Abstract: An example system includes memory; a central processing unit (CPU) to execute first operations; in-memory execution circuitry in the memory; and detector software to cause offloading of second operations to the in-memory execution circuitry, the in-memory execution circuitry to execute the second operations in parallel with the CPU executing the first operations.

Abstract: Systems, apparatuses and methods may provide for technology that dynamically tunes platform features based on virtual machine runtime requirements. In one example, a first virtual machine and a second virtual machine of a cloud server platform may each be associated with one or more logical cores. The first virtual machine may have a first configuration to efficiently support a first feature setting arrangement on the associated logical cores. The second virtual machine may have a different second configuration to efficiently support a different second feature setting arrangement on the different associated logical cores. Feature settings that are specific to an application associated with a virtual machine may be determined based on application runtime requirements. Such determined feature settings may be stored as a bit mask in control fields of a virtual machine control and enforced on the logical cores associated with a given virtual machine.

Abstract: In a computer-implemented method for allocating a host of a pre-configured hyper-converged computing device to a workload domain, a pre-configured hyper-converged computing device including a plurality of hosts is managed, wherein the plurality of hosts is allocable to workload domains. A pool of unallocated hosts of the plurality of hosts is managed within the pre-configured hyper-converged computing device, wherein hosts of the pool of unallocated hosts have associated hypervisor versions. An allocation request to allocate at least one host of the pool of unallocated hosts to a workload domain is received, the allocation request including a requested hypervisor version of at least one host upon allocation. The at least one host is updated to the requested hypervisor version of the allocation request while the at least one host is in the pool of unallocated hosts.

Abstract: The document describes systems and methods for handling local (legacy) devices. A local cloud gateway comprises a plurality of interface connectors of different types to physically connect a plurality of these legacy devices to the cloud, comprising a plurality of distant servers. Developments describe the step of extracting the functional messages out of messages stemming from local legacy devices (e.g. protocol translators), secure communications, logical representations of legacy devices in the cloud (“twins”), administration options, various user interfaces (e.g. buzzer) for seamless configuration and use, the use of one or more actuators (retroactions on the physical world), etc. Software and/or hardware embodiments are described.

Abstract: In a computer-implemented method for configuring an appliance in a virtualization infrastructure via a graphical user-interface a list of hosts and a centralized management tool of the virtualization infrastructure is displayed via the graphical user-interface. The hosts are for hosting one or more virtual machines. The centralized management tool is for centrally managing the virtualization infrastructure. In response to selecting one of the hosts, displaying host configuration properties associated with the selected hosts via the graphical user-interface. The host configuration properties are associated with a displayed user input field.

Abstract: Methods and systems are provided for performing operations comprising: generating, on a publicly accessible server, a secure enclave, the secure enclave having isolated memory and processing resources of the server; installing, on the secure enclave, a virtual machine comprising a guest operating system of a first entity; installing, by the virtual machine, one or more cryptographic processes associated with the first entity; and encrypting and decrypting cryptographic keys associated with the first entity using the one or more cryptographic processes.

Abstract: Exemplary methods, apparatuses, and systems include a client virtual machine processing a system call for a device driver to instruct a physical device to perform a function and transmitting the system call to an appliance virtual machine to execute the system call. The client virtual machine determines, in response to the system call, that an established connection with the appliance virtual machine has switched from a first protocol to a second protocol, the first and second protocols including a high-performance transmission protocol and Transmission Control Protocol and Internet Protocol (TCP/IP). The client virtual machine transmits the system call to the appliance virtual machine according to the second protocol. For example, the established connection may switch to the second protocol in response to the client virtual machine migrating to the first host device from a second host device.

Abstract: Various embodiments of exchanges are described. Methods and other embodiments are also described.

Abstract: A specification of content to be stored in a cloud storage is received at a client-side component. A portion of the content is divided into a plurality of data chunks. One or more data chunks of the plurality of data chunks that are to be sent via a network to be stored in the cloud storage are identified. It is determined whether a batch size of the one or more identified data chunks meets a threshold size. Based on the determination of whether the batch size meets the threshold size, a cloud storage destination among a plurality of different cloud storage destinations associated with different performance tiers is selected.

