Abstract: Systems and methods are described for adjusting a number of concurrent code executions allowed to be performed for a given user on an on-demand code execution environment or other distributed code execution environments. Such environments utilize pre-initialized virtual machine instances to enable execution of user-specified code in a rapid manner, without delays typically caused by initialization of the virtual machine instances. However, to improve utilization of computing resources, such environments may temporarily restrict the number of concurrent code executions performed on behalf of the given user to a number less than the maximum number of concurrent code executions allowed for the given user. Such environments may adjust the temporary restriction on the number of concurrent code executions based on the number of incoming code execution requests associated with the given user.

Abstract: A method includes storing a plurality of workloads in a first disk resource associated with a high end disk classification. The method further includes determining a corresponding activity level for each of the plurality of workloads. The method also includes classifying each of the plurality of workloads into a first set indicative of high-priority workloads and a second set indicative of low-priority workloads based on whether the corresponding activity level is greater than a threshold activity level. The method further includes determining whether a second disk resource associated with a low end disk classification can accommodate storage of a first particular workload in the second set based on an available storage capacity of the second disk resource. The method additionally includes migrating the first particular workload from the first disk resource to the second disk resource.

Abstract: Embodiments include methods and devices for migrating virtual assets over networks that have a first manager connected to a physical host a virtual machine run. Aspects include registering the physical host to a second manager in the network, creating the mapping relationship of the physical host between a database of the first manager and a database of the second manager and importing instance data and status data of the virtual machine of the physical host from the database of the first manager into the database of the second manager. Aspects also include switching the management for the physical host from the first manager to the second manager.

Abstract: This disclosure describes techniques for utilizing VXLANs within a network, such as a data center, for transporting L2 customer communications. Moreover, the disclosure describes techniques for auto-discovering, for each VXLAN, a corresponding replication node for replicating and distributing unknown destination, broadcast, and multicast frames to VXLAN Tunnel Endpoints (“VTEPs”) within the data center. Further, the techniques facilitate, by the replication node, discovery and auto-registration of the VTEPs for the respective customer network. As such, the techniques may facilitate configuration of VXLANs without necessarily relying on multicast protocols to provide such functionality. In this way, the techniques described herein may be used to supplement or even replace reliance on multicast protocols, such as the Protocol Independent Multicast (PIM) protocol, when configuring VXLANs within a network.

Abstract: A management system and method that generally allocates a virtual function to a virtual function definition of a virtual server, where the virtual function definition of the virtual server is previously assigned with a unique function identifier, and assigns the unique function identifier to the virtual function in response to the allocating of the virtual function, where the unique function identifier causes a discovery of the virtual function by the virtual server.

Abstract: Embodiments include methods and devices for migrating virtual assets over networks that have a first manager connected to a physical host a virtual machine run. Aspects include registering the physical host to a second manager in the network, creating the mapping relationship of the physical host between a database of the first manager and a database of the second manager and importing instance data and status data of the virtual machine of the physical host from the database of the first manager into the database of the second manager. Aspects also include switching the management for the physical host from the first manager to the second manager.

Abstract: Approaches for synchronizing resources of a virtualized web browser. When a virtualized web browser is instructed to display a web page, a host module executing within a host operating instructs retrieves, from each of one or more virtual machines, contents for a portion of the web page. The virtualized web browser assembles the contents and displays the web page. A web browser executing in the host operating system may, but need not, retrieve any of the content displayed thereby. Instead, the content retrieved by the web browser executing in the host operating system may be retrieved by and rendered within a virtual machine. The behavior of the virtualized web browser may be configured using policy data.

Abstract: A device management method including receiving, at an electronic device including a first operating system and a second operating system, a policy for the first or second operation system from an external server by a device management module of the first operating system, sending, by the device management module, the policy to a host management module of the first operating system in communication with the second operating system, and applying, by the host management module, the policy to the second operating system.

Abstract: A switch includes at least a first table and a second table different in mapping of egress information of a network and user information to a packet. The first table is searched for a first packet received and operation according to an action corresponding to a search key of the first table is applied to the first packet to convert the first packet to a second packet. The second packet is supplied to the second table. The second table is then searched for the second packet. When the search key of the second table is matched, the operation according to the action corresponding to the search key of the second table is applied to the second packet to convert the second packet to a third packet (refer to FIG. 5).

