Abstract: A system that includes a hypervisor configured to communicate packets comprising virtual machine operating characteristics metadata for guest virtual machines. The system further includes a virtual vault machine comprising a hypervisor device driver, a hypervisor device driver interface, and an analysis tool. The hypervisor device driver is configured to receive a packet comprising virtual machine operating characteristics metadata for a guest virtual machine and to communicate the virtual machine operating characteristics metadata to an analysis tool using the hypervisor device driver interface. The analysis tool is configured to correlate the virtual machine operating characteristics metadata to one of a cluster of known healthy guest virtual machines or a cluster of known compromised guest virtual machines using a machine learning algorithm and to classify the guest virtual machine.

Abstract: A method for monitoring a quantity of a computer device, including measuring values adopted by the quantity over time, determining a measured value, or extremum value, meeting at least one transmission criterion, in which the extremum value is a local extremum, and transmitting the extremum value.

Abstract: A system, method, and computer readable medium for providing application isolation to one or more applications. The system may include an isolated environment including application files and executables, and an interception layer intercepting access to system resources and interfaces. The system may further include an interception database maintaining mapping between the system resources inside the isolated environment and outside, and a host operating system, wherein the isolated environments are saved on at least one of a local and remote storage.

Abstract: A fault tolerant system is described for deploying an application contained in an application storage volume, which may be a virtual disk, on a virtual machine (VM) in a remote desktop environment. The application can be executed on the VM after mounting the virtual disk. A backup of the virtual disk is produced by cloning the virtual disk to a different storage device than the location of the primary virtual disk. In some embodiments, if the primary virtual disk fails during execution of the application, the application is suspended, redirected to the backup virtual disk, and resumed from the backup virtual disk. In other embodiments, if the primary virtual disk fails during execution of the application, a child process is spun off from the parent process using forking techniques, the child process is directed to the backup virtual disk, and the application is resumed from the backup virtual disk.

Abstract: A computer system with a hypervisor detects the local physical connection of a portable storage device with an operating system image thereon. The computer system installs an instance of the operating system on the hypervisor, and the hypervisor assigns a set of resources to the instance to generate a virtual machine. As further portable storage devices with operating systems thereon are locally, physically connected to the computer system, additional virtual machines are generated, each with a different operating system instance, which may be the same or different from the other operating system instances. The resources of the computer system are assigned and reassigned among the virtual machines as the portable storage devices are connected and disconnected.

Abstract: Apparatus and methods for providing computing resources are provided. More particularly, providing recursively-generated instantiated computing resource in a multi-tenant environment are provided. According to one example, a non-transitory computer-readable medium can store a set of instructions executable by a processing resource to instantiate a first instance of a first computing resource and provide the first instance of the first computing resource to a first tenant of a plurality of tenants utilizing a computing system. A second computing resource can be provided to a second tenant of the plurality of tenants when the second computing resource is available and sharable with the second tenant. A second instance of the first computing resource can be recursively-generated responsive to the request from the second tenant when the second computing resource is not available or the second computing resource is not sharable with the second tenant.

Abstract: Embodiments of the present disclosure provide a method, a coalescing configuration engine, a coalescing configuration tool and a file system for a storage system, and comprises at least one initiator, each initiator accessing a corresponding storage space in the storage system via at least one virtual logic unit number LUN by executing in parallel a plurality of configuration operations, wherein each configuration operation is used to configure a mapping relationship between the at least one virtual LUN and the at least one initiator.

Abstract: Systems for bring-up of virtual machines in disaster recovery scenarios where the network configuration differs between the failed system and the recovery system. A method commences upon identifying a disaster recovery plan for restarting a set of virtual machines on a second system (e.g., a recovery system). A disaster event is detected, which event causes initiation of aspects of the disaster recovery plan, including restarting the set of virtual machines that were running on the first system. Other aspects of the disaster recovery plan include determining a set of network configuration directives pertaining to the second system, and providing access to the network configuration directives by any of the restarted virtual machines. During disaster recovery bring-up, at least some of the virtual machines that are restarted on the second system use the network configuration of the recovery system.

