Abstract: Some embodiments provide a method for an end machine, that implements a distributed application, to redirect new network connection requests to other end machines that also implement the distributed application. The method receives a set of measurement data from a set of resources of the end machine and determines whether a measurement data received from a particular resource has exceeded a threshold. When the measurement data has exceeded the threshold, the method notifies a load balancer that balances new requests for connection to the distributed application between the end machines. The notification causes the load balancer not to send any new connection request to the end machine and redirect them to other end machines.

Abstract: A management service can be used to manage enterprise applications. Management agents can be installed in each enterprise application, e.g., in each virtual machine of each enterprise application. The management agent can check each process created by its host virtual machine against a local whitelist. If the local whitelist indicates the process is safe, the process can be executed. Otherwise, an alert including a process description is sent to the management service. An alert analyzer of t he management service can check information of the management service itself as well as third-party information to determine whether or not the process is safe. In the event the alert analyzer determines a process that was the subject of an alert is, in fact, safe, an indication that the process is safe is added to the local whitelist.

Abstract: Described herein are systems, methods, and software to enhance packet . In one implementation, a host computing element identifies a packet from a process executing on the host computing element. In response to identifying the packet, the host computing element determines whether the packet originates from a container namespace corresponding to a container on the host computing element or a host namespace corresponding to the host computing element. If the packet originates from a container namespace, the host computing element may determine supplemental information for the container associated with the container namespace, and process the packet based on the supplemental information.

Abstract: A distributed computer system and method for managing secret information for virtual entities in the distributed computer system utilizes multiple secret storage service entities to provide secret information to a virtual entity to be hosted in a host computer in the distributed computer system. At least one piece of the secret information for the virtual entity is distributed to the multiple secret storage service entities to provide the secret information to the virtual entity using the at least one piece of the secret information from one of the multiple secret storage service entities.

Abstract: Certain embodiments described herein are generally directed to systems and methods for preventing access to files on a virtual machine. One example method involves receiving network information associated with a network connection opened at the virtual machine and determining a process that opened the network connection. The method further involves receiving information indicative of a file access event attempted at the virtual machine and determining the process that opened the network connection initiated the file access event . The method further involves transmitting information indicative of the file access event and the network connection to a security virtual machine and receiving an enforcement decision for the file access event from the security virtual machine based on the information indicative of the file access event and the network connection. The method further involves applying the enforcement decision to either allow or prevent the file access event by the process.

Abstract: Some embodiments provide a method for an end machine, that implements a distributed application, to redirect new network connection requests to other end machines that also implement the distributed application. The method receives a set of measurement data from a set of resources of the end machine and determines whether a measurement data received from a particular resource has exceeded a threshold. When the measurement data has exceeded the threshold, the method notifies a load balancer that balances new requests for connection to the distributed application between the end machines. The notification causes the load balancer not to send any new connection request to the end machine and redirect them to other end machines.

Abstract: Some embodiments provide a method for preventing stressed end machines from being scanned for security check on a host machine that executes several different end machines scheduled to be scanned for security check. The method collects, at one of the end machines, a set of measurement data from a set of resources of the end machine. The method then determines whether a measurement data collected from a particular resource has exceeded a threshold. When the measurement data has exceeded the threshold, the method tags the end machine as a stressed machine so that the end machine will not participate in any future security check scans.

Abstract: A method and system for providing a connected sales associate service application via a mobile device. The application provides for an integrated platform upon which various tools for providing support to a sales associate are built. The application includes a database of information regarding the sales associates and operational information regarding a retail establishment, and provides a user interface for allowing the sales associate to access a central server for the retail establishment along with multiple additional sales associates on multiple additional mobile devices. The user interface enables the store associate to initialize and conduct VoIP calls with any of the other additional sales associates through each of their respective mobile devices. In addition, stationary user interfaces can be positioned throughout the store to enable customers to request assistance from sales associates.

Abstract: Some embodiments provide a novel method for authorizing network requests for a machine in a network. In some embodiments, the method is performed by security agents that execute on virtual machines operating on a host machine. In some embodiments, the method captures a network request (e.g., network control packets, socket connection request, etc.) from a primary application executing on the machine. The method identifies an extended context for the network request and determines whether the network request is authorized based on the extended context. The method then processes the network request according to the determination. The extended context of some embodiments includes identifications for primary and secondary applications associated with the network request. Alternatively, or conjunctively, some embodiments include identifications for primary and secondary users associated with the network request.

Abstract: Some embodiments provide a novel method for authorizing network requests for a machine in a network. In some embodiments, the method is performed by security agents that execute on virtual machines operating on a host machine. In some embodiments, the method captures a network request (e.g., network control packets, socket connection request, etc.) from a primary application executing on the machine. The method identifies an extended context for the network request and determines whether the network request is authorized based on the extended context. The method then processes the network request according to the determination. The extended context of some embodiments includes identifications for primary and secondary applications associated with the network request. Alternatively, or conjunctively, some embodiments include identifications for primary and secondary users associated with the network request.

