Abstract: Techniques are described for learning an unknown virtual network information, such as an virtual Internet Protocol (IP) address, of a pod in a virtual network. In some examples, a virtual router executing at a computing device may receive an Address Resolution Protocol (ARP) packet from a virtual execution element in the virtual network, the virtual execution element executing at the computing device. The virtual router may determine, based at least in part on the ARP packet, whether virtual network information for the virtual execution element in a virtual network is known to the virtual router. The virtual router may, in response to determining that the virtual network information of the virtual execution element in the virtual network is not known to the virtual router, perform learning of the virtual network information for the virtual execution element.

Abstract: Systems, methods and/or computer program products for managing the temperature of datacenter during a period of malfunction or inoperability of the cooling system responsible for maintaining temperatures within the datacenter. Temperatures of the datacenter's computing systems are monitored by thermal imaging systems and/or sensors. Computing systems are also monitored for how frequently the systems are accessed during a defined period of time and the number of mission critical deployments by each computing system. Collected parameters, including temperature, frequency of access and number of running mission critical applications are imputed into a scoring algorithm which uses the collected parameters and weightings to generate a ranking of computing systems to shutdown sequentially in response to rising temperatures.

Abstract: Techniques are disclosed for migrating one or more services from an edge device to a cloud computing environment. In one example, a migration service receives a request to migrate a first set of services from the edge device to the cloud computing environment. The migration service identifies a hardware profile of a computing device (or devices) of the cloud computing environment that matches the edge device, and then configures the computing device to execute a second set of services that corresponds to the first set of services. The migration service establishes a communication channel between the edge device and the computing device, and then executes a set of migration operations such that the second set of services is configured to execute as the first set of services. The computing device may operate in a virtual bootstrap environment or dedicated region of the cloud computing environment.

Abstract: A system and method for providing cloud virtualization (SV) is disclosed. According to one embodiment, a system includes a transactional cloud manager and a compute cluster connected to the transactional cloud manager. The compute cluster includes a system monitor and a control manager in a host. A virtual machine runs on the host, wherein the virtual machine has a VM system monitor and a VM control manager. The transactional cloud manager creates virtual machine clusters on the host.

Abstract: Disclosed in some examples, are methods, systems, devices, and machine-readable mediums which solve the above problems using a global shared region of memory that combines memory segments from multiple CXL devices. Each memory segment is a same size and naturally aligned in its own physical address space. The global shared region is contiguous and naturally aligned in the virtual address space. By organizing this global shared region in this manner, a series of three tables may be used to quickly translate a virtual address in the global shared region to a physical address. This prevents TLB thrashing and improves performance of the computing system.

Abstract: Techniques described herein relate to a method for performing pre-backup tasks. The method includes obtaining, by a proxy host, a snapshot request associated with a full backup of a file system stored in a network attached storage (NAS) from a backup manager; in response to obtaining the snapshot request: instantiating a NAS container to obtain a snapshot of the file system; providing the snapshot to the NAS container; after providing the snapshot to the NAS container: generating, using the snapshot, slices associated with the file system; sorting the slices based on average file sizes associated with each slice; grouping the slices based on the average file sizes and group criteria to generate slice groups; generating a slice list specifying the slices and the slice groups; and providing the slice list to the backup manager.

Abstract: A network monitoring apparatus sets monitoring targets that are physical interfaces included in leaf nodes and spine nodes, links connecting the leaf nodes and the spine nodes, transfer function units included in the spine nodes, and an overlay tunnel set between the originating-side leaf node on the terminating-side leaf node, aggregates monitoring results at the respective monitoring targets, and determines the failure type of a failure and the degree of influence of the failure on the basis of the type of the monitoring target in which the failure has occurred and the occurring event.

Abstract: Methods and systems for provisioning resources for games executed by a cloud gaming system includes accessing online interactions of a plurality of users in relation to a game. The online interactions are processed to classify discussion features obtained from online social communications. A model is generated to predict game use, using the classified discussion features. The model is updated with online interactions received over time. Resources for the game are provisioned at a data center. The provisioning is done by accessing the model and identifying adjustments in the provisioning for an anticipated usage spike that is to occur by a plurality of users, based on current online interactions.