Abstract: The present disclosure provides a system for measuring carbon emissions in a power system. The system includes: generation carbon meters, distributed respectively in generators in the power system; network carbon meters, distributed respectively in nodes in the power system; consumption carbon meters, distributed respectively in consumers in the power system; and a center server, in which each carbon meter is configured to collect data for measuring the carbon emissions. The center server is configured to acquire the collected data and to measure the carbon emissions according to the acquired data, and to send measuring results to the corresponding carbon meter. Then each carbon meter is further configured to display according to the measuring results. The carbon emission may be measured in real time.

Abstract: Technologies including computer implemented methods and systems are described herein for providing instantiation of virtual machines from backups. Systems and methods disclosed herein do not require restoring the complete contents of a virtual machine from a backup prior to using the virtual machine. Systems and methods presented herein allow creating and running a virtual machine directly from a virtual machine backup. Virtual machines created and maintained by the virtual machine instantiation system may be, in turn, used for backup consistency testing, disaster recovery testing, or granular item-level restore.

Abstract: A system and method for programming a timer in a virtualized system are disclosed. In accordance with one embodiment, a hypervisor executed by a processing device stores, in a first memory location that is readable by a virtual machine (VM), a first time that is associated with a first future interrupt. The hypervisor programs a timer to trigger at the first time, and detects a request by the VM for a second future interrupt at a second time, wherein the detecting comprises reading the second time from a second memory location that is writeable by the VM.

Abstract: Methods, systems, and computer program products for providing dynamic batch management of shared packet buffers are disclosed. A virtualized computer system may include a hypervisor with access to memory and executed by a processor to maintain a pool of host memory to store a plurality of incoming network packets received by a network device, adjust a number of memory buffers associated with the pool of host memory to resize the pool of host memory, receive an indication of an incoming network packet stored in the pool of host memory by the network device, and provide the incoming network packet to a guest. In an example, the hypervisor uses the pool of host memory to perform batch processing of the incoming network packets and dynamically adjusts the size of the pool during the processing by adding or removing memory buffers in response to an event, condition, request, etc.

Abstract: Embodiments provision and customize virtual machines (VMs), such as desktop VMs, without rebooting the desktop VMs. In response to a request to provision the VMs, a computing device creates a clone VM from a parent VM template identified in the request. One or more customization that prompt rebooting of the clone VM are applied to the clone VM. The computing device instantiates a plurality of child VMs from the customized clone VM. A child VM configuration is applied to at least one of the instantiated child VMs without provoking a reboot of those child VMs.

Abstract: The invention provides a method and system for continuous optimization of a data center. The method includes monitoring loads of storage modules, server modules and switch modules in the data center, detecting an overload condition upon a load exceeding a load threshold, combining server and storage virtualization to address storage overloads by planning allocation migration between the storage modules, to address server overloads by planning allocation migration between the server modules, to address switch overloads by planning allocation migration mix between server modules and storage modules for overload reduction, and orchestrating the planned allocation migration to reduce the overload condition in the data center.

Abstract: A method and an apparatus for controlling virtual machine migration is presented, where the method includes obtaining information about an application running on a first virtual machine, where the first virtual machine runs on a first host; determining, according to the information about the application, whether an application associated with the application running on the first virtual machine runs on a second virtual machine, where the second virtual machine is any virtual machine running on a second host; and if no application associated with the application running on the first virtual machine runs on the second virtual machine, migrating the first virtual machine to the second host. The embodiments of the present disclosure can ensure that reliability of an application is not affected during a virtual machine migration process.

Abstract: A request is sent from a new virtual function (VF) to a physical function for requesting the initialization of the new VF. The controlling physical function and the new VF establish a two-way communication channel that to start and end the VF's exclusive accesses to registers in a configuration space. The physical function uses a timing control to monitor that exclusive register access by the new VF is completed within a predetermined time period. The new VF is only granted a predetermined time period of exclusive access to complete its initialization process. If the exclusive access period is timed out, the controlling physical function can terminate the VF to prevent GPU stalls.

Abstract: A security system and method efficiently monitors and secures a computer to defend against malicious intrusions, and includes an in-band software monitor disposed within a kernel in communication with an operating system (OS) of the computer. The monitor intercepts system calls made from an MSR (Model Specific Register), to execute monitoring operations, and subsequently returns execution to the OS. An out-of-band hypervisor communicably coupled to the OS, has read shadow means for trapping read requests to the MSR, and write mask means for trapping write requests to the MSR. The hypervisor includes means for responding to the trapped read and write requests so that presence of the monitor is obscured.

