Abstract: Technologies are generally described to allocation of virtual machines to physical machines through dominant resource assisted heuristics. According to some examples, multiple virtual machines (VMs) may be clustered to two or more unallocated VM clusters according to a dominant resource requirement associated with each of the VMs. The VMs may be sorted according to a size attribute associated with the dominant resource requirement. Multiple physical machines (PMs) may be sorted according to a power efficiency attribute associated with each of the PMs. One of the PMs may be selected from an ordered list of PMs based on the power efficiency attribute. One of the VMs may be selected from another ordered list of PMs based on the size attribute. The selected VM may then be allocated to the selected PM.

Abstract: Systems and methods for supporting efficient virtualization in a lossless interconnection network. An exemplary method can provide, one or more switches, including at least a leaf switch, a plurality of host channel adapters, wherein each of the host channel adapters comprise at least one virtual function, at least one virtual switch, and at least one physical function, a plurality of hypervisors, and a plurality of virtual machines, wherein each of the plurality of virtual machines are associated with at least one virtual function. The method can arrange the plurality of host channel adapters with one or more of a virtual switch with prepopulated local identifiers (LIDs) architecture or a virtual switch with dynamic LID assignment architecture. The method can assign each virtual switch with a LID. The method can calculate one or more linear forwarding tables based at least upon the LIDs assigned to each of the virtual switches.

Abstract: An apparatus includes an extended capability register and an input/output (I/O) memory management circuitry. The I/O memory management circuitry is to receive, from an I/O device, an address translation request referencing a guest virtual address associated with a guest virtual address space of a virtual machine. The I/O memory management circuitry may translate the guest virtual address to a guest physical address associated with a guest physical address space of the virtual machine, and, responsive to determining that a value stored by the extended capability register indicates a restrict-translation-request-response (RTRR) mode, transmit, to the I/O device, a translation response having the guest physical address.

Abstract: A virtualization environment provides a virtual console server that communicates with other virtual servers/machines utilizing virtual hardware connections such that the virtual remote console server can monitor and/or control the virtual servers/machines in the environment as if the virtual remote console server and the other virtual servers/machines were connected, even if the virtual console server and/or the other virtual servers are moved between processors in the virtualization environment.

Abstract: A method for provisioning a virtual datacenter application is discussed. A request may be received from a tenant for a virtual datacenter application. An application template may be identified and associated with the virtual datacenter application, wherein the application template can comprise a role, a service account, a script, and a workload. The role and the service account can be added to an active directory organization associated with the tenant. The workload can be cloned into a virtual datacenter, wherein the virtual datacenter belongs to the tenant. A script can be executed on the workload according to an execution order organized over multiple additional workloads, wherein a first script can be executed on a first workload before a second script is executed on a second workload, wherein the first script can be different from the second script, wherein the first workload can be different from the second workload.

Abstract: A software defined infrastructure (SDI) makes available a subset of a computer server's resources to a cloud solution or workload. Multiple subsets of resources can be combined in a SDI to provide a logical resource pool. This allows cloud administrators to create software defined infrastructures derived from the partial capacity of a collection of systems. The resources defined across the physical boundaries of a computer server can then be made available to host deployment of cloud workloads. The infrastructure resource pool can be selected upon deployment of a cloud workload.

Abstract: Certain aspects direct to systems and methods for platform simulation on virtual machine for development projects of a management controller on virtual machines. At least one virtual machine (VM) is provided to simulate a management controller and a host computing device for the management controller. The at least one VM includes: a firmware module for the management controller, configured to receive at least one output signal from the host computing device or from at least one device connected to the host computing device; and a simulator module configured to simulate the host computing device or the at least one device connected to the host computing device. In operation, the simulator module generates the at least one output signal based on configuration data of the host computing device or the device connected to the host computing device, and sends the at least one output signal to the firmware module.

Abstract: Template-driven locally calculated policy updates for virtualized machines in a datacenter environment are described. A central control and monitoring node calculates and pushes down policy templates to local control and monitoring nodes. The templates provide boundaries and/or a pool of networking resources, from which the local control and monitoring node is enabled to calculate policy updates for locally instantiated virtual machines and containers.

