US Pat. No. 9,483,360

GUEST-DRIVEN VIRTUAL MACHINE BACKUPS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
suspending, by a hypervisor executed by a processing device, execution of a virtual machine;
initiating, by the hypervisor, after the suspending, a backup procedure to save a current state of the virtual machine;
reading, by the hypervisor, a value of a flag that is written to by the virtual machine and is stored in a portion of a memory
accessible by the virtual machine and the hypervisor;

responsive to determining that the value of the flag read by the hypervisor equals a first value, resuming, by the hypervisor,
execution of the virtual machine prior to receiving a backup status message regarding the backup procedure; and

responsive to determining that the value of the flag read by the hypervisor equals a second value, waiting, by the hypervisor,
to resume execution of the virtual machine until receiving a backup status message indicating that the backup procedure was
successful.

US Pat. No. 9,104,634

USAGE OF SNAPSHOTS PREPARED BY A DIFFERENT HOST

Red Hat Israel, Ltd., Ra...

1. A method comprising:
creating in an area of a storage device, by a first processor, a snapshot of a virtual disk of a virtual machine that is hosted
by a second processor; and

providing to the second processor, by the first processor, a reference to the created snapshot.

US Pat. No. 9,304,766

DETERMINING CHARACTER SEQUENCE DIGEST

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
identifying by one or more processors, within a character sequence, a first section and a second section, wherein the first
section comprises a section header, a first section body that follows the section header, and a second section body that follows
the first section body;

responsive to determining, by the one or more processors, that there is no section header between the first section body and
the second section body, prepending to the second section body, by the one or more processors, the section header that precedes
the first section body;

calculating, by the one or more processors, a first section digest by applying a hash function to the first section, and a
second section digest by applying the hash function to the second section; and

calculating, by the one or more processors, a digest of the character sequence by applying a symmetric summing operation to
the first section digest and the second section digest.

US Pat. No. 9,306,861

AUTOMATIC PROMISCUOUS FORWARDING FOR A BRIDGE

1. A system to disable a promiscuous mode of a network interface, the system comprising:
a plurality of local network interfaces, wherein each local network interface of the plurality is coupled over one or more
networks to one or more remote network interfaces, and

wherein each remote network interface is assigned one or more remote network addresses, and the plurality of local network
interfaces includes a first local network interface in a promiscuous mode;

a plurality of filtering tables stored in a memory, wherein each filtering table of the plurality of filtering tables is coupled
to a local network interface of the plurality of local network interfaces; and

a bridge module coupled to the plurality of local network interfaces, wherein the bridge module determines whether a list
of all remote network addresses that are coupled to a subset of local network interfaces is known, wherein the subset includes
the plurality of local network interfaces excluding the first local network interface, and

wherein when the list of all remote network addresses that are coupled to the subset is determined to be known, the bridge
module disables the promiscuous mode of the first local network interface and adds all of the remote network addresses that
are coupled to the subset to a filtering table that is coupled to the first local network interface.

US Pat. No. 9,304,874

VIRTUAL MACHINE-GUEST DRIVEN STATE RESTORING BY HYPERVISOR

1. A method of saving and restoring a state of one or more registers for a guest running on a virtual machine, comprising:
detecting exit of a virtual machine mode of a guest running on a virtual machine, the virtual machine executable on a host,
wherein a set of registers is accessible by the guest and includes a first subset of registers and a second subset of registers;

identifying the first subset of registers, the first subset of registers including one or more registers to be overwritten
by the guest upon re-entry of the virtual machine mode, and the second subset of registers being mutually exclusive from the
first subset of registers;

after detecting exit of the virtual machine mode of the guest, detecting re-entry of the virtual machine mode of the guest;
and

restoring a saved state of the second subset of registers for the guest, wherein no registers of the first subset of registers
are restored in response to the detected re-entry.

US Pat. No. 9,274,755

INFRASTRUCTURE FOR GENERATING CODE USING ANNOTATION AND TEMPLATE GENERATORS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
scanning, by a processing device, a source code file to identify a repeating pattern via one or more annotation identifying
metadata of an element;

scanning a generator module for instructions to process the metadata of the element, wherein the instructions are encoded
with one or more annotations and comprise a matching criterion and instructions to process a template; wherein the matching
criterion comprises instructions to match the element to a source code element associated with a compiler;

scanning the generator module for the template module that comprises an indication of one or more location to insert the processed
metadata of the element in an output file;

processing the metadata of the element of the generator module according to the instructions;
storing the metadata in view of a retention policy; and
inserting the processed metadata of the element at the indicated location in the output file.

US Pat. No. 9,363,107

ACCESSING AND PROCESSING MONITORING DATA RESULTING FROM CUSTOMIZED MONITORING OF SYSTEM ACTIVITIES

Red Hat Israel, Ltd., Ra...

1. A method comprising:
invoking, using a start command via a Command-Line Interface (CLI) shell console, a universal performance monitor at a host
computer system,

wherein the host computer system is remote from the CLI shell console and is associated with a plurality of monitoring tools
according to information defined in user customized monitoring templates that consolidate the plurality of monitoring tools
to perform monitoring of activities of a plurality of system components of one or more computer systems hosting a plurality
of virtual machines,

wherein the CLI shell console provides an abstraction layer to access and process monitored data received from the universal
performance monitor and further provides host performance information via a common interface to the host computer system independent
of operating systems, monitoring use-cases, monitoring tools, or programming languages employed at the host computer system,
and

wherein the activities to be monitored pertain to one or more processors, memory and virtual machines on the one or more computer
systems;

in response to a stop command requesting to stop the monitoring of the activities, initiating stopping, by a processing device
executing the CLI shell console, of the monitoring of the activities by the universal performance monitor; and

causing display, by the CLI shell console, of the monitored data received by the abstraction layer, wherein the monitored
data is generated from the monitoring of the activities by the universal performance monitor.

US Pat. No. 9,135,051

REDIRECTING GUEST-GENERATED EVENTS TO AN EVENT AGGREGATOR IN A NETWORKED VIRTUALIZATION ENVIRONMENT

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving a request, at a hypervisor of a host from a network manager, to re-direct events from a guest residing on the host
to an event aggregation manager distinct from the network manager;

receiving, at the hypervisor, an asynchronous event having a destination address of the network manager from the guest;
mapping, by a processing device executing the hypervisor, the destination address of the network manager to an address of
the event aggregation manager, wherein the mapping further comprises:

configuring, by the hypervisor, the guest to directly re-direct the asynchronous event from the guest to the address of the
event aggregation manager; and

transmitting, from the hypervisor, the asynchronous event to the event aggregation manager.

US Pat. No. 9,081,604

AUTOMATIC DISCOVERY OF EXTERNALLY ADDED DEVICES

Red Hat Israel, Ltd., Ra...

1. A method comprising:
obtaining, by processing device of a host computing system, initial device information for a virtual machine running on the
host computing system, wherein the initial device information comprises information of an external device that is external
to the processing device, the host computing system, and the virtual machine;

determining, by the processing device, whether an external event occurred on the virtual machine running on the host computing
system, wherein a management computing system associated with the host computing system does not receive a notification of
the external event, wherein the external event comprises at least one of the external device being hot-added to at least one
of the host computing system or the virtual machine or the external device being hot-removed from at least one of the host
computing system or the virtual machine; and

upon determining that the external event occurred on the virtual machine running on the host computing system, obtaining,
by the processing device, updated device information for the virtual machine running on the host computing system.

US Pat. No. 9,104,459

MEMORY CHANGE TRACKING DURING MIGRATION OF VIRTUAL MACHINE (VM) WITH VM-CONTROLLED ASSIGNED PERIPHERALS

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
identifying, by a hypervisor of a source host machine, a memory location associated with a peripheral device to a write tracking
module, wherein the peripheral device is solely-controlled by a virtual machine (VM) that is managed by the hypervisor, the
peripheral device solely-controlled by the VM via a driver that is specific to the peripheral device loaded in the VM, wherein
the hypervisor does not emulate the peripheral device for the VM, does not control the peripheral device, and is not aware
of changes made by the peripheral device to memory of the VM and to state of the VM;

receiving, by the hypervisor, notification from the write tracking module that the identified memory location has been modified
by the peripheral device; and

marking, by the hypervisor in response to receiving the notification, a memory page of the identified memory location as dirty
in order for the migration of the memory page to be repeated as part of a migration process of the VM from the source host
machine to a destination host machine;

wherein receiving notification that the identified memory location has been modified further comprises the write tracking
providing the notification to the hypervisor each time a direct memory access (DMA) write that targets the identified memory
location has been completed; and

wherein the hypervisor retrieves information regarding the DMA write to the identified memory location from one or more registers
of the peripheral device in response to receiving the notification from the write tracking module.

US Pat. No. 9,058,299

EFFICIENT COPYING BETWEEN STORAGE DEVICES

Red Hat Israel, Ltd., Ra...

1. A method comprising:
issuing, by a processor, a request to create on a first storage device a snapshot of a first disk image that is stored on
the first storage device;

issuing a request to create on the first storage device a second disk image in view of the snapshot;
copying the snapshot on to a second storage device;
issuing a request to create on the second storage device a third disk image in view of based on the snapshot;
issuing a request to compute a difference by the first storage device between the second disk image and the snapshot; and
overwriting the difference on to the third disk image.

US Pat. No. 9,280,380

MANAGEMENT OF I/O REQEUSTS IN VIRTUAL MACHINE MIGRATION

Red Hat Israel, Ltd., Ra...

1. A method comprising:
identifying, by a processing device, a virtual machine among a plurality of virtual machines executing on an origin host machine
for migration;

selecting, by the processing device, a destination host machine among a plurality of destination host machines to receive
the virtual machine for migration, wherein a status of each of the destination host machines and a status of each of the plurality
of virtual machines are used to determine the selection of the destination host machine;

cancelling, by the processing device, requests being processed by the virtual machine on the origin host machine;
determining, by the processing device, a completion status for each of the cancelled requests on the origin host machine,
wherein the completion status for each of the cancelled requests indicates completed and uncompleted parts of a request at
the time it was cancelled; and

causing, by the processing device, the cancelled requests and the completion status for each of the cancelled requests to
become accessible by the selected destination host machine.

US Pat. No. 9,047,021

MANAGING METADATA FOR LOGICAL VOLUME MANAGERS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving a first request to access a logical volume in a plurality of logical volumes;
determining, by a logical volume manager executable by a processing device, when a committed metadata and an uncommitted metadata
are in a drive used by the logical volume, wherein the logical volume manager is to manage the plurality of logical volumes
and wherein the plurality of logical volumes use a plurality of drives;

determining when to operate in a first mode or a second mode when the committed metadata and the uncommitted metadata are
on the drive;

removing the uncommitted metadata from the drive and accessing the logical volume using the committed metadata to when operating
in the first mode; and

accessing the logical volume using the committed metadata and refraining from removing the uncommitted metadata when operating
in the second mode.

US Pat. No. 9,372,683

AUTOMATIC GENERATION OF CLASS IDENTIFIERS FROM SOURCE CODE ANNOTATIONS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
scanning, by a processing device, source code for a first annotation associated with generating an identifier for a class;
generating, using the first annotation, a first identifier value for the class;
in response to the class not having a previously assigned identifier value, assigning the first identifier value to the class;
in response to the class having a previously assigned identifier value:
concatenating the first identifier value to the previously assigned identifier value to form a second identifier value, and
assigning the second identifier value to the class;
scanning, by the processing device, the source code for a second annotation associated with generating an identifier for a
subclass of the class;

generating, using the second annotation, a third identifier value for the subclass, wherein the third identifier value is
different than the first identifier value and is different than the second identifier value;

in response to the subclass not having a previously assigned identifier value, assigning the third identifier value to the
subclass; and

in response to the subclass having a previously assigned identifier value:
concatenating the third identifier value to the previously assigned identifier value for the subclass, to form a fourth identifier
value, and

assigning the fourth identifier value to the subclass.

US Pat. No. 9,363,172

MANAGING A CONFIGURABLE ROUTING SCHEME FOR VIRTUAL APPLIANCES

Red Hat Israel, Ltd., Ra...

1. A method comprising:
determining a routing scheme by a processing device, wherein the routing scheme identifies a plurality of virtual appliances
to route data packets through and an order in which to perform the routing;

receiving a data packet from a client;
routing, by the processing device, the data packet using a shared memory to the plurality of virtual appliances by writing
the data packet to a buffer in the shared memory and mapping the buffer to a memory space of each of the plurality of virtual
appliances in accordance with the routing scheme, wherein each of the plurality of virtual appliances performs an operation
on the data packet, wherein the mapping occurs without copying the data packet from one memory area to another; and

sending the data packet to a virtual machine after each of the plurality of virtual appliances has completed the operation
on the data packet.

US Pat. No. 9,354,952

APPLICATION-DRIVEN SHARED DEVICE QUEUE POLLING

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving, at a system device, a first request from an operating system, the first request identifying a shared queue and
providing an instruction to the system device to enable polling of the identified shared queue;

enabling, by a processing device, polling of the identified shared queue, wherein enabling polling comprises identifying a
message in the identified shared queue and polling information related to the identified shared queue; and

disabling, by the processing device, a device interrupt associated with the message in the identified shared queue.

US Pat. No. 9,330,036

INTERRUPT REDUCTION BY DYNAMIC APPLICATION BUFFERING

1. A method of processing a request from a channel, comprising:
receiving a request associated with a channel;
allocating a buffer for the request;
placing the buffer into a queue specific to a hardware device that processes the request, wherein the queue is in at most
one of an orphan early mode or an orphan late mode;

associating the buffer with the channel;
determining whether a condition is satisfied;
in response to a determination that the condition is not satisfied:
decrementing an in-flight counter after the hardware device completes processing the request, the in-flight counter representing
a first amount of data in the channel; and

switching the queue from the orphan early mode to the orphan late mode if the queue is in the orphan early mode; and
in response to a determination that the condition is satisfied:
decrementing the in-flight counter before the hardware device completes processing the request associated with the buffer
in the queue; and

switching the queue from the orphan late mode to the orphan early mode if the queue is in the orphan late mode.

US Pat. No. 9,268,583

MIGRATION OF VIRTUAL MACHINES WITH SHARED MEMORY

1. A system including one or more processors for migration of a virtual machine sharing a memory region with another virtual
machine, the system comprising:
an identification module, executed by the one or more processors, to identify a plurality of virtual machines running on a
source host machine, wherein the plurality of virtual machines includes a first virtual machine and a second virtual machine
that share a first shared memory region coupled to the source host machine;

a target module that identifies a host machine as a target for the second virtual machine;
an allocation module that allocates a second shared memory region coupled to the target host machine for the second virtual
machine; and

a migration module that stops execution of the second virtual machine on the source host machine and migrates the second virtual
machine to the target host machine, wherein a time period in which the first virtual machine is running on the source host
machine overlaps with a time period in which the second virtual machine is running on the target host machine.

US Pat. No. 9,195,494

HASHING STORAGE IMAGES OF A VIRTUAL MACHINE

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving, at a source storage location, a list of signatures per virtual machine image at a target storage location;
identifying, at the source storage location, a plurality of virtual machine images to be transferred to the target storage
location, the plurality of virtual machine images comprising images of different virtual machines being transferred from a
source host associated with the source storage location to a destination host associated with the target storage location;

computing signature values, at the source storage location, of a plurality of disk blocks that contain the plurality of virtual
machine images to be transferred to the target storage location, each signature value corresponding to one of the disk blocks;

comparing, at the source storage location, the computed signature values with signatures from the received list to determine
a plurality of differential disk blocks associated with the plurality of virtual machine images, wherein comparing the computed
signature values with signatures from the received list comprises testing a set of membership of each computed signature value
in a set formed by the computed signature values;

deduplicating, by a processing device, the plurality of differential disk blocks at the source storage location to identify
a subset of differential disk blocks that do not have identical signature values, the deduplicating being performed across
virtual machine images of different virtual machines being transferred from the source host to the destination host; and

transferring the subset of differential disk blocks, that do not have identical signature values, from the source storage
location to the target storage location over a network.