Abstract: Various embodiments of the present technology generally relate to systems and methods for secure customer data handling. More specifically, some embodiments relate to handling of derivative data as a provider in a manner that supports security and provides a stronger level of control over the data. The solution supports four core principles of customer data handling: no export of customer data, unless authorized; remote operations only via shell access or equivalent; temporary and task-based privileges; and diagnostic data to be ephemeral. The customer data handling system herein includes a central repository for the storage of diagnostic data, an upload tool for uploading to the central repository and automated staging on containers, a diagnostic virtual machine that enables task-based access to diagnostic data and analysis tools hosted on a dedicated container, and an application for handling requests, provisioning and staging containers, and purging.

Abstract: Memory systems and methods of operating the memory systems are disclose. In one arrangement, a device includes a memory device configured to store first data, a first input/output (I/O) pin, and a serial communication device configured to receive the first data and output the first data. The serial communication device is connected to the first I/O pin via a first device. The device also includes a virtual communication logic configured to receive the first data and output the first data to a communication interface connected to a host device.

Abstract: The disclosure provides an approach for content based read cache (CBRC) digest file creation. Embodiments include determining a mapping between entries in a CBRC and physical block addresses (PBAs) associated with a source virtual machine (VM). Embodiments include creating a clone VM based on the source VM. Embodiments include, for each data block associated with the clone VM: determining a PBA associated with a logical block address (LBA) of the data block, determining, based on the mapping, whether data associated with the PBA is cached in the CBRC, and, if the data associated with the PBA is cached in the CBRC, copying a hash of the data from a first digest file of the source VM to a second digest file of the clone VM and associating the hash with the LBA in the second digest file.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed for high availability (HA) application migration in a virtualized environment. An example apparatus includes at least one memory, instructions in the apparatus, and processor circuitry to at least one of execute or instantiate the instructions to identify an HA slot in a virtual server rack, the HA slot to facilitate a failover of an application executing on a first virtual machine (VM) in the virtual server rack, the first VM identified as a protected VM, deploy a second VM in the HA slot, transfer data from the first VM to the second VM, and, in response to not identifying a failure of at least one of the first or second VMs during the transfer, trigger a shutdown of the first VM, and synchronize migration data associated with the virtual server rack to identify the second VM as the protected VM.

Abstract: An example method of creating a software image from software executing on a host in a virtualized computing system includes: obtaining, by an image generator executing in the virtualized computing system, an image metadata from the host, the image metadata describing a running image of a hypervisor executing on the host; identifying, from the image metadata, a plurality of software installation bundles (SIBs) used to install the running image on the host; obtaining, from the image metadata, SIB descriptors and SIB signatures for the plurality of SIBs; obtaining, from storage on the host, payloads referenced in the image metadata for the SIBs; and recreating the plurality of SIBs from the SIB descriptors, the SIB signatures, and the payloads.

Abstract: A user information collection system may include a service provisioning manager configured to manage provisioning of a VDI service provided from a VDI service provider; a charging manager configured to manage charging information according to a use of the VDI service by a user; a policy manager configured to manage a policy for the VDI service; a user manager configured to manage information of the user using the VDI service; a VDI service lifecycle manager configured to manage a lifecycle of the VDI service provided from the VDI service provider; and a multi-tenant connection manager configured to manage connection infrastructure information between at least one of a cloud environment for providing the VDI service and external software as a service (SaaS) and the VDI service provider.

Abstract: Systems and methods are described for reducing latency to service requests to execute code on an on-demand code execution system by maintaining snapshots of virtual machine instances in a ready state to execute such code. A user may submit code to the on-demand code execution system, which code depends on other software, such as an operating system or runtime. The on-demand code execution system can generate a virtual machine instance provisioned with the other software, and initialize the instance into a state at which it is ready to execute the code. The on-demand code execution system can then generate a snapshot of the state of the instance, and halt the instance. When a request to execute the code is received, the snapshot can be used to quickly restore the instance. The code can then be executed within the instance, reducing the need to initialize the instance or maintain the instance in an executing state.