Abstract: A system is disclosed that includes capabilities by which a nested sub-resource residing in a service tenancy can access a customer-owned resource residing in a customer tenancy without the use of a cross-tenant policy. The disclosed system provides the ability for a nested sub-resource residing in a service tenancy to obtain the resource principal identity of a higher-level resource residing in the customer tenancy and use the identity of the higher-level resource to access a customer-owned resource residing in the customer tenancy. Using the resource principal identity of its higher-level resource, the sub-resource can access a customer-owned resource that resides in a customer tenancy in a seamless way without having to write a cross-tenancy policy statement that provides permission to the sub-resource to access the customer-owned resource.

Abstract: Various embodiments provide for replicating a share across deployments of a data platform, where the share can be on a source deployment and the share can be replicated on one or more target deployments, and where the share is replicated with one or more database objects of the source deployment associated with the share. Some embodiments analyze the share to be replicated and, based on the analysis, determine one or more database objects that would be replicated to the one or more target deployments to enable a replica of the share on the one or more target deployments.

Abstract: End-to-end topology stitching and representation is described. An example includes instructions for receiving, at a server, a set of configuration data for an infrastructure stack, the set of configuration data including configuration data for each of a plurality of domains of the infrastructure stack; parsing the received set of configuration data; stitching together an end-to-end topology for the plurality of domains of the infrastructure stack based at least in part on the parsed set of configuration data; and generating a representation of the end-to-end topology of the infrastructure stack.

Abstract: A memory system is provided to include a first virtual function controller in communication with a first virtual machine of a host and configured to receive, from the first virtual machine, a command for accessing a namespace and provide, to the first virtual machine, a response to the command; a second virtual function controller in communication with a second virtual machine of the host and configured to be coupled to the namespace and receive the command from the first virtual function controller based on status information of the first virtual function controller and the second virtual function controller; a buffer memory configured to provide an area for data corresponding to the command; and a memory controller configured to access the namespace based on the command and provide the buffer memory with the data.

Abstract: A method for data storage includes specifying a plurality of File Systems (FSs) for use by multiple clients, including assigning to the FSs both respective global identifiers and respective client-specific names. The plurality of FSs is managed using the global identifiers, and files are stored for the clients in the FSs using the client-specific names.

Abstract: A method, computer program product, and system include a processor(s) generates a representation of microservice communications within a network. The processor(s) updates the representation, based on monitoring deployments of microservices within the network. The processor(s) identifies individual service clusters within the network. The processor(s) selects each cluster from the identified service clusters, and for each cluster, evaluates whether to recommend mergers of a portion of the microservices deployed to each cluster. The processor(s) recommends at least one merger for a given cluster of the identified services clusters. Based on the recommending, the processor(s) generates a what-if analysis for the at least one merger.

Abstract: Methods and apparatus for providing page migration of pages among tiered memories identify frequently accessed memory pages in each memory tier and generate page hotness ranking information indicating how frequently memory pages are being accessed. Methods and apparatus provide the page hotness ranking information to an operating system or hypervisor depending on which is used in the system, the operating system or hypervisor issues a page move command to a hardware data mover, based on the page hotness ranking information and the hardware data mover moves a memory page to a different memory tier in response to the page move command from the operating system.

Abstract: A secure, modular multi-tenant machine learning platform is configured to: receive untrusted code supplied by a first tenant; perform a security scan of the untrusted code to determine whether the untrusted code satisfies a set of one or more security requirements; responsive to determining that the untrusted code satisfies the security requirement(s): deploy the untrusted code to a runtime execution environment; deploy a machine learning model associated with the first tenant to the runtime execution environment, the untrusted code being configured to perform one or more functions using the machine learning model; receive a set of untrusted code supplied by a second tenant; perform a security scan of the untrusted code to determine whether the untrusted code satisfies the security requirement(s); and responsive to determining that the untrusted code does not satisfy the security requirement(s): refraining from deploying the untrusted code to a runtime execution environment.