Abstract: A main operating system interface engine can be configured to receive instructions from a main operating system of one or more host systems and can manage a virtualized operating system on the one or more host systems, the virtualized operating system appearing distinct from the main operating system to a user of the one or more host systems. A virtualization environment management engine can manage a virtualization environment, the virtualization environment using the virtualized operating system. A virtual machine management engine can manage one or more virtual machine instances in the virtualization environment, each of the one or more virtual machine instances operative to provide virtualized resources of the one or more host systems for a compute access system coupled to the one or more host systems.

Abstract: A virtual machine (VM) server may be used to enforce a set of security criteria upon a remote client device. The VM server may be configured to host a VM that has features that can be utilized by a user at the remote client device. The VM server may receive sensor data collected by one or more sensors of a remote sensor device. The VM server may identify that the sensor data satisfies at least a portion of the set of security criteria. The VM server may further identify that the remote client device is within a predetermined proximity of the remote sensor device. The VM server may further enable a user at the remote client device to utilize the features of the VM hosted on the VM server.

Abstract: A method and apparatus for monitoring and automatically reserving computing resources for operating an application within a computing environment is described. In one embodiment, the method for automatically resizing a virtual machine to optimize computer resource utilization includes monitoring a computing environment to detect an event, wherein the computing environment comprises a plurality of physical machines for operating at least one virtual machine and in response to an occurrence of the event within the computing environment, configuring the at least one virtual machine, wherein reserved portions of computer resources are allocated to a virtual machine of the at least one virtual machine for operating an application.

Abstract: In one example, a method for data backup includes surveying a database availability group (DAG) that includes multiple nodes which are each associated with one or more databases, to determine a distribution of the databases across the nodes. Next, federated logic is used to create a profile of the DAG based on the survey, and the profile is used to generate a dynamic preferred server order list (PSOL). Load balancing for the DAG is performed using the dynamic PSOL, and the dynamic PSOL is updated based on results of the load balancing. Finally, a federated backup of the databases is performed based on the updated dynamic PSOL.

Abstract: Various systems, processes, and techniques may be used to allocate computer resources. In particular implementations, systems and processes for allocation of computer resources may include the ability to determine whether a request for allocation of computer resources has been received and determine a set of server computers able to fulfill requirements of the request. The systems and processes may also include the ability to identify one or more server computers in the set likely to successfully provide the computer resources and allocate the requested computer resources on an identified server computer.

Abstract: A method and apparatus for automated mirroring is presented. A network device running as a Fabric Attach (FA) server configured to mirror traffic to a Remote Switch Port Analyzer (RSPAN) Virtual Local Area Network (VLAN), issues an FA Type Length Value (TLV) on its uplink to the FA server. The TLV includes a request to associate said RSPAN VLAN with a Service Identifier (I-SID) used to carry mirror traffic in a network. The network device sends the mirrored traffic on the RSPAN VLAN on its uplink to the FA server. The network device signals the I-SID into the network, and detects receive interest in the I-SID. The network device delivers the mirrored traffic to devices that expressed a receive interest in the mirrored traffic.

Abstract: A service is disclosed that allows configuration, management and deployment of instances. A configuration document can be stored by the service and one or more instance identifiers can be linked to the configuration document. As a result, multiple instances can be launched and configured using a single configuration document allowing for a consistent result across instances. Local agents running on the instances can execute plug-ins in order to effectuate the configuration. As a result, administrators of instances can configure, manage and easily deploy their unique instance configurations. Customers who manage their instances can scale and manage their entire fleet with repeatable configuration tasks that seamlessly integrate into their instance workflow.

Abstract: One embodiment provides an apparatus. The apparatus includes an input output memory management unit (I/O MMU), a non-secure operating system (OS) driver, a secure OS driver and a virtual machine monitor (VMM). The I/OMMU is to couple an I/O Controller to a memory. The I/O Controller is coupled to a secure device and a non-secure device and has one I/O Controller identifier. The non-secure OS driver is associated with the non-secure device. The secure OS driver is associated with the secure device. The VMM is to allocate a secure address space to a secure OS and a non-secure address space to a non-secure OS. The secure address space is non-overlapping with the non-secure address space.

