Abstract: Hybrid encryption of imported key material is provided. A request to import key material is received from a user system. In response to the request, two public keys are sent to the user system. The two public keys include a classical cryptography (CC) public key and a quantum-safe cryptography (QSC) public key. At least one public key of the two public keys is retrieved from a hardware security module (HSM). Hybrid-encrypted key material is received from the user system. The hybrid-encrypted key material is key material that has been encrypted using the two public keys. The key material, at least partially encrypted by the at least one public key, is sent to the HSM.

Abstract: Systems and methods for enforcing durability of second level encryption keys by a key management system (KMS) are provided. In embodiment, a method includes: receiving a first request to encrypt a first level key, the request including the first level key and a second level key identification associated with a stored encrypted second level key; determining that a durability check of the encrypted second level key is required based on the request; determining a durability status of the encrypted second level key by comparing actual storage of the encrypted second level key in one or more storage locations with predetermined storage rules for a durability level of the encrypted second level key, wherein the durability status indicates that the storage of the encrypted second level key complies with the durability level; and sending a notification regarding the durability status to the data storage service.

Abstract: Hybrid encryption of imported key material is provided. A request to import key material is received from a user system. In response to the request, two public keys are sent to the user system. The two public keys include a classical cryptography (CC) public key and a quantum-safe cryptography (QSC) public key. At least one public key of the two public keys is retrieved from a hardware security module (HSM). Hybrid-encrypted key material is received from the user system. The hybrid-encrypted key material is key material that has been encrypted using the two public keys. The key material, at least partially encrypted by the at least one public key, is sent to the HSM.

Abstract: Post quantum secure network communication is provided. The process comprises sending, by a client in a first computing cluster, an outbound message to a quantum safe cryptographic (QSC) proxy server in the first computing cluster, wherein the outbound message is addressed to a target server in a second computing cluster. The QSC proxy server initiates a QSC transport layer security (TLS) connection with an ingress controller in the second computing cluster, wherein the ingress controller comprises a QSC algorithm. The QSC proxy server transfers the message to the ingress controller via the QSC TLS connection, and the ingress controller routes the message to the target server in the second computing cluster via a non-QSC connection.

Abstract: Methods and systems for unified HSM and key management services are disclosed. According to certain embodiments, an encryption service request is issued by a client instance to a key management service (KMS) logic in a KMS cloud instance. The KMS logic parses the request to verify authorization for the request, identify the instance ID, and provide additional information to the request needed by hardware security management (HSM) middleware and hardware. A router receives the request from the KMS logic and routes the request to a service based on the instance ID, that transfers the request to HSM middleware. The HSM middleware parses HSM type from the request, translates the request to HSM vendor-specific instructions and routes the translated request to an HSM. The HSM according to certain embodiments is in a cloud computing environment separate from the KMS cloud instance, and in some embodiments the HSM is on-prem at a physical client site.

Abstract: Methods and systems for unified HSM and key management services are disclosed. According to certain embodiments, an encryption service request is issued by a client instance to a key management service (KMS) logic in a KMS cloud instance. The KMS logic parses the request to verify authorization for the request, identify the instance ID, and provide additional information to the request needed by hardware security management (HSM) middleware and hardware. A router receives the request from the KMS logic and routes the request to a service based on the instance ID, that transfers the request to HSM middleware. The HSM middleware parses HSM type from the request, translates the request to HSM vendor-specific instructions and routes the translated request to an HSM. The HSM according to certain embodiments is in a cloud computing environment separate from the KMS cloud instance, and in some embodiments the HSM is on-prem at a physical client site.

Abstract: Systems and methods for enforcing durability of second level encryption keys by a key management system (KMS) are provided. In embodiment, a method includes: receiving a first request to encrypt a first level key, the request including the first level key and a second level key identification associated with a stored encrypted second level key; determining that a durability check of the encrypted second level key is required based on the request; determining a durability status of the encrypted second level key by comparing actual storage of the encrypted second level key in one or more storage locations with predetermined storage rules for a durability level of the encrypted second level key, wherein the durability status indicates that the storage of the encrypted second level key complies with the durability level; and sending a notification regarding the durability status to the data storage service.

Abstract: According to one aspect of the present disclosure, a method and technique for hybrid virtual machine configuration management is disclosed. The method includes assigning to a first set of virtual resources associated with a virtual machine a first priority and assigning to a second set of virtual resources associated with the virtual machine a second priority lower than the first priority. An operating system of the virtual machine is provided with the first and second priorities assigned to the respective first and second sets of virtual resources. The operating system dispatches to process a workload the virtual resources from the first set before dispatching the virtual resources from the second set.

Abstract: In a load balancing environment, a method, system, and computer program product may balance workloads by deploying one or more applications, defining a priority for a first application of the one or more applications, assigning a set of dynamic resources to the first application, configuring a set of burst reserves for the first application, configuring a schedule for the priority for the first application, configuring an elastic load balancer to manage the workload of the first application according to the priority and scheduling using the set of dynamic resources and burst reserves, and executing the one or more applications.

Abstract: In a load balancing environment, a method, system, and computer program product may balance workloads by deploying one or more applications, defining a priority for a first application of the one or more applications, assigning a set of dynamic resources to the first application, configuring a set of burst reserves for the first application, configuring a schedule for the priority for the first application, configuring an elastic load balancer to manage the workload of the first application according to the priority and scheduling using the set of dynamic resources and burst reserves, and executing the one or more applications.

