Abstract: Methods, computer program products, computer systems, and the like are disclosed that provide for scalable deduplication in an efficient and effective manner. For example, such methods, computer program products, and computer systems can include determining whether a source data store and a replicated data store are unsynchronized and, in response to a determination that the source data store and the replicated data store are unsynchronized, performing a resynchronization operation. The source data stored in the source data store is replicated to replicated data in the replicated data store. The resynchronization operation resynchronizes the source data and the replicated data.

Abstract: The current document is directed to automated methods and systems that monitor system-call execution by operating systems in order to detect operating-system corruption. A disclosed implementation of the currently disclosed automated system-call-integrity monitor generate operational system-call fingerprints for randomly selected system calls executed by guest operating systems of randomly selected virtual machines and compares the operational system-call fingerprints to reference system-call fingerprints in order to detect operational anomalies of guest operating systems that are likely to represent guest-operating-system corruption. In disclosed implementations, a system-call fingerprint includes a system-call execution time, the number of instructions executed during execution of the system call, and a snapshot of the call stack taken during execution of the system call.

Abstract: The current document is directed to automated methods and systems that monitor system-call execution by operating systems in order to detect operating-system corruption. A disclosed implementation of the currently disclosed automated system-call-integrity monitor generate operational system-call fingerprints for randomly selected system calls executed by guest operating systems of randomly selected virtual machines and compares the operational system-call fingerprints to reference system-call fingerprints in order to detect operational anomalies of guest operating systems that are likely to represent guest-operating-system corruption. In disclosed implementations, a system-call fingerprint includes a system-call execution time, the number of instructions executed during execution of the system call, and a snapshot of the call stack taken during execution of the system call.

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: An in-guest agent in a virtual machine (VM) operates in conjunction with a replication module. The replication module performs continuous data protection (CDP) by saving images of the VM as checkpoints at a disaster recovery site over time. Concurrently, the in-guest agent monitors for behavior in the VM that may be indicative of the presence of malicious code. If the in-guest agent identifies behavior (at a particular point in time) at the VM that may be indicative of the presence of malicious code, the replication module can tag a checkpoint that corresponds to the same particular point in time as a security risk. One or more checkpoints generated prior to the particular time may be determined to be secure checkpoints that are usable for restoration of the VM.

Abstract: Computer-implemented methods, media, and systems for providing container security manageability are disclosed. In one computer-implemented method, a host device connected to a cloud server detects an event of a plurality of events generated by a plurality of containers hosted in the host device. The host device identifies container context data of the event, associates the container context data with the event, sends the container context data to the cloud server for security analysis. The host device receives, from the cloud server, security rules based on the security analysis and implements the security rules.

Abstract: A method and system for data consistency across failure and recovery of infrastructure. In one embodiment of the method, copies of first data blocks stored in a source memory are sent to a target site via a data link. While sending one or more of the copies of the first data blocks to the target site, source hashes for second data blocks stored in the source memory are calculated, wherein the first data blocks are distinct from the second data blocks. While sending one or more of the copies of the first data blocks to the target site, target hashes of data blocks stored in a target memory of the target site are received. While sending one or more of the copies of the first data blocks to the target site, the source hashes are compared with the target hashes, respectively. After sending the first data blocks to the target site via the data link, copies of only those second data blocks are sent to the target site with source hashes that do not compare equally with respective target hashes.

Abstract: A method and system for data consistency across failure and recovery of infrastructure. In one embodiment of the method, copies of first data blocks stored in a source memory are sent to a target site via a data link. While sending one or more of the copies of the first data blocks to the target site, source hashes for second data blocks stored in the source memory are calculated, wherein the first data blocks are distinct from the second data blocks. While sending one or more of the copies of the first data blocks to the target site, target hashes of data blocks stored in a target memory of the target site are received. While sending one or more of the copies of the first data blocks to the target site, the source hashes are compared with the target hashes, respectively. After sending the first data blocks to the target site via the data link, copies of only those second data blocks are sent to the target site with source hashes that do not compare equally with respective target hashes.

Abstract: Some embodiments of the invention provide a method for deploying machines for users in a software-defined datacenter (SDDC). The method in some embodiments is performed by a host computer that executes one or more machines. The method formulates a prediction regarding a particular user that is likely to log into a particular machine (e.g., virtual machine (VM), Pod, container, etc.) executing on a host computer of the SDDC in a future time period. Before the user logs into the particular machine, the method pre-fetches from a server a set of rules for a set of network elements that will process data messages associated with the machine after the particular user starts using the particular machine. The method uses the pre-fetched set of rules to configure the set of network elements to process data messages from the particular machine when the particular user logs into the machine during the time period.