Abstract: Disclosed aspects relate to resource usage management in a stream computing environment that includes a set of hosts having a set of processing elements which has a set of stream operators. A first activity indicator may be detected for a first subset of the set of stream operators. A resource action for performance with respect to the first subset of the set of stream operators may be determined based on the first activity indicator. The resource action may be performed with respect to the first subset of the set of stream operators to benefit resource usage in the stream computing environment.

Abstract: A management system and method that generally allocates a virtual function to a virtual function definition of a virtual server, where the virtual function definition of the virtual server is previously assigned with a unique function identifier, and assigns the unique function identifier to the virtual function in response to the allocating of the virtual function, where the unique function identifier causes a discovery of the virtual function by the virtual server.

Abstract: Disclosed are examples of observing and measuring virtual machine (VM) activity in a VM communication system environment. According to one example embodiment, an example operation may include transmitting a request from a physical host device to monitor at least one virtual machine among various virtual machines currently operating in a virtual communication system. Additional operations may include determining which of the virtual machines are actively accessing a predetermined virtual application, such as a virtual storage application. The operations may also include receiving present operating activity results regarding the virtual machines responsive to the transmitted request.

Abstract: Load balancing reduces memory consumption in a virtual computing environment. Disk blocks in a cluster of hosts are monitored for redundancy. Execution of virtual machines may be migrated to different hosts within the cluster to balance loading.

Abstract: A method of providing migration of active virtual machines by performing data migrations between data centers using distributed volume and stretched cluster mechanisms to migrate the data synchronously within the distance and time latency limits defined by the distributed volume protocol, then performing data migrations within data centers using local live migration, and for long distance data migrations on a scale or distance that may exceed synchronous limits of the distributed volume protocol, combining appropriate inter- and intra-site data migrations so that data migrations can be performed exclusively using synchronous transmission.

Abstract: The subject technology addresses the need in the art for improving intra-cloud migration of virtual machines in a cloud computing environment. A hash database may be prepopulated with key-value pairs corresponding to hash IDs and associated data chunks of a virtual machine image. In this regard, the virtual machine image may be divided into chunks using boundaries chosen by a Rabin fingerprinting technique. A hash (e.g., MD5 or SHA-1) may be computed over each chunk and act as a unique identifier for the data contained in each chunk. At appropriate times, one or more hash IDs are sent instead of the actual data chunks between clouds when performing the inter-cloud migration of a virtual machine.

Abstract: Embodiments disclosed herein generally relate to a method and system for automatically updating a virtual machine image of one or more virtual machines of an auto-scaling group. A computing system receives an indication to update a virtual machine image of a plurality of virtual machines in a plurality of auto-scaling groups. Computing system identifies a subset of the plurality of auto-scaling groups that contains a hydration tag. Computing system locates a version of the virtual machine image different from a current version of the virtual machine image. For each auto-scaling group in the subset of auto-scaling groups, computing system clones a launch configuration for the virtual machines in the auto-scaling group. Computing system stores data associated with each auto-scaling group in a remote location. Computing system updates the virtual machine image of the virtual machines in each auto-scaling group with the new version of the virtual machine image.

Abstract: In one embodiment, a set of lock and unlock instructions in a read phase of a computer-readable program is replaced with a first set of tracking instructions, wherein the first set of tracking instructions track a set of locked objects identifying objects that would have been locked by executing the set of lock and unlock instructions. A second set of tracking instructions is inserted into the read phase of the computer-readable program, wherein the second set of tracking instructions track a set of read objects indicating versions of objects that are read. Validation instructions are inserted into the computer-readable program, wherein the validation instructions validate that the versions of objects in the set of read objects have not changed since they were last read and lock the set of locked objects that would have been locked upon completing execution of the set of lock and unlock instructions.

Abstract: An enhanced dynamic address translation facility product is created such that, in one embodiment, a virtual address to be translated and an initial origin address of a translation table of the hierarchy of translation tables are obtained. Dynamic address translation of the virtual address proceeds. In response to a translation interruption having occurred during dynamic address translation, bits are stored in a translation exception qualifier (TXQ) field to indicate that the exception was either a host DAT exception having occurred while running a host program or a host DAT exception having occurred while running a guest program. The TXQ is further capable of indicating that the exception was associated with a host virtual address derived from a guest page frame real address or a guest segment frame absolute address. The TXQ is further capable of indicating that a larger or smaller host frame size is preferred to back a guest frame.

