Systems, methods, and computer-readable media are provided for securing cloud infrastructure, including a method comprising: establishing a trusted relationship between a source account in a cloud environment and a scanner account, using the established trust relationship, utilizing at least one cloud provider API to identify workloads in the source account, using the at least one cloud provider API to query a geographical location of at least one of the identified workloads, receiving an identification of the geographic location, using the cloud provider APIs to access block storage volumes of the at least one workload, determining a file-system of the at least one workload, mounting the block storage volumes on a scanner based on the determined file-system, activating a scanner at the geographic location, reconstructing from the block storage volumes a state of the workload, and assessing the reconstructed state of the workload to extract insights.

A “backup services container” comprises “backup toolkits,” which include scripts for accessing containerized applications plus enabling utilities/environments for executing the scripts. The backup services container is added to Kubernetes pods comprising containerized applications without changing other pod containers. For maximum value and advantage, the backup services container is “over-equipped” with toolkits. The backup services container selects and applies a suitable backup toolkit to a containerized application to ready it for a pending backup. Interoperability with a proprietary data storage management system provides features that are not possible with third-party backup systems. Some embodiments include one or more components of the proprietary data storage management within the illustrative backup services container. Some embodiments include one or more components of the proprietary data storage management system in a backup services pod configured in a Kubernetes node. All configurations and embodiments are suitable for cloud and/or non-cloud computing environments.

Described herein are systems, methods, and software to manage the simulation of an update to a software defined networking (SDN) virtualization platform in a computing environment. In one example, an update service identifies a request to simulate the update of a SDN virtualization platform from a first version to a second version. In response to the request, the update service will identify and provide one or more updated files associated with the second version to computing systems in the computing environment and update an application programming interface (API) configuration on the computing systems to direct API requests to the one or more updated files in places of one or more files associated with the first version. The update service further maintains a cache associated with modifications to the computing environment while the API configuration is updated.

In one embodiment, a system for managing a virtualization environment includes a plurality of host machines, wherein each of the host machines comprises a hypervisor and one or more user virtual machines (user VMs), and a virtual machine controller, one or more virtual disks comprising a plurality of storage devices, a virtualized file server (VFS) comprising a plurality of file server virtual machines (FSVMs), wherein each of the FSVMs is running on one of the host machines. The VFS may be configured to receive a request for storage system information from a user and generate and send a response to the request, wherein the response is customized according to configuration information of the VFS that is specific to the user. The storage system information requested may include a total size of storage available to the user, and the user may have an associated storage quota limit.

Techniques are disclosed for dynamically adjusting a throttling threshold in a multi-tenant virtualized computing environment. System health parameters are collected during a predetermined time interval. A system health status of the multi-tenant virtualized computing environment is determined. Based on the system health status, a throttling threshold for service requests for the multi-tenant virtualized computing environment is determined. The throttling threshold is applied for further service requests. During a subsequent time interval, an updated system health status of the multi-tenant virtualized computing environment is determined based on system health parameters received during the subsequent time interval. The throttling threshold is updated based on the updated system health status. The updated throttling threshold is applied for further service requests.

A next generation antivirus (NGAV) security solution in a virtualized computing environment includes a security sensor at a virtual machine that runs on a host and a security engine remote from the host. The integrity of the NGAV security solution is increased, by providing a verification as to whether a verdict issued by the security engine has been successfully enforced by the security sensor to prevent execution of malicious code at the virtual machine.

The present embodiments relate to data center outage detection and alert generation. An outage detection service as described herein can process near real-time data from various sources in a datacenter and process the data using a model to determine one or more projected sources of a detected outage. The model as described herein can include one or more machine learning models incorporating a series of rules to process near-real time data and offline data and determine one or more projected sources of an outage. An alert message can be generated to provide the projected sources of the outage and other data relevant to the outage.

In a running distributed data storage system that actively processes I/Os, metadata nodes are commissioned and decommissioned without taking down the storage system and without introducing interruptions to metadata or payload data I/O. The inflow of reads and writes continues without interruption even while new metadata nodes are in the process of being added and/or removed and the strong consistency of the system is guaranteed. Commissioning and decommissioning nodes within the running system enables streamlined replacement of permanently failed nodes and advantageously enables the system to adapt elastically to workload changes. An illustrative distributed barrier logic (the “view change barrier”) controls a multi-state process that controls a coordinated step-wise progression of the metadata nodes from an old view to a new normal. Rules for I/O handling govern each state until the state machine loop has been traversed and the system reaches its new normal.

One embodiment comprises a stateless container of binaries and a broker. The stateless container of binaries includes a code memory having stored thereon code for a first version of a first functional component of a content management system, the first functional component executable to provide a first version of a service. The broker may be executable to: receive a request for the service from a client application, the request associated with a user of the content management system; determine that the first version of the service is accessible with regard to the user; determine an available first server that hosts the first version of the service; provide an indication of the first version of the service to the client application; and provide an IP address and a port number associated with the available first server to the client application.

A core includes a memory buffer and executes an instruction within a virtual machine. A processor tracer captures trace data and formats the trace data as trace data packets. An event-based sampler generates field data for a sampling record in response to occurrence of an event of a certain type as a result of execution of the instruction. The processor tracer, upon receipt of the field data: formats the field data into elements of the sampling record as a group of record packets; inserts the group of record packets between the trace data packets as a combined packet stream; and stores the combined packet stream in the memory buffer as a series of output pages. The core, when in guest profiling mode, executes a virtual machine monitor to map output pages of the memory buffer to host physical pages of main memory using multilevel page tables.