Abstract: A software architecture within a public cloud network may include units of: (i) a plurality of computational instances respectively related to managed networks, (ii) a plurality of servers configurable as load simulators, (iii) administrative components configured to deploy and update the software architecture, and (iv) shared infrastructure services, wherein the units of the software architecture are implemented on virtual machines of the public cloud network and are connected to but logically isolated from one another by way of different access controls or policies. A provider network, coupled to the software architecture by way of network gateways within the shared infrastructure services, may be configured to deliver the configuration, software packages, and database schema to the infrastructure-as-code platform.

Abstract: Systems and methods for pre-loading applications with a constrained memory budget and prioritizing the applications based on contextual information are described. An Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: collect user context information and system context information, detect a triggering event based upon the user context information and the system context information, identify a memory budget for pre-loading one or more applications, and select the one or more applications with one or more settings configured to maintain a memory usage for the pre-loading below the memory budget.

Abstract: Techniques to utilize excess resources in a cloud system, such as by enabling an auxiliary resource utilizer to use resources while they are not needed to support primary resource utilizers, are described herein. Some embodiments are directed to identifying and allocating excess capacity of resources in a cloud system to auxiliary resource utilizers based on one or more policies. In various embodiments, excess resources in one or more of the set of resources in the cloud system, or cloud resources, may be determined based on monitoring utilization of the cloud resources by the primary resource utilizers. In many embodiments, an auxiliary resource utilizer that is in compliance with a set of utilization policies may be identified and the excess resources may be allocated to the auxiliary resource utilizer.

Abstract: A system may receive a first definition for a virtualized instance of a network function. The first definition may include a first set of declarations in a first format that is different than respective formats supported by different virtualized environments. The system may select a first virtualized environment to run the virtualized instance based on requirements specified within the first definition, and may generate a second definition with a second set of declarations that map the first set of declarations from the first format to a second format supported by the first virtualized environment. The system may deploy the virtualized instance to the first virtualized environment using the second set of declarations from the second definition. Deploying the virtualized instance may include configuring its operation based on some of the second set of declarations matching a configuration format supported by the first virtualized environment.

Abstract: A method includes determining virtual memory use of a vault based on virtual memory use of one dispersed storage (DS) unit of a set of DS units that services the vault within the DSN, where data is dispersed storage error encoded in accordance with dispersed data storage parameters to produce a plurality of sets of error coded (EC) data slices that are stored in the vault. The method continues by comparing the virtual memory use of the vault to one or more vault thresholds. When the virtual memory use of the vault is less than or equal to a first vault threshold of the one or more vault thresholds, the method continues by instructing a memory state of the vault to be in a normal state, wherein when the vault is in the normal state, a write mode is activated allowing write requests of EC data slices to the vault.

Abstract: In one implementation, a system resource is added to a storage system, for a resource-preserving upgrade. An upgrade component is coupled to the storage system as a temporary storage system shelf. Storage drives are moved from the storage system to the upgrade component. One or more storage controllers of the upgrade component are promoted to take over data services from the storage system.

Abstract: Examples described herein relate to a data protection policy management system (DPPMS) for tuning a data protection policy in events of failures. The DPPMS may detect a failure associated with an application that is protected via the data protection policy that includes settings corresponding to parameters comprising one or more of copy tiers, a data retention interval and a recovery point objective (RPO) for the copy tiers. The DPPMS may determine a type of the failure associated with the application. Further, the DPPMS may select, based on the type of the failure, at least one parameter of the parameters to be tuned in response to detection of the failure. Moreover, the DPPMS may tune the settings corresponding to the at least one selected parameter to adapt the data protection policy.

Abstract: Techniques for in-place live migration of guest domain compute instances are described. A secondary host domain, which may be a patched version of an initial host domain, is launched on a computing device in a candidate host domain role or as a guest domain with escalated privileges. Existing guest domains are live migrated within the computing device to utilize the secondary host domain while the initial host domain continues to serve guest domains that have not yet been migrated. When all guest domains have been migrated, the initial host domain may be terminated, resulting in a patched computing device without network-based failures or noticeable service degradation for the guest domains, and while allowing existing guest domain workflows and network connections to continue unaffected.

Abstract: A method and apparatus are disclosed to identify the operations/processes performed by one or more virtual machines. In one example method of operation, the system may perform identifying processes currently operating in an operating system and recording process information corresponding to each of the processes in a memory. The method may also include determining a priority for each of the processes currently operating in the operating system and incrementing a current priority of at least one of the processes.

