Examples of enterprise management using managed virtual machines are described. A host user context configuration can be received from a host management agent. The host user context configuration can include one or more policies. A managed virtual machine user context configuration can be received from a guest management agent within a managed virtual machine. A portion of the host user context configuration can be processed using a translation matrix to identify a configuration service provider (CSP)-based profile that is mapped to a policy from the host user context configuration. A command to enforce the CSP-based profile on the managed virtual machine can be transmitted.

Methods for executing application programs in computer systems including a host computer formed of a plurality of servers configured to execute at least one virtual machine each hosting a primary user session associated to a remote client and at least one additional server may involve transmitting a primary session stream between the virtual machine and the remote client to emulate the presence, at the remote client, of a physical computer system. The execution of the application program may be initiated in a secondary user session hosted on the additional server and preparing a secondary session stream of the secondary user session. The primary and the secondary session streams may be aggregated to form an aggregated session stream, and the aggregated session stream may be processed at the remote client to emulate the execution of the application program on the physical computer system.

Some embodiments provide a method for performing services on a host computer that executes several machines in a datacenter. The method configures a first set of one or more service containers for a first machine executing on the host computer, and a second set of one or more service containers for a second machine executing on the host computer. Each configured service container performs a service operation on data messages associated with a particular machine. For each particular machine, the method also configures a module along the particular machine's datapath to identify a subset of service operations to perform on a set of data messages associated with the particular machine, and to direct the set of data messages to a set of service containers configured for the particular machine to perform the identified set of service operations on the set of data messages.

Techniques for supporting invocations of the RDTSC (Read Time-Stamp Counter) instruction, or equivalents thereof, by guest program code running within a virtual machine (VM), including guest program code running within a secure hardware enclave of the VM, are provided. In one set of embodiments, a hypervisor can activate time virtualization heuristics for the VM, where the time virtualization heuristics cause accelerated delivery of system clock timer interrupts to a guest operating system (OS) of the VM. The hypervisor can further determine a scaling factor to be applied to timestamps generated by one or more physical CPUs, where the timestamps are generated in response to invocations of a CPU instruction made by guest program code running within the VM, and where the scaling factor is based on the activated time virtualization heuristics. The hypervisor can then program the scaling factor into the one or more physical CPUs.

Example techniques and computing devices are disclosed. An example computing device includes a first non-uniform memory access (NUMA) node and a second NUMA nod. The first NUMA node includes a first network interface card, a first virtual router for one or more virtual networks, the first virtual router comprising first processing circuitry and configured with a first virtual host interface having a first Internet Protocol (IP) address, and a first workload executing on the first NUMA node. The second NUMA node includes a second network interface card, a second virtual router for the one or more virtual networks, the second virtual router comprising second processing circuitry and configured with a second virtual host interface having a second IP address, and a second workload executing on the second NUMA node.

Systems and methods for supporting page faults for virtual machine network accelerators. In one implementation, a processing device may receive, at a network accelerator device of a computer system, from a network, a first incoming packet and a second incoming packet. Responsive to receiving a first notification that an attempt to store the first incoming packet at a first buffer of a plurality of buffers associated with the network accelerator device caused a page fault, the processing device may store the first incoming packet at a second buffer and append a first identifier of the first buffer to a faulty buffer data structure. Responsive to receiving a second notification indicating a resolution of the page fault, the processing device may remove the first identifier from the faulty buffer data structure. The processing device may store the second incoming packet at the first buffer. The processing device may forward, to a driver of the network accelerator device, a second identifier of the second buffer and the first identifier of the first buffer.

The system of the present technology includes an embodiment that provides a host audio, video and control operating system configured to establish or interact with one or more virtual machines, each with a guest operating system.

This disclosure is directed to embodiments of systems and methods for containerizing files and managing policy data applied to the resulting containers. In some of the disclosed embodiments, a computing system determines that a file stored in storage medium is to be included in a container to be sent to at least one computing component associated with a device including a user interface. The computing system determines that the file is of a particular type and also determines code that can be used to access files of the particular type. The computing system combines the file and the code into the container such that container is configured to be executed by the at least one computing component so as to cause content of the file to be presented by the user interface. The computing system then sends the container to the at least one computing component. In some implementations, the container may further include policy information defining at least one of whether, how, where, when, or by whom the file can be accessed using the code. A communication link may be established between the computing system and the container at the at least one computing component and an instruction may be sent via the communication link that causes a change to the policy information.

Embodiments of the disclosure provide systems and methods accessing a storage device of a host machine. The method can include: receiving, via a first guest flash translation layer (FTL) instance, a first request for accessing the storage device from a first virtual machine running on a host machine, wherein the first request comprises a first physical address of the storage device; transmitting, via the first FTL instance, the first request to a host FTL driver; converting, via the host FTL driver, the first request into a first hardware command; transmitting, via the host FTL driver, the first hardware command to the storage device; and executing, via the solid state drive, the first hardware command.

The embodiments herein describe a virtualization framework for cache coherent accelerators where the framework incorporates a layered approach for accelerators in their interactions between a cache coherent protocol layer and the functions performed by the accelerator. In one embodiment, the virtualization framework includes a first layer containing the different instances of accelerator functions (AFs), a second layer containing accelerator function engines (AFE) in each of the AFs, and a third layer containing accelerator function threads (AFTs) in each of the AFEs. Partitioning the hardware circuitry using multiple layers in the virtualization framework allows the accelerator to be quickly re-provisioned in response to requests made by guest operation systems or virtual machines executing in a host. Further, using the layers to partition the hardware permits the host to re-provision sub-portions of the accelerator while the remaining portions of the accelerator continue to operate as normal.