Abstract: A Non-Uniform Memory Access (NUMA) node virtual machine provisioning system includes a connection system and a physical NUMA node coupled to a NUMA node virtual machine provisioning subsystem that modifies NUMA node information in at least one database to create a first virtual NUMA node that is provided by a first subset of NUMA node resources in the physical NUMA node, modifies connection system information in the at least one database to dedicate a first subset of connection system resources in the connection system to the first virtual NUMA node, and deploys a first virtual machine on the first virtual NUMA node such that the first virtual machine performs operations using the first subset of NUMA node resources that provide the first virtual NUMA node, and using the first subset of connection system resources dedicated to the first virtual NUMA node.

Abstract: Described herein are systems and methods for replication and moving data to provide for container-based application mobility. The configuration of the of the container-based application is determined and copied to an intermediate object storage. Depending on the replication compatibility of source array backing the source cluster and the target array backing the target cluster either a replication engine or data mover are used to move data. Configuration of the container-based application in the common storage is copied and stored to the target cluster. The target cluster is used to restore the container-based application.

Abstract: A cloud computing system includes cloud orchestrator circuitry and fabric manager circuitry. The cloud orchestrator circuitry receives an input application and determines a task graph, a data graph, and a function popularity heap parameter for the input application. The task graph comprises an indication of function interdependency of functions of the input application, the data graph comprises an indication of data interdependency of the functions, and the function popularity heap parameter corresponds to a re-usability index for the functions. The fabric manager circuitry allocate a first programmable integrated circuit (IC) device to perform a first function of the input application based on the task graph, the data graph, and the function popularity heap parameter.

Abstract: This disclosure describes techniques for increasing the baseline performance of a burstable instance to an increased performance level for a limited time period. For example, a user may schedule a time period which the burstable instance has access to 100% of a CPU, instead of competing with other burstable instances even during periods of bursting as in prior techniques. In some cases, the user uses credits to reserve the time periods at which the increased performance level is requested. After receiving the reservation, a resource system selects computing resources to host the burstable instance such that the burstable instance, can operate at the requested increased performance level. After the time period has ended, the burstable instance may return to the baseline performance level.

Abstract: Methods, systems, and computer programs are presented for redirecting executing of a virtual machine (VM) program to a client device. One method is performed by a server executing the VM. The method includes an operation for receiving an input from a remote desktop application of a client device to execute a program at the VM, and for checking redirect logic to determine execution of the program on the client device. The redirect logic comprises at least one rule to redirect execution of the program to the client device instead of executing the program at the VM. Further, the method includes an operation for, based on determining to execute the program on the client device, send to the client device a request for executing the program at the client device. The client device is configured to execute the program in response to the request.

Abstract: Techniques are provided for deploying virtual machines to a virtualization management environment using an agent component to obtain remote virtual machine templates. One method comprises receiving, by an agent component executing in a virtualization management server, a request to deploy a virtual machine and a storage location of a template for the virtual machine; obtaining the template for the virtual machine from one or more of an orchestration engine and a remote data source identified by the storage location; and replicating the obtained template for the virtual machine to create the virtual machine. The request to deploy the virtual machine may also comprise deployment information used to configure the virtual machine. The agent component may monitor an execution of the created virtual machine and evaluate one or more policies provided by the orchestration engine with respect to security controls and/or network requirements associated with the created virtual machine.

Abstract: In some examples, an analyzer manager configured to select one of a program code analyzer, a static data analyzer, and an unused memory location analyzer for malware detection within memory of a system. The program code analyzer can be executed to evaluate instruction data for executing a computer program at a first set of memory locations within the memory for malware in response to being selected by the analyzer manager. The static data analyzer can be executed to evaluate static data for use by the computer program at a second set of memory locations within the memory for the malware in response to being selected by the analyzer manager. The unused memory location analyzer can be executed to evaluate null data indicative of unused memory locations at a third set of memory locations within the memory for the malware in response to being selected by the analyzer manager.