Abstract: Systems and methods are provided that integrate a machine-learning model, and more specifically, utilizing a platform as a service (PaaS) cloud to predict probability of success for an operator in an environment. An embodiment comprises a system having: a processor that executes computer executable components stored in memory, trained machine-learning model that predicts probability of success for deployment of an operator in an environment with a namespace of a platform as a service (PaaS) cloud, and a deployment component that receives a first operator and a first namespace and employs the trained machine-learning model to predict success of deployment of the first operator in a first environment.

Abstract: An example file server manager disclosed herein receives a registration for a distributed file server, where the distributed file server is hosted in a virtualization environment and includes a cluster of file server virtual machines configured to provide access to a file system. The file server manager further synchronizes metadata with the distributed file server, the metadata including identification of each of the file server virtual machines of the cluster of file server virtual machines, the metadata including information regarding the file system and receiving a management request for the distributed file server. The file server manager further formats the management request for the virtualization environment based on the metadata and utilizing information from the registration to access the distributed file server with the formatted management request.

Abstract: An apparatus and method are described for providing a trusted execution environment. The apparatus comprises processing circuitry to execute program code, and interrupt controller circuitry, responsive to receipt of one or more interrupt requests, to select a given interrupt request from amongst the one or more interrupt requests, and to issue an interrupt signal to the processing circuitry identifying a given interrupt service routine providing program code to be executed by the processing circuitry to service the given interrupt request. The interrupt controller circuitry is responsive to the given interrupt request being a trusted execution environment (TEE) interrupt request, to issue the interrupt signal to identify as the given interrupt service routine a TEE interrupt service routine, and to inhibit issuance of any further interrupt signal until the TEE interrupt service routine has been executed by the processing circuitry.

Abstract: A method includes executing a pool of primary virtual machine (VM) instances, each primary VM instance executing a corresponding individual service instance, and instantiating a shared secondary VM instance. The method includes identifying unavailability of a particular primary VM instance of the pool of primary VM instances, and causing the corresponding individual service instance executing on the particular primary VM instance to failover to the shared secondary VM instance to commence executing the corresponding individual service instance. The method includes, after the failover to the shared secondary VM instance, determining a difference between a current resource level of the shared secondary VM instance and a target resource level associated with the corresponding individual service instance, and adjusting the current resource level of the secondary VM instance based on the difference.

Abstract: Fast modern interconnects may be exploited to control when garbage collection is performed on the nodes (e.g., virtual machines, such as JVMs) of a distributed system in which the individual processes communicate with each other and in which the heap memory is not shared. A garbage collection coordination mechanism (a coordinator implemented by a dedicated process on a single node or distributed across the nodes) may obtain or receive state information from each of the nodes and apply one of multiple supported garbage collection coordination policies to reduce the impact of garbage collection pauses, dependent on that information. For example, if the information indicates that a node is about to collect, the coordinator may trigger a collection on all of the other nodes (e.g., synchronizing collection pauses for batch-mode applications where throughput is important) or may steer requests to other nodes (e.g., for interactive applications where request latencies are important).

Abstract: A system for allocation of resources and processing jobs within a distributed system includes a processor and a memory coupled to the processor. The memory includes at least one process and at least one resource allocator. The process is adapted for processing jobs within a distributed system which receives jobs to be processed. The resource allocator is communicably coupled with at least one process, and is adapted to generate one or more sub-processes within a limit of one or more resources allocated to the process for processing jobs.

Abstract: Provided is a method for orchestrating a container-based application that is executed on a terminal device, in which implementation information is received in an orchestration slave unit on the terminal device via a communication connection from an orchestration master unit, and the application is configured and/or controlled by the orchestration slave unit based on the implementation information, wherein the received implementation information is additionally saved persistently in a memory unit in the terminal device, and if the communication connection to the orchestration master unit is interrupted, the most recently saved implementation information is retrieved from the orchestration slave unit and the application is configured and/or controlled based on the most recently saved implementation information.