US Pat. No. 9,454,392

ROUTING DATA PACKETS BETWEEN VIRTUAL MACHINES USING SHARED MEMORY WITHOUT COPYING THE DATA PACKET

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving a data packet by a processing device executing a virtual machine and a hypervisor that manages the virtual machine,
wherein the data packet is addressed to the virtual machine;

writing, by the processing device, the data packet to a buffer in a shared physical memory that is shared by the hypervisor
and an additional virtual machine configured as a virtual appliance that is hosted by the hypervisor, wherein the hypervisor,
the virtual machine and the virtual appliance are collocated on a machine that comprises the processing device;

mapping, by the processing device, the buffer to a virtual memory of the virtual appliance to enable the virtual appliance
to operate on the data packet, wherein no copy of the data packet is generated to provide the data packet from the shared
physical memory to the virtual appliance;

signaling, by the processing device, the hypervisor after the virtual appliance has operated on the data packet, wherein the
virtual appliance comprises a driver that acts as a standard network interface; and

performing, by the driver, a zero copy operation to provide the data packet to the virtual machine after the virtual appliance
has operated on the data packet.

US Pat. No. 9,413,594

TRANSMITTING ENCAPSULATED SNMP COMMANDS TO VIRTUAL MACHINES

Red Hat Israel, Ltd., Ra...

1. A method comprising:
generating a Simple Network Management Protocol (SNMP) request, the SNMP request being a data collection request directed
to a virtual machine executing on a host device;

encapsulating, by a virtualization manager executing on a processing device, the SNMP request in a command format that is
compatible with a protocol with respect to which the virtual machine is configured to communicate with the virtualization
manager; and

providing the encapsulated SNMP request to the virtual machine.

US Pat. No. 9,397,883

MODIFYING NETWORK SETTINGS OF AN UNREACHABLE HOST

Red Hat Israel, Ltd., Ra...

1. A method comprising:
determining, by a processing device, that a first host on a network is unreachable using a first communication protocol;
selecting a second host on the network that is reachable using the first communication protocol in view of a proximity between
the first host and the second host, wherein the second host on the network can reach the first host using a second communication
protocol; and

providing, by the processing device, a communication to the second host on the network using the first communication protocol,
wherein the communication causes the second host to access the first host on the network in view of a scope associated with
the first host to cause the second host to configure a network configuration of the first host.

US Pat. No. 9,135,049

PERFORMING THIN-PROVISIONING OPERATIONS ON VIRTUAL DISK IMAGES USING NATIVE FEATURES OF THE STORAGE DOMAIN

Red Hat Israel, Ltd., Ra...

1. A method comprising:
determining, by a virtual disk image manager running on a processing device, that an operation is to be performed on a virtual
disk image, wherein the operation comprises a thin provisioning operation;

determining, by the virtual disk image manager, whether an underlying storage domain on which the virtual disk image is stored
supports the operation;

in response to determining that the storage domain supports the operation, using native capabilities of the storage domain
to perform the operation; and

in response to determining that the storage domain does not support the operation, performing, using the processing device,
the operation by the virtual disk image manager, wherein determining that the storage domain does not support the operation
comprises determining that the storage domain fails to support thin provisioning.

US Pat. No. 9,104,757

INTERACTIVE SEARCH MONITORING IN A VIRTUAL MACHINE ENVIRONMENT

Red Hat Israel, Ltd., Ra...

1. A computer-implemented method comprising:
executing, by a host controller server, a query pertaining to at least one virtual machine of a plurality of virtual machines
running on a plurality of host computers in a virtual machine system, a query being associated with reporting event data concerning
the at least one virtual machine, the virtual machine system comprising the host controller server coupled to the plurality
of host computers via a network;

providing, by the host controller server, a result of the query to a client of a plurality of clients via the network for
presentation to a user in a graphical user interface (GUI);

periodically re-executing, by the host controller server, the query to obtain up-to-date information for the at least one
virtual machine in the virtual machine system;

upon each re-execution of the query, comparing, by a processing device of the host controller server, a new result of the
query with a previous result of the query to determine whether the up-to-date information for the at least one virtual machine
in the virtual machine system has changed, wherein the virtual machine system comprises the plurality of clients coupled to
the plurality of host computers and the host controller server via the network;

if the up-to-date information for the at least one virtual machine in the virtual machine system has changed, determining,
based on the reporting event data, whether a change in the up-to-date information corresponds to a type of change intended
to generate a reporting event;

providing, by the host controller server, the new result of the query to the client via the network for presentation to the
user in the GUI if the up-to-date information for the at least one virtual machine in the virtual machine system has changed
and the change in the up-to-date information corresponds to the type of change intended to generate a reporting event; and

refraining from providing the new result of the query to the client if the up-to-date information for the at least one virtual
machine in the virtual machine system has not changed or the change in the up-to-date information does not correspond to the
type of change intended to generate a reporting event.

US Pat. No. 9,098,578

INTERACTIVE SEARCH MONITORING IN A VIRTUAL MACHINE ENVIRONMENT

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving requests, from a plurality of requestors, to execute a plurality of queries pertaining to a plurality of objects
in a virtual machine system, wherein each of the plurality of queries is associated with one of the plurality of requestors;

executing the plurality of queries pertaining to the plurality of objects in the virtual machine system to provide a plurality
of query results to the plurality of requestors;

receiving, by a processing device, change data indicative of a change in one or more of the plurality of objects;
identifying one or more queries impacted by the change data and determining a priority for the change;
determining a schedule time to re-execute the one or more queries based on the priority for the change;
re-executing the one or more queries according to the schedule time to generate updated query results;
refraining from re-executing queries not impacted by the change data;
identifying one or more requestors associated with the one or more queries; and
transmitting the updated query results.

US Pat. No. 9,405,642

PROVIDING VIRTUAL MACHINE MIGRATION RELIABILITY USING AN INTERMEDIARY STORAGE DEVICE

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
sending, by a migration manager executed by a processing device, a request to a source host machine to migrate a virtual machine
to a first destination host machine, wherein the migration is to store data associated with the virtual machine on a plurality
of intermediary storage devices;

determining that the migration of the virtual machine from the source host machine to the first destination host machine has
failed after the virtual machine is suspended;

in response to the determination that the migration failed:
identifying one or more intermediary storage devices of the plurality of intermediary storage devices used during the migration
to store a state of the virtual machine;

identifying a second destination host machine for the virtual machine migration; and
causing the second destination host machine to obtain the stored state of the virtual machine from the one or more identified
intermediary storage devices before the virtual machine is resumed at the second destination host machine.

US Pat. No. 9,367,343

DYNAMIC BATCH MANAGEMENT OF SHARED BUFFERS FOR VIRTUAL MACHINES

1. A computer-implemented method, comprising:
maintaining, by a hypervisor executed by a processor, a pool of host memory to store a plurality of incoming network packets
received by a physical network device, the plurality of incoming network packets comprising incoming network packets associated
with different virtual machine guests, and the pool of host memory being accessible to the physical network device and each
of the virtual machine guests;

adjusting, by the hypervisor, a number of memory buffers associated with the pool of host memory to resize the pool of host
memory in association with providing respective incoming network packets to each of the virtual machine guests, the memory
buffers being adjusted in view of the virtual machine guests;

receiving, by the hypervisor, an indication that the incoming network packets associated with the different virtual machine
guests are stored in the pool of host memory; and

providing, by the hypervisor, respective incoming network packets to each of the virtual machine guests.

US Pat. No. 9,367,345

POWER EFFICIENT CROSS-VCPU NOTIFICATION BY VM FUNCTION

Red Hat Israel, Ltd., Ra...

1. A method comprising:
configuring, by a processing device executing a hypervisor, a VM function component for execution on behalf of a guest operating
system of a virtual machine, the VM function component to send a request to a virtual processor;

receiving, by the processing device, a notification from the guest operating system of the virtual machine to execute the
VM function component to send the request to the virtual processor;

identifying, by the processing device executing the VM function, a physical processor associated with the virtual processor;
and

adding, by the processing device executing the VM function component, the request to a memory space associated with the physical
processor.

US Pat. No. 9,369,721

DATA COMPRESSION OF IMAGES USING A SHARED DICTIONARY

Red Hat Israel, Ltd., Ra...

1. A computer-implemented method, comprising:
identifying, at a host machine, a current image of a stream of images generated by a virtual machine (VM) executing on the
host machine, the stream of images including images previously transmitted to a client associated with the VM via a network;

for each segment of pixels in the current image, searching a shared dictionary using the segment of pixels, the dictionary
storing data identifying segments of pixels for each of the stream of images generated by the VM; and

if the dictionary includes data corresponding to the segment of pixels in the current image, determining, by a processing
device, metadata for the segment of pixels in the current image using the corresponding data from the dictionary, and transmitting
the metadata to the client without transmitting the segment of pixels from the current image, wherein the metadata comprises
an identifier of a previously transmitted image that includes a matching segment of pixels, a location of the matching segment
of pixels within the previously transmitted image, and a length of the matching segment of pixels.

US Pat. No. 9,361,404

OFFLINE RADIX TREE COMPRESSION WITH KEY SEQUENCE SKIP

1. A method of compressing a radix tree including a plurality of containers, comprising:
traversing a radix tree including a plurality of containers;
identifying, based on the traversing, a parent container that represents a sequence of elements and has a single immediate
child container, the parent container including a prefix of the sequence of elements that is represented by the parent container,
and the immediate child container including a single element;

determining whether a length of the sequence of elements that is represented by the parent container satisfies a container
threshold; and

when the length is determined to satisfy the container threshold:
selecting one of the parent container and immediate child container;
incrementing a length of the selected container; and
removing the non-selected container from the radix tree.

US Pat. No. 9,329,880

COUNTER FOR FAST INTERRUPT REGISTER ACCESS IN HYPERVISORS

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
maintaining, in memory of a hypervisor executed by a processing device, a counter associated with an interrupt register to
track a pending interrupt in a virtual machine;

updating, by the processing device executing the hypervisor, the counter in response to an interrupt event in the virtual
machine;

examining, by the processing device executing the hypervisor, the counter to determine whether the pending interrupt exists
in the virtual machine;

receiving, by the processing device executing the hypervisor, an asserted interrupt associated with the interrupt register;
incrementing, by the processing device executing the hypervisor, the counter in view of determining that no pending interrupt
exists for the interrupt register; and

injecting, by the processing device executing the hypervisor, the asserted interrupt into the virtual machine in response
to determining that no pending interrupt exists for the interrupt register.

US Pat. No. 9,305,047

COMMIT-ONE-PHASE DISTRIBUTED TRANSACTIONS WITH MULTIPLE STARTING PARTICIPANTS

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processing device that executes a first coordinator node, a request from a second coordinator node to assume
control of a two-phase commit distributed transaction, wherein the second coordinate node sent a commit query to a plurality
of participants of the two-phase commit distributed transaction;

receiving, by the processing device, a read-only message from a first participant of the plurality of participants; and
initiating, by the processing device, a one-phase commit distributed transaction for a second participant of the plurality
of participants that did not respond with a read-only message.

US Pat. No. 9,298,449

COMPOSITE PROGRAM HISTORY

Red Hat Israel, Ltd., Ra...

1. A method comprising:
identifying, by a processor, a first history of changes to a program, the first history of changes including a version of
the program identified as introducing an error and including a subsequent version of the program identified as fixing the
error;

generating, by the processor, a second history of changes to the program in view of the first history of changes, the second
history of changes having a final version of the program that is identical to a final version of the program in the first
history of changes, and wherein the second history of changes includes multiple additional versions represented in the first
history of changes without including the version of the program identified as introducing the error; and

generating, by the processor, a third history of changes to the program that comprises the first history of changes and the
second history of changes.

US Pat. No. 9,256,488

VERIFICATION OF TEMPLATE INTEGRITY OF MONITORING TEMPLATES USED FOR CUSTOMIZED MONITORING OF SYSTEM ACTIVITIES

Red Hat Israel, Ltd., Ra...

1. A method comprising:
calculating a first hash code for a monitoring template, the monitoring template to customize a performance monitor to serve
as a universal monitor to perform monitoring of activities of a plurality of system components of the computer system, the
universal monitor to replace a plurality of monitoring tools;

embedding the first hash code into the monitoring template;
receiving a request to load the monitoring template;
extracting the first hash code from the monitoring template;
saving the monitoring template to a temporary directory without the first hash code;
calculating a second hash code for the monitoring template with the first hash code removed;
verifying, by a processing device, an integrity of the monitoring template by comparing the first hash code with the second
hash code, wherein the integrity of the monitoring template is determined to be satisfactory in response to the first hash
code matching the second hash code; and

loading the monitoring template from the temporary directory.

US Pat. No. 9,208,190

LOCK REORDERING FOR OPTIMISTIC LOCKING OF DATA ON A SINGLE NODE TO AVOID TRANSACTION DEADLOCK

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processing device, a first prepare request identifying data to lock for a first transaction, the first prepare
request indicating a first locking order that is different from a second locking order indicated by a second prepare request
identifying the data to lock for a second transaction;

ranking, by the processing device, a plurality of keys associated with the data to define a third locking order used to lock
the data for the first transaction and the second transaction, wherein ranking the plurality of keys comprises:

identifying a key identifier for each key of the plurality of keys, the key identifier comprising a key-value pair indicating
a data node location for a corresponding key,

determining a hash value for each key of the plurality of keys,
ordering the hash values from a least hash value to a greatest hash value or from a greatest hash value to a least hash value,
and

ordering the plurality of keys in view of ordering the hash values; and
acquiring locks for the data for the first transaction or the second transaction using the third locking order, wherein acquiring
the locks for the data comprises updating the respective key identifier for each of the plurality of keys associated with
the third locking order in view of a corresponding hash value.

US Pat. No. 9,098,461

LIVE SNAPSHOTS OF MULTIPLE VIRTUAL DISKS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
issuing, by a processor, one or more commands to create a first snapshot of a first virtual disk of a virtual machine and
a second snapshot of a second virtual disk of the virtual machine while the virtual machine is running;

determining, by the processor, that the creating of the second snapshot failed; and
destroying, by the processor, the first snapshot in response to the determining.

US Pat. No. 9,436,495

PROTECTION AGAINST INTERRUPTS IN VIRTUAL MACHINE FUNCTIONS

1. A system comprising:
a memory;
one or more processors, coupled to the memory;
a virtual machine executing on the one or more processors; and
a hypervisor executing on the one or more processors to:
determine, by the hypervisor, a first location in the memory, corresponding to a physical address of a virtual machine function;
determine, by the hypervisor, a second location in the memory of the virtual machine function, wherein the second location
in the memory is offset from the first location in the memory of the virtual machine function;

modify, by the hypervisor, the virtual machine function at the second location in the memory to include checking code;
execute, by the hypervisor, the virtual machine function;
while executing the virtual machine function, execute, by the hypervisor, the checking code;
while executing the checking code, determine, by the hypervisor using the checking code, whether interrupts are disabled on
a virtual machine; and

responsive to determining that the interrupts are enabled on the virtual machine, at least one of disable, by the hypervisor
using the checking code, the interrupts on the virtual machine and abort, by the hypervisor using the checking code, the virtual
machine function.

US Pat. No. 9,411,624

VIRTUAL DEVICE INTERRUPT HINTING IN A VIRTUALIZATION SYSTEM

Red Hat Israel, Ltd., Ra...

8. A system, comprising:
a memory; and
a plurality of central processing units (CPUs) communicably coupled to the memory, the plurality of CPUS to execute a virtual
machine (VM) from the memory and to:

receive virtual device events for a virtual device of the VM, the virtual device events comprising device level instructions
of a device of the system and directed to the VM, wherein the device is emulated by a hypervisor as a virtual device for the
VM;

query the hypervisor managing the VM for a virtual central processing unit (VCPU) hint associated with the virtual device
events, wherein the VCPU hint is generated by the hypervisor when the hypervisor references a VCPU-to-host CPU mapping in
a memory of the hypervisor in order to identify the VCPUs of the VM to include in the VCPU hint, responsive to the VM receiving
a type of the virtual device events for a first time, to identify VCPUs of the VM running on a CPU of the plurality of CPUs
that originated the virtual device events, wherein the hypervisor maintains a data structure for VCPU-to-host CPU mappings;

receive the VCPU hint from the hypervisor as part of the virtual device events, the VCPU hint comprising identification of
the identified VCPUs of the VM; and

program the virtual device to deliver interrupts to at least one of the identified VCPUs of the VM identified in the VCPU
hint.

