Abstract: The present application relates to performing a scale-down of the computing resources allocated to executing a software application. For example, the software application for implementing a web server may be packaged as a container image, and one or more instances of the container images may be executed as one or more tasks. The individual tasks may be allocated a set of computing resources such as CPU and memory, and the incoming requests sent to the web server may be distributed across the tasks. If the volume of incoming requests drops below a threshold level, one or more of the tasks may be placed in standby mode, and the amount of computing resources allocated to such tasks may be reduced. When the volume of incoming requests returns above the threshold level, the amount of computing resources allocated to such tasks can be scaled back up to the full amount.

Abstract: Techniques are disclosed for providing automatic policy configuration for packet flows. For example, a computing device comprises a virtual node and one or more virtual execution elements coupled to the virtual node. The computing device may also comprise one or more processors configured to: receive a packet originating from an application workload hosted on the one or more virtual execution elements and destined for a remote destination device; determine the packet is part of a new packet flow; in response, configure, by a kernel of the computing device and without sending the packet to a user space of the computing device, a policy for a forward packet flow for the new packet flow; configure, by the kernel, a policy for a reverse packet flow associated with the forward packet flow; and send the packet toward the remote destination device in accordance with the policy for the forward packet flow.

Abstract: Various example embodiments for supporting security in a communication system are presented. Various example embodiments for supporting security in a communication system may be configured to support stateful security redundancy in the communication system. Various example embodiments for supporting stateful security redundancy in a communication system may be configured to support stateful security redundancy for a set of client devices based on a set of security nodes arranged in a security redundancy architecture. Various example embodiments for supporting stateful security redundancy for a set of client devices based on a set of security nodes arranged in a security redundancy architecture may be configured to support stateful security redundancy for a client device based on a security redundancy domain including an active security node and one or more standby security nodes.

Abstract: Accelerator access control whereby an application's access to an accelerator is revoked in order to allow the system to perform a system function. In one or more embodiments, when an application is executing, a credit system is utilized to provide credits for controlled access to the accelerator. When request information is received to remove access to a credit associated with the application's access to the accelerator, the credit is marked to fail with operating system interfaces. Also, in one or more embodiments, if the credit is in use for accessing the accelerator, an effective address associated with the credit is unmapped from the accelerator.

Abstract: Techniques are disclosed relating to the protection of secrets within a software development lifecycle. Developers can use an encryption service to encrypt a secret to be used by an application within a package. The secret can be associated with the application, and then encrypted and included in a package that is signed and passed through a software automation pipeline to a data center that hosts the production server for the application. The application executing on the production server can request that the secret be decrypted by a decryption service after package verification. A developer can also specify, in a manifest file, a set of secrets needed for applications executing in the same data center. The manifest file may be passed from the software development environment to the data center, where the specified secrets are created and used by the applications without ever residing or being accessible outside the data center.

Abstract: An information handling system may concurrently execute a first container and a second container. The information handling system may access one or more first firmware settings stored in a first portion of a memory of the information handling system. The one or more first firmware settings may be first firmware settings for one or more resources allocated to the first container. One or more first firmware parameters for the first container may be adjusted based, at least in part, on the one or more first firmware settings. The information handling system may cress one or more second firmware settings stored in a second portion of the memory of the information handling system, different from the first portion of the memory. The one or more second firmware settings may be for one or more resources allocated to the second container. One or more second firmware parameters for the second container may be adjusted based, at least in part, on the one or more second firmware settings.

Abstract: Techniques for transferring virtual machines and resource management in a virtualized computing environment are described. In one embodiment, for example, an apparatus may include at least one memory, at least one processor, and logic for transferring a virtual machine (VM), at least a portion of the logic comprised in hardware coupled to the at least one memory and the at least one processor, the logic to generate a plurality of virtualized capability registers for a virtual device (VDEV) by virtualizing a plurality of device-specific capability registers of a physical device to be virtualized by the VM, the plurality of virtualized capability registers comprising a plurality of device-specific capabilities of the physical device, determine a version of the physical device to support via a virtual machine monitor (VMM), and expose a subset of the virtualized capability registers associated with the version to the VM. Other embodiments are described and claimed.

