According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to determine, for each of a plurality of members in a group, a respective least privilege level for a resource and determine, based on the determined respective least privilege levels, a privilege level to be assigned to the group for the resource. The instructions may also cause the processor to assign the determined privilege level to the group for the resource and apply the assigned privilege level to the members of the group for the resource.

A compilation system can define, at compile time, the data blocks to be managed by an Even Driven Task (EDT) based runtime/platform, and can also guide the runtime/platform on when to create and/or destroy the data blocks, so as to improve the performance of the runtime/platform. The compilation system can also guide, at compile time, how different tasks may access the data blocks they need in a manner that can improve performance of the tasks.

A computer network optimization methodology is disclosed. In a computer-implemented method, components of a computing environment are automatically monitored, and have a feature selection analysis performed thereon. Provided the feature selection analysis determines that features of the components are in frequent communication and generating network latency. Provided the feature selection analysis determines that features of the components are not well defined, a similarity analysis of the features is performed. Results of the feature selection methodology are generated, and the components involved in the network traffic latency are reassigned to migrate the latency.

An apparatus comprises an interrupt distributor to distribute virtual interrupts to one or more physical processors, each virtual interrupt to be handled by one of a plurality of virtual processors mappable to said one or more physical processors; and control circuitry to maintain virtual processor interrupt tracking information corresponding to a given virtual processor. The virtual processor interrupt tracking information includes a pending interrupt record tracking which types of virtual interrupts are pending for the given virtual processor, and separate from the pending interrupt record, a pending interrupt status indication indicating a pending interrupt status for the given virtual processor. The pending interrupt status indicates whether the number of pending virtual interrupts for the given virtual processor is zero.

System and methods are described for efficient monitoring of network traffic in a public cloud computing environment. In one implementation, a method comprises: generating flow log records of network traffic in the public cloud computing environment; identifying a data packet that presents a potential security risk; identifying a captured data packet (PCAP) record corresponding to the identified data packet; and transmitting the PCAP record to a computing device for network traffic analysis.

A method of traffic reduction in a mesh computing system (400), the mesh computing system (400) comprising hosts located on edge nodes of the mesh computing system (400) and a central registry located outside the mesh computing system (400), the central registry holding the images. The method comprises, at a first host located at a first edge node, receiving (920) a request from a client for an image, sending (930) a request for the image to at least one other host of the mesh computing system (400). When the first host receives (940) notification that at least a second host holds the image, the first host downloads (960) the image from the second host to the first host. The first host creates (970) a container from the image. A host at a node (636; 700) and a mesh computing system (400) are also provided.

The present disclosure describes a technique for honoring virtual machine placement constraints established on a first host implemented on a virtualized computing environment by receiving a request to migrate one or more virtual machines from the first host to a second host and without violating the virtual machine placement constraints, identifying an architecture of the first host, provisioning a second host with an architecture compatible with that of the first host, adding the second host to the cluster of hosts, and migrating the one or more virtual machines from the first host to the second host.

Systems, computer-readable media, and methods are disclosed for parallel data processing for service function chains with network functions spanning multiple servers. An example system includes a first server hosting a first network function of a service function chain, a second server hosting a second network function of the service function chain, a mirror function deployed in a first switch to replicate a plurality of packets received by the system and to send respective copies of the plurality of packets to the first network function and to at least one of the second network function and a third network function of the service function chain, and a merge function deployed in a second switch to merge respective outputs of the first network function and the at least one of the second network function and the third network function.

A software switch and a method performed by the software switch are disclosed. The software switch receives, from a node deploying a virtual machine, a request for a virtual port to be polled by the virtual machine. The request includes a Central Processing Unit “CPU” identity identifying a CPU on which the virtual machine executes. The request includes an indication of a clock frequency at which the CPU is set to operate. The software switch determines a number of packets in a queue associated with the virtual port. The software switch adjusts the clock frequency of the CPU based on the number of packets in the queue. A corresponding computer program and a computer program carrier are also disclosed.

Provided herein are systems and methods for providing insights or metrics in connection with provisioning applications and/or desktop sessions to end-users. Network devices (e.g., appliances, intermediary devices, gateways, proxy devices or middle-boxes) can gather insights such as network-level statistics. Additional insights (e.g., metadata and metrics) associated with virtual applications and virtual desktops can be gathered to provide administrators with comprehensive end-to-end real-time and/or historical reports of performance and end-user experience (UX) insights. Insights relating to an application or desktop session can be used to determine and/or improve the overall health of the infrastructure of the session, Citrix Virtual Apps and Desktops, the applications (e.g., remote desktop application) being delivered using the infrastructure, and/or the corresponding user experience.