Abstract: Methods, systems, and devices for security techniques for low power state of memory device are described. A host device may initiate a low power state of a memory device. The host device may store a first value of a counter associated with the memory device operating in the low power state and transmit a command to the memory device to enter the low power state. The memory device may increment the counter based on receiving the command and increment the counter to a second value. The host device may validate the memory device based on a difference between the first value of the counter stored by the host device and the second value of the counter.

Abstract: A secure guest of a computing environment requests confidential data. The confidential data is included in metadata of the secure guest, which is stored in a trusted execution environment of the computing environment. Based on the request, the confidential data is obtained from the metadata of the secure guest that is stored in the trusted execution environment.

Abstract: Some embodiments provide a method for a compute manager that manages (i) virtual machines executing on host computers and (ii) physical computers. The method uses a first set of application programming interfaces (APIs) to communicate with a virtual machine (VM) executing on a host first computer via a hypervisor executing on the host first computer. The method uses the first set of APIs to communicate with a second computer via a smart network interface controller (NIC) of the second computer, wherein the smart NIC translates the first set of APIs into a different, second set of APIs for the second computer so that the compute manager manages the VM and the second computer with the same first set of APIs.

Abstract: A method of performing write operations that have been received by a data storage apparatus is provided. The method includes (a) storing page descriptors for received write operations within temporary storage, each page descriptor indicating respective data to be written; (b) upon storing each page descriptor, organizing that page descriptor into a shared working-set structure; and (c) operating a plurality of flushers to persist the data indicated by respective page descriptors to long-term persistent storage based on organization of the page descriptors in the shared working-set structure, each flusher accessing page descriptors via the shared working-set structure. An apparatus, system, and computer program product for performing a similar method are also provided.

Abstract: An example virtualized computing system includes: a host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts, the virtualization layer supporting execution of virtual machines (VMs); an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server executing in a first VM of the VMs; guest cluster infrastructure software (GCIS) executing in the master server, the GCIS configured to create a set of objects defining a container orchestration cluster, and manage lifecycles of second VMs of the VMs based on state of the set of objects; and guest software executing in the second VMs to implement the container orchestration cluster as a guest cluster of the host cluster, the guest software having components that interface with the GCIS.

Abstract: Methods, systems, and computer-readable media for automated management of machine images are disclosed. A machine image management system determines that a trigger for a machine image build process has occurred. The machine image management system performs the machine image build process responsive to the trigger. The machine image build process generates a machine image, and the machine image comprises a plurality of operating system components associated with an application. The machine image is validated by the machine image management system for compliance with one or more policies. The machine image management system provides the machine image to one or more recipients. One or more compute resources are launched using the machine image, and the application is executed on the compute resource(s) launched using the machine image.

Abstract: Examples described herein include systems and methods for automatically configuring a VM on a server using information from a switch located remotely from the server. The switch can provide the configuration information in a Link Layer Discovery Protocol (“LLDP”) type-length-value (“TLV”) data structure. The configuration information can include various information related to configuring a VM, such as a VM identifier, an indication of a physical port of the server, a VM interface that corresponds to the identified physical port, and a virtual local area network (“VLAN”) identifier indicating that a particular VLAN corresponds to the VM, VM interface, or the physical port. The hypervisor can use this configuration information to automatically configure a newly instantiated VM, or reconfigure a VM for a new task, without manual user input.

Abstract: Systems, apparatuses, and methods for implementing telemetry push aggregation techniques are described. A computing system includes one or more input/output (I/O) agents interposed between functional units and a communication fabric. A given I/O agent receives a set of aggregation rules from a power management unit. The I/O agent monitors traffic from the functional units, and the I/O agent generates telemetry data from the traffic data based on the set of aggregation rules. The telemetry data is used by the power management unit to make adjustments to one or more power settings.

Abstract: An example method for discovering and grouping application endpoints in a network environment is provided and includes discovering endpoints communicating in a network environment, calculating affinity between the discovered endpoints, and grouping the endpoints into separate endpoint groups (EPGs) according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries. In specific embodiments, the affinity includes a weighted average of network affinity, compute affinity and user specified affinity.