US Pat. No. 9,355,133

OFFLINE COMPRESSION FOR LIMITED SEQUENCE LENGTH RADIX TREE

1. A method of compressing a radix tree including a plurality of containers, comprising:
traversing a radix tree including a plurality of containers;
identifying, based on the traversing, a parent container having a single immediate child container, the parent container including
a first set of elements, and the child container including a second set of elements;

determining whether a length of the first set of elements included in the parent container satisfies a threshold; and
when the length of the first set of elements is determined to satisfy the threshold, combining the parent and child containers
into a single container.

US Pat. No. 9,342,450

ON-DEMAND HYPERVISOR MEMORY MAPPING

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
trapping, by a processing device executing a hypervisor of a host machine, an access instruction to a memory location, the
access instruction issued from a virtual machine (VM) of a plurality of VMs executed by the host machine and managed by the
hypervisor;

monitoring, by the hypervisor for each of the plurality of VMs, a number of accesses to the memory location per each VM during
runtime of each VM;

maintaining, by the hypervisor, the number of accesses to the memory location by the VM in a memory access record for the
memory location, the memory access record corresponding to the VM;

determining, by the hypervisor, whether the number of accesses maintained in the memory access record for the memory location
and the VM exceeds a threshold;

in response to the number of accesses to the memory location by the VM exceeding the threshold during the runtime of the VM,
allocating, by the hypervisor during the runtime of the VM, guest physical memory for the VM to correspond to the memory location;

in response to the number of accesses to the memory location by the VM being less than or equal to the threshold during the
runtime of the VM, emulating, by the hypervisor during the runtime of the VM, the access instruction to the memory location
on behalf of the VM without allocating the guest physical memory; and

removing, by the processing device via the hypervisor during the runtime of the VM, memory mappings for the VM that have not
been accessed by the VM during a time interval of the runtime of the VM, wherein removing the memory mappings comprises:

setting all flags in a memory mapping data structure of the hypervisor, wherein each memory mapping in the memory mapping
data structure is associated with a flag;

resetting a timer of the hypervisor after the timer expires;
starting the timer;
clearing any flag associated with a memory mapping that is accessed by a VM managed by the hypervisor; and
removing the memory mappings in the memory mapping data structure with flags set when the time interval of the timer expires.

US Pat. No. 9,239,689

LIVE MIGRATION OF VIRTUAL DISKS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
preparing, by a processor, a first area of a first storage device and a second area of a second storage device for a live
snapshot of a virtual disk of a virtual machine;

executing, after the preparing, a transaction that comprises:
storing the live snapshot in the first area of the first storage device;
copying the live snapshot to the second area of the second storage device; and
mirroring a change to the virtual disk that occurs after the live snapshot is created, wherein the mirroring is via one or
more write operations to the live snapshot in the first area and to the copy of the live snapshot in the second area; and

changing, after the transaction executes successfully, the virtual disk of the virtual machine from the first area of the
first storage device to the second area of the second storage device.

US Pat. No. 9,201,919

BANDWIDTH OPTIMIZED TWO-PHASE COMMIT PROTOCOL FOR DISTRIBUTED TRANSACTIONS

Red Hat, Inc., Raleigh, ...

1. A method comprising:
sending, by a processing device executing a transaction manager, prepare messages to a plurality of participants of a two-phase
commit distributed transaction;

determining, by the processing device, a time period to wait for the plurality of participants to commit the two-phase commit
distributed transaction;

responsive to not receiving an abort response from a participant of the plurality of participants within the time period,
committing the two-phase commit distributed transaction at an end of the time period; and

ending the two-phase commit distributed transaction without first sending commit messages to the plurality of participants.

US Pat. No. 9,135,024

PLAYING MULTIMEDIA CONTENT AT REMOTE GRAPHICS DISPLAY CLIENT

Red Hat Israel, Ltd., Ra...

1. A method comprising:
transmitting, by a processing device of a host server executing a virtual machine, a stream of data objects to a client over
a network, the stream being generated by a desktop application of the processing device, representing a snapshot of a display
output of the desktop application of the processing device, the data objects to be rendered at the client;

detecting, by the processing device of the host server, that a media object is to be rendered from the desktop application;
determining, by the processing device of the host server, in view of at least one of a network condition or a processing bandwidth
condition to transmit a link to a remote server comprising the media object, wherein the network condition or the processing
bandwidth condition is monitored by a virtual media player executed by the virtual machine; and

transmitting, in response to the detecting and determining, the link to the remote server comprising the media object to the
client to allow the client to download the media object from the remote server and render the media object at the client without
having to render the media object locally by the processing device of the host server and without having to transmit a display
result of the rendering from the processing device of the host server to the client over the network.

US Pat. No. 9,471,226

REVERSE COPY ON WRITE FOR BETTER CACHE UTILIZATION

1. A computer-implemented method, comprising:
detecting, by a processor, when a first task is to write to a memory page shared with a second task;
determining, by the processor, whether a number of other tasks sharing the memory page with the first task is within a threshold;
creating, by the processor, a copy of the memory page for the second task; and
modifying, by the processor, a memory mapping to associate the second task with the copy of the memory page.

US Pat. No. 9,378,057

PARAVIRTUALIZED MIGRATION COUNTER

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
determining, by a processing device, a first value of a counter and a second value of the counter, wherein the counter is
indicative of a migration status of an application with respect to the processing device;

responsive to determining that the first value of the counter does not equal the second value of the counter, ascertaining
whether a value of a hardware parameter associated with the processing device has changed during a time interval; and

determining, by the processing device, validity of a value of a performance monitoring unit derived from the hardware parameter
in view of said ascertaining.

US Pat. No. 9,229,878

MEMORY PAGE OFFLOADING IN MULTI-NODE COMPUTER SYSTEMS

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
detecting, by a processor, a memory pressure condition on a first node;
invalidating a page table entry for a memory page residing on the first node;
copying, by the processor, the memory page directly to a second node without swapping the memory page to a backing storage;
and

updating the page table entry for the memory page to reference the second node.

US Pat. No. 9,201,676

REDUCING OR SUSPENDING TRANSFER RATE OF VIRTUAL MACHINE MIGRATION WHEN DIRTYING RATE EXCEEDS A CONVERGENCE THRESHOLD

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
determining, by a processor, a first rate being a rate of change of an execution state of a virtual machine undergoing live
migration from a first computer system to a second computer system;

determining a second rate being a rate of transfer of the execution state of the virtual machine to the second computer system;
and

responsive to determining that a ratio of the first rate to the second rate exceeds a first threshold ratio, suspending the
transfer of the virtual machine execution state to the second computer system, without suspending execution of the virtual
machine.

US Pat. No. 9,465,587

PRESERVING RESTFUL WEB SERVICE STRUCTURE IN A CLIENT CONSUMING THE RESTFUL WEB SERVICE

Red Hat Israel, Ltd., Ra...

1. A processor-executed method comprising:
identifying a uniform resource identifier (URI) that corresponds to a resource of a RESTful (Representational State Transfer)
web service provided by a server, the URI comprising a plurality of elements;

identifying relationships between the plurality of elements of the URI;
determining an entry point of the RESTful web service from the relationships between the plurality of elements, the entry
point being a root resource class into the RESTFUL web service;

determining a name of the entry point in the URI from the relationships of the plurality of elements in the URI;
creating programming code for a method of a software development kit (SDK) client by creating programming code for an entry
point class using the name of the entry point in the URI; and

replicating, by a processing device, the relationships between the plurality of elements of the URI in the programming code
for the method of the SDK client, the programming code comprising programming code corresponding to the entry point.

US Pat. No. 9,459,902

MEMORY DUPLICATION BY DESTINATION HOST IN VIRTUAL MACHINE LIVE MIGRATION

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
receiving, by a processor of a destination host computer system, a first virtual address and a corresponding source physical
address, the source physical address identifying a first physical memory portion on an origin host computer system, the first
virtual address identifying a first virtual memory address range mapped to the first physical memory portion in a virtual
address space of a first virtual machine undergoing live migration from the origin host computer system to the destination
host computer system;

identifying a second virtual address corresponding to the source physical address, the second virtual address identifying
a second virtual memory address range in a virtual address space of a second virtual machine undergoing live migration from
the origin host computer system to the destination host computer system;

identifying a destination physical address corresponding to the second virtual address, the destination physical address identifying
a second physical memory portion on the destination host computer system;

mapping, on the destination host computer system, the first virtual address to the destination physical address;
responsive to detecting a modification of a virtual memory page of the first virtual memory address range, copying, to a new
physical memory page, a physical memory page corresponding to the virtual memory page; and

mapping the modified virtual memory page to the new physical memory page.

US Pat. No. 9,355,018

HISTORY N-SECTION FOR PROPERTY LOCATION

1. A method of history revision testing for locating a software property, the method comprising:
receiving a test code, the test code having N versions in chronological order, wherein N is a quantity of versions;
selecting n intermediate versions of the test code, wherein n is a quantity of intermediate versions; and
testing the test code using history revision testing that comprises:
running the intermediate versions in parallel;
identifying a first passed version, the first passed version being a last intermediate version of the intermediate versions
to pass the test;

identifying a first failed version, the first failed version being a first intermediate version of the intermediate versions
to fail the test, such that the first passed version and the first failed version are consecutive versions of the intermediate
versions;

selecting a subset of the N versions, the subset including N? versions, the N? versions comprising all versions of the N versions
between the first passed version and the first failed version, including the first passed version and the first failed version;

calculating a sample size, the sample size being calculated as a total number of N? versions;
determining whether the sample size is greater than n;
responsive to determining that sample size is greater than n:
selecting n new intermediate versions of the test code from the N? versions; and
testing the new intermediate versions using history revision testing that comprises:
running the new intermediate versions in parallel;
identifying a second passed version, the second passed version being a last new intermediate version of the new intermediate
versions to pass the test;

identifying a second failed version, the second failed version being a first new intermediate version of the new intermediate
versions to fail the test, such that the second passed version and the second failed version are consecutive versions of the
new intermediate versions;

selecting a subset of the N? versions, the subset including N? versions, the N? versions comprising all versions of the N?
versions between the second passed version and the second failed version, including the second passed version and the second
failed version;

recalculating the sample size, the sample size being recalculated as a total number of N? versions; and
after recalculating the sample size, determining whether the sample size is greater than n;
automatically performing at least a plurality of iterations of selecting and testing, including selecting and testing the
intermediate versions and the new intermediate versions; and

responsive to determining that the sample size is not greater than n:
running the N? versions in parallel;
identifying a third passed version, the third passed version being a last version of the N? versions to pass the test; and
identifying a third failed version, the third failed version being a first version of the N? versions to fail the test, such
that the third passed version and the third failed version are consecutive versions of the N? versions,

wherein the third failed version is a first version of the N versions that includes the software property.

US Pat. No. 9,342,703

MANAGING STORAGE PERMISSIONS FOR LOGICAL VOLUME MANAGERS

Red Hat Israel, Ltd., Ra...

9. A system comprising:
a memory to store data; and
a processing device operatively coupled to the memory, the processing device to:
receive, by a processing device executing a first logical volume manager (LVM) of a plurality of LVMs, a request to access
a storage location in a logical volume;

analyze, by the processing device, global metadata associated with the storage location, wherein the global metadata pertains
to the all LVMs in the plurality of LVMs;

identify, by the processing device, a first set of permissions for the storage location, the first set of permissions comprised
in the global metadata;

analyze, by the processing device, local permission data associated with the storage location, wherein the local permission
data pertains to the first LVM;

identify, by the processing device, a second set of permissions for the storage location, the second set of permissions comprised
in the local permission data, wherein the second set of permissions is created independently from the first set of permissions,
wherein the first set of permissions is different from the second set of permissions; and

in response to identifying the second set of permissions, grant, by the processing device, access to the storage location
by using the second set of permissions in place of the first set of permissions.

US Pat. No. 9,178,886

FLATTENING PERMISSION TREES IN A VIRTUALIZATION ENVIRONMENT

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving a permission request, the request indicating a user and an entity in a virtual machine system;
flattening, by a processing device, a permissions database associated with the virtual machine system to generate a flattened
database view, wherein the permissions database to store descriptive labels of entities in the virtual machine system, and
wherein the flattened database view defines permissions for the user to access the entities in the virtual machine system
in view of the descriptive labels, wherein flattening the permissions database comprises:

identifying a first set of entities in the virtual machine system for which the user has explicit permissions defined in the
permissions database,

identifying a second set of entities in the virtual machine system for which a role to which the user is assigned has explicit
permissions defined in the permissions database;

identifying a third set of entities in the virtual machine system that inherit the explicit permissions of entities in the
first and second sets of entities, wherein entities in the third set of entities are assigned child labels in a labeling hierarchy
of entities in the virtual machine system, and

creating a separate entry in the flattened database view for each unique combination of the user and one of the entities in
the first, second and third sets of entities in the virtual machine system, wherein the flattened database view comprises
a stored query accessible as a virtual table in the permissions database computed from data stored in the permissions database;

determining, using the flattened database view, whether the user has permission to access the entity in the virtual machine
system, wherein determining whether the user has permission to access the entity in the virtual machine system comprises issuing
a single query to the flattened database view for an entry comprising the user and the entity; and

returning an indication of whether the user has permission to access the entity in the virtual machine system.

US Pat. No. 9,436,505

POWER MANAGEMENT FOR HOST WITH DEVICES ASSIGNED TO VIRTUAL MACHINES

1. A system for removing power from a device assigned to a virtual machine running on a host machine, the system comprising:
a notification module that receives a request from a virtual machine running on a host machine to remove power from a device
assigned to the virtual machine, and receives an indication that first state information of the device has been saved to memory,
wherein the virtual machine runs a guest operating system, and the first state information is maintained by the virtual machine;

a task module that manages an execution priority for requests, wherein the task module schedules the request to be executed
after the notification module receives the indication; and

a power down module that, in response to execution of the request, sends a communication to the host machine to cause the
host machine to remove power from the device.

US Pat. No. 9,430,257

SCHEDULING VIRTUAL MACHINES USING USER-DEFINED RULES

Red Hat Israel, Inc., Ra...

1. A method comprising:
receiving, through a first interface, by a processing device, a rule for execution by a rules engine;
providing, by the processing device, the rule to a virtualization manager;
receiving a request to provision a virtual machine (VM) having VM attributes;
determining, by the processing device, whether an instance of the rules engine is available;
in response to determining that an instance of the rules engine is available, establishing communication between the available
instance of the rules engine and the virtualization manager;

in response to determining that no instance of the rules engine is available, initiating a new instance of the rules engine;
providing, by the processing device, the rule to the rules engine from the virtualization manager;
providing, by the processing device, metrics of a plurality of physical hosts to the rules engine and the VM attributes to
the rules engine;

receiving, from the rules engine, an identification of one or more prioritized physical hosts of the plurality of physical
hosts; and

provisioning, by the processing device, the VM on one of the one or more prioritized physical hosts.

US Pat. No. 9,329,947

RESUMING A PAUSED VIRTUAL MACHINE WITHOUT RESTARTING THE VIRTUAL MACHINE

Red Hat Israel, Ltd., Ra...

13. A computing apparatus, comprising:
a network interface device; and
a processing device, coupled to the network interface device, to:
detect that a virtual machine has been paused;
determine that a condition that caused the virtual machine to be paused has been resolved;
transmit a command to resume the virtual machine without restarting the virtual machine; and
cause the virtual machine to perform an input/output (I/O) operation that was attempted prior to the virtual machine being
paused.

US Pat. No. 9,280,379

HIBERNATION VIA PARAVIRTUALIZATION

Red Hat Israel, Ltd., Ra...

