Abstract: Disclosed are systems and methods for recovering a virtual machine (VM) using cloud computing services. Backed up data associated with a first virtual machine (VM) is stored in a cloud-based storage associated with a cloud computing service. A first instance of a recovery VM service is activated and configured to execute using the cloud computing service. Metadata associated with the first VM is sent to the first instance of the recovery VM service from a primary site based on receiving a certificate authorization. A notification from the first instance of the recovery VM service is received to notify that the recovery of the first VM is completed. The first VM is configured to execute using the cloud computing service.

Abstract: Methods and apparatus are provided for fault resilient distributed computing using a continuous data protection feature of virtual machines. An exemplary method by a compute node for executing a process of a distributed application comprises providing a virtual machine having continuous data protection to store a copy of a state of the process in a performance storage tier; and providing a virtual machine to intercept messages of the process and to store a copy of the intercepted messages in a message log, wherein the process communicates with a plurality of other processes executing on other compute nodes, and wherein the plurality of processes employ asynchronous checkpointing. The process optionally communicates with the other processes in the distributed application using one or more virtual networks. The state is optionally moved from the performance storage tier to a capacity storage tier when a new state is stored.

Abstract: A method and system determines discrete policy target groups for information objects stored in an enterprise IT system. The method and system provide cleansed information about information objects stored on the enterprise IT system. Criteria for sorting the information objects is determined. Initial sorting of the information objects is carried out, resulting in an initial set of clusters. The information objects are clustered into discrete policy target groups based on the information about the information objects and the initial set of clusters, and human-understandable names and definite descriptions for policy target groups are computed.

Abstract: A technique allows for protecting a PCI device controller from a PCI BDF masquerade attack from Ring-0 and Ring-3 malware. The technique may use Virtualization technologies to create guest virtual machines that can use a hypervisor to allocate ACPI information from ACPI tables to a secure VM and using extended page tables (EPT) and VT-d policies to protect the MMIO memory range during illegal runtime events.

Abstract: Systems and methods described herein facilitate provisioning virtual machines (VMs) in a virtual desktop infrastructure (VDI). The VDI includes a virtual desktop management server (VDMS), a VM, and a plurality of datastores. The VDMS includes a management module that is configured to determine a plurality of usage values that are associated with the datastores. The management module is also configured to determine one or more selection penalty values that are associated with one or more thin-provisioned VMs assigned to one or more of the datastores. Further, the management module calculates a plurality of capacity values for the datastores based at least in part on the determined usage values and the determined penalty values such that each of the capacity values corresponds to a separate datastore. Based at least in part on the capacity values, the management module is configured to assign the VM to one of the datastores.

Abstract: A Mechanical Turk-Integrated Development Environment system is disclosed. An integrated development environment (IDE) can include one or more interfaces capable of communicating with a mechanical turk engine. As a developer creates applications within the IDE, the developer can use the IDE to submit one or more requests to the mechanical turk engine. The engine constructs a mechanical turk project based on the requests and provides project tasks to workers. The results of the tasks can then be compiled and integrated back into the developer's application via the IDE. An example use includes constructing large domain specific data sets that can be applied to spoken dialog interfaces.

Abstract: Disclosed aspects manage a shared pool of configurable computing resources associated with a shared pool manager. The shared pool manager receives a set of scaling factors. The set of scaling factors corresponds to a workload. Using the set of scaling factor values and a set of workload resource data, a configuration is determined. The configuration is established to process the workload. Disclosed aspects manage a shared pool of configurable computing resources associated with a registry. The registry is structured to have a set of workload resource data and associated scaling factors. A set of scaling factor values is detected. The set of scaling factors corresponds to a workload. Based on both the set of workload resource data and the set of scaling factor values, a set of resource attributes is determined to configure the shared pool of configurable computing resources for the workload. The set of resource attributes is communicated.