Abstract: According to one aspect of the present disclosure, a method and technique for hybrid virtual machine configuration management is disclosed. The method includes assigning to a first set of virtual resources associated with a virtual machine a first priority and assigning to a second set of virtual resources associated with the virtual machine a second priority lower than the first priority. An operating system of the virtual machine is provided with the first and second priorities assigned to the respective first and second sets of virtual resources. The operating system dispatches to process a workload the virtual resources from the first set before dispatching the virtual resources from the second set.

Abstract: According to one aspect of the present disclosure, a method and technique for hybrid virtual machine configuration management is disclosed. The method includes: assigning to a first set of virtual resources associated with entitled resources of a virtual machine a first priority; assigning to a second set of virtual resources associated with the virtual machine a second priority lower than the first priority, wherein the first and seconds sets when combined exceed the entitled resources for the virtual machine; mapping the first set of virtual resources to a first physical resource of a pool of shared physical resources allocatable to the first and second sets of virtual resources, wherein the first physical resource comprises a desired affinity level to a second physical resource allocated to the virtual machine; and preferentially allocating the first physical resource to the first set of virtual resources.

Abstract: Mechanisms are provided for dynamically adjusting assignment of software threads to hardware threads in virtual machine (VM) environments. The mechanisms receive, by a virtual machine manager (VMM), an indication of workload priority from a plurality of VMs. The indication indicates a priority of a workload executing on each VM in the plurality of VMs. The mechanisms provide, by the VMM, an indication of physical resource usage to each VM. The indication of physical resource usage is an indication of physical resource usage across all VMs in the plurality of VMs. The mechanisms automatically adjust, by each VM, assignment of corresponding software threads to hardware threads based on the indication of physical resource usage and a priority of a workload executing on the VM to achieve a balance of usage of hardware threads across all VMs in the plurality of VMs.

Abstract: Mechanisms are provided for dynamically adjusting assignment of software threads to hardware threads in virtual machine (VM) environments. The mechanisms receive, by a virtual machine manager (VMM), an indication of workload priority from a plurality of VMs. The indication indicates a priority of a workload executing on each VM in the plurality of VMs. The mechanisms provide, by the VMM, an indication of physical resource usage to each VM. The indication of physical resource usage is an indication of physical resource usage across all VMs in the plurality of VMs. The mechanisms automatically adjust, by each VM, assignment of corresponding software threads to hardware threads based on the indication of physical resource usage and a priority of a workload executing on the VM to achieve a balance of usage of hardware threads across all VMs in the plurality of VMs.

Abstract: Techniques for estimating processor load by using queue depth information of a peripheral adapter provides processor loading information that can be used to adapt interrupt latency to improve performance in a processing system. A mathematical function of the depth of one or more queues of the adapter is compared to its historical value in order to provide an estimate of processor load. The estimated processor load can then be used to set a parameter that controls the frequency of an interrupt generator. The mathematical function may be the ratio of the transmit queue depth to the receive queue depth and the historical value may be predetermined, user-settable, obtained during a calibration interval or obtained by taking a long-term average of the mathematical function of the queue depths.

Abstract: According to one aspect of the present disclosure, a method and technique for hybrid virtual machine configuration management is disclosed. The method includes: assigning to a first set of virtual resources associated with entitled resources of a virtual machine a first priority; assigning to a second set of virtual resources associated with the virtual machine a second priority lower than the first priority, wherein the first and seconds sets when combined exceed the entitled resources for the virtual machine; mapping the first set of virtual resources to a first physical resource of a pool of shared physical resources allocatable to the first and second sets of virtual resources, wherein the first physical resource comprises a desired affinity level to a second physical resource allocated to the virtual machine; and preferentially allocating the first physical resource to the first set of virtual resources.

Abstract: A technique for determining placement fitness for partitions under a hypervisor in a host computing system having non-uniform memory access (NUMA) nodes. In an embodiment, a partition resource specification is received from a partition score requester. The partition resource specification identifies a set of computing resources needed for a virtual machine partition to be created by a hypervisor in the host computing system. Resource availability within the NUMA nodes of the host computing system is assessed to determine possible partition placement options. A partition fitness score of a most suitable one of the partition placement options is calculated. The partition fitness score is reported to the partition score requester.

Abstract: According to one aspect of the present disclosure, a method and technique for hybrid virtual machine configuration management is disclosed. The method includes: assigning to a first set of virtual resources associated with entitled resources of a virtual machine a first priority; assigning to a second set of virtual resources associated with the virtual machine a second priority lower than the first priority, wherein the first and seconds sets when combined exceed the entitled resources for the virtual machine; mapping the first set of virtual resources to a first physical resource of a pool of shared physical resources allocatable to the first and second sets of virtual resources, wherein the first physical resource comprises a desired affinity level to a second physical resource allocated to the virtual machine; and preferentially allocating the first physical resource to the first set of virtual resources.

Abstract: A technique for determining placement fitness for partitions under a hypervisor in a host computing system having non-uniform memory access (NUMA) nodes. In an embodiment, a partition resource specification is received from a partition score requester. The partition resource specification identifies a set of computing resources needed for a virtual machine partition to be created by a hypervisor in the host computing system. Resource availability within the NUMA nodes of the host computing system is assessed to determine possible partition placement options. A partition fitness score of a most suitable one of the partition placement options is calculated. The partition fitness score is reported to the partition score requester.

Abstract: A technique for determining placement fitness for partitions under a hypervisor in a host computing system having non-uniform memory access (NUMA) nodes. In an embodiment, a partition resource specification is received from a partition score requester. The partition resource specification identifies a set of computing resources needed for a virtual machine partition to be created by a hypervisor in the host computing system. Resource availability within the NUMA nodes of the host computing system is assessed to determine possible partition placement options. A partition fitness score of a most suitable one of the partition placement options is calculated. The partition fitness score is reported to the partition score requester.