Systems and methods can enable select virtual session capabilities on a user device configured to access a virtual session, which is an instance of a virtual machine. The user device can receive and forward to a gateway sever, a request to launch a virtual session. Based on the virtual session launch request, the gateway server can obtain a compliance profile determined from operational data. The gateway can permit user device access a virtual session hosted on a virtual machine (“VM”) server. The VM server can use the compliance profile and security data from the user device to determine a risk profile of the user device. The virtual session can be configured at the VM server based on the risk profile so as to allow access to a subset of available applications and functions within the applications for the virtual session.

Described are platforms, systems, and methods for resource fairness enforcement. In one aspect, a programmable input output (IO) device comprises a memory unit, the memory unit having instructions stored thereon which, when executed by the programmable IO device, cause the programmable IO device to perform operations comprising: receiving an input from a logical interface (LIF); determining, by at least one meter, a metric regarding at least one resource used during a processing of the input through a programmable pipeline; and regulating additional input received from the LIF based on the metric and a threshold for the at least one resource.

A method of restarting a virtual machine (VM) running in a cluster in a first data center, in a second data center, includes: transmitting images of VMs, including a first VM, running in the cluster of hosts at a first point in time to the second data center for replication in the second data center; generating difference data representing a difference in an image of the first VM at a second point in time and the image of the first VM at the first point in time; transmitting the difference data to the second data center; setting the first VM to be inactive in the first data center; and communicating with a control plane in the second data center to set as active, and power on, a VM in the second data center using the replicated image of the first VM updated with the difference data.

A cloud management server and method for performing automatic placement of clients in a distributed computer system uses a list of compatible clusters to select an affinity cluster to place the clients associated with an affinity constraint. As part of the placement method, a cluster that cannot satisfy any anti-affinity constraint associated with the clients and the affinity constrain is removed from the list of compatible clusters. After the affinity cluster has been selected, at least one cluster in the distributed computer system is also selected to place clients associated with an anti-affinity constraint.

Some embodiments provide a method for configuring a logical middlebox in a hosting system that includes a set of nodes. The logical middlebox is part of a logical network that includes a set of logical forwarding elements that connect a set of end machines. The method receives a set of configuration data for the logical middlebox. The method uses a stored set of tables describing physical locations of the end machines to identify a set of nodes at which to implement the logical middlebox. The method provides the logical middlebox configuration for distribution to the identified nodes.

Techniques are described for enabling a service provider to determine an electrical (e.g., and thermal) topology that indicates which racks (e.g., physical server(s)) have a shared risk due to shared data center infrastructure, and place virtual machine instances into the physical servers based on the topology and a user-specified preference of a virtual machine instance type. In one embodiment, a computer-implemented method includes accessing a topology, for each lineup of a plurality of lineups that each comprise a plurality of racks of physical servers, that indicates one or more powered components utilized by that lineup, selecting a first physical server from a first lineup of the plurality of lineups at which to launch the first virtualized computing resource and a second physical server from a second lineup of the plurality of lineups at which to launch the second virtualized computing resource based on one or more virtualized computing resource preferences and the topologies for the plurality of lineups, and causing the first physical server to execute the first virtualized computing resource and the second physical server to execute the second virtualized computing resource.

A network device is configured to receive an inbound packet from a first server device via a network tunnel, the first inbound packet including an outer header, a virtual private network (VPN) label, an inner header, and a data payload, the inner header including an inner source IP address of a source virtual machine. The processors are also configured to determine a first tunnel identifier, determine, based on the inner source IP address, a second tunnel identifier associated with a second server device hosting the source virtual machine, compare the second tunnel identifier with the first tunnel identifier to determine whether the tunnel on which the first inbound packet was received is the same as a tunnel used for forwarding traffic to the source virtual machine, and drop the inbound packet when the second tunnel identifier does not match the first tunnel identifier.

Various systems and methods are provided in which a replication process is initiated between a primary site and a recovery site, each having plurality of gateway appliances. Replication loads are evaluated for each given gateway appliance of the plurality of gateway appliances. If a determination is made that at least one gateway appliance of the plurality of gateway appliances is not overloaded, the plurality of gateway appliances are sorted based on replication loads respectively associated with each gateway appliance, and a determination is made as to whether a relative difference in replication loads between a gateway appliance having a highest replication load and a gateway appliance having a lowest replication load exceeds a difference threshold to determine whether the replication workloads between the gateway appliances should be rebalanced.

An orchestrator apparatus includes: a virtualized infrastructure control unit that supplies information about a virtual network created by one of first and second virtualized infrastructure management units to the other virtualized infrastructure management unit and causes the other virtualized infrastructure management unit to create a virtual network virtually connectable to the virtual network created by said one virtualized infrastructure management unit; and a virtual machine creation control unit that causes, when a virtual machine is created on the second virtualized infrastructure, an address management function of the first virtualized infrastructure management unit to create an address(es) that is to set in a virtual port of the virtual machine, supplies the address(es) to the second virtualized infrastructure, and causes the second virtualized infrastructure management unit to create a virtual machine on the second virtualized infrastructure.

A system including a guest virtual machine with one or more virtual machine measurement points configured to collect virtual machine operating characteristics metadata and a hypervisor control point configured to receive virtual machine operating characteristics metadata from the virtual machine measurement points. The hypervisor control point is further configured to send the virtual machine operating characteristics metadata to a hypervisor associated with the guest virtual machine. The system further includes the hypervisor configured to receive the virtual machine operating characteristics metadata and to forward the virtual machine operating characteristics metadata to a hypervisor device driver in a virtual vault machine. The system further includes the virtual vault machine configured to determine a classification for the guest virtual machine based on the virtual machine operating characteristics metadata and to send the determined classification to a vault management console.