An orchestrator apparatus includes: a virtualized infrastructure control unit that supplies information about a virtual network created by one of first and second virtualized infrastructure management units to the other virtualized infrastructure management unit and causes the other virtualized infrastructure management unit to create a virtual network virtually connectable to the virtual network created by said one virtualized infrastructure management unit; and a virtual machine creation control unit that causes, when a virtual machine is created on the second virtualized infrastructure, an address management function of the first virtualized infrastructure management unit to create an address(es) that is to set in a virtual port of the virtual machine, supplies the address(es) to the second virtualized infrastructure, and causes the second virtualized infrastructure management unit to create a virtual machine on the second virtualized infrastructure.

Methods and apparatus to select virtualization environments are disclosed. An example apparatus includes a logic circuit, a workload analyzer to determine characteristics of a virtualized application, a score generator to compare the characteristics of the virtualized application to a plurality of virtualization environment types to determine scores for each of the plurality of virtualization environment types, the scores based on rules that identify different scores for combinations of characteristics and virtualization environment types, and a workload deployer to deploy the virtualized application using one of the plurality of virtualization environment types based on the scores.

A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.

Systems and methods for live migration of VMs between different nodes are provided. More specifically, the system and methods utilize a heat map and an access pattern to determine the fetching order of files and/or blocks from the cache of a host node for rebuilding the cache on a destination node. Additionally, the systems and methods are able to persist the cache of a host node across a crash, allowing a destination node to fetch blocks and/or files from the cache on the host node after a crash instead of having to access the VM files and/or blocks from an original source. Accordingly, the systems and methods decrease migration latency of the VM during live migration and free up network bandwidth during the live migration when compared to prior systems and methods that utilize just the heat map to determine the fetching order and/or that are not able to persist the cache across a crash.

A method of deploying a network service (NS) across multiple data centers includes identifying virtual network functions (VNFs) associated with the NS in response to a request for or relating to the NS, generating commands to deploy VNFs based on VNF descriptors, and issuing the commands to the data centers to deploy VNFs. The data centers each have a cloud management server in which cloud computing management software is run to provision virtual infrastructure resources thereof for a plurality of tenants. The cloud computing management software of a first data center is different from the cloud computing management software of a second data center, and the commands issued to the first and second data centers are each a generic command that is not in a command format of the cloud computing management software of either the first data center or the second data center.

An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; sending the attestation report from the security module to a trust authority; receiving, in response to verification of the attestation report by the trust authority, a secret from the trust authority at the security module; and providing the secret from the security module to the guest.

Provided a management apparatus including a maintenance mode setting unit that transitions a first virtualization infrastructure (NFVI0) to a maintenance mode, a mobility control unit that at least instructs a virtualization deployment unit (VDU) on the first virtualization infrastructure in the maintenance mode to move to a second virtualization infrastructure (NFVI1), and a maintenance mode release unit that releases the maintenance mode of the first virtualization infrastructure (NFVI0).

The management computer has a memory which stores management information and management programs, and a CPU which refers to the management information and executes the management programs; the management information includes storage management information for allowing determination as to whether the plurality of storage resources can be paired in a redundant configuration, and couplable configuration management information for determining whether the plurality of storage resources and the plurality of server resources can be connected to each other; and when the CPU deploys a virtual machine, the CPU first determines, by reference to the storage management information, storage resources to be paired in a redundant configuration, then selects, by reference to the couplable configuration management information, server resources each of which can be connected to a respective one of the storage resources that are to be paired in a redundant configuration, and pairs the selected server resources in the redundant configuration.

Methods, devices, and techniques for determining interoperable resources are discussed herein. For example, in one aspect, a resource in a cloud environment may be discovered. Responsive to discovering the resource, an interoperability support matrix associated with the resource can be obtained. The interoperability support matrix may specify another resource that interoperates with the resource. An interoperability record is then stored in an interoperability support matrix repository. The interoperability record can specify that the another resource interoperates with the resource.

Systems, methods, and computer-readable media provide for collection of statistics relating to network traffic between virtual machines (VMs) in a network. In an example embodiment, a virtual switch hosted on a physical server provides network address information of VMs deployed on the physical server to a virtual switch controller. The controller collects this network address information from each virtual switch under its control, and distributes the aggregate address information to each switch. In this manner, the controller and each switch within the controller's domain can learn the network address information of each VM deployed on physical servers hosting switches under the controller's control. Each virtual switch can determine a classification of a frame passing through the switch (e.g., intra-server, inter-server and intra-domain, or inter-domain traffic), and statistics relating to the traffic. In an example embodiment, the virtual switch controller can collect the statistics from each switch within its domain.