Abstract: Embodiments provide systems, methods and computer program products for cloud replication of data. One embodiment includes, accessing a virtual table definition and a data collection definition, the virtual table definition comprising a definition of a set of virtual table fields and a mapping of the set of virtual table fields to a set of target data types; automatically creating a virtual table according to the virtual table definition, the virtual table comprising the set of virtual table fields populated with the data of interest according to the data collection definition; and sending the virtual table and the mapping to a cloud computing environment. One embodiment further includes, in the cloud computing environment, storing the set of virtual table fields as a set of physical table fields in a physical table in a cloud hosted database, the set of physical table fields having the set of target data types.

Abstract: Disclosed are various examples for managing endpoints or client devices. A client device can be managed using unified endpoint management (UEM) protocols or using an endpoint management framework. A management console can allow an administrator to perform UEM management actions as well as out-of-band management actions on managed endpoints.

Abstract: A vehicle computing architecture includes an application layer a software virtualization layer, a hardware virtualization layer, and a hardware component layer. The application layer includes a plurality of virtual functional components each representing a virtual function. The software virtualization layer includes a command registry having virtual commands. The hardware virtualization layer includes mapping logic. The hardware component layer includes a plurality of physical nodes each being a virtual representation of a corresponding hardware component. The virtual functional components call a virtual command from the command registry. The hardware virtualization layer selects one of the physical nodes corresponding to the received virtual command and translates the received virtual command to a hardware command using the mapping logic, and communicates the hardware command to the selected physical node.

Abstract: According to an embodiment, a communication apparatus includes a task and a notification unit. The task stores, in a storage unit, notification information to be notified to a virtual machine as a notification destination via a virtual machine monitor after execution of predetermined processing. The notification unit collectively notifies the virtual machine monitor of a plurality of pieces of notification information stored in the storage unit.

Abstract: A system comprises compute nodes distributed over a network and configured to perform a pipeline parallel process. The system also comprises an extended memory comprising a global virtual address space which is shared by the compute nodes. The extended memory is configured to enable the compute nodes to exchange data over the network when the compute nodes perform the pipeline parallel process.

Abstract: A computing system may obtain text corresponding to a conversation between an outside caller and an agent. The computing system may obtain data associated with the conversation that may be used to determine whether the outside caller is attempting malicious activity or not. The obtained text and data may be provided to a machine learning model to generate a probability score indicative of whether the outside caller is attempting to obtain unauthorized access or attempting other malicious activity. Based on determining that the probability score satisfies a threshold, the computing system may modify a permission (e.g., an API permission) of the agent. The computing system may deny the request to perform the action and may cause display of an indication that the request was successful.

Abstract: The following relates generally to computer security, and more particularly relates to computer security in a virtual environment, such as a metaverse. In some embodiments, one or more processors: receive a set of known events (e.g., security threats) including event classifications; receive data of layers of the virtual environment; detect events in the data of the layers of the virtual environment; and determine correlations between the events in the data of the layers of the virtual environment. The correlations may be between events in different layers of the virtual environment. The one or more processors may also predict future events by analyzing the detected events.

Abstract: Disclosed herein are system, method, and computer-readable medium embodiments for securely accessing cloud data providers with user-impersonation. An embodiment operates by receiving an initial logon request for a cloud data provider. The embodiment authenticates the request using a cluster unique identifier (CUID) of the cloud data provider. The embodiment then authorizes the request by exchanging an authorization code for an identifier token and a refresh token issued by the cloud data provider. The embodiment then validates the tokens, and stores the refresh token for subsequent user-impersonation logons. Subsequently, the embodiment receives a user-impersonation logon request for the cloud data provider. The embodiment exchanges the refresh token for an access token issued by the cloud data provider, and uses the access token to gain access to the cloud data provider without a user directly having to complete authentication and authorization processes.

Abstract: A networking manager of an extension server of a virtualized computing service detects that a data link layer frame has been obtained at the extension server. The networking manager delivers at least a portion of contents of the frame to a compute instance running at the extension server in response to determining that a destination media access control (MAC) address of the frame matches a MAC address of a local-premise-access virtual network interface attached to the compute instance. The local-premise-access virtual network interface is not assigned an Internet Protocol (IP) address from a range of IP addresses managed by the virtualized computing service.