Abstract: Using a metadata of a layer, a prediction factor including a level of participation of the layer in a set of container images is computed. Each container image includes a corresponding set of layers and is usable to configure a container in a container-based virtualized data processing environment. Using a set of levels of participation corresponding to a set of layers, and using a condition in a prediction algorithm, a subset of layers that have to be pre-provisioned at a node is predicted. The subset of layers is adjusted, to form an adjusted subset of layers, by looking ahead at a container requirement of a workload that is planned for processing at a future time. The adjusted subset of layers is caused to be provisioned on the node prior to the future time.

Abstract: Memory security technologies are described. An example processing device includes a processor core and a memory controller coupled to the processor core and a memory. The processor core can determine that an exit condition to transfer control of a resource for a processor core from a first virtual machine monitor (VMM) to a second VMM has occurred. The processor core can also determine whether a control virtual machine control structure (VMCS) link pointer is valid. The processor core can also determine whether a reason value corresponding to the control VMCS link pointer is set. The processor core can also determine whether the reason value is set to zero. The processor core can also determining whether an exception bit corresponding to a specific exception type of a reason value is set. The processor core can also transfer a control of the resource from the first VMM to the second VMM.

Abstract: The technology disclosed relates to managing resource allocation to task sequences in a stream processing framework. In particular, it relates to operating a computing grid that includes machine resources, with heterogeneous containers defined over whole machines and some containers including multiple machines. It also includes initially allocating multiple machines to a first container, initially allocating first set of stateful task sequences to the first container, running the first set of stateful task sequences as multiplexed units of work under control of a container-scheduler, where each unit of work for a first task sequence runs to completion on first machine resources in the first container, unless it overruns a time-out, before a next unit of work for a second task sequence runs multiplexed on the first machine resources. It further includes automatically modifying a number of machine resources and/or a number assigned task sequences to a container.

Abstract: Within a partitioned system, a first system partition operates in a safety domain in which predictable operation of the first system partition is necessary to protect the system or operators of the system from harm. A second system partition operates in a user domain in which information supplied by the second system partition is not sufficiently reliable to be used by the first system partition within the safety domain. A mediator controller is connected between the first system partition and the second system partition. The mediator controller receives the information supplied by the first system partition. The mediator controller monitors and supervises use of the information by the second system partition in order maintain requirements of the safety domain to protect the system or operators of the system from harm.

Abstract: A computer-implemented method for controlling a connection between a virtual machine and a physical device comprises receiving a connection request for connecting the physical device to the virtual machine and determining whether the virtual machine satisfies a first connection permission condition and whether the physical device satisfies a second connection permission condition. In response to a determination that the virtual machine does not satisfy the first connection permission condition, a configuration of the virtual machine is changed to satisfy the first connection permission condition. In response to a determination that the physical device does not satisfy the second connection permission condition, a configuration of the physical device is changed to satisfy the second connection permission condition.

Abstract: In one embodiment, a method is performed by a computer system. The method includes determining a base state of a particular container, wherein the base state is represented by a base image. The method further includes determining a target state of the particular container, wherein the target state is represented by a deployment of the particular container. In addition, the method includes determining a set of commands to transition from the base state to the target state. Further, the method includes generating a manifest for the target state of the particular container, the manifest comprising the determined set of commands to reach the target state.

Abstract: A method for offloading packet encapsulation for an overlay network is provided. The method, at a virtualization software of a host, sends a mapping table of the overlay network to a physical network interface controller (NIC) associated with the host. The mapping table maps the identification of each of a set of virtual machine (VM) of a tenant on the host to an identification of a tunnel on the overlay network. The method, at the virtualization software, receives a packet from a VM of the tenant. The method sends the packet to the physical NIC. The method, at the physical NIC, encapsulates the packet for transmission over the overlay network by using the mapping table. The method of claim also tags the packet by the virtualization software as a packet that requires encapsulation for transmission in the overlay network prior to sending the packet to the physical NIC.