Abstract: Method, device and computer program product for providing quarantined workspaces. A virtualization application operates on a host to simulate a virtual guest. A management application operates within the virtual guest. The management application controls transmission between guest applications and locations external to the virtual guest. The management application stores encryption keys inaccessible to the host. The management application intercepts attempted transmissions from guest applications to locations outside the virtual guest. Secure data files are identified in the attempted transmissions and encrypted before leaving the virtual guest using the encryption keys. The management application also prevents any unencrypted data from being provided to non-kernel host processes that have not been previously identified as permitted host processes while allowing unencrypted data transmission from the non-kernel host processes to any of the guest application processes.

Abstract: A method of migrating a user profile to a virtual desktop infrastructure (VDI) system includes enumerating applications installed at an endpoint of a user, retrieving a list of application settings files, determining file and registry locations of user profile data relating to the applications installed at the endpoint from the application settings files, and retrieving the user profile data from the determined file and registry locations and storing the user profile data in a shared storage. When a user logs in to a virtual desktop of the VDI system, the user profile data is retrieved from the shared storage and imported into file and registry locations specified by the application settings files of applications that are installed in the virtual desktop.

Abstract: Aspects of the disclosure relate to conducting software testing using dynamically masked data. In some embodiments, a computing platform may receive, from a developer computing platform, a test execution request that includes a test code for execution. Subsequently, the computing platform may establish a secure connection to an enterprise data storage database. Upon establishing the secure connection, the computing platform may request confidential data from the enterprise data storage database in connection the test execution request. Thereafter, the computing platform mat execute the test code, which may include receiving encrypted confidential data from the enterprise data storage, decrypting the confidential data, and plugging the confidential data into the test code.

Abstract: Some embodiments provide a novel method for performing services on a host computer that executes several data compute nodes (DCNs). The method receives, at a module executing on the host, a data message associated with a DCN executing on the host. The method supplies the data message to a service virtual machine (SVM) that executes on the host and on which several service containers execute. One or more of the service containers then perform a set of one or more services on the data message. The method then receives an indication from the SVM that the set of services has been performed on the data message.

Abstract: Techniques for live migrating a paravirtual remote direct memory access (PVRDMA) virtual machine (VM) from a source host system to a destination host system are provided. In one set of embodiments, during a pre-copy phase of the live migration process, a source hypervisor of the source host system can invoke an application programming interface (API) exposed by a source host channel adapter (HCA) of the source host system for initiating write tracing of remote direct memory access (RDMA) writes/atomic operations received from remote endpoints and can retrieve a write trace element generated by the source HCA that identifies a memory region of the PVRDMA VM written to as a result of an RDMA write/atomic operation and a write location within the memory region. The source hypervisor can then identify one or more guest memory pages of the PVRDMA VM dirtied per the write trace element and transmit data contents of those pages to the destination host system.

Abstract: A system and method are provided for synchronizing read-only folders from a cloud-based server. Users can set permissions when sharing folders with other users. The permissions are enforced by client devices of the users downloading content of the folders from the server. A folder at a user's client from the shared domain may include locally modified content and shared content. Based on an indication of a change by a second user to the folder at the server, the user's client modifies a local folder. To prevent local changes made by the user from being overwritten, the user's client identifies the folder containing locally-modified content as a local content folder not to be synchronized between the plurality of clients.

Abstract: Methods and systems for cryptographically secured data validation. The system includes a first validator. The first validator is designed and configured to receive a first instance of an immutable sequential data structure containing at least a first digitally signed textual element containing at least a first physical asset transfer field populated with a at least a first physical asset transfer datum and at least a second digitally signed textual element generated by a second validator. The first validator authenticates the first instance of the immutable sequential data structure. The first validator generates at least a second validity indicating a determination by the first validator as to the accuracy of the at least a first physical asset transfer field. The first validator detects a conflict between the first validity flag and the second validity flag. The first validator transmits to the at least a second validator an indication of the conflict.

Abstract: Disclosed herein are systems, products, and/or methods for determining a dependency between a task and a hardware component executing the task. The method may include: accessing an execution log storing information related to a plurality of tasks, each task of the plurality of tasks being executed by a respective computing device of a plurality of computing devices distributed across a network architecture; identifying a task of the plurality of tasks to obtain application layer information of the identified task; determining which respective computing device executed the identified task to obtain network layer information of the respective computing device; generating a dependency map illustrating a relationship between the identified task and the respective computing device that executed the identified task, the relationship including the application layer information and the network layer information; and displaying, using an interactive graphical user interface (GUI) on a user device, the dependency map.