Abstract: A virtualized system that is capable of executing a computation that has been identified as a repeatable computation and recording various representations of the state of the computing environment throughout the execution of the repeatable computation, where the state of the computing environment can be cryptographically signed and/or verified using a trusted platform module (TPM), or other cryptographic module. For example, a TPM embedded in the host computing device may generate a hash measurement that captures the state of the repeatable computation at the time of the computation. This measurement can be digitally signed using one or more cryptographic keys of the TPM and recorded for future use. The recorded state can subsequently be used to repeat the computation and/or determine whether the computation was repeated successfully according to certain defined criteria.

Abstract: According to one embodiment, a request is received from a remote device of a user for performing a data management operation from source data represented by a source data management object (DMO) to destination data represented by a destination DMO. A first security mode associated with a source tenant-unit corresponding to the source DMO and a second security mode associated with a destination tenant-unit corresponding to the destination DMO are determined. It is determined whether the user is a system administrator for a storage system corresponding to the source data or the destination data, and whether the user is a tenant administrator for a tenant associated with the source data or the destination data. It is determined whether the data management operation should be allowed based on the first and second security modes.

Abstract: Control planes of virtual resource providers may be customized in a secure, stable and efficient manner with virtual control planes. Control planes may be modularized. Control plane modules may be supplied with data from standardized sensors, and required to generate standardized resource configuration requests responsive to solicitations with specified response latencies. Custom control plane modules may be selected to replace or complement default control plane modules. Financial and computational costs associated with control plane modules may be tracked. Competing resource configurations may be mediated by a control plane supervisor. Such mediation may be based on control plane module reputation scores. Reputation scores may be based on customer feedback ratings and/or measured performance with respect to module goals. Mediated configuration parameter values may be based on a combination of competing configuration parameter values weighted according to reputation.

Abstract: A deployment system orchestrates execution of deployment plan in coordination with nodes participating in deployment of a multi-tier application in a cloud infrastructure. The deployment system distributes local deployment plans to each node and maintains a centralized state of deployment time dependencies between tasks in different local deployment plans. Prior to execution of each task, deployment agents executing on each node communicates with the centralized deployment system to check whether any deployment time dependencies need to be resolved. Additionally, the deployment system utilizes a node task timer that triggers a heartbeat mechanism for monitoring failure of deployment agents.

Abstract: Techniques for restricting access to a storage volume attached to a data processing system are described. In one embodiment, a storage management and access control logic in the data processing system can receive a message indicating the attachment of a storage volume. The logic can apply access restrictions to the storage volume by creating an association between a restricted resource class and the storage volume to limit programmatic access to the storage volume. An evaluation of the storage volume can be requested and based on the result of the evaluation the access restrictions can be removed or retained on the storage volume.

Abstract: A system and method for providing dynamic information virtualization (DIV) is disclosed. According to one embodiment, a device includes a dynamic optimization manager (DOM), a process and memory manager (PMM), a memory, and a host device driver. The device starts virtual functions after booting to allow a virtual machine (VM) running a guest operating system to identify the virtual functions and load virtual drivers of the virtual functions. The PMM allocates a unified cache from the memory to facilitate coherent access to information from storage and network resources by the VM. The host device driver enables a guess process in the VM to access the information stored in the unified cache in a secure and isolated manner.

Abstract: A system can include a host device that includes a virtual machine execution environment that includes a hypervisor and a virtual machine. The virtual machine can execute a guest management component. The virtual machine can also determine whether at least one of the hypervisor or the host device violates at least one compliance rule. The virtual machine can cause the guest management component to perform an action in response to determining that at least one of the hypervisor or the host device violates the at least one compliance rule.

Abstract: The present invention provides for page table access and dirty bit management in hardware via a new atomic test[0] and OR and Mask. The present invention also provides for a gasket that enables ACE to CCI translations. This gasket further provides request translation between ACE and CCI, deadlock avoidance for victim and probe collision, ARM barrier handling, and power management interactions. The present invention also provides a solution for ARM victim/probe collision handling which deadlocks the unified northbridge. These solutions includes a dedicated writeback virtual channel, probes for IO requests using 4-hop protocol, and a WrBack Reorder Ability in MCT where victims update older requests with data as they pass the requests.