Abstract: Herein are resource-constrained techniques that plan ahead for resiliently moving pluggable databases between container databases after a failure in a high-availability database cluster. In an embodiment that has a database cluster that hierarchically contains many pluggable databases in many container databases in many virtual machines, a computer identifies many alternative placements that respectively assign each pluggable database instance (PDB) to a respective container database management system (CDBMS). For each alternative placement, a respective placement score is calculated based on the PDBs and the CDBMSs. Based on the placement scores of the alternative placements, a particular placement is selected with a best placement score that indicates optimal resilience for accommodating adversity such as failover and overcrowding.

Abstract: A layered composite boot device, and a corresponding layered composite file system, can be implemented by a boot manager. Requests directed to the layered composite boot device and file system, can be serviced from a primary device and file system that are encapsulated by the layered composite boot device and file system. The primary device and file system can correspond to a virtualized file system within a container environment, thereby enabling changes within the container environment to affect early stages of operating system booting in the container environment. Should such requests not be serviceable from the primary layers, the composite device and file system can comprise secondary layers that can correspond to a container host connection and the host file system, providing fallback to existing data if changes within the container environment were not made, thereby enabling booting to proceed in a traditional manner.

Abstract: A data storage device and method for adaptive host memory buffer allocation based on virtual function prioritization are provided. In one embodiment, a data storage device is provided comprising a memory, an interface, and a controller. The controller is configured to receive priority information of each of a plurality of virtual functions in the host and allocate space in the host memory buffer for each of the plurality of virtual functions based on the priority information. The controller is further configured to dynamically reallocate the space. Other embodiments are possible, and each of the embodiments can be used alone or together in combination.

Abstract: A data protection agent is installed as a guest within a virtual machine (VM) hosted by a host and a snapshot data mover is installed external to the VM on the host. Upon receiving a command to conduct a backup, a first request is issued to a copy service of the VM indicating that an application in the VM is to be backed up. A second request for a snapshot is issued to the snapshot data mover. The snapshot data mover passes the snapshot request to a virtual machine manager. Upon the snapshot data mover receiving an identifier for the snapshot, the snapshot data mover passes the snapshot identifier to the agent thereby allowing the agent to locate the snapshot and conduct the backup.

Abstract: A method of orchestrating one or more radio resources among various services executing within a container. The method includes obtaining, by an orchestration engine executing on a network device, a request, from a first service of a plurality of services, for use of a physical/hardware resource that connects a container running on the network device to a network. The request from the first service has a particular priority. The plurality of services execute within the container. The method further includes determining whether to connect the first service to the network via the physical/hardware resource based on the priority and an availability status of the physical/hardware resource and establishing, at a kernel level, a connection between the first service and the physical/hardware resource based on the determining.

Abstract: In some examples, a computing device includes memory including system memory, and a processor in electronic communication with the memory. In some examples, the processor receives a system management interrupt. In some examples, the processor identifies trigger code that triggered the system management interrupt. In some examples, the processor executes code from the system memory when the trigger code is a virtualization program.

Abstract: A method to execute a mode-transition in a multi-mode computer system from a current to a future mode during run-time of the computer system, wherein the computer system comprises hosts with processing cores. A mode-transition is determined by a transition definition, wherein all transition definitions form a set of transition definitions, and wherein a transition definition between two defined modes comprises a reference to the initial mode, a reference to the future mode, and a list of specific actions to be executed during the mode-transition. A first function runs on a host of the hosts. A second function runs on a processing core of the hosts. Third functions are provided, wherein a third function is running on a processing core in each of the hosts of the computer system. Fourth functions are provided, wherein on each processing core of the computer system a fourth function is running.