1. A non-transitory computer readable storage medium having instructions stored therein that, when executed by at least one
processing device, cause a hypervisor executed by the at least one processing device to:
receive, by the hypervisor from a first virtual processor of a virtual machine (VM), a request that the hypervisor put the
virtual machine to sleep;

stop, by the hypervisor, in response to the request, the first virtual processor and a second virtual processor of the VM,
wherein the second virtual processor is stopped before the first virtual processor is stopped; and

re-start, by the hypervisor, the first virtual processor and the second virtual processor in response to a wake event, wherein
the second virtual processor is re-started after the first virtual processor is re-started.

US Pat. No. 9,465,719

LOCALIZED REPRESENTATION OF STACK TRACES

Red Hat, Inc., Raleigh, ...

1. A method of providing a representation of a stack trace, comprising:
identifying an element in a stack trace, the stack trace being in a first language and generated based on an occurrence of
an event during execution of an application, the application including the element;

determining whether the element has an associated annotation, the annotation being an indication in the application to translate
the element's name from the first language to a second language different from the first language; and

in response to determining that the element in the stack trace has the associated annotation:
obtaining the element's translated name, the element's translated name being in the second language; and
updating the stack trace to include the element's translated name.

US Pat. No. 9,323,563

DETERMINING VIRTUAL MACHINE MIGRATION IN VIEW OF A MIGRATION RULE

Red Hat Israel, Ltd., Ra...

1. A method comprising:
reviewing, by a destination migration manager of a destination hypervisor executed by a processing device, during migration
of a virtual machine from a source hypervisor to the destination hypervisor, a state of the virtual machine comprising a plurality
of state fields, wherein the source hypervisor identifies each of the plurality of state fields as one of an optional field
or an obligatory field;

determining, by the destination migration manager, a state field under review is unrecognized by applying a migration rule
defining state fields recognized by the destination hypervisor;

identifying, by the destination migration manager, the unrecognized state field under review as one of an optional field or
an obligatory field in view of the identification by the source hypervisor; and

determining, by the destination migration manager, a state restoration failure of the virtual machine, wherein the state restoration
failure comprises termination of the migration in response to identifying the unrecognized state field under review as an
obligatory field.

US Pat. No. 9,262,195

MANAGEABLE EXTERNAL WAKE OF VIRTUAL MACHINES

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving, by a processor of a computer system while a virtual machine that is hosted by the computer system is asleep, a
packet that is directed to a port number of the computer system, wherein the packet comprises a cookie; and

determining, by the processor, whether to wake the virtual machine in view of the port number and the cookie.

US Pat. No. 9,407,721

SYSTEM AND METHOD FOR SERVER SELECTION USING COMPETITIVE EVALUATION

Red Hat, Inc., Raleigh, ...

1. A method of processing a service request, the method comprising:
receiving the service request at an arbiter running on a computing device, the service request being received from a client;
determining whether the service request is associated with a preferred server;
when the service request is not associated with the preferred server:
using the arbiter to coordinate a competitive evaluation among a plurality of active servers by sending the service request
in parallel to each of the plurality of active servers;

selecting as the preferred server a first one of the active servers that completes processing of the service request before
the others;

preventing others of the active servers other than the first one of the active servers from completing processing of the service
request;

associating the preferred server with the service request;
receiving a response to the service request from the preferred server; and
returning the response to the client.

US Pat. No. 9,237,149

CERTIFICATE BASED DISTRIBUTED POLICY ENFORCEMENT

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processing device from an initiator over a communication channel, an object and a data structure associated
with the object that comprises a hash value of the object;

determining a type of the object in view of the data structure;
determining a set of types the initiator is associated with originating;
determining that the type of the object is one of the set of types;
validating the initiator in view of determining that the type of the object is one of the set of types;
scanning the object for violation of one or more policies;
validating the object in view of the scanning; and
generating, by the processing device, an object certificate comprising an indication of a lifespan of the object and the hash
value from the data structure associated with the object upon validating the initiator and validating the object.

US Pat. No. 9,164,790

LIVE VIRTUAL MACHINE TEMPLATE CREATION

Red Hat Israel, Ltd., Ra...

1. A method comprising:
creating, by a processing device, a live snapshot of a running virtual machine that is connected to a network and has an internet
protocol (IP) address and a network configuration;

creating, by the processing device, a live clone of the running virtual machine using the live snapshot while the virtual
machine is running, wherein the live clone is connected to the network and has the same internet protocol (IP) address and
network configuration as the virtual machine;

disconnecting the live clone from the network;
initiating execution of the live clone;
shutting down the live clone to create a virtual machine template; and
creating the virtual machine template in view of the live clone, wherein the virtual machine template enables another virtual
machine to be created that corresponds to the live snapshot of the running virtual machine.

US Pat. No. 9,164,809

VIRTUAL PROCESSOR PROVISIONING IN VIRTUALIZED COMPUTER SYSTEMS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
detecting, by a processor executing a guest operating system of a virtual machine, when a measure of system load for a virtual
processor exceeds a threshold; and

in response to the detection, transmitting to a hypervisor, by the guest operating system, a request for an additional virtual
processor for the virtual machine, wherein a memory of the virtual machine is non-uniform memory access (NUMA), wherein the
request by the guest operating system specifies a virtual NUMA node within the virtual machine for the additional virtual
processor, and wherein the measure of system load for the virtual processor is based on a percentage of processor cycles consumed
by context switches between threads executed by the virtual machine, a count of context switches per unit of time between
threads executed by the virtual processor and a count of threads in a runnable state executing concurrently.

US Pat. No. 9,411,869

REPLICATION BETWEEN SITES USING KEYS ASSOCIATED WITH MODIFIED DATA

Red Hat, Inc., Raleigh, ...

1. A system for replicating an in-memory data cache, the system comprising:
an in-memory data cache that stores a plurality of keys and data associated with the plurality of keys;
an in-memory keys cache that stores keys associated with modified data;
a key insert module that detects a modification to a first set of data stored in the in-memory data cache, identifies a first
set of keys of the plurality of keys identifying the first set of data, and responsive to the detected modification, inserts
the first set of keys into the in-memory keys cache; and

an update module that retrieves a subset of the first set of keys from the in-memory keys cache, retrieves from the in-memory
data cache the modified data associated with the subset of keys, transmits to a remote site a modification list comprising
the subset of keys and the modified data associated with the subset of keys, and receives an acknowledgement of successful
replication in accordance with the modification list from the remote site,

wherein in response to receiving the acknowledgement, the update module removes the subset of keys from the in-memory keys
cache, wherein each key of the subset identifies data that has been modified in the in-memory data cache since a previously
received acknowledgement of successful replication in accordance with a previously sent modification list;

wherein at least one node in the remote site is updated using the set of keys and the modified data associated with the set
of keys.

US Pat. No. 9,396,286

LOOKUP WITH KEY SEQUENCE SKIP FOR RADIX TREES

1. A method of determining whether a key is stored in a radix tree, comprising:
identifying a first chunk of a key;
traversing a radix tree including a plurality of containers;
identifying, based on the traversing, a container including a first sequence of elements, the first sequence of elements having
a first prefix;

determining whether the first chunk matches the first prefix;
when the first chunk is determined to match the first prefix:
skipping a first number of elements after the first chunk in the key;
for one or more traversed child containers of the identified container:
identifying, based on the traversing, a first child container of the identified container, the first child container including
a second sequence of elements, and the second sequence of elements having a second prefix;

determining whether a second chunk of the key matches the second prefix, the second chunk of the key being a third sequence
of elements after the skipped number of elements in the key;

when the second chunk is determined to match the second prefix, traversing a second child container, the second child container
being a child of the first child container; and

skipping a second number of elements after the second chunk in the key.

US Pat. No. 9,389,910

PARAVIRTUALIZED MIGRATION COUNTER FOR MIGRATING A VIRTUAL CPU TO A DIFFERENT PHYSICAL CPU

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
determining, by a processing device associated with a virtual processor, a first value of a counter and a second value of
the counter, wherein the counter is indicative of a migration status of the virtual processor with respect to the processing
device;

responsive to determining that the first value of the counter does not equal the second value of the counter, ascertaining
whether a value of a hardware parameter associated with the processing device has changed during a time interval; and

determining, by the processing device, validity of a value of a performance monitoring unit derived from the hardware parameter
in view of said ascertaining.

US Pat. No. 9,286,131

PROCESSOR UNPLUG IN VIRTUALIZED COMPUTER SYSTEM

Red Hat Israel, Ltd., Ra...

1. A method comprising:
detecting, by a hypervisor executed by a physical processor, when a measure of system load for a virtual machine falls below
a threshold, wherein the measure of system load being in view of a context switch of a thread executed by a virtual processor
of the virtual machine; and

withdrawing by the hypervisor, in response to the detection, the virtual processor from the virtual machine.

US Pat. No. 9,571,478

CONDITIONAL REQUEST PROCESSING

Red Hat, Inc., Raleigh, ...

1. A method of processing a request, comprising:
receiving, at a Web service, a request for processing, wherein processing of the request includes performing a set of operations
based on an order, and the request is from a client;

determining that the set of operations includes an input/output (I/O) operation;
authenticating the request from the client;
determining whether a result of the authentication has been determined;
while the request is pending the result of the authentication, initiating processing of the request; and
in response to a determination that the set of operations is determined to include the I/O operation:
performing, based on the order, one or more operations of the set of operations preceding the I/O operation;
in response to a determination that the result of the authentication has not been determined, waiting for the result of the
authentication to be determined; and

in response to a determination that the result of the authentication indicates that the request has been successfully authenticated,
performing, via the Web service, one or more remaining operations of the set of operations that has not been processed and
determining, via the Web service, a result of the processed request based on performing the set of operations, wherein the
one or more remaining operations includes the I/O operations

creating a first request identifier that identifies the request;
inserting into a data structure an entry that associates the first request identifier with an authentication flag value that
indicates whether the request has been authenticated; and

removing the entry from the data structure after the request has been processed.

US Pat. No. 9,407,572

MULTIPLE CLOUD MARKETPLACE AGGREGATION

Red Hat, Inc., Raleigh, ...

1. A method comprising:
replicating, by a processor, a request for a computer resource to a plurality of clouds;
updating, by the processor, a repository in view of resource offerings received from the plurality of clouds, wherein the
repository stores resource and service data for each cloud of the plurality of clouds;

determining from the updating of the repository that a single cloud of the plurality of clouds does not have resource offerings
to provide the computer resource to satisfy the request;

identifying, by the processor, from the updating of the resource and service data in the repository, a first cloud of the
plurality of clouds to provide a first portion of the computer resource and a second cloud of the plurality of clouds to provide
a remaining portion of the computer resource to satisfy the request; and

providing information to a requesting entity indicating resource and service data in the repository that satisfy the request.

US Pat. No. 9,348,623

MANAGEMENT OF INTER-DEPENDENT CONFIGURATIONS OF VIRTUAL MACHINES IN A CLOUD

Red Hat, Inc., Raleigh, ...

1. A method comprising:
determining, by a processor, that configuring a first virtual machine hosted by one or more physical machines in a cloud depends
on a configuration result of configuring a second virtual machine hosted by the one or more physical machines in the cloud;

instantiating the first virtual machine and the second virtual machine prior to configuring the first virtual machine and
prior to configuring the second virtual machine;

configuring the second virtual machine to determine the configuration result; and
determining whether to configure the first virtual machine based on the configuration result.

US Pat. No. 9,292,557

MANAGING VIRTUAL MACHINES USING HIERARCHICAL LABELING

Red Hat Israel, Ltd., Ra...

1. A method comprising:
maintaining, by a processor executing a host controller, a hierarchy of labels in a management data store, each of the labels
of the hierarchy of labels representing a distinct virtual machine (VM) parameter that describes a characteristic of a VM
and is separate from a unique identifier (ID) of the VM, wherein the management data store maintaining the hierarchy of labels
is separate from VMs associated with the labels;

detecting, by the processor, without user interaction, an event that triggers a label reassignment for a VM of a plurality
of VMs hosted by one or more servers coupled to the host controller;

identifying, by the processor in response to detecting the event, one or more labels of the hierarchy of labels that correspond
to the event and the VM for the label reassignment, the identifying comprising:

providing a user interface presenting the hierarchy of labels;
receiving a selection of a set of labels for the VM from the hierarchy of labels; and
assigning, in response to the selection, the set of labels from the hierarchy of labels to the VM;
storing, by the processor in response to identifying the one or more labels, identifiers of the identified labels with the
unique ID of the VM in a VM data store, the storing further comprising:

storing, in a first database table of the management store, the identifiers of the identified labels from the hierarchy, descriptions
of the identified labels, and relationships between the identified labels, wherein the first database table comprises the
hierarchy of labels and is a tree having a plurality of nodes representing the labels and a plurality of edges representing
relationships between the labels; and

storing, in a second database table of the management store, the unique ID of the VM along with the identifiers of the identified
labels corresponding to the VM by at least one of modifying previously-assigned labels of the VM or adding new labels to the
VM;

grouping, by the processor in response to the label reassignment for the VM, and in view of the relationships between the
identified labels, the VM with other VMs associated with the identified labels; and

performing, by the processor in view of the grouping, a management operation on the VM and the other VMs in response to receiving
an end user selection of the identified labels and an identification of the management operation via a graphical user interface
(GUI).

US Pat. No. 9,235,538

INJECTING INTERRUPTS IN VIRTUALIZED COMPUTER SYSTEMS

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
providing, by a hardware processor executing a hypervisor, a data structure comprising a two-dimensional table mapping a plurality
of message destination addresses (MDAs) to a plurality of Advanced Programmable Interrupt Controller (APIC) identifiers identifying
logical processors in a logical interrupt destination mode;

receiving an interrupt message including an MDA of the plurality of MDAs;
identifying an APIC associated with the MDA by the data structure; and
forwarding the interrupt message to a virtual processor associated with the APIC.

US Pat. No. 9,201,680

DISPLAY POWER MANAGEMENT IN DISTRIBUTED VIRTUALIZED SYSTEMS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving from a guest operating system of a virtual machine, by a hypervisor that is executed by a processing device of a
first computer system, a first signal that indicates that the hypervisor is to notify a host operating system of a second
computer system to refrain from executing a command to dim a video display of the second computer system, wherein the first
signal is transmitted by the guest operating system when the second computer system is communicably coupled to the first computer
system and output of the virtual machine is visible on the video display;

transmitting by the hypervisor, in response to the first signal, a second signal that notifies the host operating system to
refrain from executing the command; and

setting a flag in response to at least one of the second computer system becoming communicably uncoupled from the first computer
system or output from the virtual machine no longer being visible in the video display.

US Pat. No. 9,183,053

MIGRATING THREADS ACROSS NUMA NODES USING CORRESPONDING PAGE TABLES AND BASED ON REMOTE PAGE ACCESS FREQUENCY

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
creating, by a processing device, a page table (PT) hierarchy associated with a thread to be run on the processing device,
wherein the PT hierarchy comprises:

information identifying each memory page maintained in addressable memory space accessible by the thread; and
access bits corresponding to each of the memory pages;
utilizing, by the processing device, the PT hierarchy associated with the thread to identify locations of memory pages to
access during execution of the thread by the processing device;

setting the respective access bits of the memory pages accessed by the thread while the thread is executing on the processing
device;

collecting access bit information from the PT hierarchy associated with the thread, wherein the access bit information comprises
the set access bits in the PT hierarchy;

determining, in view of the collected access bit information, memory access statistics for the thread; and
utilizing, by the processing device during runtime of the thread, the memory access statistics for the thread in a determination
of whether to migrate the thread to another processing device during the runtime of the thread.

US Pat. No. 9,098,627

PROVIDING A CORE DUMP-LEVEL STACK TRACE

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processing device, a recorded state of a program, the recorded state comprising a base address of the program,
an exception handling table of the program, and a standalone stack frame comprising an executable address for a call instruction
of a function of the program;

determining, by the processing device, a list of functions in view of the recorded state of the program;
determining, by the processing device, a function start offset and a function end offset for the standalone stack frame in
view of the exception handling table of the program;

receiving a translation of the function;
determining an operand from the translation;
generating a fingerprint from the operand;
creating, by the processing device, a stack trace in view of the list of functions and the fingerprint without using debugging
symbols; and

updating the recorded state of the program to include the function start offset and the function end offset.

