Methods and systems for assessing internet exposure of a cloud-based workload are disclosed. A method comprises accessing at least one cloud provider API to determine a plurality of entities capable of routing traffic in a virtual cloud environment associated with a target account containing the workload, querying the at least one cloud provider API to determine at least one networking configuration of the entities, building a graph connecting the plurality of entities based on the networking configuration, accessing a data structure identifying services publicly accessible via the Internet and capable of serving as an internet proxy; integrating the identified services into the graph; traversing the graph to identify at least one source originating via the Internet and reaching the workload, and outputting a risk notification associated with the workload. Systems and computer-readable media implementing the above method are also disclosed.

A computer network optimization methodology is disclosed. In a computer-implemented method, components of a computing environment are automatically monitored, and have a feature selection analysis performed thereon. Provided the feature selection analysis determines that features of the components are in frequent communication and generating network latency. Provided the feature selection analysis determines that features of the components are not well defined, a similarity analysis of the features is performed. Results of the feature selection methodology are generated, and the components involved in the network traffic latency are reassigned to migrate the latency.

System and methods are described for efficient monitoring of network traffic in a public cloud computing environment. In one implementation, a method comprises: generating flow log records of network traffic in the public cloud computing environment; identifying a data packet that presents a potential security risk; identifying a captured data packet (PCAP) record corresponding to the identified data packet; and transmitting the PCAP record to a computing device for network traffic analysis.

A method of traffic reduction in a mesh computing system (400), the mesh computing system (400) comprising hosts located on edge nodes of the mesh computing system (400) and a central registry located outside the mesh computing system (400), the central registry holding the images. The method comprises, at a first host located at a first edge node, receiving (920) a request from a client for an image, sending (930) a request for the image to at least one other host of the mesh computing system (400). When the first host receives (940) notification that at least a second host holds the image, the first host downloads (960) the image from the second host to the first host. The first host creates (970) a container from the image. A host at a node (636; 700) and a mesh computing system (400) are also provided.

Systems, computer-readable media, and methods are disclosed for parallel data processing for service function chains with network functions spanning multiple servers. An example system includes a first server hosting a first network function of a service function chain, a second server hosting a second network function of the service function chain, a mirror function deployed in a first switch to replicate a plurality of packets received by the system and to send respective copies of the plurality of packets to the first network function and to at least one of the second network function and a third network function of the service function chain, and a merge function deployed in a second switch to merge respective outputs of the first network function and the at least one of the second network function and the third network function.

Provided herein are systems and methods for providing insights or metrics in connection with provisioning applications and/or desktop sessions to end-users. Network devices (e.g., appliances, intermediary devices, gateways, proxy devices or middle-boxes) can gather insights such as network-level statistics. Additional insights (e.g., metadata and metrics) associated with virtual applications and virtual desktops can be gathered to provide administrators with comprehensive end-to-end real-time and/or historical reports of performance and end-user experience (UX) insights. Insights relating to an application or desktop session can be used to determine and/or improve the overall health of the infrastructure of the session, Citrix Virtual Apps and Desktops, the applications (e.g., remote desktop application) being delivered using the infrastructure, and/or the corresponding user experience.

Techniques are provided for enforcing policies at a sub-logical unit number (LUN) granularity, such as at a virtual disk or virtual machine granularity. A block range of a virtual disk of a virtual machine stored within a LUN is identified. A quality of service policy object is assigned to the block range to create a quality of service workload object. A target block range targeted by an operation is identified. A quality of service policy of the quality of service policy object is enforced upon the operation using the quality of service workload object based upon the target block range being within the block range of the virtual disk.

Computing node identifiers can be used to encode information regarding the distance between requesting and available computing nodes. Computing node identifiers can be computed based on proximity values for respective computing nodes. Requests can be directed from one computing node to an available computing node based on information encoded by both the computing node identifiers of the requesting node and the receiving node. Using these computing node identifiers to direct request traffic among VMs can more efficiently leverages network resources.

A system includes a real-time partitioning separation kernel installed on a multi-core processor. Guest operating systems are hosted with in hardware virtualized machines in the cores. Another hardware virtualized machine performs a real-time USB-CAN interface communicatively coupled to distributed electronic control units which acquire data and command actuators. A plurality of hardware virtualized machines support processes of various criticality. A secure shared memory serves as the communication means between processes performing different levels of functionality at suitable latency ranges. a policy to distinguish, allocate, and distribute clock, memory, and input/output resources to meet focused latency ranges to the Observation, Decision, and Execution processes. Remaining resources have diffuse latency ranges made available to the Observation, Decision, and Execution processes in an as available but guarded minimum and maximum buffet. A latency policy ensures that each process receives its minimum tranche before queueing for up to the maximum at the resource buffet.

A method of performing a virtual network function. The method comprises forking a user plane process on a computer by a virtual network function process that executes on the computer, forking a control plane process on the computer by the virtual network function process, adding blocks to a user plane blockchain by the user plane process that record user plane events, adding blocks to a control plane blockchain by the control plane process that record control plane events, creating a first package of information by the user plane process based on the user plane blockchain, self-terminating by the user plane process while passing the first package of information to the virtual network function process, creating a second package of information by the control plane process based on the control plane blockchain, self-terminating by the control plane process while passing the second package of information to the virtual network function process.