Abstract: A file system that balances the loading of filers and the capacity of drives that are associated with the filers is described. The file system includes a first disk drive that includes a first unused capacity and a second disk drive that includes a second unused capacity, wherein the second unused capacity is smaller than the first unused capacity. The file system further includes a first filer that is configured to fill requests from clients through access to at least the first disk drive. The file system further includes a second filer that is configured to fill requests from clients through access to at least the second disk drive. The second filer is configured to select an infrequently accessed file from the second disk drive and to push the infrequently accessed files to the first disk drive, thereby improving a balance of unused capacity between the first and second disk drives without substantially affecting a loading for each of the first and second filers.

Abstract: A system according to an embodiment of the present invention includes at least two virtual machines running on a hardware platform using either a hosted or a bare metal hypervisor. The virtual machines may communicate with an agent-server resident in the host operating system or in one of the virtual machines to switch control of the hardware component, such as graphics hardware, from one virtual machine to another.

Abstract: A source virtual machine (VM) hosted on a source server is migrated to a destination VM on a destination server without first powering down the source VM. After optional pre-copying of the source VM's memory to the destination VM, the source VM is suspended and its non-memory state is transferred to the destination VM; the destination VM is then resumed from the transferred state. In one embodiment, the source VM memory is either paged into the destination VM on demand, or is transferred asynchronously by pre-copying and write-protecting the source VM memory, and then later transferring only the modified pages after the destination VM is resumed. In one embodiment, the source and destination servers share common storage, in which the source VM's virtual disk is stored; this avoids the need to transfer the virtual disk contents.

Abstract: A system that includes a switched fabric hierarchy (e.g., a PCIe hierarchy) may realize efficient utilization of a shared I/O device (e.g., a network or storage switch) across multiple physically separate processing nodes (endpoints). For example, each processing node (endpoint) in a distributed processing system may be allocated a portion of the address map of a shared I/O device and may host a device driver for one of multiple virtual functions implemented on the shared device. Following enumeration and initialization of the hierarchy by the root complex, the endpoints may access the virtual functions directly (without intervention by the root complex). Data and interrupt traffic between endpoints and virtual functions may take place over peer-to-peer connections. Interrupt reception logic in each endpoint may receive and handle interrupts generated by the virtual functions. The root complex may host a device driver for a physical function on the shared device.

Abstract: A resource manager of a virtualized computing service indicates to a client that FPGA-enabled compute instances are supported at the service. From a set of virtualization hosts of the service, a particular host from which an FPGA is accessible is selected for the client based on an indication of computation objectives of the client. Configuration operations are performed to prepare the host for the application, and an FPGA-enabled compute instance is launched at the host for the client.

Abstract: Capacity enhancement of a direct communication link using a variable redundancy delivery network. An estimated information rate between a source node and a terminal node may be partitioned into a first information rate provided via the direct communication link and a second information rate to be provided via the variable redundancy delivery network. One or more parameters of the variable redundancy delivery network may be calculated to provide the second information rate based on a non-uniform probability density of messages requested by the terminal node. Capacity and reliability of storage media devices in the variable redundancy delivery network may be traded off to provide the second information rate. The variable redundancy delivery network may implement various coding schemes and per-message coding rates that may be determined based on the non-uniform probability distribution of the source message library.

Abstract: A system for providing low-latency computational capacity from a virtual compute fleet is provided. The system may be configured to maintain a plurality of virtual machine instances on one or more physical computing devices, wherein the plurality of virtual machine instances comprises a first pool comprising a first sub-pool of virtual machine instances and a second sub-pool of virtual machine instances, and a second pool comprising virtual machine instances used for executing one or more program codes thereon. The first sub-pool and/or the second sub-pool may be associated with one or more users of the system. The system may be further configured to process code execution requests and execute program codes on the virtual machine instances of the first or second sub-pool.