Abstract: A non-transitory computer-readable storage medium storing therein a proxy response program that causes a computer to execute a process includes requesting suspension or pausing of a virtual machine when an idle state of the virtual machine is detected, changing, when the virtual machine is suspended or paused, settings information of a communication control device between a terminal device and the virtual machine, so as to transfer access from the terminal device to the virtual machine, to the computer; sending, when the access to the virtual machine that is suspended or paused is transferred, a response to the terminal device on the basis of communication response settings information relating to a communication response to the terminal device by the virtual machine that is suspended or paused; and requesting resumption of the virtual machine that is suspended or paused in response to the transfer of the access.

Abstract: A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.

Abstract: A network device implements a method for providing a service chain in a network by instantiating services on demand using a lightning module. The lightning module provides the services as applications executed by a unikernel where the unikernel is supported by a hypervisor. The method further includes receiving authentication, administration and accounting (AAA) service authentication of a user by the lightning module, instantiating a special unikernel to monitor a session for packets from the user, and instantiating service chain unikernels identified in at least one unikernel configuration file, in response to receiving a packet from the user.

Abstract: Autonomous selection between multiple virtualization techniques implemented in a virtualization layer of a virtualized computer system. The virtual machine monitor implements multiple virtualization support processors that each provide for the comprehensive handling of potential virtualization exceptions. A virtual machine monitor resident virtualization selection control is operable to select between use of first and second virtualization support processors dependent on identifying a predetermined pattern of temporally local privilege dependent instructions within a portion of an instruction stream as encountered in the execution of a guest operating system.

Abstract: A device for configuring a virtualized network function, configured for use in a virtualized communication network, is disclosed. The device is configured to receive a request to configure the virtualized network function. The device is also configured to obtain at least one parameter for implementing an elementary component of the virtualized network function in a virtualized communication network, to be added to a basic virtualized network function. The device is also configured to compose the virtualized network function from at least one elementary component and from the parameter for implementing the at least one obtained elementary component.

Abstract: A system includes a processor and memory to execute an application. The application receives feedback from a target regarding ability of a plurality of resources of the target to service requests from one or more clients. The feedback includes a metric indicative of a load of each of the resources. The application calculates weights for the resources based on the feedback. A weight for a resource is based on a product of a first term that determines a maximum difference in probabilities of selection between two resources and a second term including an exponent that is a difference between a current load of the resource and a current minimum load across the resources determined based on the feedback. The application selects, for servicing a request from one of the clients, one of the resources in round robin manner based on the weights to evenly utilize the plurality of resources.

Abstract: Aspects of the disclosure allocate shares of processing resources or other physical resources among virtual machines (VMs) operating as, for example, virtual desktops on a plurality of host computing devices. Allocations of resources are adjusted based on the user activity, VM activity, and/or application activity detected by an agent executing on each VM. Allocated shares may be boosted, unboosted, or normalized, depending on the type and duration of detected activity, by a resource allocation manager executing on a management server.

Abstract: Aspects of the subject disclosure may include, for example, a method in which first performance data and second performance data are obtained for a first virtual machine and a second virtual machine on a network, the performance data is analyzed, performance of the first virtual machine is predicted, and a performance trend for the first virtual machine is determined. Performance of the second virtual machine is predicted in accordance with analyzing of the second performance data and a potential transfer of execution of an application from the first virtual machine to the second virtual machine. Execution of the application is transferred to the second virtual machine after determining an expected improvement in execution of the application relative to the first virtual machine. Other embodiments are disclosed.

Abstract: In a computer-implemented method for calculating a performance metric of a cluster of hosts in a virtualization infrastructure a performance metric of each of a plurality of virtual machines in said virtualization infrastructure is accessing by a centralized management application of a virtualization infrastructure. The virtualization infrastructure comprises a plurality of hosts supporting the plurality of virtual machines. A performance metric of a cluster of the plurality of hosts is calculated by the centralized management application based on the performance metric of each of the plurality of virtual machines hosted by the cluster. The calculated performance metric of the cluster is transmitted to a database such that a history of performance metrics of the cluster are stored in the database.