Abstract: A method and system for providing a connected sales associate service application via a mobile device. The application provides for an integrated platform upon which various tools for providing support to a sales associate are built. The application includes a database of information regarding the sales associates and operational information regarding a retail establishment, and provides a user interface for allowing the sales associate to access a central server for the retail establishment along with multiple additional sales associates on multiple additional mobile devices. The user interface enables the store associate to initialize and conduct VoIP calls with any of the other additional sales associates through each of their respective mobile devices. In addition, stationary user interfaces can be positioned throughout the store to enable customers to request assistance from sales associates.

Abstract: The present invention relates to processes for the preparation of Phosphatidylinositol 3-Kinase Inhibitor (PI3K) compound of formula-1 via novel intermediates (I).

Abstract: Some embodiments provide a system that detects whether a data flow is an elephant flow; and if so, the system treats it differently than a mouse flow. The system of some embodiments detects an elephant flow by examining, among other items, the operations of a machine. In detecting, the system identifies an initiation of a new data flow associated with the machine. The new data flow can be an outbound data flow or an inbound data flow. The system then determines, based on the amount of data being sent or received, if the data flow is an elephant flow. The system of some embodiments identifies the initiation of a new data flow by intercepting a socket call or request to transfer a file.

Abstract: A method for estimating shock performance of a vehicle using a mobile communication device. Acceleration data is received from one or more motion sensors of the mobile communication device over a period of time while the mobile communication device is placed on a portion of the vehicle and forced vibration is given to a suspension of the vehicle. The received acceleration data is processed to estimate a performance of the shock. The estimated performance of the shock is displayed on a display of the mobile communication device.

Abstract: Some embodiments provide a system that detects whether a data flow is an elephant flow; and if so, the system treats it differently than a mouse flow. The system of some embodiments detects an elephant flow by examining, among other items, the operations of a machine. In detecting, the system identifies an initiation of a new data flow associated with the machine. The new data flow can be an outbound data flow or an inbound data flow. The system then determines, based on the amount of data being sent or received, if the data flow is an elephant flow. The system of some embodiments identifies the initiation of a new data flow by intercepting a socket call or request to transfer a file.

Abstract: Some embodiments provide a novel method for monitoring network requests from a machine. The method captures the network request at various layers of a protocol stack. At a first layer of a protocol stack, the method tags a packet related to the network request with a tag value, maps the tag value to a set of tuples associated with the packet, and sends a first set of data related to the packet to a security engine. At a second layer of the protocol stack, the method determines whether the packet has been modified through the protocol stack, and sends an updated second set of data to the security engine when the packet has been modified.

Abstract: A distributed computer system and method for managing secret information for virtual entities in the distributed computer system utilizes multiple secret storage service entities to provide secret information to a virtual entity to be hosted in a host computer in the distributed computer system. At least one piece of the secret information for the virtual entity is distributed to the multiple secret storage service entities to provide the secret information to the virtual entity using the at least one piece of the secret information from one of the multiple secret storage service entities.

Abstract: Some embodiments provide a method for an end machine, that implements a distributed application, to redirect new network connection requests to other end machines that also implement the distributed application. The method receives a set of measurement data from a set of resources of the end machine and determines whether a measurement data received from a particular resource has exceeded a threshold. When the measurement data has exceeded the threshold, the method notifies a load balancer that balances new requests for connection to the distributed application between the end machines. The notification causes the load balancer not to send any new connection request to the end machine and redirect them to other end machines.

Abstract: Some embodiments provide a method for preventing stressed end machines from being scanned for security check on a host machine that executes several different end machines scheduled to be scanned for security check. The method collects, at one of the end machines, a set of measurement data from a set of resources of the end machine. The method then determines whether a measurement data collected from a particular resource has exceeded a threshold. When the measurement data has exceeded the threshold, the method tags the end machine as a stressed machine so that the end machine will not participate in any future security check scans.

Abstract: Some embodiments of the invention provide a method for performing network access filtering and/or categorization through guest introspection (GI) on a device. In some embodiments, this GI method intercepts directly on a device a data message that device is preparing to send, and uses a service appliance to determine whether the data message can be sent. The device in some embodiments is a guest virtual machine (VM) that executes on a multi-VM host computing device along with a service VM (SVM) that is the service appliance that determines whether the data message can be sent based on a set of filtering rules. In some embodiments, the method uses one or more introspectors (e.g., network introspector and/or file introspector) to capture introspection data from the guest VM (GVM) about the data message that the GVM is preparing to send. To perform the network access filtering, the GI method in some embodiments captures contextual information, such as user and application information (e.g.