Abstract: Upon receiving a request to hibernate a hypervisor of a virtualization system running on a first computer, acts are carried out to capture a state of the hypervisor, where the state of the hypervisor comprises hypervisor logical resource parameters and an execution state of the hypervisor. After hibernating the hypervisor by quiescing the hypervisor and storing the state of the hypervisor into a data structure, the data structure is moved to a different location. At a later moment in time, the data structure is loaded onto a second computing machine and restored. The restore operation restores the hypervisor and all of its state, including all of the virtual machines of the hypervisor as well as all of the virtual disks and other virtual devices of the virtual machines. Differences between the first computing machine and the second computing machine are reconciled before execution of the hypervisor on the second machine.

Abstract: A transportation system having a transportation space including destinations distributed in the transportation space, multiple independent automated vehicles configured for free roving through the transportation space to and between the destinations so that the vehicles are dynamically distributed through the transportation space, a control system communicably connected via a remote communication link to each of the vehicles and having a system controller that addresses each vehicle to different destinations, and the control system having a vehicle accountant controller separate and distinct from the system controller and configured to independently register a dynamic location of at least one of the vehicles, selected from the multiple vehicles in the transportation space, and command shutdown, via the remote communication link, to only the selected at least one vehicle at the registered location if the registered location corresponds to a predetermined location.

Abstract: The present application relates to performing a scale-up of the computing resources allocated to executing a software application. For example, the software application for implementing a web server may be packaged as a container image, and one or more instances of the container images may be executed as one or more tasks. The individual tasks may be allocated a set of computing resources such as CPU and memory, and the incoming requests sent to the web server may be distributed across the tasks. If the volume of incoming requests drops below a threshold level, one or more of the tasks may be placed in standby mode, and the amount of computing resources allocated to such tasks may be reduced. When the volume of incoming requests returns above the threshold level, the amount of computing resources allocated to such tasks can be scaled back up to the full amount.

Abstract: The technology disclosed includes a system to group security alerts generated in a computer network and prioritize grouped security alerts for analysis, through graph-based clustering. The graph used to form clusters includes entities in the computer network represented as scored nodes, and relationships of entities as weighted edges. The technology disclosed includes traversing the graph starting at starting nodes and propagating native scores through and to neighboring nodes connected by the weighted edges. The propagated scores at visited nodes are normalized by attenuation based on contributing neighboring nodes of a respective visited node. An aggregate score for a visited node is calculated by accumulating propagated scores at visited nodes with their respective native scores. The technology disclosed forms clusters of connected nodes in the graph that have a respective aggregate score above a selected threshold. The clusters are ranked and prioritized for analysis, pursuant to the aggregate scores.

Abstract: Systems and methods include obtaining trusted network rules for a plurality of networks, wherein the trusted network rules include whether a network is untrusted or one of a plurality of trusted networks; obtaining policy configurations for each of the trusted network rules, wherein the policy configurations define configurations for a cloud-based system to use with a user device based on a corresponding network where the user device is connected; communicating with the user device and determining which network of the plurality of network the user device is connected; and applying the configurations in the cloud-based system for the user device based on the network the user device is connected. The steps can further include obtaining forwarding policies for each of the plurality of networks; and providing the forwarding policies to a connector application executed on the user device.

Abstract: Post-copy is one of the two key techniques (besides pre-copy) for live migration of virtual machines in data centers. Post-copy provides deterministic total migration time and low downtime for write-intensive VMs. However, if post-copy migration fails for any reason, the migrating VM is lost because the VM's latest consistent state is split between the source and destination nodes during migration. PostCopyFT provides a new approach to recover a VM after a destination or network failure during post-copy live migration using an efficient reverse incremental checkpointing mechanism. PostCopyFT was implemented and evaluated in the KVM/QEMU platform. Experimental results show that the total migration time of post-copy remains unchanged while maintaining low failover time, downtime, and application performance overhead.