US Pat. No. 9,442,754

DEFERRED ASYNCHRONOUS ACTIONS FOR VIRTUAL DEVICES

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving, from a virtual machine, by a hypervisor executed by a processing device, an asynchronous request that can be serviced
by an accelerator;

detecting, by the hypervisor, in response to receiving the asynchronous request, that the accelerator is not initialized;
storing in a memory, by the hypervisor, at least one of the asynchronous request, an indication of the asynchronous request,
or an indication that the accelerator is not initialized;

detecting, by the hypervisor, after receiving the asynchronous request and detecting that the accelerator is not initialized,
that the accelerator has become initialized; and

forwarding, by the hypervisor, in response to the detecting that the accelerator has become initialized, the asynchronous
request to the accelerator.

US Pat. No. 9,355,248

CONTAINER AND IMAGE SCANNING FOR A PLATFORM-AS-A-SERVICE SYSTEM

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
initiating, by a processing device executing a node of a multi-tenant Platform-as-a-Service (PaaS) system, a scan process
at the node to scan containers executing on the node, the containers executing functionality of multiple applications that
are owned by multiple owners;

for each container of the containers:
scanning, by the processing device in accordance with the scan process, a top layer of application image instance used to
launch the container in the node without scanning remaining layers of the application image instance; and

terminating, by the processing device, the scan process for the container when the scanning generates a clean result.

US Pat. No. 9,305,013

URI FILE SYSTEM

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processing device, an instruction to mount a file system with data from a storage;
determining a plurality of Universal Resource Identifiers (URIs) to be accessible on the mounted file system in response to
the instruction;

generating a plurality of identifiers corresponding to file names on the file system in view of locations of a plurality of
data items referred by the plurality of URIs;

mounting, by the processing device, the file system with the plurality of data items referred by the plurality of URIs, wherein
the mounting comprises mapping the plurality of data items referred by the plurality of URIs to the plurality of identifiers
corresponding to file names on the file system; and

receiving an instruction to access at least one of the plurality of data items via the mounted file system.

US Pat. No. 9,459,907

GUEST CONTROLLED MALICIOUS PAYLOAD PROTECTION

1. A system comprising:
a memory;
one or more processors, in communication with the memory;
one or more virtual machines executing on the one or more processors, each virtual machine including one or more configurations;
and

a hypervisor, including one or more resources, executing on the one or more processors to:
receive, from the virtual machine, a request to enable privileged access to a hypervisor resource;
responsive to receiving the request, disable, by the hypervisor, the virtual machine's access permissions to modify a first
configuration of the one or more configurations of the virtual machine;

determine, by the hypervisor, whether the first configuration is secure; and
responsive to determining by the hypervisor that the first configuration is secure, enable, by the hypervisor, the privileged
access to the hypervisor resource.

US Pat. No. 9,417,906

TRANSACTION PARTICIPANT REGISTRATION WITH CAVEATS

Red Hat, Inc., Raleigh, ...

1. A method comprising:
registering, by a processing device executing a transaction manager, a plurality of transaction participants of a transaction
with the transaction manager before initiating the transaction, wherein registering at least one transaction participant of
the plurality of transaction participants comprises:

recording an address of the transaction participant;
determining that the transaction participant is associated with a transaction caveat, wherein the transaction caveat comprises
data that identifies an action the transaction participant to take regarding the transaction under at least one of:

first circumstances that will cause the transaction participant to commit to the transaction if the first circumstances are
later realized during the transaction; or

second circumstances that will cause the transaction participant to roll back the transaction if the second circumstances
are later realized during the transaction; and

recording the transaction caveat associated with the transaction participant;
initiating a prepare phase of the transaction after completing the registering, wherein the prepare phase is initiated before
initiating a commit phase of the transaction; and

managing the transaction for the plurality of registered transaction participants using the transaction caveat.

US Pat. No. 9,092,335

REPRESENTING A TREE STRUCTURE ON A FLAT STRUCTURE

Red Hat, Inc., Raleigh, ...

1. A method comprising:
storing a flat map structure that corresponds to a plurality of cache nodes in a logical tree structure distributed in a data
grid system, wherein the data grid system comprises a plurality of storage devices at a plurality of servers, wherein each
of the plurality of cache nodes below a root node in the logical tree structure has one parent node and is configurable to
have zero or more child nodes, wherein each of the plurality of cache nodes stores multiple attributes, wherein the flat map
structure comprises a plurality of pairs of entries, wherein each cache node in the plurality of cache nodes corresponds to
a pair of entries in the plurality of pairs of entries, wherein each entry in the pair of entries comprises a type and a fully
qualified name, wherein the fully qualified name comprises a path to the cache node within the logical tree structure, wherein
the type identifies a first one of the pair of entries as a data entry and a second one of the pair of entries as a structural
entry, wherein the data entry stores a key and value pair for each of the multiple attributes of the cache node, and wherein
the structural entry stores one or more pointers to the parent node and the zero or more child nodes of the cache node;

receiving a request to access at least one cache node in the plurality of cache nodes using the logical tree structure; and
in response to receiving the request and transparent to the logical tree structure of the request, accessing, by a processing
device, at least one pair of entries in the plurality of pairs of entries in the flat map structure corresponding to the at
least one cache node in the logical tree structure of the request using a hash value of the fully qualified name of the at
least one cache node corresponding to the at least one pair of entries.

US Pat. No. 9,367,678

PASSWORD AUTHENTICATION

Red Hat, Inc., Raleigh, ...

5. The method of claim 3, wherein performing the one or more security measures comprises:
requesting a second OTP when the stored OTP is invalid;
receiving the second OTP;
authenticating the second OTP and the stored user password using the authentication server; and
after authenticating the second OTP and the stored user password, granting the user the second level of access to the computer
system.

US Pat. No. 9,160,810

PARTITIONING OF A TRANSMISSION CONTROL PROTOCOL WINDOW IN A VIRTUAL SYSTEM

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
estimating, by a processing device, effective bandwidth of a communication link between a group of client devices at a first
location and at least one host machine at a second location, wherein each client device of the groups of client devices maintains
a communication session over the communication link with one of the at least one host machine;

partitioning, by the processing device, a transport control protocol (TCP) window of the communication link into portions
in view of quality of service (QoS) policy data of the communication sessions, wherein each portion of the TCP window is assigned
for dedicated use by one of the communication sessions; and

sending, by the processing device to each client device in the group of client devices, a parameter identifying the portion
of the TCP window partitioned for the client device, the parameter sent to communication endpoints of each communication session.

US Pat. No. 9,055,123

ENHANCED REBOOT COMMAND

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving, by a processing device, a command to load an operating system, wherein the operating system to be loaded is a host
operating system for a physical machine or a guest operating system for a virtual machine;

determining whether the command includes a flag set to a network option;
in response to a determination that the command includes the flag set to the network option, loading the operating system
as the host operating system or the guest operating system from a networked server to the processing device;

in response to a determination that the command does not include the flag set to the network option, loading the operating
system from a location other than the networked server to the processing device; and

causing rebooting to be performed according to the command with the use of the operating system.

US Pat. No. 9,053,068

RDMA-BASED STATE TRANSFER IN VIRTUAL MACHINE LIVE MIGRATION

Red Hat Israel, Ltd., Ra...

10. A method, comprising:
determining, by a processor of a first computer system, that a plurality of memory blocks have been modified by a virtual
machine undergoing live migration from the first computer system to a second computer system;

selecting, asynchronously with respect to the determining, a first memory block of the plurality of memory blocks;
registering the first memory block with an RDMA adapter for transfer to the second computer system;
transmitting the first memory block to the second computer system via the RDMA adapter;
responsive to transmitting the first memory block, selecting a second memory block of the plurality of memory blocks;
registering the second memory block with an RDMA adapter for transfer to the second computer system; and
transmitting the second memory block to the second computer system via the RDMA adapter;
wherein registering a memory block with the RDMA adapter comprises pinning the memory block and wherein an amount of pinned
physical memory in the first computer system does not exceed a pre-defined value.

US Pat. No. 9,330,100

PROTOCOL INDEPENDENT MIRRORING

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processing device of a mirror server comprising a plurality of mirror device modules each to service a request
in a different transfer protocol of a plurality of transfer protocols, a request for data in a first transfer protocol of
the plurality of transfer protocols from a client device, wherein the mirror server replicates data of a primary server;

identifying a first mirror device module of the plurality of mirror device modules to service the request for data in the
first transfer protocol;

checking, by the processing device of the mirror server, a local data archive of the mirror server for a local copy of the
requested data, wherein the local data archive is in an overlay file system;

determining, by the processing device, that the local copy of the requested data stored in the local data archive of the mirror
server is invalid;

sending, by the processing device of the mirror server, a request for the requested data to a remote data archive of the primary
server in response to the determining, the local data archive having a matching structure to the remote data archive;

receiving, by the processing device of the mirror server, the requested data from the primary server; and
sending, by the processing device of the mirror server, the requested data to the client device.

US Pat. No. 9,094,351

IMPLICIT AND DYNAMIC RECEIVE QUEUE ASSIGNMENT IN VIRTUALIZED SYSTEMS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving from a virtual machine, by a processor executing a hypervisor that is hosted by a computer system, a request to
transmit an outgoing packet to a destination, and an identification of a receive queue of a plurality of receive queues of
the virtual machine, wherein the identification of the receive queue is provided to the hypervisor by the virtual machine
along with the request;

obtaining by the hypervisor, from a header of the outgoing packet, a flow identifier that identifies a flow associated with
the outgoing packet;

storing an association between the flow identifier and the receive queue;
transmitting the outgoing packet to the destination;
receiving, after the transmitting of the outgoing packet, an incoming packet whose header specifies the flow identifier; and
inserting, by the hypervisor, the incoming packet into the receive queue using the identification of the receive queue.

US Pat. No. 9,491,037

ENHANCED EXPORTER TOOL

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processing device of a first server residing in an internal network, a selection of one or more software data
files over an external network, wherein the one or more software data files are to be synchronized to the first server and
are selected in view of an export format of the one or more software data files;

synchronizing the one or more software data files between the first server and an external server of the external network;
receiving, via a graphical user interface, a selection of contents from the one or more software data files from the first
server to be exported into a directory structure in view of a plurality of criteria comprising one or more content types,
wherein the one or more content types comprise a package metadata, a RPM Package Manager (RPM), an errata, and a kickstart
profile; and

exporting, by the processing device, the selection of the contents from the first server to a second server residing in the
internal network, wherein the second server resides in a secured portion of the internal network and the second server is
not permitted to connect to the external network.

US Pat. No. 9,286,375

LINKED LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL (LDAP) ATTRIBUTES

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving a request to change a first attribute of an entry stored in a database to a first value, wherein the database is
accessible via a Lightweight Directory Access Protocol;

identifying a second attribute and a third attribute of the entry stored in the database, the second attribute being a different
attribute type than the first attribute and the third attribute comprising information linking the first attribute and the
second attribute;

changing the first attribute to the first value;
identifying, by a processor in view of the third attribute, an operation to be performed with respect to the first value of
the first attribute to determine a second value for the second attribute;

determining the second value for the second attribute by performing the identified operation; and
storing the second value to the second attribute;
wherein the first value of the first attribute is a password encoded by a first encryption and the second value of the second
attribute is the password encoded by a second encryption.

US Pat. No. 9,141,434

ROBUST NON-SHAREABLE RESOURCE ACCESS UNDER LIVE VIRTUAL MACHINE CLONING

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving, by a hypervisor executed by a processor, a command to clone a virtual machine, the virtual machine using a plurality
of resources;

determining, by the hypervisor, whether any of the plurality of resources used by the virtual machine is in a non-shareable
state indicative that at least one of the virtual machine holds a lock on any of the plurality of resources or any of the
plurality of resources contains secure data, wherein the plurality of resources comprise at least one of a virtual resource
or a physical resource;

delaying, by the hypervisor, cloning of the virtual machine if any of the plurality of resources used by the virtual machine
is in the non-shareable state, until the plurality of resources used by the virtual machine are in a shareable state indicative
that at least one of the virtual machine released all locks on the plurality of resources or the plurality of resources contains
only non-secure data; and

blocking, during the delaying and until after the cloning, a request to obtain a new lock on the plurality of resources.

US Pat. No. 9,081,597

DATABASE CHANGE COMPENSATION AFTER A TRANSACTION COMMIT

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving a request to perform a command in a virtual machine system;
executing, by a processing device, a plurality of transactions associated with the command, each of the plurality of transactions
comprising one or more operations executed on entities in the virtual machine system;

committing changes made to the entities in the virtual machine system as a result of the plurality of transactions to a management
database for the virtual machine system; and

generating a business entity snapshot corresponding to a first transaction of the plurality of transactions, the business
entity snapshot comprising a data structure pertaining to an entity in the virtual machine system affected by the first transaction,
the data structure having one or more entries, each corresponding to a different parameter representing state information
for the entity at a point in time before the plurality of transactions were executed.

US Pat. No. 9,063,971

SCHEMA AND QUERY ABSTRACTION FOR DIFFERENT LDAP SERVICE PROVIDERS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving, by a processing device, user information associated with a query for information in a lightweight directory access
protocol (LDAP) repository, the query received in an abstraction format;

determining, by the processing device, a computing domain in view of the user information;
retrieving, by the processing device, a configuration file associated with the computing domain, the configuration file comprising
a mapping for the query between an abstraction format and a vendor specific format; and

converting, by the processing device, the query to the vendor specific format in view of the mapping in the configuration
file.

US Pat. No. 9,509,649

PROVIDING CENTRALIZED MESSAGE NOTIFICATION

Red Hat, Inc., Raleigh, ...

1. A method comprising:
intercepting a plurality of message notifications, wherein the plurality of message notifications are generated in one of
an operating system or an application;

comparing content of a message corresponding to a message notification among the plurality of message notifications with a
plurality of regexp rules, wherein each of the regexp rules comprise a text string file comprising a sequence of characters;

in response to the content of the message matching with a regexp rule of the plurality of regexp rules, determining whether
the matching regexp rule is associated with a black list rule that comprises excluding the message notification among the
plurality of message notifications indicated to be displayed at a user device; and

preventing the message notification among the plurality of message notifications to be displayed at the user device in response
to determining that the regexp rule is associated with the black list rule.

US Pat. No. 9,424,420

RESTRICTING APPLICATION BINARY INTERFACES

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
initializing, by a process initiated by a kernel of an operating system, a system call filter restricting at least one type
of application binary interface (ABI) calls, wherein the system call filter is provided by a Berkley Packet Filter (BPF);

receiving, by a processor, a system call issued by a user space program;
intercepting the system call by the system call filter;
inspecting, by the BPF, a value of a system register representing at least one of: an identifier of the system call or a parameter
of the system call; and

responsive to determining that the system call is associated with a 32-bit ABI in view of inspecting the value of the system
register, performing, by the processor, a defined action with respect to the system call.

US Pat. No. 9,141,385

MANAGING OPERATING SYSTEM COMPONENTS

Red Hat, Inc., Raleigh, ...

1. A method comprising:
storing a plurality of operating system components in a storage location in a computing device;
receiving a selection of a first set of operating system components from the plurality of operating system components;
obtaining a first set of links to the first set of operating system components;
storing the first set of links in a first boot location;
receiving a selection of a second set of operating system components from the plurality of operating system components;
obtaining a second set of links to the second set of operating system components;
storing the second set of links in a second boot location;
storing the first set of links in the second boot location upon receiving a selection to add the first set of operating system
components to the second boot location;

receiving a user input indicating a selection of one of the first boot location or the second boot location; and
booting, by a processing device, the computing device using the first boot location or the second boot location, in view of
the user input, wherein the booting comprises accessing the first set of operating system components using the first set of
links.

