Abstract: Example implementations relate to application-specific policies for failing over from an edge site to a cloud. When an application becomes operational within an edge site, a discovery phase is performed by a local disaster recovery (DR) agent. I/O associated with a workload of the application is monitored. An I/O rate for data replication that satisfies latency characteristics of the application is predicted based on the incoming I/O. Based on results of tests against multiple clouds indicative of their respective RTO/RPO values, information regarding a selected cloud to serve as a secondary system is stored in an application-specific policy. The application-specific policy is transferred to a remote DR agent running in the selected cloud. Responsive to a failover event, infrastructure within a virtualized environment of the selected cloud is enabled to support a failover workload for the application based on the application-specific policy.

Abstract: Root cause identification of a software defect includes identifying, in program code of a software feature, hedge code of the software feature based on errors induced from temporarily substituting program code of the software feature with substitute program code and obtaining an error graph for the hedge code, obtaining error logs of an application that incorporates the software feature, the error logs indicating errors with the software feature of the application, automatically generating an application error graph reflective of the errors with the software feature of the application, mapping the application error graph to the error graph for the hedge code, and based on the mapping aligning one of more errors reflected in the application error graph to error(s) reflected in the error graph for the hedge code, identifying the hedge code as inducing a root error identified in the application error graph.

Abstract: A method and system for generating real time workload balancing recommendations comprising receiving transition data, medical data, and staffing data; determining a transition probability for each of a plurality of patients; determining a predicted workload to be generated by each of the plurality of patients; simulating the predicted workload to be generated by each of the plurality of patients, the future workload for each of a plurality of units in the hospital; generating staffing recommendations; and displaying the generated staffing recommendations on a user display of the workload balancing system.

Abstract: An approach to configure enterprise wireless mobile network slices. A method includes receiving slice definition information representative of a network slice, the slice definition information including an expected slice efficiency index of the network slice, provisioning the network slice, consistent with the slice definition information, in a wireless network, receiving telemetry corresponding to operational metrics of an instance of the network slice that is used by one or more devices in the wireless network, calculating an actual slice efficiency index for the instance of the network slice based on the telemetry corresponding to the operation metrics of the instance of the network slice, determining whether the expected slice efficiency index differs from the actual slice efficiency index by a predetermined threshold, and indicating a course of action to cause the actual slice efficiency index to more closely align with the expected slice efficiency index.

Abstract: The present invention relates to a compound formula (I) and a process for preparing the same, wherein, R2, A, E, Hy, Ra, n, Q and W1 are each as defined in the description. The invention also relates to the combination and composition comprising the compound of formula (I).

Abstract: A method for performing, using a patient disposition system, a disposition analysis of a plurality of patients to optimize a discharge planning process for each of the plurality of patients, including: (i) receiving electronic medical record information about each of the plurality of patients; (ii) identifying one of a plurality of different patient types for each of the plurality of patients based on the received electronic medical record information; (iii) selecting a trained multi-state model for each identified patient type; and (iv) determining, based on the selected trained multi-state model, a disposition state for each of the plurality of patients in real-time, wherein each disposition state includes a location to which the patient is to be discharged. The method further includes determining at least one service or assessment that can be deferred to the location to which the patient is to be discharged.

Abstract: An approach to configure enterprise wireless mobile network slices. A method includes receiving slice definition information representative of a network slice, the slice definition information including an expected slice efficiency index of the network slice, provisioning the network slice, consistent with the slice definition information, in a wireless network, receiving telemetry corresponding to operational metrics of an instance of the network slice that is used by one or more devices in the wireless network, calculating an actual slice efficiency index for the instance of the network slice based on the telemetry corresponding to the operation metrics of the instance of the network slice, determining whether the expected slice efficiency index differs from the actual slice efficiency index by a predetermined threshold, and indicating a course of action to cause the actual slice efficiency index to more closely align with the expected slice efficiency index.

Abstract: Techniques are provided for automatically resizing applications. In one technique, policy data that indicates an order of multiple policies is stored. The policies include (1) a first policy that corresponds to a first computer resource and a first resizing action and (2) a second policy that is lower in priority than the first policy and that corresponds to a second resizing action and a second computer resource. Resource utilization data is received from at least one application executing in a cloud environment. Based on the order, the first policy is identified. Based on the resource utilization data, it is determined whether criteria associated with the first policy are satisfied with respect to the application. If satisfied, then the first resizing action is performed with respect to the application; otherwise, based on the computer resource utilization data, it is determined whether criteria associated with the second policy are satisfied.

Abstract: Examples disclosed herein relate to systems and methods for generating and implementing a security profile. Disclosed methods may include the steps of generating a customer intent interface configured to receive input comprising a value associated with an intent parameter; receiving, via the customer intent interface, security intent information comprising the value and the intent parameter; generating a configuration file based on the security intent information; based on the configuration file, generating a security profile for a target device; and generating, by code generator framework, one or more scripts based on the security profile.