Abstract: As part of a container initialization procedure, a maximum number of hardware threads per processor core in a set of cores of a computer system are enabled, the container initialization procedure configuring an operating system executing on the computer system for container execution and configuring a first container for execution on the operating system. From a set of available cores in the set of cores, an execution core is selected. In the selected execution core, a number of threads per core to be used during execution of the first container is configured, the number of threads per core specified for the container initialization procedure by a first simultaneous multithreading (SMT) parameter. Using the configured execution core, the first container is executed, the executing virtualizing the operating system.

Abstract: Implementations for dynamically visualizing service mesh topologies with event-based messaging are described. An example method may include obtaining, by a processing device, topology data characterizing a service mesh comprising a plurality of nodes; obtaining tracing data associated with events processed by a message broker servicing the plurality of nodes; identifying, based on the tracing data, a message flow between at least two nodes of the plurality of nodes of the service mesh, wherein the at least two nodes represent a source and a destination of a message associated with the events; and providing, via a graphical user interface (GUI), visualization of the service mesh with the message flow.

Abstract: Examples described herein relate to a method and a system, for example, a workload controller, for accessing purged workloads. An alert indicative of an attempt to access a purged workload of workloads deployed in a workload environment may be received by the workload controller. The purged workload may include one or both of a deactivated workload or an archived workload. The workload controller may detect the attempt to access the purged workload based on port mirrored data traffic. Further, in some examples, the workload controller may activate the purged workload based on the alert.

Abstract: An information handling system may include a host system, a management controller configured to provide out-of-band management of the information handling system, and a network interface including a network interface storage resource. The management controller may be configured to: receive, from the host system, information relating to installation of a network interface operating system; transmit the information to the network interface; and cause the network interface to install the network interface operating system onto the network interface storage resource.

Abstract: A system, method and processor that mitigates security vulnerabilities using context-dependent address space hiding. In some embodiments, a hardware mechanism allows a more-privileged software component managing multiple less-privileged software components to blind itself against “out-of-context” less-privileged software components. The hardware mechanism can allow the more-privileged software component to dynamically hide a portion of the more-privileged address space related to the “out-of-context” less-privileged software components, based on knowledge of the “in-context” less-privileged software component. A context register is set with a value from which an address range, within the address space of the more-privileged software component, can be determined, where the address range is associated with a first less-privileged software component can be determined.

Abstract: An event processing system for processing events in an event stream is disclosed. The system can launch a first CQL engine in a cluster of CQL engines using a CQL engine tracking engine. The system can schedule, using the CQL engine tracking engine, the first CQL engine to process a batch of a continuous stream of input events related to an application. The system can track, using the CQL engine tracking engine, the first CQL engine to be scheduled for execution. The system can then execute, using the CQL engine tracking engine, the first CQL engine to process the batch of the continuous stream of input events to generate a set of output events related to the application.

Abstract: Techniques are provided for restoring a directory from a snapshot of a volume backed up to an object store. The snapshot may be backed up from a node to the object store, such as a cloud computing environment. A user may want to restore the directory within the volume without having to restore the entire volume, which otherwise would waste computing resources, storage, network bandwidth, and time. Accordingly, the techniques provided herein are capable of restoring just the directory from the snapshot that is stored within the object store. Because snapshot data of the snapshot may be stored across multiple objects within the object store, certain objects are identified as comprising snapshot data (backup data) of the directory and content items within the directory. In this way, the snapshot data of the directory is restored from these objects to a restore directory at a restore target.

Abstract: A disclosed method provides a structured definition for a distributed application comprising two or more component applications. The definition may identify each component and a component type, e.g. VM or container, collocation information indicative of collocation requirements for one or more of the components, and external dependency information indicating constraints the alternative environment must comply with. The distributed application may be deployed to one or more endpoints. Responsive to detecting a triggering event for evaluation of component relocation alternatives, disclosed methods may invoke a resource balancing engine to identify a viable alternative endpoint for one or more component applications. Responsive to identifying a viable alternative endpoint for a particular component application, disclosed methods may relocate the particular component application to the alternative endpoint.