Abstract: A template generation system includes a computing device configured to, in response to receiving a request for a resource from a user device, identify a set of network identifiers based on the request and select a subset of identifiers of the set of network identifiers based on filtering criteria and the request. The computing device is further configured to, for each identifier of the subset of identifiers, in response to a record being associated with the corresponding identifier, clean the record and generate a new record defining the resource by mapping the requested resource to the corresponding identifier. The computing device is also configured to populate a template based on a set of rules identifying the subset of identifiers and the new record and transmit the template to a deployment system.

Abstract: Systems, apparatuses, and methods are described for wireless communications. Third party charging may be performed to provide services for a wireless device. One or more policies may be determined for the wireless device based on charging information.

Abstract: Techniques are provided for on-demand serverless disaster recovery. A primary node may host a primary volume. Snapshots of the primary volume may be backed up to an object store. In response to failure, a secondary node and/or an on-demand volume may be created on-demand. The secondary node may provide clients with failover access to the on-demand volume while a restore process restores a snapshot of the primary volume to the on-demand volume. In some embodiments, there was no secondary node and/or on-demand volume while the primary node was operational. This conserves computing resources that would be wasted by otherwise hosting the secondary node and/or on-demand volume while clients were able to access the primary volume through the primary node. Modifications directed to the on-demand volume are incrementally backed up to the object store for subsequently restoring the primary volume after recovery.

Abstract: A high availability tax computing system. The system includes an enterprise computing system, a network system and an enterprise management system. The enterprise computing system performs tax computations consistent with tax calculation rules and pushes the tax computations results to the enterprise management system during a synchronization process. The synchronization process is performed consistent with synchronization rules. The tax computation rules and the synchronization rules may be customized. The enterprise management system performs configuration and maintenance operations to the enterprise computing device in the enterprise computing system.

Abstract: Embodiments described are directed to the evaluation of a dynamically changing communication network environment to ensure that individual participant thresholds and network-centric thresholds are maintained and satisfied. A plurality of conditions for multiple dimensions of data are set for each participant in the network and for the network as a whole. The participant and network conditions, along with the participant capabilities, are considered holistically across the entire network to determine if the network and the participants are meeting thresholds for the different dimensions of data. In various embodiments, the thresholds, either at an individual participant level or at the network level, may be augmented with priorities to ensure that higher priorities are satisfied.

Abstract: Systems, apparatuses and methods may provide for technology that stores first hardware related data to a basic input output system (BIOS) memory area and generates a mailbox data structure, wherein the mailbox data structure includes a first identifier-pointer pair associated with the first hardware related data. Additionally, the technology may generate an operating system (OS) interface table, wherein the OS interface table includes a pointer to the mailbox data structure. In one example, the technology also stores second hardware related data to the BIOS memory area at runtime and adds a second identifier-pointer pair to the mailbox data structure at runtime, wherein the second identifier-pointer pair is associated with the second hardware related data.

Abstract: A method for migration of containers in a container orchestration platform, such as Kubernetes or Docker swarm, between compute nodes of a seamless computing platform present in different computing domains is provided. The state of the compute nodes of the seamless computing platform is continuously monitored. On determining a trigger, a container to be moved from a current compute node to a target compute node of a number of compute nodes is identified. A container information of the container to be moved is generated which includes a container context and the current state of the container. The container information is used by the target node to retrieve the current state of the container to be moved which enables restarting the container on the target compute node.

Abstract: A container mode can be dynamically selected when an application is launched on an end user computing device. When an application is deployed to the end user computing device, a container configurator can collect information about the application and share it with a machine learning solution to receive an application score for the application. When the application is launched on the end user computing device, the container configurator can provide the application score, capabilities of the end user computing device, current resource utilization and admin preferences to the machine learning solution. The machine learning solution can then dynamically select a container mode based on this information and provide the selection to the container configurator. The container configurator can then cause the application to be launched within a container that matches the selected container mode.