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: Methods, computer program products, computer systems, and the like are disclosed that provide for scalable deduplication in an efficient and effective manner. For example, such methods, computer program products, and computer systems can include determining whether a source data store and a replicated data store are unsynchronized and, in response to a determination that the source data store and the replicated data store are unsynchronized, performing a resynchronization operation. The source data stored in the source data store is replicated to replicated data in the replicated data store. The resynchronization operation resynchronizes the source data and the replicated data.

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: Methods, computer program products, computer systems, and the like are disclosed that provide for scalable deduplication in an efficient and effective manner. For example, such methods, computer program products, and computer systems can include determining whether a source data store and a replicated data store are unsynchronized and, in response to a determination that the source data store and the replicated data store are unsynchronized, performing a resynchronization operation. The source data stored in the source data store is replicated to replicated data in the replicated data store. The resynchronization operation resynchronizes the source data and the replicated data.

Abstract: Disclosed herein are methods, systems, and processes for migration between storage tiers. Such a method, for example, can include extracting one or more characteristics of a replication workload, determining one or more storage costs of each storage tier of a plurality of storage tiers (where the one or more storage costs are determined for the replication workload and the one or more storage costs are determined based, at least in part, on the one or more characteristics), identifying one or more storage tiers of the plurality of storage tiers (where the identifying is based, at least in part, on the one or more storage costs), and migrating at least a portion of the replication workload from a target storage unit in an initial storage tier to a storage unit in the one or more storage tiers.

Abstract: The disclosed computer-implemented method for managing replication of data to a remote storage device may include (1) maintaining a first bitmap and a second bitmap storing data acknowledging persistence of target data, respectively, at source and target gateways, where the target gateway serves the remote storage device, (2) sending replication data from a computing device to the source gateway, (3) setting a bit in the first bitmap, where the set bit corresponds to the replication data sent to the source gateway, (4) receiving a first acknowledgement indicating the source gateway received the replication data, (5) copying, in response to the first acknowledgement, the bit to the second bitmap, (6) clearing, in response to the first acknowledgement, the bit in the first bitmap, and (7) receiving a second acknowledgement indicating the target gateway received the replication data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed herein are methods, systems, and processes to provide and maintain data consistency during reverse replication. It is determined that a migrate operation or a reverse replication operation has been requested. Upon determining that the migrate operation or the reverse replication operation has been requested, a resynchronization identifier is set in a dirty region log (DRL) associated with a computing device that is subject to the migrate operation or the reverse replication operation. In response to the operation being the reverse replication operation, a master boot record (MBR) sector of a boot disk associated with the computing device is overwritten.

Abstract: Embodiments of the present disclosure relate to a method for preventing a service executing on a host machine from overrunning. The method receives, by the service running on the host machine, one or more packets via a data path. The method determines that the service is in or approaching an overrun state. Upon the determining, the method identifies a set of one or more virtual computing instances (VCIs) running on the host machine, and sends, via a first path different than the data path, a set of one or more signals to the set of VCIs, the one or more signals indicating to the set of VCIs to slow down transmitting network traffic via the data path.

Abstract: A system and method for automatically adjusting a learning mode duration on a virtual computing instance for an application security system extends a minimum duration of time for the learning mode duration for a guest agent running in the virtual computing instance based on a condition with respect to suspicious activities and deviations from normal behaviors detected during a fixed time interval. The guest agent is switched to a protected mode when the condition with respect to the suspicious activities and the deviations from the normal behaviors is satisfied for any fixed time interval after the minimum duration of time.

Abstract: Methods, computer program products, computer systems, and the like are disclosed that provide for scalable deduplication in an efficient and effective manner. For example, such methods, computer program products, and computer systems can include determining whether a source data store and a replicated data store are unsynchronized and, in response to a determination that the source data store and the replicated data store are unsynchronized, performing a resynchronization operation. The source data stored in the source data store is replicated to replicated data in the replicated data store. The resynchronization operation resynchronizes the source data and the replicated data.

Abstract: The disclosed computer-implemented method for replicating information with information retention systems may include (1) queueing information communicated between a virtual machine and a source storage device, (2) initiating creating a clone of the virtual machine, (3) sending update information sets, (4) inserting a flush marker into a network queue, (5) stopping the queueing of the information communicated between the virtual machine and the source storage device, (6) sending, after sending the update information sets, the flush marker via a source replication gateway to the target server computing device, (7) pausing replication of the source storage device, (8) resuming replication of the source storage device responsive to completing creating the clone of the virtual machine, and (9) sending, to the target server computing device, additional information communicated between the virtual machine and the source storage device after stopping the queueing.