Described herein are systems, methods, and software to identify propagation risk of threats in a computing environment. In one implementation, a management service may identify a connection tree for a computing environment based on forwarding rules for virtual nodes in the computing environment. The management service may further, for each connection in the connection tree, determine a threat value based at least on a protocol associated with the connection. The management service may also identify a threat to a virtual node of the virtual nodes and generate a threat propagation summary for the threat based on the one or more minimum or maximum spanning trees.

Described herein are systems, methods, and software to identify propagation risk of threats in a computing environment. In one implementation, a management service may identify a connection tree for a computing environment based on forwarding rules for virtual nodes in the computing environment. The management service may further, for each connection in the connection tree, determine a threat value based at least on a protocol associated with the connection. The management service may also identify a threat to a virtual node of the virtual nodes and generate a threat propagation summary for the threat based on the one or more minimum or maximum spanning trees.

The present disclosure relates to a system for managing a switchboard using a ring network, including a plurality of switchboards for forming at least one group, a switch for forming a ring network with the plurality of switchboards to receive operation information related to an operation of a device provided in each switchboard from at least one switchboard among the plurality of switchboards, and a monitoring server for receiving the operation information, and it can be applied to other exemplary embodiments.

The present disclosure relates to a system for managing a switchboard using a ring network, including a plurality of switchboards for forming at least one group, a switch for forming a ring network with the plurality of switchboards to receive operation information related to an operation of a device provided in each switchboard from at least one switchboard among the plurality of switchboards, and a monitoring server for receiving the operation information, and it can be applied to other exemplary embodiments.

Two versions of a database can be held in two trees that have many of the same nodes. Both trees can be concurrently searched using recursive algorithms. A root node indicator indicates a root node for a tree search algorithm. The root node indicator can indicate a first root node of a first tree. A tree search algorithm can identify a record node in the first tree. Intermediate nodes between the record node and the first root node can be identified and retained nodes can be identified. A second root node and replacement intermediate nodes can be instantiated. A second tree that includes the second root node, the replacement intermediate node, and the retained nodes can be created. The root node indicator can be set to indicate the second root node after creating the second tree.

Aspects of the subject disclosure may include, for example, embodiments and a method. The method includes iteratively providing messages to each Node Processor. Each Node Processor represents a node of a group of nodes. The iteratively providing of the messages comprises providing first messages. Each first message includes a cost associated with a path of nodes visited by each first message. A selected path is obtained from each node having a lowest cost of a group of common endpoint costs for paths having common endpoints. A next group of messages includes the selected path. The iteratively providing of the messages results in selected paths. Also, the method include determining a target path from a remaining path. Other embodiments are disclosed.

Aspects of the subject disclosure may include, for example, embodiments and a method. The method includes iteratively providing messages to each Node Processor. Each Node Processor represents a node of a group of nodes. The iteratively providing of the messages comprises providing first messages. Each first message includes a cost associated with a path of nodes visited by each first message. A selected path is obtained from each node having a lowest cost of a group of common endpoint costs for paths having common endpoints. A next group of messages includes the selected path. The iteratively providing of the messages results in selected paths. Also, the method include determining a target path from a remaining path. Other embodiments are disclosed.

Systems and methods for providing bandwidth congestion control in a private fabric in a high performance computing environment. An exemplary method can provide, at one or more microprocessors, a first subnet, the first subnet comprising a plurality of switches, and a plurality of host channel adapters, wherein each of the host channel adapters comprise at least one host channel adapter port, and wherein the plurality of host channel adapters are interconnected via the plurality of switches, and a plurality of end nodes. The method can provide, at a host channel adapter, an end node ingress bandwidth quota associated with an end node attached to the host channel adapter. The method can receive, at the end node of the host channel adapter, ingress bandwidth, the ingress bandwidth exceeding the ingress bandwidth quota of the end node.

Systems and methods for providing bandwidth congestion control in a private fabric in a high performance computing environment. An exemplary method can provide, at one or more microprocessors, a first subnet, the first subnet comprising a plurality of switches, and a plurality of host channel adapters, wherein each of the host channel adapters comprise at least one host channel adapter port, and wherein the plurality of host channel adapters are interconnected via the plurality of switches, and a plurality of end nodes. The method can provide, at a host channel adapter, an end node ingress bandwidth quota associated with an end node attached to the host channel adapter. The method can receive, at the end node of the host channel adapter, ingress bandwidth, the ingress bandwidth exceeding the ingress bandwidth quota of the end node.

A novel algorithm for packet classification that is based on a novel search structure for packet classification rules is provided. Addresses from all the containers are merged and maintained in a single Trie. Each entry in the Trie has additional information that can be traced back to the container from where the address originated. This information is used to keep the Trie in sync with the containers when the container definition dynamically changes.