Abstract: A computer implemented method and apparatus is disclosed that includes programming to generate, spawn, or invoke a mother script in a virtual computing environment residing on a physical server. The methods and systems dynamically generate, spawn, or invoke at least one virtual machine embedded with one or more daughter scripts or virtual scripts containing adaptive instruction sets based on a first request, in the form of one or more virtual atoms, where each virtual atom has at least one assigned task and is allowed to connect to other virtual atoms to create one or more virtual computing systems or networks, in the form of one or more virtual molecules.

Abstract: An information processing system includes circuitry configured to identify a plurality of systems that each access at least one of a plurality of virtual machines executed by a server, generate, for each system, a value indicating whether performance of the system satisfies an agreement for the system if a virtual machine accessed by the system is stopped, determine a virtual machine to be stopped among the plurality of virtual machines based on the values.

Abstract: A mobile device includes a memory having at least one delegated administrator stored thereon, the delegated administrator is configured to apply a policy to the mobile device based on at least one permission a delegated administrator configured to apply a policy to the mobile device based on the at least one permission. The mobile device also includes at least one processor having a mobile device management (MDM) framework. The MDM framework receives the at least one permission from the device administrator, delegates the at least one permission to the delegated administrator, and enforces the policy on the mobile device.

Abstract: A telecommunications edge cloud (TEC) element deployed between a client and a packet network includes a TEC hardware layer including storage resources, networking resources, and computing resources, wherein the computing resources include a plurality of processors. A TEC operating system (TECOS) is coupled to the TEC hardware layer and configured to control and manage the storage resources, the networking resources, and the computing resources, wherein the TECOS is executed by one of the processors, a TEC application layer coupled to the TECOS, wherein the TEC application layer is configured to process a request from the client using the TECOS, wherein the computing resources are configured to provide a service to the client when the request is a service request, and wherein at least one of the networking resources and the storage resources is configured to provide data to the client when the request comprises a data request.

Abstract: Disclosed herein are systems and methods to integrate and manage a computer network operations (CNO) infrastructure. A framework may include CNO applications that are used to find a target computer system, breach the target, extract data therefrom and analyze the data. A CNO organization in a secure network can use the framework to maintain, manage and monitor CNO applications in an unsecured network without compromising security from counter-attacks. The framework remains engaged with targeted computer systems during routine maintenance, management and monitoring processes to mitigate loss of mission opportunities. The framework utilizes virtual instances to provision CNO capabilities for missions operations that couple the secure and unsecured networks in an asynchronous manner while allowing bidirectional communications between the framework and computers on their respective network.

Abstract: In one example, a method and apparatus for dynamic routing of user contexts are disclosed. In one example, a method for supporting a context associated with a connection between a user and a first virtual machine of a virtual function includes receiving a notification of a change in a behavior of the user that affects the context, wherein the context is supported by the first virtual machine of the virtual function, and reassigning the context to a second virtual machine of the virtual function, different from the first virtual machine, based at least in part on the change in the behavior.

Abstract: A system and method for providing a virtual assembly builder for use with a cloud computing environment. In accordance with an embodiment, the system can include a virtual assembly builder component which maintains a repository of virtual assembly archives, wherein each virtual assembly can include a metadata and one or more virtual machine templates that can be used to instantiate an instance of the assembly; and a virtual assembly builder deployer provided as a web service or other interface, which enables operations for uploading virtual assemblies to the repository, registering virtual assemblies with cloud components, and/or managing deployment instances defined by an assembly.

Abstract: A computer system includes at least one processor, a first mass memory and a second mass memory. The computer system implements a master operating system core, a first operating system core and at least one second operating system core on the processor under control of the master operating system core. The memory controller provides the master operating system core with defined areas of a mass storage medium as a first mass memory and at least one second mass memory, each independent of one another, and controls mapping of the first mass memory and of the at least one second mass memory to the defined areas of the mass storage medium. The master operating system core allows the first operating system core and the at least one second operating system core to have exclusive access to at least one of the mass memories.

Abstract: Optimized placement of virtual machines in a cloud environment is based on factors that include processor-memory affinity. A smart migration mechanism (SMM) predicts an optimization score for multiple permutations of placing virtual machines on a target system to create an optimal move list. The optimization score is a theoretical score calculated using dynamic platform optimization (DPO). The SMM may allow the user to set initial parameters and change the parameters to create potential changes lists. The move lists are ranked to allow the user to select the optimal change list to provide the best affinity, quickest fulfillment of requirements and least disruption for a given set of parameters.