Abstract: Graphics processing systems and methods are described. A graphics processing apparatus may comprise one or more graphics processing engines, a memory, a memory management unit (MMU) including a GPU second level page table and GPU dirty bit tracking, and a provisioning agent to receive a request from a virtual machine monitor (VMM) to provision a subcluster of graphics processing apparatuses, the subcluster including a plurality of graphics processing engines from a plurality of graphics processing apparatuses connected using a scale-up fabric, provision the scale-up fabric to route data within the subcluster of graphics processing apparatuses, and provision a plurality of resources on the graphics processing apparatus for the subcluster based on the request from the VMM.

Abstract: An electronic device and a method for controlling the electronic device where a plurality of program areas corresponding to a host operating system and a plurality of virtual machines and a shared area corresponding to the host operating system and the plurality of virtual machines are allocated to a memory of the electronic device; and based on a request to install, in a second area among the plurality of program areas, a second application program corresponding to a first application program stored in a first area among the plurality of program areas, at least a part of data relating to the first application program is transferred from the first area to the shared area.

Abstract: Provided are a performance index value calculation system and a performance index value calculation method which are capable of reducing time and labor for an operation of a communication system. A monitoring management module identifies a specific type of element included in a communication system based on inventory data indicating a current status of a link between elements included in the communication system and on calculation logic data indicating a calculation logic for calculating a performance index value of the specific type of element based on performance index values of an element group linked to the element. The monitoring management module identifies the performance index value of each of a plurality of elements included in the element group linked to the identified specific type of element.

Abstract: The disclosed approach works without the individualized credentials of failed machines when setting up recovery VMs in a cloud computing environment. Each recovery VMs is customized to properly correspond to the system state of its failed counterpart. An illustrative data storage management system recovers backup data and system states collected from the counterpart computing devices, custom-configures recovery VMs in the cloud computing environment, and injects the desired drivers into each recovery VM during an enhanced bare-metal restore process. The enhanced bare-metal restore process works without the failed computer's credentials. The system also restores the backed up data to recovery volumes attached to the recovery VMs. The present approach is both scalable and secure.

Abstract: Some embodiments of the invention provide a method of sending data in a network that includes multiple worker nodes, each worker node executing at least one set of containers, a gateway interface, and a virtual local area network (VLAN) tunnel interface. The method configures the gateway interface of each worker node to associate the gateway interface with multiple subnets. Each subnet is associated with a namespace, a first worker node executes a first set of containers of a first namespace, and a second worker node executes a second set of containers of the first namespace and a third set of containers of a second namespace. The method sends data between the first set of containers and the second set of containers through a VLAN tunnel between the first and second worker nodes.

Abstract: A system and method for detecting potential lateral movement using cloud keys in a cloud computing environment includes determining a first node in a security graph is a compromised node, wherein the security graph represents cloud entities of the cloud computing environment; detecting a cloud key node connected to the first node, wherein the cloud key node represents a cloud key of the cloud computing environment; and generating a potential lateral movement path, including the first node, and a second node, wherein the second node is connected to the cloud key node.

Abstract: Techniques described herein relate to a method for performing computational offloads for composed information handling systems. The method includes obtaining, by a system control processor associated with a composed information handling system, a computational offload request associated with a dataset from an application executing on an at least one compute resource set; in response to obtaining the computational offload request: identifying a dataset location associated with the dataset in the composed information handling system; identifying resources of the composed information handling system capable of performing the computational offload request; selecting a resource of the resources to perform the computational offload; and initiating performance of the computational offload request on the selected resource.

Abstract: An acceleration resource scheduling method includes: receiving an acceleration instruction sent by the virtual machine, where the acceleration instruction includes to-be-accelerated data; determining a virtual accelerator allocated to the virtual machine; determining, based on the virtual accelerator, a network accelerator that is to process the acceleration instruction, and sending the acceleration instruction to the network accelerator, so that the network accelerator sends the acceleration instruction to a physical accelerator that is to process the acceleration instruction; receiving a computing result that is returned after the physical accelerator performs acceleration computing on the to-be-accelerated data by using the physical acceleration resource; and sending the computing result to the virtual machine.