US Pat. No. 9,110,917

CREATING A FILE DESCRIPTOR INDEPENDENT OF AN OPEN OPERATION

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
receiving, by a processing device that executes a server in a network file system, a first file access request from a client
in the network file system for accessing a file in the network file system, wherein the first file access request comprises
a file handle for the file, and wherein the file handle comprises a unique identifier for the file;

in response to receiving the first file access request, creating and assigning, by the server, a simulated file descriptor
to the file without issuing a file open request to an operating system to open the file to create an actual file descriptor,
wherein the simulated file descriptor is not provided by a kernel of the operating system;

associating, by the server, the simulated file descriptor with the file handle;
in response to receiving a second file access request comprising the simulated file descriptor:
identifying the file handle associated with the simulated file descriptor in view of the simulated file descriptor in the
second file access request and associated with the file handle;

identifying a path to the file in view of the identified file handle, wherein identifying the path comprises at least one
of identifying a hard link associated with the file or identifying the path in a database that stores mapping data that maps
the path to the file handle; and

opening the file in view of the identified path.

US Pat. No. 9,069,638

UPDATE SYSTEM TO SYNCHRONIZE CHANGES FROM EXTERNAL SOURCES FOR A JAVA VIRTUAL MACHINE

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
receiving, at a processor of a provisioning server from an application server, a subscription request, wherein the application
server is to serve an application to a client, wherein the subscription request comprises a document that specifies a characteristic
of a provisioning service;

generating, by the processor, an update request in view of the characteristic of the provisioning service;
forwarding, by the processor, the update request to a Java security update module of the client, wherein the Java security
update module is to communicate with a Java container, wherein the Java container comprises a security cache; and

forwarding, by the processor, the update request to a directory server hosting updated security data, wherein the directory
server is to send the updated security data to the Java security update module for storage in the Java container.

US Pat. No. 9,466,062

TIERED INCENTIVE PROGRAM

Red Hat, Inc., Raleigh, ...

1. A method comprising:
registering a user to a forum, wherein the user is a new user who has not previously contributed to the forum;
initializing a probationary sum for the user that corresponds to a probationary status for the user, wherein the user is not
eligible for an incentive program while the user is in the probationary status;

detecting that an answer has been posted in the forum;
retrieving a user identification associated with the answer;
querying a user profile database with (a) the user identification associated with the answer and (b) a request for status
associated with the user identification as search terms;

determining, in view of a response received from the user profile database, that the answer posted in the forum was provided
by the user and that the user has the probationary status,

invoking a user interface module to generate an evaluation form with respect to the answer, the evaluation form comprising
a first GUI widget through which probationary points can be added to the probationary sum and a second GUI widget through
which a rating can be provided with respect to the answer, and

forwarding, via a network the evaluation form, as generated by the user interface module, and the answer to a peer review
group comprising members of a user community that are qualified, in view of the incentive program, to be reputable with respect
to the answer;

in response to a selection of the first GUI widget by one or more members of the user community that are qualified, in view
of the incentive program, to be reputable with respect to the answer, adding, by a processor, probationary points awarded
by the peer review group to the probationary sum in view of the answer;

providing, via the network, an update to elevate a status of the user in the user profile database in response to the probationary
sum exceeding a predetermined threshold, wherein the user is eligible for the incentive program while the user is in the elevated
status;

in view of the update, changing the status of the user from the probationary status to a rated user status;
monitoring at least one answer posted by the rated user in the forum;
determining, in view of the monitoring, whether the user is eligible for an award from the incentive program; and
in response to a determination that the user is eligible for the reward from the incentive program, generating a GUI notification,
the GUI notification comprising a third GUI widget that provides an option to redeem the reward.

US Pat. No. 9,355,282

USING MULTIPLE DISPLAY SERVERS TO PROTECT DATA

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
executing, by a processing device, a non-secure display server that provides a non-secure environment for data presented in
a non-secure application window of the non-secure display server;

detecting a plurality of secure documents being opened;
executing, by the processing device in view of a first secure document of the plurality of secure documents being opened,
a first secure display server as a first client to the non-secure display server, wherein the first secure display server
provides a first secure environment for data of the first secure document to be presented in a first secure application window
of the first secure display server and has a first security level for a first category of secure documents to restrict unauthorized
sharing of information between a plurality of secure environments;

loading a first application, associated with the first secure document, as a client of the first secure display server;
executing, by the processing device in view of a second secure document of the plurality of secure documents being opened,
a second secure display server as a second client to the non-secure display server, wherein the second secure display server
provides a second secure environment for data of the second secure document to be presented in a second secure application
window of the second secure display server, and has a second security level for a second category of secure documents to restrict
unauthorized sharing of information between a plurality of secure environments;

loading a second application, associated with the second secure document, as a client of the second secure display server;
receiving a user command to copy data from the secure application window running in the first secure environment of the first
secure display server to the second secure application window running in the second secure environment of the second secure
display server;

determining whether the second application in the second secure display server is authorized to access a copy operation provided
by the first secure display server in view of a policy and the first security level of the first secure display server;

determining whether a user associated with the user command is an authenticated user in response to the policy indicating
that the second application in the second secure display server is authorized to access the copy operation provided by the
first secure display server; and

in response to the user being an authenticated user and the second application in the second secure display server being authorized,
copying the data from the first secure application window running in the first secure environment to the second secure application
window running in the second secure environment.

US Pat. No. 9,330,102

MULTI-TENANT PLATFORM-AS-A-SERVICE (PAAS) SYSTEM IMPLEMENTED IN A CLOUD COMPUTING ENVIRONMENT

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
maintaining, by a processing device of a node, a repository of a plurality of packages that provide functionality for multi-tenant
applications executed by the node, each package of the plurality of packages comprised of a software and a configuration information
specifying a plurality of hooks;

receiving, by the node, a request to configure a first package from the plurality of packages, wherein the first package is
to provide functionality for one of the multi-tenant applications executed by the node;

establishing, by the node, a container to provide process space for the functionality of the first package;
calling, by the node, a configure hook from the plurality of hooks specified in the configuration information of the first
package; and

in response to calling the configure hook, embedding, by the node, an instance of the software of the first package in the
container, the instance of the software of the first package copied from the repository of the plurality of packages.

US Pat. No. 9,299,094

STATE-BASED COMPLIANCE VERIFICATION IN A DISCONNECTED SYSTEM

Red Hat Inc., Raleigh, N...

1. A method comprising:
receiving, by a processing device of a first computer system, from a second computer system of a computer network associated
with a customer, a first hash value during a first transaction not directly related to billing of the customer, wherein the
first computer system is external to the computer network associated with the customer, and wherein the first hash value is
generated by a third computer system of the computer network associated with the customer and is transmitted to the second
computer system in response to a registration request by the second computer system, and wherein the second computer system
is registered in response to the registration request, and wherein the first hash value is generated by the third computer
system in view of a first state of the third computer system;

receiving, by the processing device, from a fourth computer system of the computer network associated with the customer, a
second hash value during a second transaction not directly related to billing of the customer, wherein the second hash value
is generated by the third computer system and is transmitted to the fourth computer system in response to a registration request
by the fourth computer system, and wherein the second hash value is generated in view of a second state of the third computer
system and the first hash value, and wherein the third computer system transitions from the first state to the second state
in view of the registration of the second computer system;

receiving, by the processing device, a report corresponding to a time period, wherein the report comprises the first hash
value and usage information associated with usage of one or more services by the second computer system during the time period;
and

verifying, by the processing device, the usage information in view of the first hash value without communicating with the
third computer system.

US Pat. No. 9,239,730

MANAGING CONNECTIONS IN A DISTRIBUTED VIRTUALIZATION ENVIRONMENT

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving, by a host machine executing a connection agent, a configuration identifying a set of connections to a plurality
of storage servers;

receiving a command to run a virtual machine by the host machine;
determining, based on the configuration, a particular connection of the set of connections to a particular storage server
of the plurality of storage servers, the particular connection enabling access to data associated with the virtual machine
that is stored by the particular storage server;

establishing, by the host machine, the particular connection to the particular storage server without first receiving a command
to establish the particular connection;

adding an entry for the particular connection to a connections list, the entry identifying the particular connection and the
virtual machine;

responsive to detecting that the particular connection to the particular storage server is no longer used by the virtual machine,
removing the entry for the particular connection from the connections list;

after removing the entry for the particular connection from the connections list, determining whether the particular connection
is used for any additional purpose based on checking the connections list to identify additional entries for the particular
connection; and

responsive to determining that there are no additional entries for the particular connection in the connections list, terminating
the particular connection.

US Pat. No. 9,223,369

PROVIDING POWER MANAGEMENT SERVICES IN A SOFTWARE PROVISIONING ENVIRONMENT

Red Hat, Inc., Raleigh, ...

1. A method comprising:
initiating, by a provisioning server, an action to perform at least one of installing software or modifying software on a
target machine;

determining whether an alteration of a power state to the target machine is associated with the action;
in response to the alteration of a power state to the target machine being associated with the action:
generating a command comprising access information for the target machine and the alteration of the power state;
transmitting, by a processor of the provisioning server, the command to the target machine to initiate the alteration of the
power state of the target machine; and

utilizing a power management system to alter the power state of the target machine.

US Pat. No. 9,201,823

PESSIMISTIC INTERRUPT AFFINITY FOR DEVICES

Red Hat Israel, Ltd., Ra...

15. An apparatus comprising:
a device to generate device interrupts; and
a processing device, coupled to the device, comprising:
a first processor; and
a second processor, to control the device;
wherein the processing device is to:
identify that the first processor has forwarded information for the device to the second processor; and
after identifying that the first processor has forwarded the information to the second processor and in response to determining
that one or more update criteria have been satisfied, cause future information for the device to be forwarded to the second
processor.

US Pat. No. 9,483,414

ORDERED MEMORY PAGES TRANSMISSION IN VIRTUAL MACHINE LIVE MIGRATION

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
identifying, by a processing device, a plurality of stable memory pages associated with a virtual machine undergoing live
migration from a first computer system to a second computer system, wherein the plurality of stable memory pages comprises
memory pages that have not been modified within a defined period of time;

transmitting the plurality of stable memory pages to the second computer system;
determining, by the processing device, that an amount of memory comprised by a plurality of unstable memory pages is below
a threshold value, wherein the plurality of unstable memory pages comprises memory pages that have been modified within the
defined period of time; and

transmitting the plurality of unstable memory pages to the second computer system.

US Pat. No. 9,483,300

IMPORTING A RUNNING VM

Red Hat Israel, Ltd., Ra...

1. A method comprising:
adding, by a processing device executing a virtualization manager, a host to a list of hosts associated with the virtualization
management;

identifying, by the virtualization manager, a list of external virtual machines (VMs) running on the host that are not managed
by the virtualization manager, wherein the list of external VMs comprises at least one running VM that was not originally
created by the virtualization manager;

obtaining, by the virtualization manager, detailed information for each of the external VMs running on the host from an agent
running on the host; and

managing, by the processing device executing the virtualization manager, the external VMs running on the host using the detailed
information.

US Pat. No. 9,442,927

OFFLINE GENERATION OF COMPRESSED RADIX TREE WITH KEY SEQUENCE SKIP

1. A method of compressing a radix tree, comprising:
traversing a radix tree including a plurality of containers;
identifying, based on the traversing, a parent container having a plurality of child containers, each child container including
a sequence of elements;

for one or more child containers of the plurality of child containers:
identifying a prefix of the sequence of elements included in the respective child container;
identifying a remainder sequence after the prefix in the sequence of elements, wherein a key includes a sequence of elements
included in the parent container and further includes the prefix and remainder sequence included in the respective child container,
and the prefix is adjacent to the remainder sequence in the key; and

removing the remainder sequence from the respective child container.

US Pat. No. 9,407,626

SECURITY TOKEN MANAGEMENT SERVICE HOSTING IN APPLICATION SERVER

Red Hat, Inc., Raleigh, ...

1. A method comprising:
executing, by a processing device of an application server, a security token management service to manage disparate token
services for a plurality of services provided by the application server to support a set of clients separate from the application
server;

receiving, by the processing device executing the security token management service, a request for at least one token service
of the disparate token services, the request received from a requesting service of the plurality of services;

validating the request for the at least one token service;
identifying a corresponding token provider for the at least one token service, wherein the corresponding token provider is
selected from a plurality of token providers registered with the security token management service;

acquiring at least one token from the corresponding token provider for the at least one token service; and
deploying the at least one token service to the requesting service.

US Pat. No. 9,235,427

OPERATING SYSTEM LOAD DEVICE RESOURCE SELECTION

Red Hat Israel, Ltd., Ra...

1. A method comprising:
disabling resources of one or more bootable devices of a plurality of bootable devices having resource conflicts with a selected
one of the plurality of bootable devices, wherein the selected one of the plurality of bootable devices comprises a virtual
device;

attempting to boot the selected one of the virtual device;
responsive to the selected one of the plurality of bootable devices failing to boot:
selecting a next bootable device of the plurality of bootable devices for booting; and
repeating, by a processing device, said disabling resources and attempting to boot the selected next bootable device until
at least one of the plurality of bootable devices boots or all bootable devices of the plurality of bootable devices fail
to boot.

US Pat. No. 9,225,791

STAGED DATA MIGRATION BETWEEN DATA SOURCES AND CLOUD-BASED STORAGE NETWORK

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processor of a data distribution system, an identification of a data payload to be transported from a data
source in a user premise network to a set of host storage clouds, wherein the user premise network includes a set of premise
servers;

receiving, by the data distribution system from the user premise network, a set of transport parameters to transport the data
payload, wherein the set of transport parameters comprises a data transport schedule, a bandwidth capacity requirement, and
a cost specification;

identifying a set of dedicated staging channels between the data source and the data distribution system;
managing the transport of the data payload from the data source to the data distribution system in view of the set of transport
parameters, wherein managing the transport of the data payload in view of the set of transport parameters comprises selecting
channels from the set of dedicated staging channels in view of the set of transport parameters;

initiating the transport of the data payload from the data source in the user premise network to the data distribution system
over the selected channels;

in response to initiating the transport, monitoring the transport of the data payload, wherein monitoring the transport of
the data payload comprises validating the transported data payload to ensure integrity of the transported data payload;

receiving the data payload by the data distribution system from the data source in the user premise network over the selected
channels;

storing the data payload for a time period in a set of staged data stores of the data distribution system, wherein the set
of staged data stores comprises servers located within geographic proximity of one of the user premise network or the set
of host storage clouds, and wherein during the time period, the data distribution system is to communicate with the user premise
network to interrogate the data source for updates to the data payload and to incorporate the updates into the data payload
stored in the set of staged data stores of the data distribution system;

applying an access control to govern access to the data payload while the data payload is stored in the set of staged data
stores of the data distribution system;

identifying a set of dedicated transport channels between the data distribution system and the set of host storage clouds
in view of the set of transport parameters; and

initiating the transport of the data payload from the data distribution system to the set of host storage clouds via the set
of dedicated transport channels to store the data payload in a set of local cloud data stores of the set of host storage clouds.

US Pat. No. 9,104,714

INCREMENTAL OPTIMISTIC LOCKING OF DATA DISTRIBUTED ON MULTIPLE NODES TO AVOID TRANSACTION DEADLOCK

Red Hat, Inc., Raleigh, ...

1. A method comprising:
identifying, by a processing device executing a transaction originator node, a plurality of data elements distributed at a
plurality of enlisted nodes to lock for a multi-operational transaction, wherein the transaction originator node manages the
multi-operational transaction, the multi-operational transaction comprising a plurality of operations, the plurality of data
elements corresponding to the plurality of operations;

determining, by the processing device, a hash value for each of the plurality of enlisted nodes using a node identifier of
a respective enlisted node;

ranking, by the processing device, the plurality of enlisted nodes in view of the hash values to create a lock order for the
multi-operational transaction;

determining, by the processing device executing the transaction originator node, which of the plurality of enlisted nodes
is a first enlisted node in the lock order for the multi-operational transaction;

sending, by the processing device executing the transaction originator node, an update perform request to the first enlisted
node in the lock order to lock a corresponding data element residing at the first enlisted node from the plurality of data
elements; and

sending, by the processing device executing the transaction originator node, update cache requests to remaining enlisted nodes
in the lock order to cache a corresponding update cache request until the corresponding remaining enlisted node receives an
update perform message to perform a lock on a corresponding data element.