Abstract: A method including determining, by a VPN server based on requesting data of interest from a host device, that the host device has declined to provide the data of interest to the VPN server; verifying, by the VPN server, an identity of a secondary server with which the VPN server is authorized to establish a secure connection; establishing, by the VPN server based on verifying the identity of the secondary server, a secure connection with the secondary server to enable communication of encrypted information between the VPN server and the secondary server; and transmitting, by the VPN server to the secondary server over the secure connection, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to request the data of interest from the host device is disclosed. Various other aspects are contemplated.

Abstract: A facility for operating an application on a server having a number of processors is described. The facility receives a number of application requests, each addressed to one of a plurality of instances of the application executing on the server. The facility causes each received application request to be processed in the application instance to which it was addressed, using exclusively processing resources of a selected one of the plurality of processors on which the application instance was invoked, using exclusively memory locations served by memory modules to which the selected processor is directly connected.

Abstract: Disclosed herein are systems and method for moving a process from a host to a virtual machine (VM). In one exemplary aspect, a method comprises freezing the process at a host operating system (OS) of the host; transferring at least one kernel object of the process from the host OS to a VM OS of the VM; reconfiguring at least one input-output (IO) resource of the process to point to a host-VM channel such that data flow between the host and the VM is enabled; in response to determining that the IO resource is a network socket and that the VM has network access, creating a network socket on the VM side and re-configuring a network connection of the VM; mapping memory utilized by the process to the VM by remapping at least one page of the memory into the VM OS; and unfreezing the process at the VM OS.

Abstract: Each node of a storage cluster determines its capabilities and advertises the set of capabilities along with respective capability weights to other nodes of the storage cluster. Nodes monitor their systems for capability changes and, as capabilities of the nodes dynamically change, the dynamic changes to the node capabilities are similarly advertised. The advertised capabilities are passed to a cluster service manager which creates capabilities groups based on the advertised capabilities of the nodes. When a service is deployed to the storage cluster or moved within the cluster, the cluster service manager determines the set of required capabilities associated with the service, and uses the capabilities groups to identify nodes of the storage cluster for implementation of the service. Where more than one node has advertised the required sets of capabilities, the weights are used in an election process to determine which node should be used to implement the service.

Abstract: A sharable resource of a first user's environment is identified. The sharable resource is configured as sharable in a shared computer environment. A matching resource that is sufficiently similar to the sharable resource is located. The matching resource is used by pre-existing users of the shared computer environment. Agreement from the pre-existing users for the first user to access the matching resource is obtained. The first user is then provided access to the matching resource.

Abstract: A system includes a stored counter value and a stored boot manifest including a manifest type flag. A manifest type of the boot manifest is determined based on the manifest type flag, a tenancy mode is determined based on a parity of the counter value, a first boot is executed if the manifest type is a first manifest type and the tenancy mode is a first tenancy mode, a second boot flow is executed if the manifest type is the first manifest type and the tenancy mode is a second tenancy mode, a third boot flow is executed if the manifest type is a second manifest type and the tenancy mode is the first tenancy mode, and a fourth boot flow is executed if the manifest type is the second manifest type and the tenancy mode is the second tenancy mode.

Abstract: The present disclosure provides systems and methods for increasing the cybersecurity of a control subject of an industrial technological system. In an exemplary aspect, the method comprises installing a protected Operating System (OS) on a control subject of the industrial technological system, receiving, by the protected OS, a plurality of log files from the control subject, analyzing, by the protected OS, the plurality of log files to determine if a suspicious action has been applied to the control subject, wherein the control subject is configured to apply a controlling action to the object of control, intercepting, by the protected OS, network packets transmitted by an application launched in a guest OS to the control subject, and preventing, by the protected OS, an interaction between the application and the control subject, in response to determining that the suspicious action has been applied to the control subject.