Abstract: The present disclosure relates to managing resource utilization in cloud service infrastructure. A device can monitor the cloud service. The cloud service can be configured with an automatic scaling function based on a threshold. The device can determine, based on the monitoring, that a utilization value of the cloud service during a time interval exceeds the threshold. The device can generate, using a policy based on the utilization value and the threshold, an instruction to disable the automatic scaling function of the cloud service by the one or more servers. The device can transmit the instruction to the one or more servers via a second cloud application programming interface. The device can generate, responsive to the policy, a service ticket data structure with an indication of the utilization value and the time interval. The device can provide the service ticket data structure to an electronic board.

Abstract: A computer-implemented method is provided for managing Garbage Collection (GC) safepoints. The method includes determining whether a GC safepoint for a target native method can be removed by checking a heap occupancy ratio prior to executing the target native method. The method further includes removing the GC safepoint responsive to the heap occupancy ratio prior to executing the target native method being less than a threshold occupancy amount percentage. The method also includes determining whether the GC safepoint for the target native method can be removed by checking a most recent GC pause time. The method additionally includes removing the GC safepoint responsive to the most recent GC pause time being shorter by a threshold pause time amount percentage than an execution time of the target native method.

Abstract: A logical routing element (LRE) having multiple designated instances for routing packets from physical hosts (PH) to a logical network is provided. A PH in a network segment with multiple designated instances can choose among the multiple designated instances for sending network traffic to other network nodes in the logical network according to a load balancing algorithm. Each logical interface (LIF) of an LRE is defined to be addressable by multiple identifiers or addresses, and each LIF identifier or address is assigned to a different designated instance.

Abstract: The subject disclosure pertains to provisioning of a hybrid cloud services solution to users. A request for hybrid cloud service can be received from a user by way of a portal. Target users of a hybrid cloud service are identified in response to the received request. Out-of-band touch points can next be determined based on the target users and the request. In one instance, the touch points can be determined based on enterprise or industry rules regarding touch points. Subsequently, a hybrid cloud service solution can be provisioned that integrates the out-of-band touch points. Automatic life cycle management controls can also be provisioned to address patches.

Abstract: The present application provides a region management and control method, device, apparatus and storage medium. The region management and control method includes: obtaining a current image in a video image and a target region graphic included in the current image; determining whether a person graphic in the current image and the target region graphic meet a predetermined condition; and sending alarm information in response to the person graphic in the current image and the target region graphic meeting the predetermined condition. The predetermined condition includes at least one of: a space condition, a person identity condition, a time condition, a person protection condition, a person number condition or a person body temperature condition.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a generic key is disclosed. The method includes: detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a default key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the default key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.

Abstract: Techniques promote monitoring of hypervisor systems by presenting dynamic representations of hypervisor architectures that include performance indicators. A reviewer can interact with the representation to progressively view select lower-level performance indicators. Higher level performance indicators can be determined based on lower level state assessments. A reviewer can also view historical performance metrics and indicators, which can aid in understanding which configuration changes or system usages may have led to sub-optimal performance.

Abstract: In one embodiment, a system for managing a virtualization environment includes a set of host machines, each of which includes a hypervisor, virtual machines, and a virtual machine controller, and a first virtualized file server configured to receive a request to access a storage item located at a second virtualized file server, determine that the storage item is designated as being accessible by other virtualized file servers, identify an FSVM of the second virtualized file server at which the storage item is located, and forward the request to the FSVM of the second virtualized file server. The storage item may be designated as being accessible by other virtualized file servers when the storage item is associated with a predetermined tag value indicating that the storage item is shared among virtualized file servers. The predetermined tag value may be stored in a sharding map in association with the storage item.

Abstract: System and method for terminating instances and autoscaling instance groups of computing platforms. For example, a method includes determining whether an instance of an instance group is identified as eligible for termination. The method further includes, in response to determining that the instance of the instance group is identified as eligible for termination, terminating the eligible instance. The terminating the eligible instance includes, in response to a runtime of the eligible instance being equal to or larger than a predetermined maximum lifetime, terminating the eligible instance.

Abstract: A method for creating a build product including receiving from an application build request from a user, the build request including an application source code and a list of third-party packages, defining a plurality of third-party packages. The method further includes sending a build request to a build server, receiving a first acknowledgment from the build server, receiving the plurality of third-party packages, defining received third-party packages, building an application image from the application source code and the received third-party packages, defining a container image, and sending the container image to a verification server.

