Abstract: Aspects of the present invention provide an approach for security handling of application code branching from requirements elicitation through the software development lifecycle (SDLC) to deployment and operation. In an embodiment, a set of security rules is collected related to a defined security policy (e.g., of an organization). During a requirements elicitation phase, any code branches which go outside of its current execution space are dynamically identified using natural language techniques. A potential gap is reported in a generated gap document when an identified code branch is not consistent with the set of security rules.

Abstract: A mainboard includes a baseboard management controller (BMC), a plurality of dual in-line memory module (DIMM) slots, and a plurality of visual indicators each associated with a respective of the plurality of DIMM slots. The BMC is adapted to determine a DIMM population rule for populating the plurality of DIMM slots based on information relating to at least one DIMM, and the visual indicators are adapted to visually indicate a DIMM slot amongst the plurality of DIMM slots to which the at least one DIMM is to be installed in accordance with the DIMM population rule.

Abstract: Loadable BIOS preset configurations are disclosed, permitting large numbers of BIOS settings to be quickly implemented through the use of hot-keys. In an in-band process, the BIOS can be updated locally by pressing a hot-key to load a preset configuration of BIOS settings. The preset configuration can be stored by accessing a BIOS setup utility, selecting updated BIOS settings, and assigning a hot-key. In an out-of-band process, a system's BIOS can be updated remotely by sending a hot-key selection to use in a subsequent boot-up via a Future BIOS Settings variable, then sending the configuration information as a UEFI variable. When the remote computer next boots, the Future BIOS Settings variable will be used to simulate a hot-key selection that will cause the system to apply the configuration information in the UEFI variable.

Abstract: Methods and devices for an automated Internet of Things (IoT) certification service to verify plug and play capabilities of one or more IoT devices for use with a cloud service provider may include receiving a device identification of an IoT device to certify with the cloud service provider. The methods and devices may include receiving a selection of one or more certification tests to perform to plug and play capabilities of the IoT device. The methods and devices may include performing the one or more certification tests. The methods and devices may include generating a device certification for the plug and play capabilities of the IoT device in response to the one or more certification tests passing.

Abstract: Disclosed herein are systems and method for deploying servers in a distributed storage to improve fault tolerance. In one aspect, an exemplary method comprises, on a hardware server, installing an OS on a virtual disk, putting the virtual disk on the distributed storage, configuring the hardware server so that at least two physical block devices of the hardware server are bootable by putting, on each physical block device of the at least two physical block devices, a boot component, and configuring the boot component on any one physical block device of the at least two physical block devices, the configuration of the boot component including enabling the boot component to perform at least one of: mounting the virtual disk as a root file system of the OS, and booting the OS from the mounted virtual disk during a booting of the hardware server.

Abstract: Transaction processing systems in accordance with aspects of the invention may process a variety of transactions. Transaction processing systems may include a transaction processing device and a distributed processing system. The transaction processing device obtains transaction requests from a variety of client devices and process the transaction requests. The distributed processing system may also obtain the transaction requests and maintain a transaction history of the transaction requests obtained and/or processed by the transaction processing device. Both the distributed processing system and the transaction processing device may send a transaction succeeded event based on the transaction being processed successfully. The transaction processing device and distributed ledger may also maintain an indication of if a particular transaction has been processed.

Abstract: Disclosed is a power management integrated circuit including dual one-time programmable memory banks and methods for controlling the same. In one embodiment, the power management integrated circuit (PMIC) includes a first one-time programmable (OTP) memory bank; a second OTP memory bank; and access control logic, communicatively coupled to the first OTP bank and the second OTP bank, the access control logic configured to: utilize the first OTP memory bank for operation of the PMIC upon detecting that the second OTP memory bank is empty, write data to the second OTP memory bank in response to a write request from a host application if the second OTP memory bank is not empty, and utilize the second OTP memory bank for operation of the PMIC upon detecting that the second OTP memory bank is not empty.

Abstract: Aspects of the disclosure can include computer-implemented methods and systems for comparing computer configuration information. The computer configuration information for a user's computer device can be monitored. Current computer configuration information for the user's computer device can be compared with previous computer configuration information for computer devices of clustered users in order to determine a best previous computer configuration information. The best previous computer configuration can be applied to the user's computer device.