Abstract: A change in an information technology system may be monitored. The information technology system may include a computing resource, a computing service that is to utilize the computing resource, a resource policy including a rule that is to be matched to the computing resource. A compliance operation may be performed on the computing resource in accordance with the rule. A schedule may be changed for a maintenance window in which the compliance operation is to be performed. The change of the schedule may be based on the monitored change in the information technology system and on a priority of the compliance operation or of the computing service.

Abstract: A software package to be installed on a host system may be identified. A service of the host system that is unavailable during an installation of the software package on the host system may be identified where the installation changes a configuration of the service. A determine may be made as to whether the service that is unavailable during the installation of the software package on the host system is being used by a virtual machine (VM) that is associated with the host system. A notification may be provided in view of the determination of the service associated with the software package being used by the VM that is associated with the host system.

Abstract: Methods and apparatus for receiving uploaded data from a sender at a receiver. A data deduplication technique is described that may reduce the bandwidth used in uploading data from the sender to the receiver. In the technique, the receiver, rather than the sender, maintains a fingerprint dictionary for previously uploaded data. When a sender has additional data to be uploaded, the sender extracts fingerprints for units of the data and sends the fingerprints to the receiver. The receiver checks its fingerprint dictionary to determine the data units to be uploaded and notifies the sender of the identified units, which then sends the identified units of data to the receiver. The technique may, for example, be applied in virtualized data store systems to reduce bandwidth usage in uploading data.

Abstract: A test device includes a memory and a processor coupled to the memory. The processor is configured to execute a test on a first virtual machine among a plurality of virtual machines included in a network in operation. The processor is configured to generate a first snapshot of the first virtual machine before the test is executed. The processor is configured to generate a first substitute machine from the first snapshot. The first substitute machine is a substitute for the first virtual machine. The processor is configured to determine whether the test results in success. The processor is configured to replace the first virtual machine with the first substitute machine depending on a result of the determination.

Abstract: A system and method is provided for controlling an operating state of a virtual processor. An exemplary method includes determining a blocked state of a guest operating system, and, upon detecting the blocked state, determining a number of interrupt events during a first time period. If the number of interrupts is less than a first threshold or even zero during a first time period, the method includes protecting memory pages from execution by the virtual processor. Moreover, the method includes detecting, during a second time period, when the processor attempts to execute protected memory pages and unprotecting these protected memory page. Then, during a third time period, the method includes monitoring execution by the processor of the unprotected memory pages and maintaining the processor in an idle state based on the number of executed unprotected memory pages during the third time period.

Abstract: Some embodiments provide a method for a first network controller that manages a set of logical forwarding elements implemented in several managed forwarding elements. The method receives a request to trace a specified packet having a particular source on a logical forwarding element. The method generates the packet according to the packet specification. The generated packet includes an indicator that the packet is for a trace operation. The method sends the packet to a second network controller that manages a managed forwarding element associated with the particular source. The method receives a first set of messages regarding operations performed on the packet from a set of network controllers that receives a second set of messages regarding operations performed on the packet from a set of managed forwarding elements that process the packet.

Abstract: A system and method of providing enhanced data processing and analysis in an infrastructure for distributed computing and large-scale data processing. This infrastructure uses the Apache Spark framework to divide an application into a large number of small fragments of work, each of which may be performed on one of a large number of compute nodes. The work may involve Spark transformations, operations, and actions, which may be used to categorize and analyze large amounts of data in distributed systems. This infrastructure includes a cluster with a driver node and a plurality of worker nodes. The worker nodes may be, or may include, intelligent solid state drives capable of executing data processing functions under the Apache Spark framework. The use of intelligent solid state drives reduces the need to exchange data with a central processing unit (CPU) in a server.

Abstract: Systems and methods are provided for emulating guest code by a virtual machine function. An example method includes detecting, by a hypervisor, a request by a guest to access a resource. The guest includes a virtual machine function and kernel code, and runs on a virtual machine. The virtual machine and the hypervisor run on a host machine, which includes virtual machine function memory. The method also includes in response to detecting the request to access the resource, transferring, by the hypervisor, control of a virtual central processing unit (CPU) allocated to the guest to the virtual machine function. The method further includes receiving an indication that the virtual machine function has completed the access request on behalf of the guest. The virtual machine function may modify a state of the virtual CPU in virtual machine function memory. The method also includes synchronizing, by the hypervisor, a virtual machine function memory with the virtual CPU state.