Abstract: The present invention extends to methods, systems, and computer program products for reconfiguring an acceleration component among interconnected acceleration components. Aspects of the invention facilitate reconfiguring an acceleration component among interconnected acceleration components using a higher-level software service. A manager or controller isolates an acceleration component by sending a message to one or more neighbor acceleration components instructing the one or more neighbor acceleration components to stop accepting communication from the acceleration component. The manager or controller can then shut down an application layer at the acceleration component for at least partial reconfiguration and closes input/output (I/O) portions. After reconfiguration completes, communication between the acceleration component and the one or more neighbor acceleration components can resume.

Abstract: A resource controller for managing resources in a network and arranged at a site of a first network entity is provided, wherein the resource controller comprises: a database, adapted to store resource managing related information; an interface adapted to receive a resource managing message from a second network entity at the first network entity; and a resource managing unit, wherein the resource managing unit is adapted to grant access to the stored resource managing related information on the database based on the received resource managing message.

Abstract: A control component of a computing environment initiates sending of request(s) over a network of the computing environment by an activated virtual adapter. The activated virtual adapter is hosted on a physical adapter of a host system coupled to the network, and is for use by a guest, hosted by the host system, in performing data input and output. The request(s) retrieve access control information from the network indicative of access control(s) enforced in controlling access by the activated virtual adapter to network component(s). The initiating provides indication(s) to the physical adapter, absent involvement of the guest, that the request(s) be sent by the virtual adapter. Based on the initiating, the control component obtains the access control information from the physical adapter, and determines, based on that information, the access control(s) being enforced by the network in controlling access by the activated virtual adapter to the network component(s).

Abstract: A method of setting retransmission time of an application client during virtual machine migration includes predicting migration memory size required by a virtual machine to be migrated based on historical access log of at least one application and memory log of the virtual machine to be migrated; computing available migration bandwidth of a host of the virtual machine to be migrated; computing virtual machine migration time based on the predicted migration memory size required by the virtual machine to be migrated and the available migration bandwidth of the host; and setting retransmission time of the application client based on the virtual machine migration time.

Abstract: A control component of a computing environment initiates sending of request(s) over a network of the computing environment by an activated virtual adapter. The activated virtual adapter is hosted on a physical adapter of a host system coupled to the network, and is for use by a guest, hosted by the host system, in performing data input and output. The request(s) retrieve access control information from the network indicative of access control(s) enforced in controlling access by the activated virtual adapter to network component(s). The initiating provides indication(s) to the physical adapter, absent involvement of the guest, that the request(s) be sent by the virtual adapter. Based on the initiating, the control component obtains the access control information from the physical adapter, and determines, based on that information, the access control(s) being enforced by the network in controlling access by the activated virtual adapter to the network component(s).

Abstract: Systems and methods are provided for provisioning a hosted computing environment in accordance with customer requirements relating to a service. In some embodiments, a computer-implemented method is provided. The method includes generating a graphical interface on a computing device and receiving input corresponding to an indication of one or more requirements, wherein the input is received using the graphical interface, and wherein the one or more requirements correspond to a hosted computing environment. The method further comprises converting each indication of the one or more requirements into one or more entries of a provisioning template, wherein the provisioning template includes multiple entries, and wherein the provisioning template is associated with the hosted computing environment. The method further comprises providing the provisioning template to a provisioning program to provision the hosted computing environment.

Abstract: A computer system provides a method for context-based packet scanning in a computing environment. The method includes the steps of receiving a packet from a virtual machine, determining if a network flow associated with the packet exists in a context data structure, and upon determining that a context entry associated with the network flow exists in the context data structure, tagging the packet with context information included in the context entry, comparing the context information and network flow information to context and network flow criteria in one or more packet capture policies, and recording contents of the packet when the context information and network flow information match one of the one or more packet capture policies.

Abstract: Evaluating a potentially malicious sample using a copy-on-write overlay is disclosed. A first virtual machine instance is initialized as a copy-on-write overlay associated with an original virtual machine image. The first virtual machine image is started and a first sample is executed. A second virtual machine instance is initialized as a copy-on-write overlay associated with a second original virtual machine image. The second virtual machine image is started and a second sample is executed. The first and second samples are executed at an overlapping time.