Abstract: A computer includes: a host VM monitor configured to operate on a physical processor and generate a logical processor that operates a first-level VM; and a guest VM monitor configured to operate on the logical processor and generate a plurality of virtual processors that operates a plurality of second-level VMs generated on the first-level VM. The host VM monitor includes management information that correlates control information which is unique to each of the second-level VMs and which the host VM monitor can acquire in a period from the start to the end of execution of the second-level VM with a second-level VM identifier for specifying the second-level VM. The host VM monitor specifies a second-level VM, based on a second-level VM identifier corresponding to the control information of the second-level VM, which has been acquired, in the management information and acquires information on a load of the second-level VM.

Abstract: A system and method for copy based IOMMU emulation for out-of-process emulated device includes a memory, one or more physical processors, a virtual machine having a guest and a guest memory, and a hypervisor executing on the physical processors. In an example, the hypervisor receives a request from the guest to grant access of a virtual device to a guest memory page when the guest memory is mapped to a private memory. The virtual device is mapped to a shared memory. The virtual device has access to the guest memory while the guest memory is mapped to the shared memory. The hypervisor copies data in a private memory page to a shared memory page in response to receiving the request. Then, the hypervisor maps the guest memory page to the shared memory page, which grants the virtual device access to the guest memory page.

Abstract: Disclosed aspects manage a shared pool of configurable computing resources associated with a shared pool manager. The shared pool manager receives a set of scaling factors. The set of scaling factors corresponds to a workload. Using the set of scaling factor values and a set of workload resource data, a configuration is determined. The configuration is established to process the workload. Disclosed aspects manage a shared pool of configurable computing resources associated with a registry. The registry is structured to have a set of workload resource data and associated scaling factors. A set of scaling factor values is detected. The set of scaling factors corresponds to a workload. Based on both the set of workload resource data and the set of scaling factor values, a set of resource attributes is determined to configure the shared pool of configurable computing resources for the workload. The set of resource attributes is communicated.

Abstract: Embodiments of the present disclosure call for a method, a system, and a computer program product for managing virtual resources for a virtual machine of interest on a physical server. The method includes monitoring a plurality of physical servers, on a computing system. Each physical server provides an initial level of virtual resources to a plurality of virtual machines. The method also includes receiving a requested level of virtual resources for a virtual machine of interest hosted by a first physical server from the plurality of physical servers. The method also includes determining whether the first physical server is able to host the requested level of virtual resources for the virtual machine of interest. The method also includes determining, in response to the first physical server not being able to host the requested level of resources for the virtual machine of interest, a path.

Abstract: Methods, systems, and computer program products for configuring devices in a virtual environment are described. An example method includes determining a NUMA node assigned to a virtual machine. A guest of the virtual machine probes a root bus to detect a first device coupled to the root bus. The first device is assigned, based on the determined NUMA node, a first address range of the virtual machine. The guest is notified of an expander coupled to the first virtual root bus. The expander is probed to detect an additional root bus. The guest probes the additional root bus to detect a second device. The second device is assigned, based on the determined NUMA node, a second address range.

Abstract: Methods and systems for managing, storing, and serving data within a virtualized environment are described. In some embodiments, a data management system may manage the extraction and storage of virtual machine snapshots, provide near instantaneous restoration of a virtual machine or one or more files located on the virtual machine, and enable secondary workloads to directly use the data management system as a primary storage target to read or modify past versions of data. The data management system may allow a virtual machine snapshot of a virtual machine stored within the system to be directly mounted to enable substantially instantaneous virtual machine recovery of the virtual machine.

Abstract: An embodiment includes a system, comprising: a device configured to present a logical device and enable a virtual device in response to a control signal; and a processor coupled to the device and configured to: present the logical device through a first device interface; transmit the control signal to the device to enable the virtual device; and after the virtual device is enabled, present the virtual device through a second device interface.

