Abstract: Resource allocation can be managed in a software-defined system. For example, a computing device can receive, for a container in a software-defined system, a container limit specifying a maximum value for the container. The computing device can receive, for the container, one or more benefit functions that assign a weight for the resource in the software-defined system. The computing device can determine a value for a resource is less than the container limit. In response to determining the value for the resource is less than the container limit, the computing device can allocate the resource to the container based on the weight from the one or more benefit functions.

Abstract: A system can determine to restore a datacenter that comprises a group of virtualized workloads. The system can determine respective associations between respective virtualized workloads and respective datastores. The system can determine to restore a first virtualized workload of the group of virtualized workloads first. The system can restore a first portion of infrastructure that corresponds to the first virtualized workload first among a group of infrastructure. The system can, after restoring the first portion of infrastructure, restore a first portion of data that corresponds to the first virtualized workload first among a group of data. The system can, after restoring the first portion of data, restore a first portion of a virtualization layer that corresponds to the first virtualized workload first among a group of virtualization layers. The system can, after restoring the first portion of the virtualization layer, restore the first virtualized workload.

Abstract: Embodiments of the present disclosure provide a data mining system, a data mining method, and a storage medium. The data mining system includes a transfer device, a first trusted execution space and a second trusted execution space. The transfer device is configured to receive a data calling request of the second trusted execution space, obtain data to be called from the first trusted execution space according to the data calling request, and provide the data to be called to the second trusted execution space, so as to perform data mining based on the data to be called and the mining-related data to obtain a data mining result and to provide the data mining result to a device of the data user.

Abstract: Systems for providing a virtual machine and authentication of a user using the virtual machine may perform operations including providing an application programming interface (API) to an electronic device; booting a virtual machine configured to emulate a type of electronic device based on a workstation to which the electronic device is connected; receiving input, using the API, from the electronic device; and providing output to the workstation using the virtual machine. In another example, the operations may include connecting, via at least one network and through an API, to a remote server; providing to the remote server, via the at least one network and the API, the captured biometric indicator; receiving, from a virtual machine executed on the remote server, at least one packet in a defined format based on the biometric indicator; and forwarding the received at least one packet to a workstation communicably connected to the electronic device.

Abstract: Systems and methods for performing a zero-copy volume move between nodes of a distributed storage system are provided. In one example, an approach for performing a zero-copy volume move is proposed in which volume data may be maintained in place within a storage pod and need not be copied to move a given volume between the source node and the destination node. In one embodiment, metadata (e.g., a top-most physical volume block number (PVBN) of a node tree representing the volume at issue) of a write-anywhere file system is copied from the source node to the destination node. Since the storage pod is associated with a global PVBN space that is visible and accessible to all nodes of the distributed storage system, as a result of copying the top-mode PVBN of the volume to the destination node, anything below the top-most PVBN will automatically be visible to the destination node.

Abstract: This application provides a method and apparatus for configuring a quality of service policy for a service, and a computing device, and belongs to the field of network communications technologies. The method includes: obtaining a first data flow forwarded by a virtual switch; determining service information of the first data flow, where the service information includes a service type of the first data flow and an access path of the first data flow; determining, based on the service information of the first data flow, a quality of service QoS policy matching the first data flow; and configuring devices on the access path based on the matched QoS policy. According to this application, efficiency of configuring a quality of service policy for a service can be improved.

Abstract: An object of the invention is to quickly and appropriately adjust performance of a storage system. Provided is a storage management system including: a storage system including a plurality of storage nodes; and a management device. The storage node includes a storage device and an instance to which a resource is virtually allocated and that controls access to the storage device. The storage management system further includes an instance management node configured to manage the instance of the storage node. The management device is configured to determine whether a configuration of the resource allocated to the instance of the storage node needs to be changed, and cause the instance management node to change the configuration of the resource allocated to the instance when the configuration of the resource needs to be changed.

Abstract: The methods comprise receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said user. The methods may further comprise performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions. The methods may also comprise, responsive to verifying said user in accordance with the predetermined set of permissions, creating a version the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user.

Abstract: Techniques for computer memory management are disclosed herein. In one embodiment, a method includes in response to receiving a request for allocation of memory, determining whether the request is for allocation from a first memory region or a second memory region of the physical memory. The first memory region has first memory subregions of a first size and the second memory region having second memory subregions of a second size larger than the first size of the first memory region. The method further includes in response to determining that the request for allocation of memory is for allocation from the first or second memory region, allocating a portion of the first or second multiple memory subregions of the first or second memory region, respectively, in response to the request.