Abstract: The present invention relates to a system for data analytics in a network between one or more local device(s) (130) and a cloud computing platform (120), in which data collected and/or stored on the local device(s) (130) and/or stored on the cloud computing platform (120) are processed by an analytical algorithm (A) which is subdivided into at least two sub-algorithms (SA1, SA2), wherein one sub-algorithm (SA1) is executed on the local device(s) (130) and the other sub-algorithm (SA2) is executed on the cloud computing platform (120).

Abstract: Techniques are disclosed relating to monitoring behavior of a computing system shared by multiple tenants. In some embodiments, a computer cluster is maintained that hosts containers accessible to a plurality of tenants of the computer cluster. First telemetry data collected about a particular one of the plurality of tenants is received from a container hosted at a first of a plurality of servers of the computer cluster. The first telemetry data identifies the particular tenant's consumption of a resource provided by the container. In response to the computer cluster migrating the container from the first server to a second of the plurality of servers, second telemetry data collected about the particular tenant's consumption of the resource is received from the migrated container hosted at the second server. An analysis is performed of the first and second telemetry data to identify whether the particular tenant's consumption of the resource has changed.

Abstract: A computer-implemented method dynamically categorizes email on a client device. The method includes identifying one or more email servers associated with a user. The method also includes analyzing, for the user, a set of emails associated with the one or more email servers. The method further includes identifying, for each email, at least one category based on the content of the email. The method includes generating at least one virtualized folder, and consolidating, in response to the generating, the set of emails into the at least one virtualized folder by moving the emails into a folder based on a first of the at least one categories.

Abstract: This disclosure provides techniques for enabling developers to create a single implementation of an application that is accessible via different types of surfaces. For example, a developer can develop a single application and, based on how the developer defines parameters in a schema of the application, the corresponding user interfaces and features of the application can be used on different types of surfaces. Moreover, the single application can be made available to install via a hosted network and installed without regard to the type of surface that is being used to access the hosted network.

Abstract: Systems for distributed data storage. A method commences upon accessing a set of data items that describe computing nodes to be organized into a ring topology. The ring topology and distributed data storage policies are characterized by quantitative failure-resilient characteristics such as a replication factor. Various characteristics of the topology serve to bound two or more availability domains of the ring into which the computing nodes can be mapped. A set of quantitative values pertaining to respective quantitative failure-resilient characteristics are used for enumerating candidate ring topologies where the computing nodes are mapped into the availability domains. Using the quantitative failure-resilient characteristics, alternative candidate ring topologies are evaluated so as to determine a configuration score for candidate ring topologies. A candidate ring topology is configured based on a computed configuration score surpassing a threshold score.

Abstract: Disclosed herein are system, method, and computer program product embodiments for detecting human presence in front of a plurality of sensors, such as speaker sensors, and a device with a processor, such as a television. An example method includes varying, during a collection routine, a respective signal strength of one or more of a plurality of transmitters. The example method further includes receiving results of the collection routine in a form of raw data from a plurality of sensors. The example method further includes determining, by at least one processor, a respective geographical position of one or more humans present within a predetermined geographical range of the at least one processor based on the raw data from the plurality of sensors. Subsequently, the example method includes executing an action based on the respective geographical position of the one or more humans.

Abstract: Various approaches are disclosed for protecting vehicle buses from cyber-attacks. Disclosed approaches provide for an embedded system having a hypervisor that provides a virtualized environment supporting any number of guest OSes. The virtualized environment may include a security engine on an internal communication channel between the guest OS and an external vehicle bus of a vehicle to analyze network traffic to protect the guest OS from other guest OSes or other network components, and to protect those network components from the guest OS. Each guest OS may have its own security engine customized for the guest OS to account for what is typical or expected traffic for the guest OS (e.g., using machine learning, anomaly detection, etc.). Also disclosed are approaches for corrupting a message being transmitted on a vehicle bus to prevent devices from acting on the message.