Abstract: Techniques are disclosed for assessment and verification of processor configuration and settings using System Management Mode (SMM) in conjunction with a hardware root of trust (HRoT). A method may include receiving custom boot codes from a security device, the custom boot codes configured to install a security module to process a periodic System Management Interrupt (SMI), configure the periodic SMI for initiation, and configure at least one configuration register for validation in response to execution of the security module. The method may also include responsive to initiation of the configured periodic SMI, validating, using the security device, the at least one configuration register.

Abstract: An apparatus is provided which comprises: a controller to allocate, to a component, a resource budget selected from a plurality of quantization levels; and a circuitry to adaptively update the plurality of quantization levels.

Abstract: An information processing apparatus includes a control unit to execute a program, a first storage unit, a second storage unit, and an output unit. The first storage unit stores a first program to be executed by the control unit. The second storage unit stores a second program to be executed by the control unit. The output unit receives, from the control unit, a read command for reading the second program from the second storage unit. The output unit output, to the second storage unit, a corresponding command corresponding to the received read command and corresponding to an operation mode having been set to the output unit. Before transmitting, to the output unit, the read command for reading the second program from the second storage unit, the control unit sets the operation mode of the output unit according to the first program stored in the first storage unit.

Abstract: An information handling system operating a data integration protection assistance system may comprise a processor linking first and second data set field names identified within a previous execution of a data integration process for transferring a data set field value identified by the first data field name at a source geographic location to a destination geographic location for storage under the second data field name. The processor may receive a user instruction to associate data set field names labeled as sensitive private individual data with a barred geographic location, determine the second data set field name is labeled as sensitive private individual data and the destination storage location matches the barred geographic location. A graphical user interface may display a notice that the data set field value was stored during the previously executed integration process within the barred geographic location.

Abstract: A process deployment controller creates an updated image for an intermediary engine in order to execute one or more applications on a host infrastructure. The process deployment controller generates a partial image by executing source code from a template repository. The partial image provides a structure used to create an intermediary engine used with a container, which includes an application, as well as binaries and libraries required to execute the application in an infrastructure via the intermediary engine. The process deployment controller transmits an identifier of the infrastructure to a component registry; receives a component description of the infrastructure from the component registry; and uses the component description to create an updated image of the partial image. The process deployment controller, upon receiving a request for the application to run on the infrastructure, utilizes the updated image and intermediary engine to execute the application on the infrastructure.

Abstract: Systems for high-performance computing. A storage control architecture is implemented by a plurality of nodes, where a node comprises combinations of executable containers that execute in cooperation with virtual machines running above a hypervisor. The containers run in a virtual machine above a hypervisor, and/or can be integrated directly into the operating system of a host node. Sensitive information such as credit card information may be isolated from the containers in a separate virtual machine that is configured to be threat resistant, and which can be accessed through a threat resistant interface module. One of the virtual machines of the node may be a node-specific control virtual machine that is configured to operate as a dedicated storage controller for a node. One of the virtual machines of the node may be a node-specific container service machine that is configured to provide storage-related and other support to a hosted executable container.

Abstract: An electronic device includes a sensor unit, a first CPU, and a second CPU. A first management unit functioning in the first CPU manages first information related to cumulative information acquired by the sensor unit. A second management unit functioning in the second CPU manages second information related to the cumulative information. One of the first management unit and the second management unit outputs a corresponding one of the first and second information related to the cumulative information managed by the one management unit to the other management unit according to switching of an operating state of the first CPU, and the other management unit continues management of the corresponding other of the first and second information related to the cumulative information based on the corresponding one of the first and second information related to the cumulative information output from the one management unit.

Abstract: Integrated management of connected assets that utilize different technologies and that are located across disparate wireless communications networks is facilitated herein. A method can comprise evaluating, by a system comprising a processor, first data associated with a first device operable with a first computing platform and second data associated with a second device operable with a second computing platform different from the first computing platform. The method can also comprise transforming, by the system, at least a first portion of the first data and at least a second portion of the second data into third data. The third data can be compatible with the first data and the second data. Further, the method can comprise rendering, by the system, the third data as an integrated view of at least the first portion of the first data and at least the second portion of the second data.