Abstract: Aspects of the disclosure provide for mechanisms for securing virtual machines in a computer system. A request for a resource is received by a processing device. The request is initiated by a guest application. A determination is made by the processing device of whether an initialization of the guest application is completed. In response to a determination that the initialization of the guest application is completed, at least one system call associated with the request initiated by the guest application is blocked to reject execution of the request for the resource.

Abstract: A virtualization infrastructure control apparatus (10) includes an operation parameter monitoring unit (122) configured to acquire an operation parameter, a resource monitoring unit (121) configured to acquire predetermined load information, and a migration determination unit (111). The migration determination unit (111) determines to execute live migration when the migration determination unit (111) determines that the operation parameter satisfies a predetermined operation condition and that a load is low by comparing a predetermined load information with a predetermined threshold, whereas the migration determination unit (111) determines to execute healing when the migration determination unit (111) determines that the operation parameter does not satisfy the predetermined operation condition or that the load is high by comparing the predetermined load information with the predetermined threshold.

Abstract: In an updating method according to the present embodiment, a virtual machine (50-1A) is stopped, a virtual machine (50-1B) is started up using a new VM image (30-1B) to which a link to a database (20-1) is set, and the virtual machine (50-1B) is switched to an active system. A virtual machine (50-0A) is stopped and a virtual machine (50-0B) is started up using a new VM image (30-0B) to which a link to a database (20-0) is set.

Abstract: A data storage environment can include one or more virtual machines instantiated on a host computing device. Based on physical location data of the one or more virtual machines received from the host computing device, a storage manager can control the performance of a secondary copy operation on one or more storage units that store virtual machine data associated with the one or more virtual machines and/or the performance of a secondary copy operation on the one or more virtual machines.

Abstract: An aggregation packet forwarding method and a system for the same are provided. The method includes: configuring a first NIC to transmit to-be-forwarded packets to an aggregation module; configuring the aggregation module to generate an aggregated packet according to packet characteristics of the to-be-forwarded packets; configuring a first processing unit to execute a first NIC driver to process the aggregated packet generated by the aggregation module and send them to an L2 forwarding module; configuring the L2 forwarding module to transmit the aggregated packet according to an L2 forwarding table; configuring a second processing unit to execute a second NIC driver to process the aggregated packet and send the aggregated packet to a deaggregation module; configuring the deaggregation module to deaggregate the aggregated packet into the to-be-forwarded packets, and send the to-be-forwarded packets to the second NIC; and configuring the second NIC to receive the to-be-forwarded packets.

Abstract: Described herein are systems and methods that manage machine backups, including the creation of virtual machine packages sufficient to instantiate virtual machines corresponding to the backups. In one aspect, a compute infrastructure includes many machines, which may be either physical or virtual. From time to time, snapshots of the states of these target machines are pulled and saved. Virtual machine packages corresponding to these snapshots are also created. A virtual machine package can be used to instantiate a virtual machine (VM) emulating the target machine with the saved state on a destination virtual machine platform. At some point, the initial VM package for a target machine is created by converting the snapshot to a VM package. However, this may take a long time. Later VM packages can instead be created by updating a prior VM package according to differences between the corresponding snapshots, rather than performing the full conversion process.

Abstract: Techniques are described herein for performing thread-local garbage collection. The techniques include automatic profiling and separation of private and shared objects, allowing for efficient reclamation of memory local to threads. In some embodiments, threads are assigned speculatively-private heaps within memory. Unless there is a prior indication that an allocation site yields shared objects, then a garbage collection system may assume and operate as if such allocations are private until proven otherwise. Object allocations in a private heap may violate the speculative state of the heap when reachable outside of the thread. When violations to the speculative state are detected, an indication may be generated to notify the garbage collection system, which may prevent thread-local memory reclamation operations until the speculative state is restored.

Abstract: A scheduling control device performs scheduling that includes generating a directed graph having a source node, n layers of nodes, each layer of nodes of the n layers of nodes consisting of k nodes respectively corresponding to k job processing devices, and a destination node, a cost required for processing a job being allocated to each node of the n layers of nodes as a weight, a cost required for migrating the job from one of job processing devices to another one of the job processing devices being allocated as a weight on an edge; and calculating a shortest path from the source node to the destination node in the directed graph as a result of scheduling.

