, the VMM forwards the packet to the destination VM such that the packet bypasses routing by the default gateway.

Abstract: A method, computer program product, and distributed data processing system that allows a single physical I/O adapter, such as a PCI, PCI-X, or PCI-E adapter, to track performance and reliability statistics per virtual upstream and downstream port, thereby allowing a system and network management to be performed at finer granularity than what is possible using conventional physical port statistics, is provided. Particularly, a mechanism of managing per-virtual port performance metrics in a logically partitioned data processing system including allocating a subset of resources of a physical adapter to a virtual adapter of a plurality of virtual adapters is provided. The subset of resources includes a virtual port having an identifier assigned thereto. The identifier of the virtual port is associated with an address of a physical port. A metric table is associated with the virtual port, wherein the metric table includes metrics of operations that target the virtual port.

Abstract: A computer implemented method, apparatus, and computer usable program code for assuring data integrity is shown. A partition receives a request to execute an executable file from a source external to the partition. A memory region is created within the partition. The partition or service interface makes an authentication determination. The partition executes an executable file in the memory region based on the request, provided there is a positive authentication determination.

Abstract: A computer-implemented method, apparatus, and computer program product are disclosed in a data processing environment that includes host computer systems that are coupled to adapters utilizing a switched fabric for routing packets between the host computer systems and the adapters. A unique destination identifier is assigned to one of the host computer systems. A portion of a standard format packet destination address is selected. Within a particular packet, the portion is set equal to the unique identifier that is assigned to the host computer system. The particular packet is then routed through the fabric to the host computer system using the unique destination identifier.

Abstract: A computer-implemented method, apparatus, and computer usable program code are disclosed for migrating a virtual adapter from a source physical adapter to a destination physical adapter in a data processing system where multiple host computer systems share multiple adapters and communicate with those adapters through a PCI switched-fabric bus. The virtual adapter is first caused to stop processing transactions. All in-flight transactions that are associated with the virtual adapter are then captured. The configuration information that defines the virtual adapter is moved from the source physical adapter to the destination physical adapter. The in-flight transactions are then restored to their original locations on the destination virtual adapter. The virtual adapter is then restarted on the destination physical adapter such that the virtual adapter begins processing transactions.

Abstract: An audio application program is isolated from an Internet application program in a cell phone system having a processor. An operating system program, a partition manager process and the audio and Internet application programs are stored in a computer readable memory of the cell phone. The method includes executing the partition manager process, the audio application program and the Internet application program by the cell phone system processor. Executing the partition manager process includes the partition manager process controlling the audio application program executing to be associated with a first executing instance of the cell phone operating system and the Internet application program executing to be associated with a second executing instance of the cell phone operating system, so that the audio application program is isolated from the Internet application program.

Abstract: A computer-implemented method, apparatus, and computer program product are disclosed for routing error messages in a multiple host computer system environment to only those host computer systems that are affected by the error. The environment includes multiple host computer systems that share multiple devices utilizing a switched fabric. An error is detected in one of the devices. Routing tables that are stored in fabric devices in the fabric are used to identify ones of the host computer systems that are affected by the error. An error message that identifies the error is routed to only the identified ones of the host computer systems.