Abstract: A global-level manager access a work order from a client and parameters associated with the work order. A service level agreement to meet the work order parameters is determined. The service level agreement includes a price. An indication is received from the client that the service level agreement is accepted. The one or more input files are partitioned into multiple shards, and the work order into multiple jobs. The jobs are distributed among a plurality of clusters to be processed using underutilized computing resources in the clusters. The job outputs are combined to form the work order output. The jobs are monitored to insure that the deadline for completion of the work order will be met.

Abstract: Resources on a host may be typically organized in a tree structure. In existing service layer technologies, the originators generating data may typically store their resources in default locations in such a tree, resulting in a relatively flat tree structure. As such, it may be beneficial for the service layer to provide assistance to the originators so that the originators can better structure their resources. Additionally, applications consuming the data may prefer data resources to be structured in a certain way, and may only be interested in a small subset of the hosted resources. Therefore, it may be beneficial for such applications to transmit to the service layer the resources that are of interest, and how to structure such resources. Embodiments described herein provide methods and systems to enable solutions to the problems discussed above, among others. Several aspects are introduced to enable such embodiments.

Abstract: Custom policies are definable for use in a system that enforces policies. A user, for example, may author a policy using a policy language and transmit the system through an application programming interface call. The custom policies may specify conditions for computing environment attestations that are provided with requests to the system. When a custom policy applies to a request, the system may determine whether information in the attestation is sufficient for the request to be fulfilled.

Abstract: A gaming system and processor module are therefore adapted to support simultaneous execution of two or more operating system instances. Program code is provided for play of the game uses two or more cooperating component processes partitioned such that at least one of the component processes executes using a first operating system instance, and at least one other cooperating component process executes using a further operating system instance. Each operating system instance may execute in its own virtual machine.

Abstract: Resource allocation can be managed in a software-defined system. For example, a computing device can receive, for a container in a software-defined system, a container limit specifying a maximum value for the container. The computing device can receive, for the container, one or more benefit functions that assign a weight for the resource in the software-defined system. The computing device can determine a value for a resource is less than the container limit. In response to determining the value for the resource is less than the container limit, the computing device can allocate the resource to the container based on the weight from the one or more benefit functions.

Abstract: An object of the invention is to quickly and appropriately adjust performance of a storage system. Provided is a storage management system including: a storage system including a plurality of storage nodes; and a management device. The storage node includes a storage device and an instance to which a resource is virtually allocated and that controls access to the storage device. The storage management system further includes an instance management node configured to manage the instance of the storage node. The management device is configured to determine whether a configuration of the resource allocated to the instance of the storage node needs to be changed, and cause the instance management node to change the configuration of the resource allocated to the instance when the configuration of the resource needs to be changed.

Abstract: A virtualization infrastructure control apparatus (10) includes an operation parameter monitoring unit (122) configured to acquire an operation parameter, a resource monitoring unit (121) configured to acquire predetermined load information, and a migration determination unit (111). The migration determination unit (111) determines to execute live migration when the migration determination unit (111) determines that the operation parameter satisfies a predetermined operation condition and that a load is low by comparing a predetermined load information with a predetermined threshold, whereas the migration determination unit (111) determines to execute healing when the migration determination unit (111) determines that the operation parameter does not satisfy the predetermined operation condition or that the load is high by comparing the predetermined load information with the predetermined threshold.

Abstract: Embodiments of the present disclosure provide a data mining system, a data mining method, and a storage medium. The data mining system includes a transfer device, a first trusted execution space and a second trusted execution space. The transfer device is configured to receive a data calling request of the second trusted execution space, obtain data to be called from the first trusted execution space according to the data calling request, and provide the data to be called to the second trusted execution space, so as to perform data mining based on the data to be called and the mining-related data to obtain a data mining result and to provide the data mining result to a device of the data user.

Abstract: A system can determine to restore a datacenter that comprises a group of virtualized workloads. The system can determine respective associations between respective virtualized workloads and respective datastores. The system can determine to restore a first virtualized workload of the group of virtualized workloads first. The system can restore a first portion of infrastructure that corresponds to the first virtualized workload first among a group of infrastructure. The system can, after restoring the first portion of infrastructure, restore a first portion of data that corresponds to the first virtualized workload first among a group of data. The system can, after restoring the first portion of data, restore a first portion of a virtualization layer that corresponds to the first virtualized workload first among a group of virtualization layers. The system can, after restoring the first portion of the virtualization layer, restore the first virtualized workload.