Abstract: A technique enables recovery of failover data used to generate one or more High Frequency Snapshots (HFSs) at a source and replicated to a target for storage and recovery. The target is illustratively an intermediary repository embodied as a long-term storage service (LTSS) configured to organize and store the HFSs as recovery points (RPs) in an object store. The LTSS stores a HFS identifier (ID), a logical offset in an object of the object store storing data of the HFS, and a logical timestamp associated with each replicated HFS as a key of a segment descriptor in a key-value database configured to store metadata describing the failover data of the HFS stored as one or more objects in the object store. Upon recovery of the failover data, the technique enables identification of the HFS stored in the object store and creation of a HFS index metadata structure (B+ tree) to extract the identified HFS as a RP.

Abstract: The present disclosure involves systems, software, and computer implemented methods for remotely executing binaries in a containerized computing environment using a lightweight inter-process communications protocol (IPC) and UNIX domain sockets. One example method includes establishing, in a shared computing image comprising a plurality of containers, a listening UNIX domain socket, where the listening UNIX domain socket is shared between all containers in the shared computing image. A request to execute a binary in the target container is received at a target container and from a client container using the listening UNIX domain socket. A worker service is generated in the target container. The worker service executes the binary in the target container. A return exit code associated with the executed binary is received and sent to the client container using the UNIX domain socket.

Abstract: An example method of scheduling a workload in a virtualized computing system including a host cluster having a virtualization layer directly executing on hardware platforms of hosts is described. The virtualization layer supports execution of virtual machines (VMs) and is integrated with an orchestration control plane. The method includes: receiving, at the orchestration control plane, a workload specification for the workload; selecting, at the orchestration control plane, a plurality of nodes for the workload based on the workload specification, each of the plurality of nodes implemented by a host of the hosts; selecting, by the orchestration control plane in cooperation with a virtualization management server managing the host cluster, a node of the plurality of nodes; and deploying, by the orchestration control plane in cooperation with the virtualization management server, the workload on a host in the host cluster implementing the selected node.

Abstract: A system architecture can be used to facilitate communication among applications that are native and/or non-native to an application environment. The system architecture can include a first application environment executed on a client-side computing device. The first application environment can execute software applications that are native thereto. The first application environment can further execute software applications that are native thereto, but which software applications themselves comprise second application environments of types different from the first application environment, and which software applications can therefore execute additional software applications that are non-native to the first application environment. The first application environment can further execute a computation engine that is configured to store and execute instructions received from the first software application, the second software application, or both.

Abstract: Aspects of the present disclosure provide systems, methods, and computer-readable storage media that support configuration of cloud-based functionality. A configuration device is provided and includes a data processing module, a modelling module, and a loading module. The data processing module provides functionality for compiling information for use in configuring the cloud-based functionality in a requirements compliant manner. The modelling module may include various machine learning modules configured to evaluate configuration workbooks for compliance with requirements specified by a user. The modelling module may output recommendations for improving compliance of the configuration workbooks and appropriate changes may be made. The loading module may be configured to obtain templates applicable to the cloud-based functionality being configured and to extract appropriate data from the (updated) configuration workbooks.

Abstract: Systems and methods are disclosed relating to data processing and/or storage. According to some illustrative implementations, there are provided innovations herein involving aspects of symbiotic data storage.

Abstract: Embodiments of the present disclosure include systems and methods for managing the configuration and execution of executable controls. In particular, a control execution management system may enable organizations to configure executable controls relating to certain internal and/or external processes, and for configuration and execution data for the executable controls to be maintained by the organizations, for example, in a distributed ledger (e.g., a blockchain network). Continuously monitoring configuration and execution data of the executable controls may enable an organization to always have updated information relating to the executable controls and how they impact their associated internal and/or external processes, thereby enabling the organization to, for example, provide such information to regulatory agencies, relevant stakeholders, and so forth.

Abstract: Apparatuses, methods and storage medium associated with in-vehicle computing, are disclosed herein. In embodiments, an in-vehicle system computing platform having a hypervisor to host one or more virtual machines (VMs) includes a memory shrink manager, and a memory snapshot manager. The memory shrink manager is configured to orchestrate shrinking a memory footprint of one of the one or more VMs for a suspend process invoked in response to the computing platform being powered off. The memory snapshot manager is configured to save the shrunken memory footprint of the one VM to the persistent storage during the suspend process, and to reload a subset of the saved shrunken memory footprint during a resume process to resume the one VM from suspension to the persistent storage. The resume process is invoked in response to the computing platform being powered on, cold booted.