Abstract: Examples disclosed herein relate to performing an action based on a pre-boot measurement of a firmware image. In an example, at a firmware component in a system, a measurement of a firmware image may be determined prior to booting of the system, beginning from a hardware root of trust boot block, by a Trusted Platform Module (TPM) emulator engine that emulates a hardware-based TPM. A pre-determined measurement of the firmware image may be retrieved from a storage location within the system. The measurement of the firmware image may be compared with the pre-determined measurement of the firmware image prior to booting of the system. In response to a determination that the measurement of the firmware image is different from the pre-determined measurement of the firmware image, performing an action.

Abstract: Examples disclosed herein relate to approaches for securing a computing system. A management controller is to monitor a plurality of parameters of monitored controllers. The management controller provides each of the controllers a key to update the parameters. The management controller includes a representation of the parameters. A current version of one of the parameters is received from one of the monitored controllers. It is determined whether an unauthorized modification occurred to the current version of the first parameter using the representation.

Abstract: A system includes a light emitter attached to a destination chamber, the light emitter to emit a collimated light beam across an entrance to the destination chamber. The system includes an end effector attached to a distal end of an arm of a robot. The system includes a two-dimensional (2D) area sensor disposed on the end effector at a location that coincides with the collimated light beam while the end effector reaches within the destination chamber. The 2D area sensor is to detect a location of the collimated light beam incident on a surface of the 2D area sensor and transmit, to a controller coupled to the robot, sensing data including the location.

Abstract: Aspects of vulnerability scanning are disclosed. In one example, configuration and context information of a first device for which vulnerability scanning is to be performed is obtained. The configuration information includes telemetry data of the first device. A second device is provisioned based on the configuration information to create a cloned first device. The vulnerability scanning is performed on the cloned first device based on the context information to obtain a scan report.

Abstract: In an example, a first metadata tag and a second metadata tag are added to first Personally Identifiable Information (PII) of a first user handled by a first application. The first PII is to be part of call home data captured from a hosting system. The first metadata tag may be indicative of security rules to be complied with for the first application and the second metadata tag may be indicative of security rules to be complied with for the first user. The first PII, the first metadata tag, and the second metadata tag may be protected and transmitted to a data processing center. The transmission may be in response to a determination to transmit the call home data.

Abstract: Sequences of computer network log entries indicative of a cause of an event described in a first type of entry are identified by training a long short-term memory (LSTM) neural network to detect computer network log entries of a first type. The network is characterized by a plurality of ordered cells Fi=(xi, ci-1, hi-1) and a final sigmoid layer characterized by a weight vector wT. A sequence of log entries xi is received. An hi for each entry is determined using the trained Fi. A value of gating function Gi(hi, hi-1)=II (wT(hi?hi-1)+b) is determined for each entry. II is an indicator function, b is a bias parameter. A sub-sequence of xi corresponding to Gi(hi, hi-1)=1 is output as a sequence of entries indicative of a cause of an event described in a log entry of the first type.

Abstract: Cloud services are often implemented as instances of applications having one or more components running on the nodes (e.g., host computers or servers) of a data center. Network services are thereby provided to a workload that uses the network resources of network interface devices (e.g., a NIC, switch, or router). The workload is a first instance of an application. The network interface devices can produce resource usage measurements of usage metrics that quantify usage of the network resources by the workload. The resource measurements can be used to produce an application network profile of the application. The application network profile can be used to select at least one of a plurality of nodes on which a second instance of the application is launched.

Abstract: Cloud services are often implemented as instances of applications having one or more components running on the nodes (e.g., host computers or servers) of a data center. Network services are thereby provided to a workload that uses the network resources of network interface devices (e.g., a NIC, switch, or router). The workload is a first instance of an application. The network interface devices can produce resource usage measurements of usage metrics that quantify usage of the network resources by the workload. The resource measurements can be used to produce an application network profile of the application. The application network profile can be used to select at least one of a plurality of nodes on which a second instance of the application is launched.

Abstract: A method includes accessing an input representing a software component list for a software product. The software component list contains information for a given software component. The method includes accessing a knowledge base to determine security level parameters and trust parameters for the given software component based on the information. A security level of the given software component is determined based on an evaluation of the security level parameters. A trust of a source of the given software component is determined based on an evaluation of the trust parameters. The method includes determining a security context of the software product. Based on the security level, the trust and the security context, the method includes providing a recommendation for the given software component.

Abstract: The disclosed embodiments provide a system for processing data. During operation, the system receives records of activity within a stream-processing system over a set of event streams, wherein each event stream in the set of event streams contains events related to a corresponding job in the stream-processing system. Next, the system indexes data in the records under a set of keys that include a first key related to jobs in the stream-processing system and a second key related to errors in the stream-processing system. The system then outputs the indexed data for use in analyzing the execution of the stream-processing system.

Abstract: A method including receiving, from a mobile device, a medical data indicative of one or more vital signs for a user of the mobile device, is provided. The vital signs include one of a body temperature, a pulse oximetry value, and a respiratory rate value, wherein the medical data includes a blood pressure value derived from one or more vital signs from the user. The method also includes finding a medical condition of the user based on the medical data; adding the medical data to a group data including vital signs for multiple users; and transmitting the medical condition to a second user, for treatment. A non-transitory, computer readable medium storing instructions and a system configured to perform the above method are also provided.