Abstract: A system and method for booting a computer system is disclosed. Code is loaded from a minor BIOS image stored on an electrically erasable programmable read-only memory (EEPROM) to a cache of a central processing unit. The central processing unit executes the code from the minor BIOS image to initialize a system memory. A major BIOS image is accessed from a remote site via a controller. Code from the major BIOS image is loaded to the system memory. The code from the major BIOS image is executed via the central processing unit to boot an operating system.

Abstract: Apparatus and methods may include a method for using a single script framework to generate a plurality of JIL files. Each of the plurality of JIL files may be for use in one of a plurality of multiple environments. The methods may include providing, based on the jobs information, the jobs attribute values and the SQL content, parameters to create a job, update a job and/or delete a job. The providing may use an AutoSys™ jobs table. The AutoSys™ jobs table may include jobs information, jobs attribute values, and Sequel (SQL) content to be run.

Abstract: A variety of applications can include a memory device designed to perform sensing of a memory cell of a string of memory cells using a modified shielded bit line sensing operation. The modified shielded bit line sensing operation includes pre-charging a data line corresponding to the string with the string enabled to couple to the data line. The modified shielded bit line sensing operation can be implemented in a hybrid initialization routine for the memory device. The hybrid initialization routine can include a sensing read routine corresponding to an all data line configuration of data lines of the memory device and a modified sensing read routine corresponding to a shielded data line configuration of the data lines with selected strings enabled during pre-charging. A read retry routine associated with the modified sensing read routine can be added to the hybrid initialization routine. Additional devices, systems, and methods are discussed.

Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node.

Abstract: Some examples provide a non-transitory computer readable medium having instructions stored thereon and executable by a processor of a client computing device to receive, from a server computing device, a unique identifier associated with the client computing device. The instructions are executable by the processor to receive, at the client computing device, user input including a password associated with the unique identifier. The instructions are executable by the processor to send the password to the server computing device for verification. The instructions are executable by the processor to receive, from the server computing device, a data image for installing a desired operating system on the client computing device, and doing so according to a user selection received at the client computing device.

Abstract: A network element includes at least one communication port and a processor. The communication port is configured to communicate with a peer communication port of a peer network element. The processor is configured to support a full-boot mode and a fast-boot mode, to establish, by negotiation with the peer network element, whether the fast-boot mode is supported both for the communication port and for the peer communication port, and, in response to finding that the fast-boot mode is supported both for the communication port and for the peer communication port, to coordinate with the peer network element a boot of the communication port and of the peer communication port, both using the fast-boot mode.

Abstract: A method may be provided in a basic input/output system embodied in persistent memory including two data areas for storing data associated with the basic input/output system and a code area comprising firmware for performing functionality of the basic input/output system. The method may include, at any given time, designating one of the data areas as a non-transitory data area and designating the other of the data areas as a transitory data area; and for each item of data associated with the basic input/output system, determining if such item of data is non-transitory-type data or transitory-type data, storing such item of data in the non-transitory data area if such item of data is determined to be non-transitory-type data, and storing such item of data in the transitory data area if such item of data is determined to be transitory-type data.

Abstract: Zero block elimination (ZBE) and statistical accounting for reduction in storage space used in a memory component of a file system due to ZBE can be managed. During a write operation, in response to eliminating a zero block from the write operation, a data management component (DMC) can associate a zero extent with a sparse region that represents a block in the memory component where the zero block was to have been written, unless a zero extent is already associated with that block. DMC can determine a number of zero blocks eliminated from write operations due to ZBE based on the number of zero extents associated with files stored in the memory component, to facilitate determining an amount of reduction of use of storage space in the memory component, or a data reduction ratio, storage efficiency ratio, or zero reduction ratio associated with the memory component, due to ZBE.

Abstract: A method of managing access to on-demand cloud services may comprise receiving at a PCaaS cloud management service information handling system log-in credentials from a remote information handling system via a low-power wide area network communication link, executing code instructions to determine if the log-in credentials are associated with an existing subscriber, if the log-in credentials are associated with an existing subscriber whose subscription is not expired, transmitting via the wireless adapter a verification of the log-in credentials to the remote information handling system, establishing via the wireless adapter a high-speed wireless communication link with the remote information handling system, and transmitting code instructions via the wireless adapter of one or more in-band applications associated with the existing subscriber via the high-speed wireless communication link.