Abstract: The present disclosure is related to reconfigurable radio equipment and edge computing, and in particular, to technologies for cyber security and radio equipment supporting certain features ensuring protection from fraud, and testing interfaces related to reconfigurable radio equipment. Other embodiments may be described and/or claimed.

Abstract: A formally verified trusted computing base with active security and policy enforcement is described. The formally verified trusted computing base includes a formally verified microkernel and multiple formally verified hyper-processes including a virtual machine monitor (VMM), virtual machine introspection (VMI), policy enforcers including an active security policy enforcer (ASPE), and a virtual switch. The active security and policy enforcement continuously monitors for semantic behavior detection or policy violations and enforces the policies at the virtualization layer. Further, policies can be attached to the network layer to provide granular control of the communication of the computing device.

Abstract: A firewall configuration method, applied to a cloud computing management platform, includes determining, by a compute node, a subnet associated with firewall policy information, determining that a virtual machine that belongs to the subnet is deployed on the compute node, and delivering the firewall policy information to a network access control list corresponding to the subnet. The network access control list and a local list of a virtual machine bridge of the virtual machine are in a jump relationship.

Abstract: A system and method are provided for synchronizing read-only folders from a cloud-based server. Users can set permissions when sharing folders with other users. The permissions are enforced by client devices of the users downloading content of the folders from the server. A folder at a user's client from the shared domain may include locally modified content and shared content. Based on an indication of a change by a second user to the folder at the server, the user's client modifies a local folder. To prevent local changes made by the user from being overwritten, the user's client identifies the folder containing locally-modified content as a local content folder not to be synchronized between the plurality of clients.

Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.

Abstract: A system and method for detecting lateral movement based on an exposed cryptographic network protocol (CNP) key in a cloud computing environment. The method includes: inspecting a first workload for a private CNP key, the private CNP key associated with a hash of a public CNP key; detecting in a security database a representation of the public CNP key; generating a lateral movement path, the lateral movement path including an identifier of a second workload, the second workload represented by a representation connected to the representation of the public CNP key.

Abstract: Example implementations include a method, apparatus, and computer-readable medium comprising receiving, by a control panel of a security or automation system of a premises, an indication of an update in a configuration of a router that is configured to support an Internet protocol “IP” network at the premises; and updating the configuration of the router by the control panel in response to receiving the indication.

Abstract: Systems and methods provide containers instantiated for each user equipment (UE), or on “per-UE” bases, which consolidate certain network functions for processing UE traffic into an efficient, in-network, and proximate virtualization to reduce latency and increase customizability.

Abstract: Automated management of software code change and deployment in an information processing system is disclosed. In one example, a method comprises the following steps. The method obtains one or more parameters specifying a software deployment following at least one code change to a set of one or more software programs. The method distinguishes first portions of the set of one or more software programs that are affected by the at least one code change from second portions of the set of one or more software programs that are unaffected by the at least one code change. The method generates at least one deployment script for causing deployment of the first portions of the set of one or more software programs without causing deployment of the second portions of the set of one or more software programs.

Abstract: Embodiments of the present invention provide computer-implemented methods, computer program products and computer systems. For example, embodiments of the present invention can, in response to receiving a request, analyze one or more components of a network. Embodiments of the present invention can predict an optimal migration path for the one or more components of the network based, at least in part on an opportunity rating for each respective component of the network. Embodiments of the present invention can then generate one or more recommendations based on the predicted optimal migration path of the one or more components.

Abstract: A system performs efficient domain name system (DNS) based global server load balancing. The system regularly monitors server health of servers that process requests directed to virtual servers. The update server health information is used to process DNS queries that request assignment of servers for processing requests directed to virtual servers. The system maintains metadata describing servers based on user requests associated with virtual servers. The system updates information stored in a database based on requests associated with a virtual server, for example, create, update, or delete information describing a virtual server. The system propagates the updated information to a plurality of data plane clusters. The system receives DNS queries and answers them based on the updated information describing the servers.