Abstract: Embodiments of the present disclosure call for a method, a system, and a computer program product for managing virtual resources for a virtual machine of interest on a physical server. The method includes monitoring a plurality of physical servers, on a computing system. Each physical server provides an initial level of virtual resources to a plurality of virtual machines. The method also includes receiving a requested level of virtual resources for a virtual machine of interest hosted by a first physical server from the plurality of physical servers. The method also includes determining whether the first physical server is able to host the requested level of virtual resources for the virtual machine of interest. The method also includes determining, in response to the first physical server not being able to host the requested level of resources for the virtual machine of interest, a path.

Abstract: A management server and method for load balancing a cluster of host computers analyzes load metrics of clients naming on the host computers in the cluster to select a first client that can be migrated from a first host computer in the cluster to a second host computer in the cluster to improve load balance for the cluster and a second client running on the second host computer that can be swapped with the first client running on the first host computer for a client swapping operation. The client swapping operation involves simultaneously migrating the first client from the first host computer to the second host computer and migrating the second client from the second host computer to the first host computer.

Abstract: The present disclosure is directed to enhanced virtual function capabilities in a virtualized network environment. In general, devices may comprise physical and virtualized resources. The physical resources may comprise at least a network adaptor that may handle incoming data from a network and outgoing data to the network. The virtualized resources may comprise at least one virtual machine (VM) and a corresponding interface. The corresponding interface may be one of a physical interface, a virtual interface or a “super” virtual interface. The physical interface may provide a first set of capabilities allowing the VM to access (e.g., control) at least the network adaptor. The virtual interface may provide a second set of capabilities that is a subset of the first set. The super virtual interface may provide a third set of capabilities including the second set of capabilities and at least one additional capability from the first set of capabilities.

Abstract: A system, computer program product, and method is described to manage cloud bursting from a private cloud to a public cloud. The method starts with executing one or more software components of at least one application receiving transaction requests on at least one processing node accessing at least one database server. The one processing node is managed by at least one controller in a first deployment model of a computing infrastructure. The controller, the processing nodes and the database servers each include instrumentation for tracking of performance metrics thereof. A map is created of transaction requests received by the controller to data resources in the database by analyzing the set of common structures. The map is used to identify which of the software components and corresponding data resources in the database to move a processing node in a second deployment model of a computing infrastructure.

Abstract: A computer implemented method for reading signatures corresponding to a portion of data on a virtual machine disk on a production site, wherein reading the signature includes mapping the virtual machine disk offset into a physical storage offset, and reading the signature from the physical storage; sending the signature of the portion of data to a replication site; obtaining a mapping from a virtual disk to a physical disk at the replica site; issuing a command to write a portion of data corresponding to the signature to a the physical storage based on the mapping of the replica of the virtual machine disk on the replication site; determining if the command was successful; and based on a determination that the command was not successful, marking the locations corresponding to the signature for synchronization in a synchronization structure.

Abstract: The disclosed embodiments relate to a system for monitoring a virtual-machine environment. During operation, the system identifies a parent and a set of two or more child components that are related to the parent component in the virtual-machine environment. Next, the system determines a performance metric for each child component in the set of two or more child components. The system then determines a child-component performance state for each child component in the set of two or more child components based on the performance metric for the child component and a child-component state criterion. Finally, the system determines a parent state for the parent component based on the child-component performance state for each child component in the set of two or more child components and a parent-component state criterion, wherein the parent-component state criterion includes a threshold percentage or number of child components that have a specified state.

Abstract: Systems and methods are disclosed that provide direct network traffic monitoring within virtual machine (VM) platforms operating in virtual processing environments. The disclosed embodiments in part provide direct network packet monitoring through client packet monitor applications that run within client VM platforms to obtain packet traffic and to forward this traffic directly to tool packet monitor applications operating within tool VM platforms. Further, the tool VM platforms can receive multiple incoming streams of network packets from various client VM platforms, and these incoming streams can change over time due to changes in the number of client VM platforms running within the virtual processing environment. Preferably, the network packet streams are communicated using encapsulation tunnels and related encapsulation headers, such as GRE tunnels using GRE identifiers in related encapsulation headers.

