Abstract: The disclosed computer-implemented method for running applications on a multi-tenant container platform may include (1) receiving, at a host administrator service on a container host computing device and via a host administrator service socket handle, a request for a privileged operation from an application running in a non-privileged container, (2) performing, based on a user identifier of the application, a security check of a user associated with the application, (3) comparing, when the security check results in approval, a process identifier of the requested privileged operation against a whitelist of permitted operations to determine the requested privileged operation is permissible, and (4) initiating running, when the requested privileged operation is permissible, the requested privileged operation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed herein are methods, systems, and processes to secure internal services in a distributed computing environment. A service packet that includes a service call from a source appliance is intercepted at a server. A determination is made that the service call is for an internal service provided by the source appliance and includes client information with client process properties. The service packet is demultiplexed. A determination is made that rule attributes associated with the internal service match the client process properties. The client information is removed from the service packet and the service call is forwarded to the server.

Abstract: Disclosed herein are methods, systems, and processes to perform input/output (I/O) fencing without dedicated arbitrators. A coordination storage identifier is stored in a storage device as metadata. The coordination storage identifier is associated with a node of a cluster coupled to the storage device, and an I/O fencing operation is performed using the coordination storage identifier.

Abstract: Disclosed herein are methods, systems, and processes to secure internal services in a distributed computing environment. A service packet that includes a service call from a source appliance is intercepted at a server. A determination is made that the service call is for an internal service provided by the source appliance and includes client information with client process properties. The service packet is demultiplexed. A determination is made that rule attributes associated with the internal service match the client process properties. The client information is removed from the service packet and the service call is forwarded to the server.

Abstract: The present disclosure relates to the use MNK-specific inhibitors to inhibit immunosuppression components, such as immune checkpoint proteins PD-1, PD-L1, LAG3, and/or immunosuppressive cytokines, such as IL-10, in order to inhibit or release immune suppression in certain diseases, such as cancer and infectious disease.

Abstract: A system and method is provided for generating an optimized ship schedule to deliver liquefied natural gas (LNG) from one or more LNG liquefaction terminals to one or more LNG regasification terminals using a fleet of ships. The method involves modeling the ship schedule via an LNG ship scheduling model and a LNG ship rescheduling model to provide optimized decisions for the LNG supply chain. The LNG supply chain includes the one or more LNG liquefaction terminals, the one or more LNG regasification terminals, and the fleet of ships.

Abstract: A system and method is provided for generating an optimized ship schedule to deliver liquefied natural gas (LNG) from one or more LNG liquefaction terminals to one or more LNG regasification terminals using a fleet of ships. The method involves modeling the ship schedule via an LNG ship scheduling model and a LNG ship rescheduling model to provide optimized decisions for the LNG supply chain. The LNG supply chain includes the one or more LNG liquefaction terminals, the one or more LNG regasification terminals, and the fleet of ships.

Abstract: A system and method for efficiently accessing Web resources. A directory service and an authentication service may be used to determine whether a login session attempt on a deployed device is successful. At least one deployed device in a system receives credentials from a user during a login request and requests authorization using the received credentials for both a login session and for accessing Web resources. The device sends the authorization request to Web services on a server hosting the Web resources. The Web services interact with an authentication service to verify authentication for the user. The device receives an access token upon verification for authorization for the given user and securely stores it. When a client program executing on the device requests access to the Web resources, the device sends an access request with a copy of the stored access token to the server hosting the Web resources.

Abstract: The disclosed computer-implemented method for updating containers may include (i) identifying an application container that is instantiated from a static application container image, (ii) identifying ancillary code that is designed to modify execution of the application executing in the application container, (iii) packaging the ancillary code into a data volume container image to be deployed to the host system that hosts the application container, (iv) discovering, by the application container, a data volume container instantiated from the data volume container image on the host system, and (v) modifying, by the application container, the execution of the application executing in the application container with the ancillary code, without modifying the static application container image, at least in part by instantiating the application container with a pointer to the location of the data volume container that contains the ancillary code.

Abstract: The present disclosure relates to the use MNK-specific inhibitors to inhibit immunosuppression components, such as immune checkpoint proteins PD-1, PD-L1, LAG3, and/or immunosuppressive cytokines, such as IL-10, in order to inhibit or release immune suppression in certain diseases, such as cancer and infectious disease.