Abstract: A server LPAR operating in a virtualized computer shares pages with client LPARs using a shared memory region (SMR). A virtualization function of the computer receives a get-page-ID request associated with a client LPAR to identify a physical page corresponding to a shared page included in the SMR. The virtualization function requests the server LPAR to provide an identity of the physical page. The virtualization function receives a page-ID response comprising the identity of a server LPAR logical page that corresponds to the physical page. The virtualization element determines a physical page identity and communicates the physical page identity to the client LPAR. The virtualization element receives a page ID enter request and enters an identity of the physical page into a translation element of the computer to associate a client LPAR logical page with the physical page.

Abstract: An architecture for implementing a mechanism for displaying GPU resource usage and dynamically allocating GPU resources in a networked virtualization system is provided. The mechanism compares an initial allocation of GPU resources to virtual machines supported by one or more nodes of the networked virtualization system to a current GPU resource usage by the virtual machines. Based at least in part on the comparison and workloads processed by the virtual machines, the mechanism may reallocate GPU resources to one or more of the virtual machines. A virtual machine is reassigned to a different vGPU profile if reassignment is likely to achieve a more efficient allocation of GPU resources to the virtual machine. A user interface indicating GPU resource usage relative to GPU resource allocation may also be generated and displayed.

Abstract: Systems herein allow a user to load a virtual work environment on a terminal, such as a workstation, based on authentication mechanisms built into a user device, such as a cell phone. The user device can authenticate with a management server using an SAML token. The management server can track which virtual machines and configurations make up the user's work environment, and can send that information to the user device for loading the virtual machines. When the user wishes to load the virtual machines at a terminal, the user device can send the SAML token to the terminal for use in authenticating with the management server. The management server can then provide the configurations for the virtual machines that the user selects to load at the terminal.

Abstract: A virtual machine deployment and management engine deploys virtual machines to physical host computers based on a deployment time matrix. The deployment time matrix specifies approximate amounts of time used to clone or deploy a virtual machine from every host computer to every other host computer. The virtual machine deployment and management engine selects a deployment path based on the deployment times and executes the clone or deploy operations.

Abstract: An example method for managing memory includes receiving an inflate notification including a first identifier corresponding to a first time. The inflate notification indicates that a set of guest memory pages is unused by the guest at the first time. The method also includes determining whether the first identifier precedes a last identifier corresponding to a second time and included in a previously sent inflate request to the guest. If the first identifier does not precede the last identifier, the method also includes (i) for a first subset of the set modified since the first time, determining to not reclaim a first set of host memory pages corresponding to the first subset of guest memory pages, and (ii) for a second subset not modified since the first time, reclaiming a second set of host memory pages corresponding to the second subset of guest memory pages.

Abstract: An analysis support method includes: searching for a second physical machine that has a configuration similar to a first physical machine on which a first virtual machine to be analyzed is executed, the second physical machine having configurations similar to the first physical machine before and after a change of a state of a virtual machine executed on the second physical machine; and searching for a second virtual machine that is executed on the second physical machine and similar to the first virtual machine before and after the change of the state of the virtual machine.

Abstract: A method for deploying a cloud infrastructure includes obtaining a specification of one or more network resources in a new region of a service provider. A virtual private cloud (VPC) within an existing region of the service provider may be configured based on the specification, with a plurality of core configuration services. A connection is established between the VPC and the new region. The one or more network resources in the new region are established as a network infrastructure, and are configured over the established connection to run compute services, using at least one of the core configuration services. The plurality of core configuration services are transferred to the one or more network resources in the new region, and the new region is disconnected from the VPC.

Abstract: Embodiments of the invention relate to recovering from a disaster associated with an information technology environment. An information technology environment is replicated to a service provider. A recovery plan is generated for the environment. The recovery plan includes two processes. In response to the service provider receiving a disaster recovery request associated with the environment, the service provider executes a disaster recovery protocol. The protocol includes simultaneously executes the first and second processes. The first process operates a workload in the form of one or more containers, and the second process is a background process that creates a replica of the environment. After completion of the replica creation, the workload is migrated to the replica.