Abstract: Various embodiments set forth techniques for taking a snapshot of virtual memory of a virtual machine. One technique includes allocating, in a persistent memory, one or more blocks associated with a virtual memory; detecting a write request associated with a first portion of the virtual memory; in response to detecting the write request associated with the first portion, prioritizing the first portion; based on the prioritizing, copying the first portion into the one or more blocks in the persistent memory ahead of a second portion of the virtual memory; and after copying the first portion: applying the write request to the first portion; and copying the second portion into the one or more blocks in the persistent memory.

Abstract: This application provides a virtualized device, and an interrupt processing method running on the virtualized device. The method includes: performing, by a processor, the following operations in a guest mode: receiving, by the processor, an interrupt request from hardware; determining, by the processor, a processing entity of the received interrupt request based on a correspondence between the interrupt request and the processing entity; and when the processing entity of the received interrupt request includes the virtual processor currently running on the processor, determining, by the processor based on a correspondence between the interrupt request and an interrupt service routine, the interrupt service routine corresponding to the received interrupt request, and invoking the interrupt service routine to process the interrupt request.

Abstract: Techniques discussed herein relate to implementing a distributed computing cluster (the “cluster”) including a plurality of edge devices (e.g., devices individually configured to selectively execute within an isolated computing environment). One edge device may be configured to operate as a head node of the cluster at a given time. A request for virtual resources of the cluster may be received from a user device and directed to the first edge device of the cluster. The first edge device may determine it is not operating as a head node of the cluster. The first edge device may determine that a second edge device of the cluster is operating as the head node. In response, the first edge device may forward the request to the second edge device, wherein forwarding the request to the second edge device causes the second request to be processed by the cluster.

Abstract: A continuous optimizer detects a code promotion of a candidate release of an application. In response to the code promotion, the continuous optimizer instantiates a JVM and profiles the application to obtain a JVM profile. The continuous optimizer benchmarks the candidate release against the JVM and JVM profile. The continuous optimizer further compares the benchmark results with previous benchmark results. Based upon the comparison and a set of rules, the continuous optimizer causes the candidate release to be promoted.

Abstract: The system described herein provides a method for deploying, managing, scaling, configuring, upgrading, and modifying large complicated systems that are made-up of many different network resources. These network resources may be virtual machines or containers. The system constructs a hierarchical SNS by building up layers from the inside of an outer SNS. The system conducts health checks at each layer to ensure the system is properly functioning and the deployment is healthy. Lastly, third party vendors input logic in each layer to identify a desired state for the system. Once the desired state is identified, each layer can determine the necessary actions to upgrade from the current state to the desired state. This system simplifies, adds efficiency, and increases security when deploying, scaling, configuring, upgrading, or modifying the system.

Abstract: The present disclosure relates to systems, methods, and computer readable media for predicting surplus capacity on a set of server nodes and determining a quantity of deferrable virtual machines (VMs) that may be scheduled over an upcoming period of time. This determination of VM quantity may be determined while minimizing risks associated with allocation failures on the set of server nodes. This disclosure described systems that facilitate features and functionality related to improving utilization of surplus resource capacity on a plurality of server nodes by implementing VMs having some flexibility in timing of deployment while also avoiding significant risk caused as a result of over-allocated storage and computing resources. In one or more embodiments, the quantity of deferrable VMs is determined and scheduled in accordance with rules of a scheduling policy.

Abstract: A technique for remote administration of a device to be administered. A relay device receives a request to activate a filter for administration of the device to be administered from a referring administration server. This activation request includes information relating to rights assigned to a third-party administration server for delegating the administration of the device to be administered. The relay device then applies a filter to a message received from the third-party administration server intended for the device to be administered, the message received from the third-party administration server being filtered by the filter when it does not comply with the rights assigned to the third-party administration server.