Abstract: Accessing information associated with a virtual memory address by receiving a virtual memory address, translating the virtual memory address into a nominal physical memory address, receiving the nominal physical memory address at a memory migrator, and using the memory migrator to determine an old physical memory address corresponding to the nominal physical memory address and access the information at the old physical memory address or a new physical memory address. The accessing operation may be performed as part of migrating the information from an old physical memory location corresponding the old physical memory address to a new physical memory location corresponding to the new physical memory address.

Abstract: Methods and systems for managing provisioning of virtual machines. Virtual machines may host applications that may provide computer implemented services. Various hardware resources may be allocated to the virtual machines via a hypervisor. As the workloads of the applications change, the virtual machines may become over or under provisioned. To manage provisioning of virtual machines, various types of resource consumption estimates may be obtained. The resource consumption estimates may be used to ascertain how to provision various virtual machines to reduce or eliminate inefficient allocations of hardware resources for use by the virtual machines.

Abstract: A system, method, and computer-readable medium are disclosed for servicing and managing a bare metal information handling system. An embedded lightweight operating system on the bare metal information handling system is booted up. The embedded lightweight operating system initiates a platform inference engine which is provided rules and policies as to applications to be run on the bare metal information handling system. The platform inference engine initiates a secure workspace launcher to launch a user workspace user experience environment. The user workspace user experience environment is provided on the bare metal information handling system.

Abstract: A method to deploy a plurality of event-driven application components of an event-driven application in a distributed computing environment is described. The method includes automatically analyzing application source code of the event-driven application, using one or more processors, to identify relationships between the plurality of event-driven application components. Thereafter, a set of rules are applied to, based on the automatic analysis, generate assignment data recording assignments of event-driven application components to a plurality of computational nodes in the distributed computing environment. The set of rules is also applied to determine component requirements for each of the plurality of event-driven application components required to support execution at an assigned computational node in the distributed computing environment.

Abstract: Credentials management and usage in application modernization can be implemented as computer-readable methods, media and systems. A notification identifying an application modernization operation is received. The operation is to be performed on an application deployed by multiple resources arranged in multiple hierarchical levels. A resource residing at a hierarchical level of the multiple hierarchical levels is identified. The application modernization operation is to be performed on the identified resource which has a resource type. A search for a credential is performed. The credential grants access to the resource to enable performing the application modernization operation. In response to the searching, a credential included in the multiple credentials is identified. The identified credential grants access either to the resource or to resources of the resource type. In response to receiving the notification, the identified credential is provided.

Abstract: A technique for locking a blockchain transaction based on undetermined data, using a blockchain network. A locking node may include a locking script in a blockchain transaction to lock a digital asset. The locking script includes a public key for a determined data source and instructions to cause a validating node executing the locking script to verify the source of data provided in an unlocking script by: a) generating a modified public key based on the public key for the determined data source and based on data defined in the unlocking script; and b) evaluating a cryptographic signature in the unlocking script based on the modified public key. The blockchain transaction containing the locking script is sent by the locking node to the blockchain network. The lock may be removed using a cryptographic signature generated from a private key modified based on the data.

Abstract: Techniques are described for enabling users of a cloud provider network to create policies used to control the use of temporary security credentials by computing resources other than a computing resource to which the credentials were issued. An identity and access management service encodes, into temporary security credentials, information about the virtual private network to which the credentials are issued. When a computing resource subsequently issues requests to perform actions and uses the temporary security credentials to sign the request, the cloud provider network further adds, to the network traffic, information associated with the virtual private network from which the request originates. A user can then create a policy with a statement indicating that request are to be permitted only if, e.g., the identity of the virtual private network as encoded in the temporary security credentials matches the identity of the virtual private network identified by the information included in the request.

Abstract: Hot restart of a hypervisor by replacing a running first hypervisor by a second hypervisor with minimally perceptible downtime to guest partitions. A first hypervisor is executed on a computing system. The first hypervisor is configured to create one or more guest partitions. During the hot restart, a service partition is generated and initialized with a second hypervisor. At least a portion of runtime state of the first hypervisor is migrated and synchronized to the second hypervisor using inverse hypercalls. After the synchronization, the second hypervisor is devirtualized from the service partition to replace the first hypervisor. Devirtualizing includes transferring control of hardware resources from the first hypervisor to the second hypervisor, using the previously migrated and synchronized runtime state.