Abstract: Methods, systems, and computer program products are included for loading a code module. A method includes verifying, by a guest, a digital signature of a code module stored in an initial guest memory buffer. The guest copies the verified code module stored at the initial guest memory buffer into a target guest memory buffer and applies, using one or more symbol entries, one or more relocations to the verified code module stored at the target guest memory buffer. The guest sends a request to a hypervisor to set the target guest memory buffer to a write-protect mode. In response to a determination that first content stored in the initial guest memory buffer corresponds to second content stored in the target guest memory buffer, the guest sends a request to the hypervisor to set the target guest memory buffer to an executable mode.

Abstract: Optimized placement of virtual machines in a cloud environment is based on factors that include processor-memory affinity. A smart migration mechanism (SMM) predicts an optimization score for multiple permutations of placing virtual machines on a target system to create an optimal move list. The optimization score is a theoretical score calculated using dynamic platform optimization (DPO). The SMM may allow the user to set initial parameters and change the parameters to create potential changes lists. The move lists are ranked to allow the user to select the optimal change list to provide the best affinity, quickest fulfillment of requirements and least disruption for a given set of parameters.

Abstract: Maintaining a service on a cloud network may include receiving a set of status data associated with the service and performing a scale action on the cloud network based on a scale rule applied to the set of status data. The set of status data may be related to a set of resources utilized by the service, a performance level of the service, and a workload volume of the service. The scale rule may include a utilization condition, a quality condition, a workload condition, and a budget condition.

Abstract: An apparatus includes an extended capability register and an input/output (I/O) memory management circuitry. The I/O memory management circuitry is to receive, from an I/O device, an address translation request referencing a guest virtual address associated with a guest virtual address space of a virtual machine. The I/O memory management circuitry may translate the guest virtual address to a guest physical address associated with a guest physical address space of the virtual machine, and, responsive to determining that a value stored by the extended capability register indicates a restrict-translation-request-response (RTRR) mode, transmit, to the I/O device, a translation response having the guest physical address.

Abstract: Systems and methods for supporting efficient virtualization in a lossless interconnection network. An exemplary method can provide, one or more switches, including at least a leaf switch, a plurality of host channel adapters, wherein each of the host channel adapters comprise at least one virtual function, at least one virtual switch, and at least one physical function, a plurality of hypervisors, and a plurality of virtual machines, wherein each of the plurality of virtual machines are associated with at least one virtual function. The method can arrange the plurality of host channel adapters with one or more of a virtual switch with prepopulated local identifiers (LIDs) architecture or a virtual switch with dynamic LID assignment architecture. The method can assign each virtual switch with a LID. The method can calculate one or more linear forwarding tables based at least upon the LIDs assigned to each of the virtual switches.

Abstract: Technologies are generally described to allocation of virtual machines to physical machines through dominant resource assisted heuristics. According to some examples, multiple virtual machines (VMs) may be clustered to two or more unallocated VM clusters according to a dominant resource requirement associated with each of the VMs. The VMs may be sorted according to a size attribute associated with the dominant resource requirement. Multiple physical machines (PMs) may be sorted according to a power efficiency attribute associated with each of the PMs. One of the PMs may be selected from an ordered list of PMs based on the power efficiency attribute. One of the VMs may be selected from another ordered list of PMs based on the size attribute. The selected VM may then be allocated to the selected PM.

Abstract: Template-driven locally calculated policy updates for virtualized machines in a datacenter environment are described. A central control and monitoring node calculates and pushes down policy templates to local control and monitoring nodes. The templates provide boundaries and/or a pool of networking resources, from which the local control and monitoring node is enabled to calculate policy updates for locally instantiated virtual machines and containers.

Abstract: Certain aspects direct to systems and methods for platform simulation on virtual machine for development projects of a management controller on virtual machines. At least one virtual machine (VM) is provided to simulate a management controller and a host computing device for the management controller. The at least one VM includes: a firmware module for the management controller, configured to receive at least one output signal from the host computing device or from at least one device connected to the host computing device; and a simulator module configured to simulate the host computing device or the at least one device connected to the host computing device. In operation, the simulator module generates the at least one output signal based on configuration data of the host computing device or the device connected to the host computing device, and sends the at least one output signal to the firmware module.