Abstract: A data storage environment can include one or more virtual machines instantiated on a host computing device. Based on physical location data of the one or more virtual machines received from the host computing device, a storage manager can control the performance of a secondary copy operation on one or more storage units that store virtual machine data associated with the one or more virtual machines and/or the performance of a secondary copy operation on the one or more virtual machines.

Abstract: This application provides a method and apparatus for configuring a quality of service policy for a service, and a computing device, and belongs to the field of network communications technologies. The method includes: obtaining a first data flow forwarded by a virtual switch; determining service information of the first data flow, where the service information includes a service type of the first data flow and an access path of the first data flow; determining, based on the service information of the first data flow, a quality of service QoS policy matching the first data flow; and configuring devices on the access path based on the matched QoS policy. According to this application, efficiency of configuring a quality of service policy for a service can be improved.

Abstract: In an updating method according to the present embodiment, a virtual machine (50-1A) is stopped, a virtual machine (50-1B) is started up using a new VM image (30-1B) to which a link to a database (20-1) is set, and the virtual machine (50-1B) is switched to an active system. A virtual machine (50-0A) is stopped and a virtual machine (50-0B) is started up using a new VM image (30-0B) to which a link to a database (20-0) is set.

Abstract: Systems for providing a virtual machine and authentication of a user using the virtual machine may perform operations including providing an application programming interface (API) to an electronic device; booting a virtual machine configured to emulate a type of electronic device based on a workstation to which the electronic device is connected; receiving input, using the API, from the electronic device; and providing output to the workstation using the virtual machine. In another example, the operations may include connecting, via at least one network and through an API, to a remote server; providing to the remote server, via the at least one network and the API, the captured biometric indicator; receiving, from a virtual machine executed on the remote server, at least one packet in a defined format based on the biometric indicator; and forwarding the received at least one packet to a workstation communicably connected to the electronic device.

Abstract: Aspects of the disclosure provide for mechanisms for securing virtual machines in a computer system. A request for a resource is received by a processing device. The request is initiated by a guest application. A determination is made by the processing device of whether an initialization of the guest application is completed. In response to a determination that the initialization of the guest application is completed, at least one system call associated with the request initiated by the guest application is blocked to reject execution of the request for the resource.

Abstract: The methods comprise receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said user. The methods may further comprise performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions. The methods may also comprise, responsive to verifying said user in accordance with the predetermined set of permissions, creating a version the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user.

Abstract: An aggregation packet forwarding method and a system for the same are provided. The method includes: configuring a first NIC to transmit to-be-forwarded packets to an aggregation module; configuring the aggregation module to generate an aggregated packet according to packet characteristics of the to-be-forwarded packets; configuring a first processing unit to execute a first NIC driver to process the aggregated packet generated by the aggregation module and send them to an L2 forwarding module; configuring the L2 forwarding module to transmit the aggregated packet according to an L2 forwarding table; configuring a second processing unit to execute a second NIC driver to process the aggregated packet and send the aggregated packet to a deaggregation module; configuring the deaggregation module to deaggregate the aggregated packet into the to-be-forwarded packets, and send the to-be-forwarded packets to the second NIC; and configuring the second NIC to receive the to-be-forwarded packets.

Abstract: Systems and methods for performing a zero-copy volume move between nodes of a distributed storage system are provided. In one example, an approach for performing a zero-copy volume move is proposed in which volume data may be maintained in place within a storage pod and need not be copied to move a given volume between the source node and the destination node. In one embodiment, metadata (e.g., a top-most physical volume block number (PVBN) of a node tree representing the volume at issue) of a write-anywhere file system is copied from the source node to the destination node. Since the storage pod is associated with a global PVBN space that is visible and accessible to all nodes of the distributed storage system, as a result of copying the top-mode PVBN of the volume to the destination node, anything below the top-most PVBN will automatically be visible to the destination node.