Abstract: A method for storing time-based data streams in a high-capacity network is provided. A time-based data storage request is received from an application. The data storage request is associated with one or more data streams. Each of the data streams includes a plurality of time-ordered items having a header. The header includes two or more timestamps representing a time interval associated with each of the plurality of time-ordered items. The received data storage request is processed to accumulate time-ordered data items in a plurality of data files and to identify time-based information and corresponding virtual offset information related to the accumulated data items. The identified time-based information and the virtual offset information related to the accumulated data items are stored in a data repository. A determination is made whether adjustment is necessary for sorting the stored data in the repository. The sorting adjustment is selectively performed responsive to the determination.

Abstract: Systems and methods of the disclosure include: identifying, by a destination host computer system, a first memory page residing in a memory of the destination host computer system; transmitting, by the destination host computer system, at least a part of the first memory page to a source host computer system; receiving, by the destination host computer system, a confirmation from the source host computer system that the first memory page matches a second memory page associated with a virtual machine to be migrated from the source host computer system to the destination host computer system; and associating, by the destination host computer system, the first memory page with the virtual machine.

Abstract: A processing system allows external systems to customize and extend services without increasing system intricacy. The processing platform maintains cloud containers that support virtual machines for external systems. An external system provides code for execution on a virtual machine that is supported by a cloud container. Cloud containers provide a boundary for executing code such that the processing platform may limit types of code an external system can run at a cloud container. The external system code can provide new services or may build upon existing public services, and external systems may designate their services as being available to other external systems by publishing the access information in a global application programming interface (API) maintained by the processing platform. Since the external systems submit instructions for execution within their assigned cloud containers, the services and applications are developed without affecting the underlying functionality of the processing platform.

Abstract: Embodiments of an overlay network with innovative virtual network switches and related network interface controllers are disclosed. According to one embodiment, the overlay network may comprise at least one virtual network switch (VNS), wherein each VNS is installed within a corresponding first processing endpoint which is logically above a virtualization layer of a virtual network. And, the VNS may be configured to intercept data packets transmitted on a network layer logically below the virtualization layer of the virtual network. The VNS may comprise: (a) a manager element configured to connect to at least one virtual network interface controller (VNIC), each VNIC being installed within a corresponding second processing endpoint of the virtual network, the second processing endpoint being separate from the first processing endpoint; (b) a replicator node configured to replicate and route the data packets; and (c) a switch controller configured to control the first replicator node.

Abstract: System and method for reducing latency for nested virtual machines. An example method may include: running, by a host computer system, a hypervisor managing a first virtual machine associated with a first virtual processor (vCPU) implemented by a first processing thread, wherein the first virtual machine manages a second virtual machine; creating, by the hypervisor, a second processing thread implementing a second vCPU associated with the second virtual machine; and responsive to receiving an interrupt directed to the second virtual machine, causing, by the hypervisor, the second processing thread to process the interrupt.

Abstract: A computer processing system having a first memory with a first set of memory pages resident therein and a second memory coupled to the first memory. A resource tracker provides information to instances of a long short-term memory (LSTM) recurrent neural network (RNN). A predictor identifies memory pages from the first set of memory pages for prediction by the one or more LSTM RNN instances. The system groups the memory pages of the identified plurality of memory pages into a number of patterns based on a number of memory accesses per time. An LSTM RNN instance predicts a number of page accesses for each pattern. A second set of memory pages is selected for moving from the first memory to the second memory.

Abstract: A method and apparatus are disclosed of monitoring a number of virtual machines operating in an enterprise network. One example method of operation may include identifying a number of virtual machines currently operating in an enterprise network and determining performance metrics for each of the virtual machines. The method may also include identifying at least one candidate virtual machine from the virtual machines to optimize its active application load and modifying the candidate virtual machine to change its active application load.

Abstract: Methods and systems for managing operation of data processing systems are disclosed. To manage the operation of the data processing systems, the data processing systems may include a port and a management controller that may selectively takeover the port from the host. When taken over, the management controller may use the port to attempt to obtain data usable to modify the operation of one or more modules of the data processing system. The modules may be modified to resolve incompatibilities between the modules. By resolving incompatibilities, data processing systems hosting incompatible modules may be returned to desired operation.