Abstract: Examples of systems and methods for device-type content management are described herein. In an example, at least one of a community policy and a community-device type policy may be generated. The community policy may be generated for a community defined for an enterprise and may be enforced on a plurality of user devices registered with the community. Further, the device-community policy may be enforced on a user device, from among the plurality of user devices, based on a device-type of the user device. The device-community policy may indicate a management service to be used to realize the community policy. Further, a management service agent (MS agent) may be provided to the user device, based on the management service indicated by the device-community policy. The MS agent may provide for managing enterprise content on the user device as indicated by the community policy.

Abstract: A technique for sharing resources in a data storage device. The data storage device receives a command associated with a non-volatile semiconductor memory device from a host system, the command including a virtual function identifier and a transaction identifier. The data storage device identifies, via a virtual function mapping unit that is included within a controller and that maintains a function mapping table which stores programmable values that associate virtual functions with portions of shared resources of the controller, a portion of a shared resource of the controller based on the virtual function identifier and the transaction identifier. The data storage device accesses the identified portion of the shared resource based on the received command.

Abstract: Concepts and technologies are disclosed herein for providing a closed control loop for data centers. The data centers can receive monitoring data that can include congestion data and class of service data. The data centers can store the monitoring data in a data storage device, analyze the monitoring data, and determine that a performance threshold is satisfied. In response to a determination that the performance threshold is met, the data centers can determine that a time-based threshold is met. In response to a determination that the time-based threshold is met, the data centers can adjust execution of a hosted service.

Abstract: Systems and methods for connecting wireless cameras are provided. A computing device may include a network interface, and a processor configured to establish a virtual USB bus available to an operating system of the computing device, establish a virtual USB camera device, and report to the operating system that the virtual USB camera device is connected to the virtual USB bus. The virtual USB camera may be configured to establish a network connection to a network camera using the network interface, receive video data from the network camera via the network interface, and send the video data via the virtual USB bus. Alternatively, the virtual USB camera may send the video data to the operating system as USB packets, without establishing a virtual USB bus.

Abstract: A method of providing virtualization services includes identifying computer programs executable as a plurality of tasks, including identifying tasks from the plurality of tasks. The method includes executing the computer programs by virtual central processing units (CPUs) in a virtual machine executed on a host hardware platform and defined to provide a virtualization platform for virtualization of a target hardware platform. This includes executing the plurality of tasks other than the identified tasks by the virtual CPUs in the virtual machine executed on CPUs of the host hardware platform, and at least partially in parallel with these tasks, executing the identified tasks on additional CPUs of the host hardware platform. The target hardware platform includes one or more CPUs for execution the plurality of tasks no greater in number than the CPUs of the host hardware platform on which the plurality of tasks other than the identified tasks are executed.

Abstract: This invention relates to a method and apparatus for updating software. In particular this invention relates to a method, system and computer program for updating an operating system in a hypervisor comprising: determining a new version of a component of the operating system; installing the new component version; measuring an identifying characteristic of the component and making it available to an attestation system; notifying the attestation system that a component has been updated to a new version whereby, when the attestation system finds that the identifying characteristic of the new component does not match a pre-stored attestation value it is aware that a legitimate mis-match could have occurred.

Abstract: A system for providing low latency computational capacity is provided. The system may be configured to maintain a pool of virtual machine instances, which may be assigned to users to service the requests associated with the users. The system may further be configured to receive a request to acquire compute capacity for executing a program code associated with a particular user, determine whether the pool of virtual machine instances includes a container that may be used to execute the program code therein, and cause the program code of the particular user to be executed in the container.

