A service manages a plurality of virtual machine instances for low latency execution of user codes. The plurality of virtual machine instances can be configured based on a predetermined set of configurations. One or more containers may be created within the virtual machine instances. In response to a request to execute user code, the service identifies a pre-configured virtual machine instance suitable for executing the user code. The service can allocate the identified virtual machine instance to the user, create a new container within an instance already allocated to the user, or re-use a container already created for execution of the user code. When the user code has not been activated for a time-out period, the service can invalidate allocation of the virtual machine instance destroy the container. The time from receiving the request to beginning code execution is less than a predetermined duration, for example, 100 ms.

Controlling allocation of resources in network function virtualization. Data defining a pool of available physical resources is maintained. Data defining one or more resource allocation rules is identified. An application request is received. Physical resources from the pool are allocated to virtual resources to implement the application request, on the basis of the maintained data, the identified data and the received application request.

Systems, apparatuses, and methods related to a computer system having a page table entry containing security settings for calls from predefined domains are described. The page table entry can be used to map a virtual memory address to a physical memory address. In response to a call to execute a routine identified using the virtual memory address, a security setting corresponding to the execution domain from which the call initiates can be extracted from the page table entry to determine whether a security measure is to be used. For example, a shadow stack structure can be used to protect the private stack content of the routine from being access by a caller and/or to protect the private stack content of the caller from being access by the callee.

Accelerated synchronization operations using fine grain dependency check are disclosed. A graphics multiprocessor includes a plurality of execution units and synchronization circuitry that is configured to determine availability of at least one execution unit. The synchronization circuitry to perform a fine grain dependency check of availability of dependent data or operands in shared local memory or cache when at least one execution unit is available.

The technology provides for live migration from a first cluster to a second cluster. For instance, when requests to one or more cluster control planes are received, a predetermined fraction of the received requests may be allocated to a control plane of the second cluster, while a remaining fraction of the received requests may be allocated to a control plane of the first cluster. The predetermined fraction of requests are handled using the control plane of the second cluster. While handling the predetermined fraction of requests, it is detected whether there are failures in the second cluster. Based on not detecting failures in the second cluster, the predetermined fraction of requests allocated to the control plane of the second cluster may be increased in predetermined stages until all requests are allocated to the control plane of the second cluster.

Described herein is a system and method for flow state save/restore of a virtual filtering platform. A first instance of a driver manages policy and flow state for ongoing flows between client device(s) and virtual machine(s). The virtual filtering platform is transitioned from the first instance of a driver to a second instance of the driver by serializing the policy and state for the ongoing flows on the first instance of the driver using a one pass algorithm. The serialized policy and state for the ongoing flows can be de-serialized with the ongoing flows re-established and/or reconciled on the second instance of the driver in accordance with the de-serialized policy and state for the plurality of ongoing flows. In some embodiments, a memory management technique can use a single operating system memory allocation call to allocate memory for the transition, with the technique managing utilization of the allocation memory.

The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.

A system and method of adjusting a refresh rate to match a given remote desktop stream frame rate is described. The system may include a processing device to transmit, as a media stream, a portion of a remote desktop image with a frame rate that matches a refresh rate to a remote desktop client.

An information processing apparatus and a method of controlling the information processing apparatus are provided. The information processing apparatus is operable to install and execute an application for providing an extended function, obtains, from a server, a containerized application linked to a logged-in user or designated by a user and stores the obtained application in a storage. The apparatus weights the application stored in the storage in accordance with a characteristic or a usage state of the application and deletes an application stored in the storage based on the weighting in accordance with a logout of the user.

To provide a low latency near RT RIC, some embodiments separate the RIC's functions into several different components that operate on different machines (e.g., execute on VMs or Pods) operating on the same host computer or different host computers. Some embodiments also provide high speed interfaces between these machines. Some or all of these interfaces operate in non-blocking, lockless manner in order to ensure that critical near RT RIC operations (e.g., datapath processes) are not delayed due to multiple requests causing one or more components to stall. In addition, each of these RIC components also has an internal architecture that is designed to operate in a non-blocking manner so that no one process of a component can block the operation of another process of the component. All of these low latency features allow the near RT RIC to serve as a high speed IO between the E2 nodes and the xApps.