Abstract: Techniques are provided for on-demand creation and/or utilization of containers and/or serverless threads for hosting data connector components. The data connector components can be used to perform integrity checking, anomaly detection, and file system metadata analysis associated with objects stored within an object store. The data connector components may be configured to execute machine learning functionality to perform operations and tasks. The data connector components can perform full scans or incremental scans. The data connector components may be stateless, and thus may be offlined, upgraded, onlined, and/or have tasks transferred between data connector components. Results of operations performed by the data connector components upon base objects may be stored within sibling objects.

Abstract: Described embodiments provide systems and method for determining action insights to address, correct or fix application failures. A device can identify an assignment of a user to a virtual machine and the assignment can enable launch of an application with use of the same virtual machine on behalf of the user. The virtual machine can be one of a delivery group of virtual machines. A threshold can be determined for the virtual machine that indicates a likely failure of the virtual machine to launch the application based data about performance of the delivery group. The device can modify the assignment of a user from the virtual machine to another virtual machine of the delivery group based on a comparison of a load on the virtual machine and the determined threshold, so as to avoid failure of the application to launch.

Abstract: Techniques that enable a hypervisor to (1) maintain shared memory pages and (2) handle memory accounting for VMs that are suspended to and resumed from the volatile memory of a host system are provided. Regarding (1), the hypervisor can maintain shared memory pages in volatile memory across the suspend-to-memory and resume-from-memory operations, without having to save their reference counts. Regarding (2), the hypervisor can keep track of the volatile memory reserved and consumed by VMs as they are suspended and resumed, without erroneously double counting that memory.

Abstract: A device may receive and store credentials identifying security levels of users for access to functionalities of an on-premises device, and may receive a credential of a user and a request to access a functionality of the on-premises device. The device may determine whether a security level of the credential matches a first security level of the credentials, and may reject the request when the security level fails to match the first security level. The device may determine, when the security level matches the first security level, whether a computing resource of the on-premises device matches a computing resource of the first security level, and may provide the user with access to the computing resource when the computing resource matches the computing resource of the first security level. The device may reject the request when the computing resource fails to match the computing resource of the first security level.

Abstract: Systems and methods are disclosed for a geofence-based location tracking and notification triggering system. One of the methods includes obtaining location information associated with a user device; accessing information indicating entities located within one or more threshold distances of the obtained location; determining whether a user of the user device satisfies constraints specified by the entities; and generating a notification to be provided to the user device, the notification indicating information associated with at least one entity for which the user satisfies specified constraints. Preferably, the notification is in the form of a text messages, which provides advantages for real-time notifications with increased spatial relevance to a user.

Abstract: The present disclosure is directed to distributing processing capabilities throughout different nodes in a wireless mesh network. Methods and apparatus consistent with the present disclosure increase the efficiency of communications in a wireless mesh network because they help minimize the need to forward communications to other nodes in the wireless mesh network such that an evaluation can be performed. Apparatus and methods consistent with the present disclosure may distribute ratings or verdicts associated with previous requests to access data to different nodes in a wireless mesh network without generating additional wireless communications through the wireless mesh network. Apparatus and methods consistent with the present disclosure distribute content ratings to different nodes in a wireless network such that different wireless nodes may block redundant requests to undesired content without increasing messaging traffic.

Abstract: A method for automatically reregistering a clone virtual machine with a cloud security monitoring service is provided. The method generally includes detecting a connection between a cloud agent running in a virtual machine on a host and a hypervisor module on the host. In response to detecting the connection, the cloud agent queries the hypervisor module for one or more first identifiers of the virtual machine. The method generally includes checking a database, by the cloud agent, for one or more second identifiers stored in the database matching the one or more first identifiers received from the hypervisor module and, based on finding no second identifiers stored in the database matching the one or more first identifiers, sending a request to the cloud security monitoring service to register the virtual machine with the cloud security monitoring service.

Abstract: In an approach to providing virtualized hardware resources, one or more reconfigurable hardware devices (RHDs) are configured to instantiate a first virtual System-on-Chip (vSoC) instance of one or more vSoC instances, the first vSoC instance implementing at least one virtualized system component.

Abstract: An apparatus and method is provided for simulating a physical computer system using virtualization. The disclosed system virtualizes devices of a physical computer system by modeling hardware and software components that are physically present within the physical computer system. The system simulates changing at least one of a piece of hardware or software in the virtualized computer system and assesses an effect of the change in the virtualized computer system to determine a potential effect of the change if the change were implemented on the physical computer system.