Abstract: Systems and methods for detecting the generation of authentication credentials for virtual machine instances are described. In various embodiments, an intermediary system may detect or determine, for a virtual machine instance, one or more states associated with a credential (e.g., a password) generation process and/or a get password request from a requesting user. Based on detected or determined virtual machine states, the intermediary system may provide useful and/or timely status indicators or notifications to the requesting user. In various embodiments multiple states may be determined sequentially or in parallel in order to provide more detailed information regarding whether and why a credential is or is not available, contributing to an improved user experience. For example, timely indication that a password may not be available may be useful to the requesting user who can take immediate steps to remedy the situation, such as by contacting customer service.

Abstract: Systems and methods for managing network resources, including managing a generated virtualized data plane network using a central controller. Virtual machine (VM) resources are assigned to two or more different network functions at a local data center. Traffic is dynamically optimized based on at least one of aggregate traffic demands and quality of service (QoS) goals, and resource allocations and inter-data center (DC) bandwidth resources are determined for VMs for a plurality of services. VMs for each middlebox function and a routing plane for each service are configured based on the determined resource allocation, and flows are routed based on the resource allocation and one or more configured network paths using an overlay-routing framework.

Abstract: Methods, systems, and computer program products for restoring a backend after a backend disconnect. The method includes detecting a disconnect of a backend. The method further includes setting a flag and notifying a guest regarding the disconnect. The method further includes resetting a data structure accessed by the backend. The method further includes detecting (or initiating) or a reconnect of the backend. The method further includes sending the backend a state of the data structure.

Abstract: Techniques for establishing a trusted cloud service are provided. Packages are created for services that include certificates, configuration information, trust information, and images for deploying instances of the services. The packages can be used to deploy the services in trusted environments and authenticated to deploy in sub environments of un-trusted environments. The sub environments are trusted by the trusted environments. Also, clouds are prospected for purposes of identifying desirable clouds and creating the packages for deployment.

Abstract: In one aspect, a computerized method of workload mobility across divergent cloud-computing platforms includes the step of with an agentless process, utilizing at least one computer process to discover an entity. The method discovers a configuration of the entity. The method persistently stores the configuration of the entity in a configuration management database (CMDB). The method migrates, with at least one replication processes, the entity from a user-side platform to a cloud-computing platform. The method transforms a workload data of the entity to a container workload data to enable implementation of the workload data in the cloud-computing platform.

Abstract: Techniques for improving logon time for remote desktops a user has not logged onto before. In general, these techniques involve utilizing a pre-logon script to create a profile-specifying registry entry that links to an already created persistent or “mandatory” profile. Linking to a mandatory profile, rather than creating a new profile from whole cloth (which is automatically done by operating systems such as Microsoft Windows upon detecting a log on from a user that has not logged on before), reduces the amount of time associated with logging on.

Abstract: Operating profiles for consumers of computing resources may be automatically determined based on an analysis of actual resource usage measurements and other operating metrics. Measurements may be taken while a consumer, such as a virtual machine instance, uses computing resources, such as those provided by a host. A profile may be dynamically determined based on those measurements. Profiles may be generalized such that groups of consumers with similar usage profiles are associated with a single profile. Assignment decisions may be made based on the profiles, and computing resources may be reallocated or oversubscribed if the profiles indicate that the consumers are unlikely to fully utilize the resources reserved for them. Oversubscribed resources may be monitored, and consumers may be transferred to different resource providers if contention for resources is too high.

Abstract: This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred.

Abstract: A method for data migration in solid state memory. The method includes making a first determination that a write limit of a first memory region of the solid state memory has been reached, and based on the first determination: allocating a second memory region in the solid state memory. The method further includes, based on making the first determination: migrating a first data fragment from a first memory location in the first memory region to a corresponding second memory location in the second memory region, updating a migration progress index to include the second memory location, directing future read and write requests that target memory locations included in the migration progress index to the second memory region, and directing future read and write requests that target memory locations not included in the migration progress index to the first memory region.