US Pat. No. 9,668,082

VIRTUAL MACHINE BASED ON A MOBILE DEVICE

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving a request to provision a first virtual machine (VM) in view of a mobile communications device;
receiving a hardware requirement of the mobile communications device;
allocating, in response to the request to provision the first VM, a phone number to be associated with the first VM in view
of the mobile communications device;

provisioning, by a processing device, the first VM in view of the hardware requirement of the mobile communications device
and the allocated phone number;

determining whether a communications usage for the first VM in view of the allocated phone number exceeds a threshold amount
of usage;

in response to determining that the communications usage for the VM in view of the allocated phone number exceeds the threshold
amount of usage, disabling a functionality of the first VM; and

determining a cost corresponding to the first VM in view of the communications usage associated with the allocated phone number
and hardware usage associated with provisioning the first VM in view of the disabling of the functionality of the first VM.

US Pat. No. 9,407,546

ROUTING A MESSAGE USING A ROUTING TABLE IN A DYNAMIC SERVICE MESH

Red Hat, Inc., Raleigh, ...

1. A method of routing a message in a dynamic service mesh including a plurality of services, comprising:
receiving at a mesh point a first message from a sender service, the first message including a sender service identifier that
identifies a sender service, and the mesh point being a node that routes one or more messages in a dynamic service mesh including
a plurality of services;

determining, based on a routing table, whether the mesh point has received a second message from the sender service, the second
message being received before the first message;

in response to a determination that the mesh point has not received the second message from the sender service, routing the
first message to a target service of the plurality of services;

receiving an indication of whether the first message has been accepted by the target service;
updating the routing table based on the indication; and
in response to a determination that the indication indicates that the first message has been rejected by the target service,
routing the first message from the mesh point to a second target service of the plurality of services, wherein the updating
includes inserting into the routing table an entry indicating that the target service rejected the first message and incrementing
a fail count for the first message.

US Pat. No. 9,329,968

TESTING APPLICATION PERFORMANCE USING VIRTUAL MACHINES CREATED FROM THE SAME IMAGE ON DIFFERENT HARDWARE PLATFORMS

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
generating, by a processing device, a first virtual machine from an image of a computing system;
generating, by the processing device, a second virtual machine from the image of the computing system;
executing a benchmark program on the first virtual machine to measure a performance level of a first computer application
program, the first virtual machine to run on a first hardware platform, wherein the benchmark program and the image of the
computing system are provided by a same entity, and wherein the image of the computing system comprises virtual computer hardware
and a guest operating system used by the first computer application program;

executing the benchmark program on the second virtual machine to measure a performance level of a second computer application
program, the second virtual machine to run on a second hardware platform having a different configuration of hardware components
than the first hardware platform, the different configuration resulting in a variation in computing performance between the
first and second hardware platforms, and wherein the benchmark program is executed on the first and second virtual machines
to simulate a workload on the first and second computer application programs and to measure the performance levels of the
first and second computer application programs in response to the workload in parallel;

comparing the performance levels of the first and second computer application programs, wherein an effect of the variation
in computing performance between the first and second hardware platforms on the performance levels of the first and second
computer application programs is reduced by the first and second virtual machines; and

providing a result of the comparing through a user interface, the result to indicate the performance levels of the first and
second computer application programs.

US Pat. No. 9,280,378

ADJUSTMENT DURING MIGRATION TO A DIFFERENT VIRTUALIZATION ENVIRONMENT

Red Hat, Inc., Raleigh, ...

1. A method comprising:
identifying, by a migration tool executed by a processor, an operating system to be migrated to a target virtual machine host
computer system from a source computer system;

identifying, by the migration tool, a first hypervisor running on the target virtual machine host computer system, wherein
the operating system was running under a second hypervisor prior to migration, wherein the first hypervisor comprises a first
type and the second hypervisor comprises a second type;

migrating, by the migration tool, the operating system to the target virtual machine host computer system;
in response to determining the first type of the first hypervisor and determining the second type of the second hypervisor,
causing, by the migration tool, a first set of configuration parameters of the operating system to be optimized by the migration
tool, wherein the first set of configuration parameters are identified in view of a difference between the first type of the
first hypervisor and the second type of the second hypervisor and wherein the identified first set of configuration parameters
are adjusted in response to selecting two or more options from the migration tool, wherein the two or more options comprise:

a recommended option to adjust the first set of configuration parameters to default values; and
a customizable option to adjust one or more configuration parameters of the first set of configuration parameters to one or
more values from a list of selectable configuration parameters comprising a default value, a recommended value, and one or
more additional values;

in response to failing to determine the first type of the first hypervisor, causing, by the migration tool, a second set of
configuration parameters of the operating system to be optimized, wherein the second set of configuration parameters are identified
regardless of the first type of the first hypervisor; and

in response to determining the first type of the first hypervisor and failing to determine the second type of the second hypervisor,
causing, by the migration tool, a third set of configuration parameters of the operating system to be optimized, wherein the
third set of configuration parameters are identified independent of the second type of the second hypervisor, wherein the
third set of configuration parameters are identified in view of the first type of the first hypervisor.

US Pat. No. 9,129,126

UPDATING CHANGES TO CACHES

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, at a provisioning device by a hardware processor, a security data change provisioning request from a first application
server in response to the first application server attempting to join a cluster set of other application servers;

identifying, in response to receiving the security data change provisioning request, updated security data compatible with
a cache of a second application server in the cluster of other application servers;

sending, to the second application server, a command to clear the cache of the second application server; and
sending, by the provisioning device, the updated security data to the cache of the second application server of the cluster
of the other application servers, wherein the updated security data of the second application server is consistent with security
data of the first application server.

US Pat. No. 9,116,802

DIAGNOSTIC NOTIFICATION VIA PACKAGE UPDATE MANAGER

Red Hat, Inc., Raleigh, ...

1. A method comprising:
identifying a set of installed software packages on a client;
identifying a set of package updates available to update the set of installed software packages on the client;
identifying, using a processor, a potential fault condition related to a prospective installation of the set of package updates
on the client by accessing a diagnostic database; and

generating a notification to a user of the client of the potential fault condition, wherein the notification comprises a set
of selections to accept or decline continued execution of an executing process on the client associated with the identified
potential fault condition.

US Pat. No. 9,507,618

VIRTUAL MACHINE SYSTEM SUPPORTING A LARGE NUMBER OF DISPLAYS

Red Hat Israel, Ltd., Ra...

1. A host computer system comprising:
a processor;
a memory coupled to the processor;
a plurality of virtual machines (VMs) associated with a plurality of remote client machines coupled to the host computer system
via a network, wherein a VM of the plurality of VMs is executable from the memory to generate data to be transmitted via the
network and rendered by a plurality of displays of a corresponding remote client machine;

a plurality of virtual devices enabled on the VM for the plurality of displays of the corresponding remote client machine,
each of the plurality of virtual devices being associated with one or more of the plurality of displays that render the data
generated by the VM; and

a display system, coupled to the VM, to cause a plurality of connections to be established to connect the plurality of virtual
devices of the VM with the corresponding remote client machine, each of the plurality of virtual devices having multiple connections
to transmit different types of data to the corresponding remote client machine for determining by the corresponding remote
client machine which of the plurality of displays is to present a respective type of data.

US Pat. No. 9,459,975

MANAGING STORAGE CONNECTIONS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
identifying a failure with at least one physical storage device of a first set of physical storage devices accessible to a
virtualized environment via a logical storage domain, the logical storage domain having an assigned address;

identifying a backup of the first set of physical storage devices, wherein the backup comprises a second set of physical storage
devices that are not accessible to the virtualized environment;

preventing, by a processing device, the virtualized environment from accessing the first set of physical storage devices;
and

associating, by the processing device, the second set of physical storage devices with the assigned address of the logical
storage domain to cause storage access of the virtualized environment to be redirected to the second set of physical storage
devices via the logical storage domain.

US Pat. No. 9,454,394

HYPERVISOR DYNAMICALLY ASSIGNED INPUT/OUTPUT RESOURCES FOR VIRTUAL DEVICES

1. A method of assigning one or more I/O resources to one or more virtual PCI devices, the method comprising:
maintaining, via a hypervisor executable on a host, a pool of I/O resources for assignment to one or more virtual PCI devices;
receiving, from a virtual PCI device of the one or more virtual PCI devices, a request for one or more I/O resources of the
pool of I/O resources;

in response to the request, assigning, via the hypervisor, the one or more I/O resources from the pool to the virtual PCI
device; and

notifying, via the hypervisor, a guest running on a virtual machine that the one or more I/O resources from the pool is assigned
to the virtual PCI device, wherein the virtual machine is executable on the host, and wherein the virtual PCI device is exposed
to the guest as part of the virtual machine.

US Pat. No. 9,454,514

LOCAL LANGUAGE NUMERAL CONVERSION IN NUMERIC COMPUTING

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
executing, by a processing device, a numeric conversion module as a front-end and back-end translation interface to an application
executed by the processing device and compiled by a compiler, wherein the numeric conversion module is dedicated for use by
the application and is not used by other applications executed by the processing device;

receiving, by the processing device during runtime of the application, a string array of numeric data in a local language
other than English wherein the numeric data is used in calculations performed by the application during runtime of the application
to generate calculated numerals that are not known in code of the application during compilation of the application by the
compiler;

converting, by the processing device during the runtime of the application, characters of the string array of numeric data
from local language characters not in English alphabet characters and not representable within the 128 characters of an American
Standard Code for Information Interchange (ASCII) format into English alphabet digits representable by the 128 characters
of ASCII format by utilizing a number conversion matrix;

providing, by the processing device during the runtime of the application, the English alphabet digits in the ASCII format
to a processing function of the application for use with the calculations of the application during the runtime of the application;

performing, by the processing device during runtime of an application, the processing function for the application to calculate
numerals as English alphabet digits in the ASCII format;

converting, by the processing device during the runtime of the application, the calculated numerals to translated numeric
data in the local language other than English by utilizing the number conversion matrix; and

providing the translated numeric data to an end user of the application during the runtime of the application without modifying
the compiler to process the numeric data in the local language other than English.

US Pat. No. 9,436,489

VIRTUAL MACHINE DATA REPLICATION WITH SHARED RESOURCES

Red Hat Israel, Ltd., Ra...

1. A method comprising:
identifying one or more resources that are shared across a plurality of virtual machines; storing a copy of each of the one
or more resources;

receiving, from one of the plurality of virtual machines, an indication of a portion of a virtual storage of the one of the
plurality of virtual machines to be replicated;

determining, by a processing device, that the portion of the virtual storage of the one of the plurality of virtual machines
is not included in the one or more resources;

in response to a determination that the portion of the virtual storage of the one of the plurality of virtual machines is
not included in the one or more resources, updating a replicated copy of the one of the plurality of virtual machines in view
of the portion of the virtual storage of the one of the plurality of virtual machines, the replicated copy of the one of the
plurality of virtual machines further comprising the one or more resources that are shared across a plurality of virtual machines;

determining an initialization efficiency metric in relation to the replicated copy of the one of the plurality of virtual
machines, wherein the initialization efficiency metric reflects at least one of:

an amount of time that initializing a new virtual machine in view of the replicated copy is likely to entail,
an amount of processing power that initializing a new virtual machine in view of the replicated copy is likely to entail,
or

a resource overhead that initializing a new virtual machine in view of the replicated copy is likely to entail; and
in response to a determination that the initialization efficiency metric of the replicated copy of the one of the plurality
of virtual machines exceeds a defined efficiency threshold, storing a copy of the virtual storage of the one of the plurality
of virtual machines, the copy of the virtual storage comprising the one or more resources that are shared across the plurality
of virtual machines.

US Pat. No. 9,407,583

HANDLING UNAVAILABLE DESTINATIONS IN A MESSAGING NETWORK

Red Hat, Inc., Raleigh, ...

1. A method comprising:
identifying, by a processor of a message broker system among multiple message broker systems in a message bus, shortest paths
through the message bus between the message broker system and others of the message broker systems in view of first federation
links between the message broker system and ones of the other of the message broker systems that neighbor the message broker
system and in view of second federation links between each of the others of the message broker systems and ones of the message
broker systems that neighbor each of the others of the message broker systems;

receiving, at the message broker system, a request to send a message from a source message broker system among the message
broker systems through the message bus to a destination message broker system among the message broker systems;

determining, by the processor of the message broker system, that none of the shortest paths to the destination message broker
system are available; and

initiating, by the processor of the message broker system, corrective action in view of determining that none of the shortest
paths to the destination message broker system are available.

US Pat. No. 9,367,341

ENCRYPTING AND DECRYPTING VIRTUAL DISK CONTENT USING A SINGLE USER SIGN-ON

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
initializing, by a processing device of a host machine executing a virtual machine (VM), operations at the VM in response
to authentication of the VM by a host controller machine via a single sign-on process that utilizes credentials of a user
of the VM provided to the host controller machine by the user, wherein the host controller machine to define and configure
the host machine and the VM and to manage the sign-on process for the VM, and wherein the host controller machine is separate
from the host machine and separate from a directory server that authenticates the provided credentials of the VM for the host
controller machine;

receiving, by the VM subsequent to the user signing-on to the VM using the credentials via the single sign-on process and
subsequent to initializing the VM, the credentials of the user of the VM from a hypervisor executing on the host machine and
managing the VM, the credentials sent from the host controller machine to the hypervisor without interaction from the user
and after the host controller machine successfully authenticates the VM using the credentials;

referencing, by the VM subsequent to initializing the VM and subsequent to receiving the credentials at the VM, a configuration
database of the host controller machine with the received credentials of the user to authenticate the credentials, the configuration
database maintained by the host controller machine and storing encryption and decryption policy settings for the VM, the encryption
and decryption policy settings comprising other credentials used for encrypting and decrypting for the VM;

determining, by the VM subsequent to referencing the configuration database, the encryption and decryption policy settings
for the VM from the configuration database in view of the received credentials;

detecting one or more events that trigger at least one of an auto-encrypt or an auto-decrypt operation, wherein at least one
of the events comprises an idle state of the VM for a determined period of time; and

in response to detecting the one or more events, utilizing the received credentials of the user that were provided for the
single sign-on process without requesting or receiving the other credentials of the user directly from the user to at least
one of encrypting or decrypting, by the VM subsequent to determining the encryption and decryption policy settings, an entire
virtual hard disk of the VM in view of the determined encryption and decryption policy settings, wherein the received credentials
authenticate and enable the at least one of the encrypting or the decrypting.

US Pat. No. 9,323,706

CONFIGURATION SNOOPING BRIDGE

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
identifying, by a processing device of a bridge in a computing system, an initialization message of a central processing unit
(CPU) for a device, the device being connected to a secondary interface of the bridge;

identifying, by the processing device, a device response to the initialization message;
determining, by the processing device, an address range for the device in view of the initialization message and the device
response;

storing the address range for the device in a list in the bridge; and
enabling, by the processing device, access to the device in view of the list in the bridge before the bridge receives a system
list from the CPU.

US Pat. No. 9,298,687

AUTOMATIC SPREADSHEET FORMULA OUTPUT VALIDATION

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
analyzing a formula included in a spreadsheet to select a validation scenario;
selecting, in view of a characteristic of the formula included in the spreadsheet, a validation input value that satisfies,
for all possible outputs, the selected validation scenario in relation to a conditional statement included in the formula;

providing the validation input value to an input field of the spreadsheet, the validation input value being included in the
validation scenario comprising an expected validation output value;

identifying, by a processing device, a result from an output field of the spreadsheet that is calculated in view of the conditional
statement and a formula associated with the output field that uses the validation input value as an input; and

comparing the result to the expected validation output value.