Abstract: Systems and methods for providing an update to a natively rendered application installed on a mobile device are provided. A method includes updating a base application with a unique tailored solution for each client that has created its own unique tailored solution. The method further includes storing, for each client that has created its own unique tailored solution, the base application with its unique tailored solution, as separate versions of the base application in a storage system. The method further includes adding common additional code to each of the separate versions of the base application, while preserving the unique tailored solution for each client that has created its own unique tailored solution. The method further includes pushing the base application with the common additional code to the client.

Abstract: A method of validating a desired image of a virtualization software and a firmware package to be installed in a plurality of hosts against a hardware compatibility list (HCL) includes: acquiring hardware inventory of the hosts to determine hardware devices installed therein; for each of the hardware devices, searching for firmware and driver thereof in the HCL; for each driver included in the desired image that corresponds to one of the hardware devices, determining whether or not the driver is compatible according to the HCL; for each firmware included in the firmware package that corresponds to one of the hardware devices, determining whether or not the firmware is compatible according to the HCL; and validating the desired image of the virtualization software and the firmware package to be installed in the hosts if each of the hardware device has a compatible driver and a compatible firmware.

Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more methods may: register a subroutine configured to store multiple network resource addresses via a volatile memory medium; for each information handling system (IHS) initialization executable of multiple IHS initialization executables: retrieve, from a non-volatile memory medium, the IHS initialization executable; execute the IHS initialization executable via an environment associated with IHS firmware; call, by the IHS initialization executable, the subroutine; and store, by the subroutine, a network resource address associated with an operating system (OS) executable via command line arguments, where the command line arguments are stored via a data structure in the volatile memory medium; and for each network resource address of the command line arguments: retrieve, based at least on the network resource address, an OS executable associated with the network resource address from another IHS via a network.

Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more processes may execute a first information handling system (IHS) initialization executable of a first IHS initialization executable/operating system (OS) executable pair; execute a second OS executable of a second IHS initialization executable/OS executable pair via an OS context; determine, by the second OS executable, that at least one application has been installed on the IHS in addition to multiple applications that have already been installed on the IHS; determine, by the second OS executable, information associated with the at least one application and at least one of system information, power configuration information, status configuration information, and hardware information; and provide first information that recommends how to configure power utilization of the IHS and second information that recommends how not to configure power utilization of the IHS based at least on the determined information.

Abstract: Techniques are provided for installing patches using a jail. In an example, a computing node boots from a first partition and then mounts a second partition. The computing node can install an upgrade image for an operating system on the second partition. The computing node can then create a jail that sets the mount point of the second partition as the apparent root directory, and install one or more patches within the jail. The computing node can then reboot from the patched and upgraded operating system of the second partition. In this manner, the node can be upgraded with an operating system and one or more patches, while being rebooted once.

Abstract: An image of a virtualization software in a plurality of hosts is installed or upgraded by performing the steps of: in response to a user input, generating a software specification that specifies a desired state of the virtualization software; based on the software specification, preparing a desired image of the virtualization software and storing the desired image of the virtualization software in a storage location accessible to the hosts; and instructing each of the hosts to install the desired image of the virtualization software or upgrade a current image of the virtualization software to the desired image of the virtualization software.

Abstract: An information handling system may include an unsupported information handling resource that has not been qualified by a manufacturer of the information handling system for use with the information handling system. The system may execute a system update procedure configured to: download a vendor update package for the unsupported information handling resource; determine that the vendor update package requires an operating system different from a currently installed operating system of the information handling system; create a bootable medium comprising the operating system and the vendor update package; trigger a first reboot of the information handling system into the operating system of the bootable medium, wherein the bootable medium is configured to install the vendor update package; and trigger a second reboot of the information handling system into the currently installed operating system of the information handling system.

Abstract: An information handling system may include a central processing unit (CPU), a graphics processing unit (GPU) including a plurality of processing cores, a memory coupled to the CPU and to the GPU, and a basic input/output system (BIOS). While the information handling system is in a pre-boot environment and prior to initialization of an operating system of the information handling system, the BIOS may cause the central processing unit to select respective portions of the memory for failure testing; and cause individual ones of the plurality of processing cores of the GPU to carry out the failure testing of the respective portions of the memory.