Abstract: A method of transferring a virtual machine between a virtualized computing system and a cloud computing system includes determining that a virtual machine is to be transferred from a virtualized computing system to a cloud computing system and determining a connection between a first resource in the virtualized computing system and a second resource in the cloud computing system. Files that enable implementation of the virtual machine at the virtualized computing system and identified, as are file portions of the files for transfer from the virtualized computing system to the cloud computing system. At least one compliance check is executed on each of the file portions using at least one compliance checker. Each of the file portions that fails a compliance check is blocked from being maintained in the cloud computing system.

Abstract: Migration of a virtual machine from a source host computing system to a target host computing system in a context in which a centralized portion of virtual machine state is maintained in a storage that is accessible to both the source host computing system and the target host computing system, and a localized portion of the virtual machine state is maintained in local storage of the source host computing system. For instance, the centralized portion of the virtual machine state might be user data, and the localized portion might be backing files for the virtual machine. In order to support the potential migration, at least a portion of the localized portion of the virtual machine state are backed up to a storage that is accessible to both the source and target host computing systems.

Abstract: A computer-executable method, system, and computer program product for allocating resources to an application of a set of applications, wherein the virtualized resources are grouped into tiers based on the performance characteristics of the virtualized resources, the computer-executable method comprising, monitoring resource demand of an application of the set of applications; wherein the resources allocated to the application are from a first tier of the tiers, making a determination whether to allocate to the application a portion of the resources from a different tier of the tiers, based on a positive determination, allocating the portion from the different tier of the tiers.

Abstract: There is provided a method of maintaining a hybrid OLTP and OLAP database, the method comprising: executing one or more OLTP transactions; creating a virtual memory snapshot; and executing one or more OLAP queries using the virtual memory snapshot. Preferably, the method further comprises replicating a virtual memory page on which a data object is stored in response to an update to the data object, whereby the updated data object is accessible for OLTP transactions, while the non-updated data object remains accessible for OLAP queries. Accordingly, the present invention provides a hybrid system that can handle both OLTP and OLAP simultaneously by using hardware-assisted replication mechanisms to maintain consistent snapshots of the transactional data.

Abstract: Embodiments disclosed facilitate adaptation of interactive desktop applications (IDAs) for deployment and execution on distributed systems including clouds. In some embodiments, the method comprises: executing a cloud-based IDA on a dedicated elastic Virtual Machine (VM) running on at least one of a plurality of cloud infrastructures using a remote client device; and invoking an application on the remote client device comprising a remote desktop protocol (RDP) to connect to the VM on the at least one cloud infrastructure to facilitate remote user interaction with the at least one cloud-based IDA using functionality provided by the RDP. In some embodiments, the remote client application may be a web browser and RDP may be implemented using browser plugins. Further, the remote client application may sync data with cloud infrastructure before and after IDA execution, and the VM running the IDA may be terminated when user exits the IDA.

Abstract: The invention addresses these and other problems associated with the prior art by providing an apparatus and program product that manage virtual machines in a virtualized computing environment based at least in part on limitations associated with storage fabrics through which virtual machines may access one or more storage systems in such an environment. The storage fabric limitations, referred to herein as fabric limits, may be used, for example, in connection with placing virtual machines on hosts in a virtualized computing environment. As another example, fabric limits may be used in connection with deploying virtual machines into a virtualized computing environment to reduce the likelihood of boot errors. As still another example, fabric limits may be used in connection with load balancing across multiple fabrics in a virtualized computing environment.

Abstract: A virtual switching method, a related apparatus, and a computer system are provided. The method includes receiving a first message sent by a source node, where the first message is used to request a first virtual machine to perform switching processing on to-be-switched data, where the to-be-switched data is sent from the source node to a target node and at least one of the source node and the target node is a second virtual machine; and determining a second message according to an address of the target node contained in the to-be-switched data and a configured port mapping table, and sending the second message, where the second message is used to instruct the target node to acquire the to-be-switched data from a storage device of a hardware layer.