Abstract: Techniques for computer memory management are disclosed herein. In one embodiment, a method includes in response to receiving a request for allocation of memory, determining whether the request is for allocation from a first memory region or a second memory region of the physical memory. The first memory region has first memory subregions of a first size and the second memory region having second memory subregions of a second size larger than the first size of the first memory region. The method further includes in response to determining that the request for allocation of memory is for allocation from the first or second memory region, allocating a portion of the first or second multiple memory subregions of the first or second memory region, respectively, in response to the request.

Abstract: Described herein are systems and methods that manage machine backups, including the creation of virtual machine packages sufficient to instantiate virtual machines corresponding to the backups. In one aspect, a compute infrastructure includes many machines, which may be either physical or virtual. From time to time, snapshots of the states of these target machines are pulled and saved. Virtual machine packages corresponding to these snapshots are also created. A virtual machine package can be used to instantiate a virtual machine (VM) emulating the target machine with the saved state on a destination virtual machine platform. At some point, the initial VM package for a target machine is created by converting the snapshot to a VM package. However, this may take a long time. Later VM packages can instead be created by updating a prior VM package according to differences between the corresponding snapshots, rather than performing the full conversion process.

Abstract: Techniques are described herein for performing thread-local garbage collection. The techniques include automatic profiling and separation of private and shared objects, allowing for efficient reclamation of memory local to threads. In some embodiments, threads are assigned speculatively-private heaps within memory. Unless there is a prior indication that an allocation site yields shared objects, then a garbage collection system may assume and operate as if such allocations are private until proven otherwise. Object allocations in a private heap may violate the speculative state of the heap when reachable outside of the thread. When violations to the speculative state are detected, an indication may be generated to notify the garbage collection system, which may prevent thread-local memory reclamation operations until the speculative state is restored.

Abstract: A scheduling control device performs scheduling that includes generating a directed graph having a source node, n layers of nodes, each layer of nodes of the n layers of nodes consisting of k nodes respectively corresponding to k job processing devices, and a destination node, a cost required for processing a job being allocated to each node of the n layers of nodes as a weight, a cost required for migrating the job from one of job processing devices to another one of the job processing devices being allocated as a weight on an edge; and calculating a shortest path from the source node to the destination node in the directed graph as a result of scheduling.

Abstract: A system architecture can be used to facilitate communication among applications that are native and/or non-native to an application environment. The system architecture can include a first application environment executed on a client-side computing device. The first application environment can execute software applications that are native thereto. The first application environment can further execute software applications that are native thereto, but which software applications themselves comprise second application environments of types different from the first application environment, and which software applications can therefore execute additional software applications that are non-native to the first application environment. The first application environment can further execute a computation engine that is configured to store and execute instructions received from the first software application, the second software application, or both.

Abstract: A technique enables recovery of failover data used to generate one or more High Frequency Snapshots (HFSs) at a source and replicated to a target for storage and recovery. The target is illustratively an intermediary repository embodied as a long-term storage service (LTSS) configured to organize and store the HFSs as recovery points (RPs) in an object store. The LTSS stores a HFS identifier (ID), a logical offset in an object of the object store storing data of the HFS, and a logical timestamp associated with each replicated HFS as a key of a segment descriptor in a key-value database configured to store metadata describing the failover data of the HFS stored as one or more objects in the object store. Upon recovery of the failover data, the technique enables identification of the HFS stored in the object store and creation of a HFS index metadata structure (B+ tree) to extract the identified HFS as a RP.

Abstract: Systems and methods are disclosed relating to data processing and/or storage. According to some illustrative implementations, there are provided innovations herein involving aspects of symbiotic data storage.

Abstract: The present disclosure involves systems, software, and computer implemented methods for remotely executing binaries in a containerized computing environment using a lightweight inter-process communications protocol (IPC) and UNIX domain sockets. One example method includes establishing, in a shared computing image comprising a plurality of containers, a listening UNIX domain socket, where the listening UNIX domain socket is shared between all containers in the shared computing image. A request to execute a binary in the target container is received at a target container and from a client container using the listening UNIX domain socket. A worker service is generated in the target container. The worker service executes the binary in the target container. A return exit code associated with the executed binary is received and sent to the client container using the UNIX domain socket.