Abstract: A method, and associated computer system and computer program product. One or more processors of a computer system receive an upgrade request to upgrade a base operating system (OS) of a virtual machine (VM). In response to receiving the upgrade request, the one or more processors store metadata of the VM into a resource registry. The one or more processors load a new version of the base OS onto the VM. The one or more processors retrieve, from the resource registry, the stored metadata for configuring the VM.

Abstract: Live migration of a hardware accelerated application may be orchestrated by cloud services to transfer the application from a source server to a destination server. The live migration may be triggered by probe circuitry that monitors quality of service metrics for migration conditions at the source server. When live migration is initiated by the cloud services, a snapshot of all state information relevant to the application at the source server may be saved to network attached storage accessible by the destination server. Changes to said state information at the source server may be mirrored onto the network attached storage. The destination server may copy the snapshot and subsequent changes and run the application in parallel before taking complete control of the application. After a handshake operation between the source and destination servers, the application may be shut down at the source server.

Abstract: A method, system, and/or computer program product establishes and utilizes a tenant-specific log for events related to a cloud-based service. A metamodel is created for a cloud-based service provided to a specific tenant of a cloud. The metamodel describes types of resources that are providing the cloud-based service that the specific tenant desires to monitor. In response to the cloud-based service being executed, the metamodel is used to identify a set of resources that are actually providing the cloud-based service for the specific tenant. A tenant-specific log is established to tracks events that occur on each actual resource from the set of resources, and records access to the specific unit of hardware by an authorized user of the specific unit of hardware. Operations related to the cloud-based service are transferred from the specific unit of hardware to a local device that is available only to the specific tenant.

Abstract: A manageable external wake of virtual machines. A processor of a computing system determines whether to wake a virtual machine in view of one or more parameters.

Abstract: Exemplary methods, apparatuses, and systems determine a list of virtual machines to be subject to a corrective action. When one or more of the listed virtual machines have dependencies upon other virtual machines, network connections, or storage devices, the determination of the list includes determining that the dependencies of the one or more virtual machines have been met. An attempt to restart or take another corrective action for the first virtual machine within the list is made. A second virtual machine that is currently deployed and running or powered off or paused in response to the corrective action for the first virtual machine is determined to be dependent upon the first virtual machine. In response to the second virtual machine's dependencies having been met by the attempt to restart or take corrective action for the first virtual machine, the second virtual machine is added to the list of virtual machines.

Abstract: One or more virtual processors can be added or removed from a virtual machine based on CPU pressure measured within the virtual machine. In addition to the foregoing, CPU pressure can also be used to determine whether to remove a virtual processor from a virtual machine, which may cause the computer system to consume less power. In the alternative, virtual processors can be parked and/or unparked in order to reduce the amount of power consumed by the virtual machine. In addition, virtual processors can be forcibly parked during a migration operation.

Abstract: A service manages a plurality of virtual machine instances for low latency execution of user codes. The service can provide the capability to execute user code in response to events triggered on an auxillary service to provide implicit and automatic rate matching and scaling between events being triggered on the auxiliary service and the corresponding execution of user code on various virtual machine instances. An auxiliary service may be configured as an event triggering service to detect events and generate event messages for execution of the user codes. The service can request, receive, or poll for event messages directly from the auxiliary service or via an intermediary message service. Event messages can be rapidly converted to requests to execute user code on the service. The time from processing the event message to initiating a request to begin code execution is less than a predetermined duration, for example, 100 ms.

Abstract: Aspects of the subject disclosure may include, for example, a network device that performs operations include determining a context of a communication device operable within a mobility network, wherein the communication device interacts with a virtual resource manager to allow a user of the communication device to access a virtual resource by way of a user interface at the communication device. The virtual resource is hosted by another system remotely accessible to the communication device by way of the mobility network. An access parameter is determined based on the context of the communication device and forwarded to the communication device by way of the mobility network. The communication device is enabled to access the virtual resource based on the access parameter. Other embodiments are disclosed.