Abstract: Disclosed herein are an apparatus and method for a multi-cloud service platform. The apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program may receive a service request from a user client device, generate a multi-cloud infrastructure service using multiple clouds in response to the service request, make the multiple clouds interoperate with mufti-cloud infrastructure in order to provide the multi-cloud infrastructure service, and generate a multi-cloud application runtime environment corresponding to the multi-cloud infrastructure service.

Abstract: Example caching systems and methods are described. In one implementation, a method identifies multiple files used to process a query and distributes each of the multiple files to a particular execution node to execute the query. Each execution node determines whether the distributed file is stored in the execution node's cache. If the execution node determines that the file is stored in the cache, it processes the query using the cached file. If the file is not stored in the cache, the execution node retrieves the file from a remote storage device, stores the file in the execution node's cache, and processes the query using the file.

Abstract: The present application describes a method and apparatus for managing a service in a service layer. In particular, a method describes a computer readable storage medium including instructions for managing a service in a service layer where the instructions are executed by a processor. The executed instructions cause the processor to receive a request to manage, via a service enabler function of the service layer, a change of state of the service including adding, removing, activating, or deactivating the service. The request may include a service description. The executed instructions also cause the processor to evaluate, via the service enabler function, the service description comprising identifiers of one or more services to manage. The executed instructions further cause the processor to identify one or more service capabilities in the service layer to assist in managing the one or more services identified in the service description.

Abstract: A food preparation appliance and associated components and methods. The food preparation appliance is configured to support transmission of operations updates and other data to/from a local or remote computer. In some embodiments, the food preparation appliance provides a virtual data bus for transmission of the updates or data. The virtual data bus may be bridged to a physical data bus of the food preparation appliance. The food preparation appliance can be configured to receive operations updates regardless of an operational mode of the food preparation appliance.

Abstract: A method includes receiving a request to perform a shuffle operation on a data stream; receiving at least a portion of the data stream including a plurality of records, each including a key; storing each of the plurality of records in a persistent storage location assigned to a key range corresponding to keys included in the plurality of records; receiving a request from a consumer for a subset of the plurality of records including a range of keys; and upon receiving the request from the consumer, providing the subset of the plurality of records including the range of keys from the one or more persistent storage locations.

Abstract: A system is disclosed. The system may include a first device including a first processor, and a second device including a second processor, a memory, a first storage, and a second storage. The first storage may operate at a first speed, and the second storage may operate at a second speed that is slower than the first speed. The second device may be remote relative to the first device. The first device may load a metadata from a memory address in the memory of the second device. The first device may also access a data from the second device based at least in part on the metadata in the memory of the second device.

Abstract: A data management system comprises: a storage appliance configured to store a snapshot of a virtual machine; and one or more processors in communication with the storage appliance. The one or more processors are configured to perform operations including: identifying a plurality of shards of the virtual machine; requesting a snapshot of each of the plurality of shards; receiving the shards asynchronously; ordering the received snapshot shards sequentially into a results queue; and storing a single snapshot of the virtual machine based on the ordered snapshot shards. Operations may further include maintaining a flow control queue that limits the number of snapshot shards requested.

Abstract: Techniques for network-management-card-assisted shutdown of hyperconverged infrastructure (HCI) are disclosed. A network management card (NMC) includes: a network interface communicatively coupled with an HCI environment; one or more processors; and one or more non-transitory computer-readable media storing instructions. The instructions, when executed by the one or more processors, cause the one or more processors to perform operations including: receiving, from the HCI environment via the network interface, a selection of a set of shutdown instructions from multiple sets of shutdown instructions supported by the NMC, the multiple sets of shutdown instructions being configured to support shutdown processes for at least two different HCI platforms; detecting that the HCI environment is performing a shutdown; and finalizing the shutdown at least by executing the set of shutdown instructions.