Abstract: A solid-state drive (SSD) power-mode control method that includes storing, in an active register, active mode control data used for switching the SSD from a low power mode to an active mode, storing, in a standby register, low power mode control data used for switching the SSD from the active mode to the low power mode, and controlling power supplied to the SSD in accordance with the low power mode control data or the active mode control data in response to the SSD switching (i) from the active mode to the low power mode or (ii) from the low power mode to the active mode.

Abstract: A method includes providing a first serial communication interface at a non-volatile dual-inline memory module at an information handling system. A second serial communication interface is provided at a baseboard management controller at the information handling system. The method further includes providing a serial bus coupling the first communication interface and the second communication interface, the serial bus providing side-band and out-of-band data transfer of information between a non-volatile memory device included at the non-volatile dual-inline memory module and the baseboard management controller.

Abstract: A method, computer program product, and computing system for coupling password-resetting content to an IT computing device. The password-resetting content is validated on the IT computing device. The password-resetting content is processed to reset one or more passwords associated with the IT computing device.

Abstract: An asset includes physical computing resources and a physical computing resources manager. The physical computing resources manager obtains a power management update for a physical computing resource of the physical computing resources of the asset; in response to obtaining the power management update: obtains, using an out-of-band manager, a power management descriptor for the asset; updates the power management descriptor based on the power management update; stages the power management descriptor at a location; and performs a low resource consumption reboot using the location to implement the power management update.

Abstract: The present invention relates to a booting disk including a master boot record (MBR) stored in a first region and a globally unique identifier (GUID) partition table (GPT) stored in a second region, wherein the booting disk has a hybrid MBR partition structure in which an MBR partition used by the MBR and a GPT partition used by the GPT are mixed. The GPT partition may include an operating system (OS) partition configured to store an OS and a GPT storage partition configured to store data, the MBR partition may include a GPT protective partition configured to protect the GPT partition and an MBR storage partition configured to store data, the GPT storage partition and the MBR storage partition may be the same the same starting address and size, a starting address of the GPT protective partition may be a logical block addressing (LBA) #1 of the booting disk, and a partition size thereof is zero.

Abstract: An information handling system may include a processor and a basic input/output system configured to, responsive to an occurrence of an exception error, triage among various hardware components of the information handling system to determine existence of any signatures of potential hardware failures, write a database structure to a non-volatile memory including the signatures of potential hardware failures, upon boot of the basic input/output system, enable one or more control methods for hardware failure mitigations associated with the signatures of potential hardware failures, and perform the mitigations during execution of an operating system of the information handling system.

Abstract: A method and a system facilitate remote commissioning of workstations for controlling, maintaining, and/or configuring process control field devices in a process control plant. Using a configuration workstation coupled to the workstation by a communication network, a user may specify a configuration for the workstation in software and, upon selecting the workstation for commissioning, can effect configuration of the workstation, according to the specified configuration, remotely from the configuration workstation. Effecting configuration of the workstation may include installing/updating an operating system, installing/updating an operator, maintenance, or configuration interface application, and/or installing/updating a process plant configuration. Upon completion of the configuration, the workstation is operable to communicate with a process controller to implement control, maintenance, and/or configuration of the process control plant.

Abstract: A computer-implemented data stream processing method includes generating, calculating, and deploying. The generating includes generating a directed graph in which processes in a stream processing infrastructure are represented by nodes and data input/output relationships between the nodes are represented by edges. The calculating includes calculating a degree of each of the nodes based on a weight of each of the edges. The deploying includes deploying, based on the calculated degree of each of the nodes, the processes represented by the nodes at stages of a pipeline in the stream processing infrastructure.

Abstract: A capsule-based firmware update process is provided. After an operating system has provided a firmware update in the form of a capsule and the computing system is rebooted, a module can be loaded to locate a memory subsystem separate from the system memory. The module can initialize the separate memory subsystem and then identify a contiguous block of memory within the separate memory subsystem. The module can then cause the capsule to be coalesced from the system memory into the separate memory subsystem. Once the capsule is coalesced into the separate memory subsystem and the system memory is registered, the module can cause the coalesced capsule to be copied back into system memory where it can be accessed by other components that are subsequently loaded during the boot process.

