A method of populating page tables of an executing workload during migration of the executing workload from a source host to a destination host includes the steps of: before resuming the workload at the destination host, populating the page tables of the workload at the destination host, wherein the populating comprises inserting mappings from virtual addresses of the workload to physical addresses of system memory of the destination host; and upon completion of populating the page tables, resuming the workload at the destination host.

A service manages a plurality of virtual machine instances for low latency execution of user codes. The plurality of virtual machine instances can be configured based on a predetermined set of configurations. One or more containers may be created within the virtual machine instances. In response to a request to execute user code, the service identifies a pre-configured virtual machine instance suitable for executing the user code. The service can allocate the identified virtual machine instance to the user, create a new container within an instance already allocated to the user, or re-use a container already created for execution of the user code. When the user code has not been activated for a time-out period, the service can invalidate allocation of the virtual machine instance destroy the container. The time from receiving the request to beginning code execution is less than a predetermined duration, for example, 100 ms.

The performance of a computer system having a virtual machine executing an idling instruction therein is improved by: determining a state for controlling the execution of the idling instruction for a first virtual CPU; when the controlling state is a first state, executing the idling instruction natively in a physical CPU assigned to the first virtual CPU and resuming execution of instructions by the first virtual CPU when the physical CPU wakes up; and when the controlling state is a second state, emulating execution of the idling instruction, the emulated execution including the steps of configuring a wakeup event, descheduling the first virtual CPU, and selecting a second virtual CPU to resume execution of instructions, and in response to the wakeup event, rescheduling the second virtual CPU, performing a task switch from the first to the second virtual CPU, and resuming execution of instructions by the second virtual CPU.

Techniques are provided for incrementally restoring a virtual machine hosted by a computing environment. In response to receiving an indication that the virtual machine is to be incrementally restored, a snapshot of the virtual machine may be created while the virtual machine is shut down into an off state. The snapshot is transmitted to a storage environment as a common snapshot. The snapshot and the common snapshot are common snapshots comprising a same representation of the virtual machine. The common snapshot and a prior snapshot of the virtual machine are evaluated to identify a data difference of the virtual machine between the common snapshot and the prior snapshot. An incremental restore is performed of the virtual machine by transmitting the data difference from the storage environment to the computing environment to restore the virtual machine to a state represented by the prior snapshot.

A “backup services container” comprises “backup toolkits,” which include scripts for accessing containerized applications plus enabling utilities/environments for executing the scripts. The backup services container is added to Kubernetes pods comprising containerized applications without changing other pod containers. For maximum value and advantage, the backup services container is “over-equipped” with toolkits. The backup services container selects and applies a suitable backup toolkit to a containerized application to ready it for a pending backup. Interoperability with a proprietary data storage management system provides features that are not possible with third-party backup systems. Some embodiments include one or more components of the proprietary data storage management within the illustrative backup services container. Some embodiments include one or more components of the proprietary data storage management system in a backup services pod configured in a Kubernetes node. All configurations and embodiments are suitable for cloud and/or non-cloud computing environments.

Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a baseline behavior profile for a gateway virtual machine is transmitted from a management service to a gateway security process executed in a gateway device. The management service receives an anomaly notification including an indication of an anomaly from the baseline behavior profile. The managements service generates a user interface that shows a description of the anomaly.

A method and a system to perform the method are disclosed, the method includes receiving, by a virtualization server communicatively coupled with a client device, a request to provide a virtual machine (VM) to a client device, accessing a profile associated with the client device, instantiating a VM on the virtualization server, wherein the VM is a linked clone VM of a base VM, wherein the linked clone VM has (1) a read-only access to a shared range of a persistent memory associated with the base VM, wherein the shared range of the persistent memory is determined in view of the profile associated with the client device and stores at least one application installed on the virtualization server, (2) a write access to a private range of the persistent memory, wherein the private range is associated with the VM, and providing the VM to the client device.

Executing serverless application functions is provided. A response to a user request for a service is received with an include callback parameter and a transaction identifier of the user request included in a header of the response from an external service via a network. A checkpoint of a container corresponding to the service is retrieved from a data store using the transaction identifier of the user request. The container corresponding to the service is restored using the checkpoint to process the response received from the external service.

For a first virtual machine (VM) executing in a physical machine, a second VM is instantiated in the physical machine, the first VM using a physical adapter installed in the physical machine, the first VM virtualizing a portion of physical memory of the physical machine, the second VM virtualizing the physical adapter. The second VM is deployed using a memory mapping virtualizing the portion of physical memory. Checkpointing of an application executing in the first VM is caused, generating application state data of the application. The application is caused to execute in the second VM using the application state data. Process data of the application is caused to be updated in the second VM, the updating instructing the application to use the memory mapping.

Temporary firmware is provided as cloud services. Different temporary firmware containers are downloaded via a communications network. A light-weight operating system launches and executes the temporary firmware containers during a boot operation, POST operation, or other scheme. The temporary firmware containers thus detect and perhaps resolve POST errors. The light-weight operating system may also download a full-service/resource operating system. A second or subsequent boot operation may be performed, but control is ceded to the full-service/resource operating system. Multiple firmware tenants may thus be temporarily downloaded to a bare metal machine to support POST error detection activities. Advanced OS serviceability, diagnostics, and other containerized firmware may thus be quickly and simply launched without requiring the excessive time and difficulties of using the full-service/resource operating system.