Various aspects are disclosed for unified resource management of containers and virtual machines. A podVM resource configuration for a pod virtual machine (podVM) is determined using container configurations. The podVM comprising a virtual machine (VM) that provides resource isolation for a pod based on the podVM resource configuration. A host selection for the podVM is received from a VM scheduler. The host selection identifies hardware resources for the podVM. A container scheduler is limited to bind the podVM to a node corresponding to the hardware resources of the host selection from the VM scheduler. The podVM is created in a host corresponding to the host selection. Containers are started within the podVM. The containers correspond to the container configurations.

The storage part receives an I/O request including the ID of software, information regarding a storage area to and from which the software performs input and output, and a token. The storage part checks the I/O request against the software ID, the information regarding the storage area, and the token received from an I/O control part so as to determine whether access to the storage part is allowed. Upon determination that the access to the storage part is allowed, the storage part processes the I/O request.

Techniques for supporting invocations of the RDTSC (Read Time-Stamp Counter) instruction, or equivalents thereof, by guest program code running within a virtual machine (VM), including guest program code running within a secure hardware enclave of the VM, are provided. In one set of embodiments, a hypervisor can activate time virtualization heuristics for the VM, where the time virtualization heuristics cause accelerated delivery of system clock timer interrupts to a guest operating system (OS) of the VM. The hypervisor can further determine a scaling factor to be applied to timestamps generated by one or more physical CPUs, where the timestamps are generated in response to invocations of a CPU instruction made by guest program code running within the VM, and where the scaling factor is based on the activated time virtualization heuristics. The hypervisor can then program the scaling factor into the one or more physical CPUs.

Systems and methods for embedding remote applications into HyperText Markup Language (HTML) pages. An example method comprises: identifying, within a HTML page rendered by a browser, a frame referencing a remote application; determining at least one of: a size of a window for rendering output of the remote application on a virtual desktop produced by a virtual execution environment running the remote application or a position of the window on the virtual desktop; causing a remote access session to be established with the virtual execution environment; transmitting a first message specifying at least one of: the size of the window on the virtual desktop or the position of the window on the virtual desktop; and causing the frame to be displayed within the HTML page by the browser for rendering output of the remote application.

An example method of handling, at a hypervisor on a host in a virtualized computing system, a write input/output (IO) operation to a file on a storage device having a virtual machine file system (VMFS) is described. The method includes: sorting, at the hypervisor, a scatter-gather array for the write IO operation into sets of scatter-gather elements, each of the sets including at least one scatter-gather element targeting a common file block address; resolving offsets of the sets of scatter-gather elements to identify a first scatter-gather array of transaction-dependent scatter-gather elements; generating logical transactions for the first scatter-gather array having updates to metadata of the VMFS for the file; batching the logical transactions into a physical transaction; and executing the physical transaction to commit the updates to the metadata of the VMFS on the storage device for the file.

An apparatus is described. The apparatus includes an accelerator to be coupled to a memory region that the accelerator shares with a virtualization environment comprising a guest OS, a guest VM and an SSD device driver. The accelerator is to forward a submission queue doorbell setting made by the SSD device driver in the shared memory to a corresponding submission queue doorbell in an SSD controller.

A device pass-through method for a virtual machine (VM) and a server using the same method are provided. The method includes the following. A host operating system (OS) kernel including a device driver and a socket node corresponding to a hardware device and a VM including a guest OS and a guest kernel are established, and the guest OS includes an application and an analyzer. The guest kernel receives an I/O request command from the application and transmits an I/O request packet corresponding to the I/O request command to the analyzer. According to a virtual function (VF) name in the I/O request packet, the analyzer transmits an access packet corresponding to the I/O request command to the socket node corresponding to the VF name. The socket node accesses the device driver according to the access packet to drive the hardware device.

A guest operating system (OS) of a virtual machine (VM) receives a first request from an application to enable memory deduplication for a memory page associated with the application, identifies a mergeable memory range for memory space of the guest OS, where the mergeable memory rage is associated with guest OS memory pages to be deduplicated, and maps, in a page table of the guest OS, a page table entry for the memory page to a memory address within the mergeable memory range. The guest OS causes a hypervisor to enable deduplication for the memory page responsive to detecting an access of the memory page by the application.

One or more kernel-modifying procedures are stored in a trusted computing base (TCB) when bringing up a guest operating system (OS) on a virtual machine (VM) on a virtualization platform. When the guest OS invokes an OS-level kernel-modifying procedure, a call is made to the hypervisor. If the hypervisor determines the TCB to be valid, the kernel-modifying procedure in the TCB that corresponds to the OS-level kernel-modifying procedure is invoked so that the kernel code can be modified.

In one embodiment, a request is sent to an image registry for at least one virtual environment image block of an image for a virtual environment. The at least one virtual environment image block is processed upon reception of the at least one virtual environment image block from the image registry. The processed at least one virtual environment image block is communicated to a worker node that is to execute the virtual environment.