Abstract: An information processing apparatus includes an installation unit that installs a first program after overwriting the first program so as to make the first program compatible with an operational environment on the information processing apparatus. A generation unit is included to generate first verification data based on the first program overwritten by the installation unit. A first detection unit is also included to detect an alteration to the first program after the installation based on the first verification data generated by the generation unit.

Abstract: A method of change reconciliation, including: detecting changes in configuration parameters collected from stations of a system and collecting or generating change request records for the detected changes, identifying unauthorized changes and authorized changes based on given rules, for a potentially authorized change that is not clearly authorized or unauthorized, identifying a context for the change request records, including: a) identifying authorized change implementers; b) identifying a scope of the content that is to be changed; c) identifying a time window when the change is allowed to be performed; identifying a context for the actual change, including: a) identifying a change implementer; b) identifying a scope of the content that was changed; c) identifying a time window when the change was performed; comparing the context of the change request with the context of the actual change; determining an authorization score responsive to said comparing; outputting the change authorization score.

Abstract: A portable information handling system having an NFC device obtains identifier information from information handling systems through NFC and applies the identifier information to obtain license keys for applications stored on the information handling system from a license server through a network interface. NFC transfer of license keys in a secure environment, such as to server information handling system management controller in a data center, provides the convenience of public license servers without the security risk of an open public network access to the management controller.

Abstract: A method for automatically allowing access to a WI-FI network by a mobile device can be applied to a mobile device and a WI-FI access point (AP). The mobile device includes a first microphone, first wireless communicating unit, and first processing unit. The first microphone obtains ambient sound, and the first wireless communicating unit can transmit accessing request. The mobile device can receive a password-generating command from a found WI-FI AP. The WI-FI AP comprises second microphone, second wireless communicating unit, and second processing unit. The second microphone also obtains ambient sound. The second wireless communicating unit receives the accessing request and transmits the password-generating command. The second processing unit generates an AP password according to the ambient sound and can compare a device password received from the mobile device. The mobile device is allowed to access the WI-FI AP when the device password matches with the AP password.

Abstract: A multi-chip package may include a controller, a storage memory and a buffer memory. The controller may be configured to output a control signal. The storage memory may be tested in response to the control signal. The buffer memory may be sequentially tested while or after testing the storage memory in response to the control signal.

Abstract: An example method facilitates adjusting or enhancing performance of a process of as graphics program or animation software package, and includes providing a first User Interface (UI) control for allowing user assignment of or selection of one or more processor types, e.g., Graphics Processing Unit (GPU) or Central Processing Unit (CPU), and/or associated memory types, e.g., GPU memory and/or CPU memory, to one or more computing resources, such as variables and/or associated functions or evaluators. A drop-down menu or other control may be provided in a first UI to allow for user specification of or assignment of one or more computing resources, e.g., CPU or GPU processors and/or memory to one or more variables, data structures, associated functions or other executable code. In a specific implementation, one UI control facilitates user specification of one or more evaluators of a plugin, wherein the one or more evaluators are usable by a host application of the plugin.

Abstract: In various embodiments, a technique can be provided to address debug efficiency for failures found on an operational system. The approach can make use of an existing pin on a memory device with added logic to respond to a trigger signal structured different from a signal that is normally sent to the existing pin on the memory device such that the memory device performs a normal or routine function of the memory device in response to the signal. In response to detecting one or more error conditions associated with the memory device, a system that interfaces with the memory device can generate the trigger signal to the memory device. In response to receiving the trigger signal, the memory device can dump an error log of the memory device to a memory component in the memory device. The error log can later be retrieved from the memory component for failure analysis.

Abstract: An image of a virtualization software in a plurality of hosts is installed or upgraded by performing the steps of: in response to a user input, generating a software specification that specifies a base image and an add-on image; retrieving metadata of the base image and metadata of the add-on image; generating a desired image of the virtualization software based on the metadata of the base image and the metadata of the add-on image; and instructing each of the hosts to install the desired image of the virtualization software or upgrade a current image of the virtualization software to the desired image of the virtualization software.