Abstract: The disclosed computer-implemented method for managing containerized applications in a flexible appliance platform may include (1) receiving a request to perform an operation that manages a life cycle of a containerized application, (2) accessing management data for the containerized application, (3) determining, based on the management data, application requirements associated with the requested operation that manages the life cycle of the containerized application, and (4) performing the operation that manages the life cycle of the containerized application based on the application requirements, where the operation is performed without making changes to the containerized application and without user intervention. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed herein are methods, systems, and processes to secure internal services in a distributed computing environment. A service packet that includes a service call from a source appliance is intercepted at a server. A determination is made that the service call is for an internal service provided by the source appliance and includes client information with client process properties. The service packet is demultiplexed. A determination is made that rule attributes associated with the internal service match the client process properties. The client information is removed from the service packet and the service call is forwarded to the server.

Abstract: The disclosed computer-implemented method for running applications on a multi-tenant container platform may include (1) receiving, at a host administrator service on a container host computing device and via a host administrator service socket handle, a request for a privileged operation from an application running in a non-privileged container, (2) performing, based on a user identifier of the application, a security check of a user associated with the application, (3) comparing, when the security check results in approval, a process identifier of the requested privileged operation against a whitelist of permitted operations to determine the requested privileged operation is permissible, and (4) initiating running, when the requested privileged operation is permissible, the requested privileged operation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods are provided for valuation and validation of options and opportunities in planning and operations for a liquefied natural gas project or portfolio of projects. The systems and methods use at least one of a supply chain design model, a shipping simulation model, a ship scheduling model, and an optionality planning model to make valuation and validation decisions.

Abstract: The disclosed computer-implemented method for updating containers may include (i) identifying an application container that is instantiated from a static application container image, (ii) identifying ancillary code that is designed to modify execution of the application executing in the application container, (iii) packaging the ancillary code into a data volume container image to be deployed to the host system that hosts the application container, (iv) discovering, by the application container, a data volume container instantiated from the data volume container image on the host system, and (v) modifying, by the application container, the execution of the application executing in the application container with the ancillary code, without modifying the static application container image, at least in part by instantiating the application container with a pointer to the location of the data volume container that contains the ancillary code.

Abstract: Disclosed herein are methods, systems, and processes to perform input/output (I/O) fencing without dedicated arbitrators. A coordination storage identifier is stored in a storage device as metadata. The coordination storage identifier is associated with a node of a cluster coupled to the storage device, and an I/O fencing operation is performed using the coordination storage identifier.

Abstract: A method is disclosed for developing a long-term strategy for allocating a supply of liquefied natural gas (LNG) while adhering to limitations of available shipping capacity An LNG market is modeled using one or more optimization models. The LNG market includes at least one buyer of LNG, at least one seller of LNG, and at least one means of transporting LNG. A plurality of inputs relevant to the LNG market are accepted. The inputs are configured to be input into the optimization models. One or more solution algorithms are interfaced with the optimization models. The optimization models are run using the interfaced solution algorithms to identify potential options in the LNG market. Uncertainty is accounted for in the identified potential options. The identified potential options are outputted.

Abstract: A system and method for efficiently establishing a secure shell connection for accessing Web resources. A user attempts to establish a secure Hypertext Transfer Protocol (HTTP) session between a client computing device and a remote storage device. The storage device redirects the Web browser of the client computing device to a single sign-on (SSO) third-party identity provider for authorizing the user. After successful authorization, the client computing device receives information to use to maintain a secure HTTP session. This information is stored on the storage device. The user attempts to establish a text-based secure shell session. The user is not prompted for login credentials. However, the user is authenticated using the previously stored information and a text-based secure shell session is established.

Abstract: Disclosed herein are methods, systems, and processes to secure internal services in a distributed environment. A service call initiated by a client process of a client is intercepted. In this example, the service call is a request for an internal service provided by a server deployed in a target appliance. The client is deployed in a source appliance. The service call includes an identifier, and the identifier identifies the internal service. If one or more rules are specified for the identifier, a service packet is generated by multiplexing client information associated with the client process as well as information in the service call. The service packet is forwarded to the target appliance.

Abstract: A system and method for efficiently obtaining user configuration information for a given device. Multiple devices are deployed in an environment and may be storage appliances. A directory service and an authentication service may be used to determine whether a login session attempt on a deployed device is successful. An identity and access manager (IAM) is used to for this determination and to communicate with the directory service and the authentication service. A device of the one or more of the deployed devices does not store user configuration information. Responsive to an attempted login by a user, the device mimics the existence of the user and generates a request for directory lookup and authentication for the user which is conveyed to an external device. If a positive response is received in response to the request, the user is permitted to login to the device and a session is created for the user.