Abstract: Examples described herein enable memory state sharing among a plurality of virtual machines (VM) including a parent VM and a child VM. A request for memory state sharing between the parent VM and the child VM is received, and the parent VM is suspended. The child VM resumes execution of one or more suspended applications. In one example, the child FM is forked with pre-loaded, suspended applications from the parent VM. Aspects of the disclosure offer a high performance, resource efficient solution that outperforms traditional approaches in areas of software compatibility, stability, quality of service control, re-source utilization, and more.

Abstract: An update is deployed to a guest virtual machine of a hypervisor during runtime of the guest virtual machine. An executing thread of the guest virtual machine is identified and execution of the thread is redirected to a function to open a handle to a file, of the guest virtual machine, to which data of the update is to be written. The data is provided to a component of the guest virtual machine, and then execution of the thread is redirected to a function to write the data provided to the component to the file.

Abstract: Embodiments relate to virtual machine (VM) migration via a mobile device. A method includes requesting, by a mobile device, a source computer to capture a state and memory contents of a VM executing on the source computer. The VM includes the state, the memory contents, and data. The state and memory contents of the VM are stored on the mobile device. Security information about a target computer is determined by the mobile device. A migration of the VM to the target computer is initiated by the mobile device. The initiating includes sending the stored state and memory contents of the VM from the mobile device to the target computer. An activation of the VM on the target computer is initiated and access is provided to at least a subset of the data of the VM. The subset is selected based on the security information.

Abstract: Techniques for configuring virtual machine instances are described herein. A virtual machine instance is instantiated and the virtual machine instance is monitored to receive notifications of configuration events associated with that virtual machine instance. Each configuration event, which specifies configuration changes to the virtual machine instance, includes a set of metadata associated with the configuration event. The metadata is extracted from the configuration event and the configuration changes are applied to the virtual machine instance. A new virtual machine image is then produced from the virtual machine instance and the extracted metadata is associated with the new virtual machine image.

Abstract: A system, method, computer program, and/or computer readable medium for providing hierarchical interception for applications within isolated environments. The computer readable medium includes computer-executable instructions for execution by a processing system. The computer-executable instructions may be for installing interceptors, configuring interceptors, preloading shared libraries, using trampoline functions, removal of interceptors, mapping between resources inside and outside the isolated environment, providing an interception database, loading the interception database, redirection of resources, and providing the hierarchy of interceptors.

Abstract: A plan including several groups of tasks is constructed for performing maintenance on a plurality of interrelated machines. A maintenance task in a first group is caused to execute within a window of time allocated for the maintenance. A determination is made that an estimated amount of time needed to execute a second group of tasks from the several groups is more than the remaining time in the window. In response to such a determination, the execution of the second group of tasks is omitted. The execution of a post-requisite task of the first group is completed. A maintenance task in the second group is executed during a second window of time allocated for the maintenance.

Abstract: A system can include a host device that includes a virtual machine execution environment. The host device can execute a host management component in the host device and determine whether a hypervisor or a virtual machine in the virtual machine execution environment violates at least one compliance rule. The host device can also cause the host management component to perform an action in response to determining that the hypervisor the virtual machine violates the at least one compliance rule.

Abstract: Systems and methods for providing a hypercall interface for virtual machines. An example method may comprise receiving, by a hypervisor executing on a computer system, a hypercall instruction issued by a virtual machine to invoke a hypervisor function; and determining an identifier of the hypervisor function based on a value of an instruction pointer of the virtual machine.

Abstract: Exemplary methods, apparatuses, and systems include a hypervisor receiving an error message from an agent within a first virtual machine run by the hypervisor. In response to the error message, the hypervisor determines and initiates a corrective action for the hypervisor to take in response to the error message. An exemplary corrective action includes initiating a reset of the first virtual machine or a reset of a second virtual machine.

Abstract: Virtual machine data records are obtained from a virtual system manager that manages one or more virtual machines. Storage data records are obtained from a storage controller. The virtual machine data records include one or more particular virtual machine data records relating to a particular virtual machine and identify a particular volume that is configured for use by the particular virtual machine. The storage data records including one or more particular storage data records that specify performance information associated with the particular volume. Based on information in the particular virtual machine data records and information in the particular storage data records, it is determined that the particular storage data records are related to the particular volume used by the particular virtual machine.