Abstract: A method for managing virtual machine policy compliance. The method for restoring compliance of a virtual machine found to be non-compliant to a compliance rule may comprise detecting non-compliance of a virtual machine using a compliance agent, detaching the virtual machine from a network, creating a copy of a compliance repository volume, mounting the newly requested disk resource having stored the copy of the compliance repository volume, applying a remediation action to the virtual machine, and triggering by the compliance agent a compliance scan for ensuring that the virtual machine complies to the compliance rule.

Abstract: The current document is directed to a storage stack subsystem of a computer system that transfers data between memory and various data-storage devices and subsystems and that processes I/O requests. In one implementation, the disclosed storage stack includes a latency monitor, an I/O-scheduling bypass pathway, and short-circuit switch, controlled by the latency monitor. While the latency associated with I/O-request execution remains below a threshold latency, I/O-scheduling components of the storage stack are bypassed, with I/O requests routed directly to multiple input queues associated with one or more high-throughput multi-queue I/O device controllers. When the latency for execution of I/O requests rises above the threshold latency, I/O requests are instead directed to I/O-scheduling components of the storage stack, which attempt to optimally reorganize the incoming I/O-request stream and optimally distribute I/O-requests among multiple input queues associated I/O device controllers.

Abstract: Systems and methods are described for adjusting a number of concurrent code executions allowed to be performed for a given user on an on-demand code execution environment or other distributed code execution environments. Such environments utilize pre-initialized virtual machine instances to enable execution of user-specified code in a rapid manner, without delays typically caused by initialization of the virtual machine instances. However, to improve utilization of computing resources, such environments may temporarily restrict the number of concurrent code executions performed on behalf of the given user to a number less than the maximum number of concurrent code executions allowed for the given user. Such environments may adjust the temporary restriction on the number of concurrent code executions based on the number of incoming code execution requests associated with the given user.

Abstract: Embodiments include methods and devices for migrating virtual assets over networks that have a first manager connected to a physical host a virtual machine run. Aspects include registering the physical host to a second manager in the network, creating the mapping relationship of the physical host between a database of the first manager and a database of the second manager and importing instance data and status data of the virtual machine of the physical host from the database of the first manager into the database of the second manager. Aspects also include switching the management for the physical host from the first manager to the second manager.

Abstract: A management system and method that generally allocates a virtual function to a virtual function definition of a virtual server, where the virtual function definition of the virtual server is previously assigned with a unique function identifier, and assigns the unique function identifier to the virtual function in response to the allocating of the virtual function, where the unique function identifier causes a discovery of the virtual function by the virtual server.

Abstract: Embodiments include methods and devices for migrating virtual assets over networks that have a first manager connected to a physical host a virtual machine run. Aspects include registering the physical host to a second manager in the network, creating the mapping relationship of the physical host between a database of the first manager and a database of the second manager and importing instance data and status data of the virtual machine of the physical host from the database of the first manager into the database of the second manager. Aspects also include switching the management for the physical host from the first manager to the second manager.

Abstract: A method includes storing a plurality of workloads in a first disk resource associated with a high end disk classification. The method further includes determining a corresponding activity level for each of the plurality of workloads. The method also includes classifying each of the plurality of workloads into a first set indicative of high-priority workloads and a second set indicative of low-priority workloads based on whether the corresponding activity level is greater than a threshold activity level. The method further includes determining whether a second disk resource associated with a low end disk classification can accommodate storage of a first particular workload in the second set based on an available storage capacity of the second disk resource. The method additionally includes migrating the first particular workload from the first disk resource to the second disk resource.

Abstract: This disclosure describes techniques for utilizing VXLANs within a network, such as a data center, for transporting L2 customer communications. Moreover, the disclosure describes techniques for auto-discovering, for each VXLAN, a corresponding replication node for replicating and distributing unknown destination, broadcast, and multicast frames to VXLAN Tunnel Endpoints (“VTEPs”) within the data center. Further, the techniques facilitate, by the replication node, discovery and auto-registration of the VTEPs for the respective customer network. As such, the techniques may facilitate configuration of VXLANs without necessarily relying on multicast protocols to provide such functionality. In this way, the techniques described herein may be used to supplement or even replace reliance on multicast protocols, such as the Protocol Independent Multicast (PIM) protocol, when configuring VXLANs within a network.

Abstract: A device management method including receiving, at an electronic device including a first operating system and a second operating system, a policy for the first or second operation system from an external server by a device management module of the first operating system, sending, by the device management module, the policy to a host management module of the first operating system in communication with the second operating system, and applying, by the host management module, the policy to the second operating system.

Abstract: In one example, a method for data backup includes surveying a database availability group (DAG) that includes multiple nodes which are each associated with one or more databases, to determine a distribution of the databases across the nodes. Next, federated logic is used to create a profile of the DAG based on the survey, and the profile is used to generate a dynamic preferred server order list (PSOL). Load balancing for the DAG is performed using the dynamic PSOL, and the dynamic PSOL is updated based on results of the load balancing. Finally, a federated backup of the databases is performed based on the updated dynamic PSOL.

Abstract: A switch includes at least a first table and a second table different in mapping of egress information of a network and user information to a packet. The first table is searched for a first packet received and operation according to an action corresponding to a search key of the first table is applied to the first packet to convert the first packet to a second packet. The second packet is supplied to the second table. The second table is then searched for the second packet. When the search key of the second table is matched, the operation according to the action corresponding to the search key of the second table is applied to the second packet to convert the second packet to a third packet (refer to FIG. 5).

Abstract: Approaches for synchronizing resources of a virtualized web browser. When a virtualized web browser is instructed to display a web page, a host module executing within a host operating instructs retrieves, from each of one or more virtual machines, contents for a portion of the web page. The virtualized web browser assembles the contents and displays the web page. A web browser executing in the host operating system may, but need not, retrieve any of the content displayed thereby. Instead, the content retrieved by the web browser executing in the host operating system may be retrieved by and rendered within a virtual machine. The behavior of the virtualized web browser may be configured using policy data.

Abstract: A main operating system interface engine can be configured to receive instructions from a main operating system of one or more host systems and can manage a virtualized operating system on the one or more host systems, the virtualized operating system appearing distinct from the main operating system to a user of the one or more host systems. A virtualization environment management engine can manage a virtualization environment, the virtualization environment using the virtualized operating system. A virtual machine management engine can manage one or more virtual machine instances in the virtualization environment, each of the one or more virtual machine instances operative to provide virtualized resources of the one or more host systems for a compute access system coupled to the one or more host systems.

Abstract: A virtual machine (VM) server may be used to enforce a set of security criteria upon a remote client device. The VM server may be configured to host a VM that has features that can be utilized by a user at the remote client device. The VM server may receive sensor data collected by one or more sensors of a remote sensor device. The VM server may identify that the sensor data satisfies at least a portion of the set of security criteria. The VM server may further identify that the remote client device is within a predetermined proximity of the remote sensor device. The VM server may further enable a user at the remote client device to utilize the features of the VM hosted on the VM server.

Abstract: A method and apparatus for automated mirroring is presented. A network device running as a Fabric Attach (FA) server configured to mirror traffic to a Remote Switch Port Analyzer (RSPAN) Virtual Local Area Network (VLAN), issues an FA Type Length Value (TLV) on its uplink to the FA server. The TLV includes a request to associate said RSPAN VLAN with a Service Identifier (I-SID) used to carry mirror traffic in a network. The network device sends the mirrored traffic on the RSPAN VLAN on its uplink to the FA server. The network device signals the I-SID into the network, and detects receive interest in the I-SID. The network device delivers the mirrored traffic to devices that expressed a receive interest in the mirrored traffic.