US Pat. No. 9,201,679

MULTIPLE DESTINATION LIVE MIGRATION

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
receiving, by a source host processor, an identification of a plurality of destination hosts as an indication to the source
host processor to enter a pre-warm-up phase of live migration of a source virtual machine to the plurality of destination
hosts, wherein the identification is received prior to the source host processor receiving a command to migrate the source
virtual machine to the plurality of destination hosts;

responsive to the source host processor entering the pre-warm-up phase, copying, by the source host processor, one or more
data segments corresponding to a portion of a state of the source virtual machine to the plurality of destination hosts, the
one or more data segments corresponding to a portion of memory employed by the source virtual machine;

after copying the one or more data segments, receiving, by the source host processor, the command to migrate the source virtual
machine to the plurality of destination hosts;

copying, by the source host processor, one or more additional segments of the state of the source virtual machine to the plurality
of destination hosts;

receiving, by the source host processor, an indication that a virtual machine was successfully booted on a first one of the
plurality of destination hosts, wherein an entire state of the source virtual machine is copied to the first one of the plurality
of destination hosts; and
responsive to receiving, by the source host processor, the indication that the virtual machine on the first one of the plurality
of destination hosts was successfully booted, terminating the copying the state of the source virtual machine to a second
one of the plurality of destination hosts before the entire state of the source virtual machine is copied to the second one
of the plurality of destination hosts.

US Pat. No. 9,203,750

ETHERNET FRAME TRANSLATION TO INTERNET PROTOCOL OVER INFINIBAND

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
receiving, by a processor, an Ethernet frame comprising a payload and a header, wherein the header comprises a destination
Media Access Control (MAC) address;

determining an Infiniband (TB) link layer address comprising a subnet-specific prefix and an identifier string derived from
the destination MAC address; and

encapsulating the payload into an Infiniband over Internet Protocol (IPoIB) frame comprising the IB link layer address.

US Pat. No. 9,203,831

SSL CLIENT AUTHENTICATION

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processing device, an authentication request from a server for a session between the processing device and
the server;

determining, by the processing device, whether a storage device contains a configuration that corresponds to the authentication
request;

configuring, by the processing device, a client authentication configuration in view of whether the storage device contains
the corresponding configuration; and

displaying, by the processing device, in a graphical user interface (GUI) a status indicator to show the client authentication
configuration for the session;

providing, via the GUI control of the client authentication configuration for the session to change a certificate being used
for client authentication or to not use client authentication during the session.

US Pat. No. 9,552,233

VIRTUAL MACHINE MIGRATION USING FREE PAGE HINTING

1. A method of migrating a virtual machine from a source hypervisor to a destination hypervisor, comprising:
receiving, by a source hypervisor running a virtual machine, an indication to migrate the virtual machine to a destination
hypervisor, wherein a guest runs on the virtual machine and is allocated guest memory;

reading, by the source hypervisor, a free value indicating whether a memory page in the guest memory is active;
transmitting the memory page to the destination hypervisor if the free value indicates that the memory page is active, wherein
the memory page in the guest memory is active if the memory page is in current use by the guest to store data; and

determining to not transmit the memory page to the destination hypervisor if the free value indicates that the memory page
is inactive, wherein the memory page in the guest memory is inactive if the memory page is not in current use by the guest
to store data.

US Pat. No. 9,348,655

MIGRATING A VM IN RESPONSE TO AN ACCESS ATTEMPT BY THE VM TO A SHARED MEMORY PAGE THAT HAS BEEN MIGRATED

Red Hat Israel, Ltd., Ra...

1. A method comprising:
determining, by a processing device executing a hypervisor on a source host, that a first virtual machine of a group of virtual
machines on the source host has been migrated to a destination host;

responsive to determining that the first virtual machine shares one or more pages of a memory space on the source host with
a second virtual machine of the group of virtual machines on the source host, monitoring, by the hypervisor of the source
host, shared memory space accesses of the second virtual machine;

receiving, by the hypervisor of the source host, a request from the second virtual machine on the source host to access a
first memory page of the one or more pages of the shared memory space on the source host; and

responsive to determining that the first memory page of the one or more pages of the shared memory space on the source host
has been migrated to the destination host,

stopping, by the hypervisor of the source host, execution of the second virtual machine on the source host, and
migrating, by the hypervisor of the source host, the second virtual machine to the destination host.

US Pat. No. 9,229,643

COMPATIBLE VIRTUAL MACHINE JOINER

Red Hat Israel, Ltd., Ra...

1. A method comprising:
identifying a first virtual machine (VM) executing a first operating system (OS) for joining with a second VM executing a
second OS, wherein the first OS and the second OS are compatible; and

creating, by a processing device, a new VM associated with a new disk comprising contents of a first existing disk of the
first VM and a second existing disk of the second VM.

US Pat. No. 9,948,568

PACKET SIZE CONTROL USING MAXIMUM TRANSMISSION UNITS FOR FACILITATING PACKET TRANSMISSION

1. A method of facilitating packet transmission, the method comprising:receiving a first packet, from a first node, at an intermediate node;
determining a packet size, wherein the packet size is a size of the first packet received from the first node;
determining a maximum transmission unit (MTU) size for a second node, wherein the MTU size is a defined maximum packet size that can be transmitted to the second node, and wherein determining the MTU size includes:
sending the first packet to the second node, and
receiving the MTU size from the second node;
determining whether the packet size is greater than the MTU size;
responsive to determining that the packet size is greater than the MTU size:
sending a second packet, to the first node, the second packet specifying the MTU size to the first node, wherein the first node:
records a destination mark at the first node, wherein the destination mark includes the MTU size and an identifier of the second node,
fragments the first packet into a plurality of fragmented packets, wherein the fragmented packets have packet sizes less than or equal to the MTU size, and
sends each of the plurality of fragmented packets to the intermediate node, and
receiving each of the plurality of fragmented packets from the first node; and
sending the fragmented packets to the second node.

US Pat. No. 9,697,284

SEARCH PREDICTION USING CONTEXT MODELING

Red Hat, Inc., Raleigh, ...

1. A method comprising:
tracking search queries of a first user and a second user of a search engine to generate a first search query history of the
first user and a second search query history of the second user, wherein the first search query history comprises a plurality
of first search queries and the second search query history comprises a plurality of second search queries;

comparing the first search query history with the second search query history to identify a plurality of similar search queries
between the first search queries and the second search queries;

determining that the second search queries comprise a next sequential search query after the similar search queries in the
second search queries in response to the identification of the similar search queries; and

responsive to determining that the second search queries comprise the next sequential search query after the similar ones
of the second search queries, generating, by a processing device, a predicted search query for the first user comprising the
next sequential search query of the second user that the first user is predicted to use to perform a next search in relation
to other possible searches in view of the comparing.

US Pat. No. 9,654,294

NON-REPUDIABLE ATOMIC COMMIT

Red Hat, Inc., Raleigh, ...

1. A computer-implemented system for coordinating a transaction, the system comprising:
at least one processor and operatively associated memory, wherein the at least one processor is programmed to execute a transaction
manager for coordinating an atomic commit transaction, wherein the transaction manager is programmed to:

receive from a client a transaction request, wherein the transaction request comprises a description of the transaction and
a transaction origin token digitally signed with a private key of the client;

create a transaction submission token digitally signed with a private key of the transaction manager;
send the transaction submission token to the client;
generate a digest of a work item from the transaction;
send the digest of the work item to a resource manager for performing the work item;
receive from the resource manager a work item receipt token digitally signed with a private key of the resource manager;
send the work item and the transaction origin token to the resource manager;
receive from the client a commit instruction and a completion token digitally signed with the private key of the client;
send the resource manager a prepare instruction;
receive from the resource manager a prepare token digitally signed with the private key of the resource manager;
determine that all resource managers taking part in the transaction have returned prepare tokens; and
send the commit token to the resource manager.

US Pat. No. 9,454,400

MEMORY DUPLICATION BY ORIGIN HOST IN VIRTUAL MACHINE LIVE MIGRATION

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
providing a data structure comprising a plurality of memory mapping entries, each memory mapping entry mapping a virtual memory
range to a physical memory range identified by a memory device, a physical address on the memory device, and a reference count
of virtual memory ranges mapped to the physical memory range, wherein the data structure only comprises memory mapping entries
having the reference count of two or more;

determining, by a processor of an origin host computer system, using the data structure, a first physical address identifying
a first physical memory range, the first physical memory range mapped to a first virtual memory range in a virtual address
space of a first virtual machine undergoing live migration from the origin host computer system to a destination host computer
system;

determining a second physical address identifying a second physical memory range, the second physical memory range mapped
to a second virtual memory range in a virtual address space of a second virtual machine undergoing live migration from the
origin host computer system to the destination host computer system;

determining, by the processor, that the first physical address and the second physical address are identical; and
notifying the destination host computer system that the first virtual memory range and the second virtual memory range have
identical contents.

US Pat. No. 9,449,116

ONLINE RADIX TREE COMPRESSION WITH KEY SEQUENCE SKIP

1. A method of inserting a key into a composite data structure including a radix tree and an auxiliary data structure, comprising:
receiving an instruction to store a first key into a composite data structure including a radix tree and an auxiliary data
structure, the first key including a first sequence of elements, and the composite data structure storing a second key including
a second sequence of elements;

comparing the first and second keys;
generating, based on the comparing, one or more sequences of elements, wherein the generating includes generating a common
prefix chunk that is in the first and second keys and generating one or more remainder sequences; and

storing the first key into the composite data structure, wherein the storing the first key includes for one or more generated
sequences of elements:

splitting the respective generated sequence of elements into a prefix and a suffix;
storing the respective prefix into the radix tree; and
storing the respective suffix into the auxiliary data structure.

US Pat. No. 9,355,383

TRACKING DIFFERENTIAL CHANGES IN CONFORMAL DATA INPUT SETS

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processing device, a selection of a first series of interpolated input data and a second series of interpolated
input data, wherein the first series of interpolated input data comprises a first set of variables contributing to a first
output, and the second series of interpolated input data comprises a second set of variables contributing to a second output;

determining a differential change between each of the first set of variables of the first series of interpolated input data
with a corresponding variable of the second set of variables of the second series of interpolated input data to produce a
set of differential changes;

presenting a visual representation of the set of differential changes in a graphical user interface;
receiving user input of one or more criteria specifying a threshold to analyze the set of differential changes;
receiving user input, via the graphical user interface, manipulating one or more values of at least one of the first set of
variables or the second set of variables, wherein the manipulating produces adjustments to one or more differential changes
in the set of differential changes;

creating, by the processing device, an updated visual representation in the graphical user interface to present an alternate
data set for at least one of the first series of interpolated input data and the second series of interpolated input data
in view of the adjustments to the one or more differential changes; and

receiving, by the processing device, a user selection, via the graphical user interface, of the adjustments to the one or
more differential changes as finalized adjustments, and a user selection of at least one of the first series of interpolated
input data or the second series of interpolated input data presented in the updated visual representation as a finalized series
of interpolated input data, wherein the finalized adjustments and the finalized series satisfy the one or more criteria.

US Pat. No. 9,256,450

USING AN ENTERPRISE MESSAGING BUS TO INFLUENCE THE PROCESS OF SOFTWARE COMPILATION AND PACKAGING

Red Hat, Inc., Raleigh, ...

1. A method comprising:
executing, by a processing device, a software build process using an enterprise messaging bus, a plurality of services, and
a shim for a first service of the plurality of services, wherein the first service does not natively communicate with the
enterprise messaging bus, and wherein the shim communicates messages between the first service and the enterprise messaging
bus by:

receiving a first message to be communicated between the enterprise messaging bus and the first service, wherein the first
service is a software build service;

processing the received first message by:
inserting a destination into the first message to enable communication of the first message between the first service and
the enterprise messaging bus;

converting the first message into native input for the software build service;
communicating the converted first message between the first service and the enterprise messaging bus; and
initiating the software build service;
receiving a first response to the communicated first message over the enterprise messaging bus;
executing a second service of the plurality of services using the enterprise messaging bus as part of the software build process;
combining the first response to the communicated first message with a second response to a communicated second message received
from the second service; and

reporting results of the software build process.

US Pat. No. 9,223,570

MIGRATION ASSISTANCE USING COMPILER METADATA

Red Hat, Inc., Raleigh, ...

1. A computer-implemented method of migration assistance using compiler metadata comprising:
receiving first data associated with a first compiler, the first data including a first set of rules associated with the first
compiler;

receiving second data associated with a second compiler, the second data including a second set of rules associated with the
second compiler;

extracting first compiler metadata from the first data, the first compiler metadata including the first set of rules associated
with the first compiler;

extracting second compiler metadata from the second data, the second compiler metadata including the second set of rules associated
with the second compiler;

comparing the first and second compiler metadata;
identifying one or more differences between the first and second compiler metadata based on the comparison;
storing the one or more differences into a database;
receiving a program including source code;
retrieving the one or more differences between the first and second compiler metadata from the database; and
generating, without compiling the received program, a set of migration patches based on the received program and the one or
more differences between the first and second compiler metadata.

US Pat. No. 9,189,382

NONCONTIGUOUS REPRESENTATION OF AN ARRAY

Red Hat, Inc., Raleigh, ...

1. A method of storing a composite array including a reference array and one or more arraylets, the method comprising:
determining, by one or more processors, a length of a logical array;
determining a binary representation of the length of the logical array;
allocating, based on a quantity of bits in the binary representation, a set of contiguous memory locations for a reference
array including one or more slots, each slot in the reference array corresponding to a position of a bit in the binary representation
of the length of the logical array;

determining whether each bit corresponding to a slot satisfies a condition;
for each bit corresponding to a slot that is determined to satisfy the condition:
allocating a set of contiguous memory locations for an arraylet having a length based on a position of the slot in the reference
array; and

providing in the slot a reference to the arraylet;
identifying a largest arraylet having a greatest length of the allocated arraylets; and
placing into the largest arraylet a slice of adjacent data elements corresponding to a beginning of the logical array.

US Pat. No. 9,183,369

THUMB DRIVE GUEST USER

Red Hat, Inc., Raleigh, ...

1. A method comprising:
detecting, by a processing device of a host computer, a removable computer readable medium selectively accessible from the
host computer via a peripheral interface, wherein the host computer stores user data associated with at least one native account;

reading at the host computer a configuration portion of the removable computer readable medium to obtain a user identifier
(ID) of a user and a location on the removable computer readable medium of a data portion, the data portion being encrypted;

storing user data associated with the user ID, wherein the user data comprises a home directory for the user comprising user
account data of a non-native account created on another computer, the user account data not being previously stored on the
host computer and the user account data comprising a user account directory associated with the user ID;

identifying the data portion with the user ID;
authenticating the user as being associated with the data portion in response to decrypting the data portion with a key input
by the user;

initiating a session on the host computer, by a computer operating system, for the user with the user ID to access the user
account data of the non-native account, wherein the session on the host computer integrates the home directory into the operating
system through an intermediary translation layer, the home directory to provide the user with access to the user account data
that is available to the user on the other computer as if the non-native account were another native account of the host computer,
wherein the user ID for the session is aliased to a different user ID by the operating system to resolve a conflict with an
existing user ID and the intermediary translation layer translates the user ID of a file within the data portion into the
different user ID; and

accessing the file within the decrypted data portion using the different user ID of the session.

US Pat. No. 9,507,487

PRESENTING A MODAL DIALOG BOX USING AN INVISIBLE PANEL UNDERNEATH

Red Hat Israel, Ltd., Ra...

1. A method comprising:
displaying, by a processing device, a panel superimposed on a graphical user interface (GUI) virtualization system management
page;

displaying on top of the panel a dialog box comprising an input user interface element;
receiving, by an event handler of the panel, an event associated with a user interaction with the panel outside of the dialog
box;

generating, by the processing device, an alert in response to the user interaction indicating that the user interaction is
invalid, wherein the alert is in a visual form; and

preventing an event handler of the GUI virtualization system management page from receiving the event.

US Pat. No. 9,424,143

METHOD AND SYSTEM FOR PROVIDING HIGH AVAILABILITY TO DISTRIBUTED COMPUTER APPLICATIONS

RED HAT, INC., Raleigh, ...

1. A method for migrating applications between distributed nodes, comprising:
executing one or more sub-programs of an application on a first node, the first node including an operating system;
creating, by a high-availability application service, at least one checkpoint corresponding to the one or more sub-programs;
creating, by the high-availability application service, one or more checkpoints corresponding to one or more states of a transport
connection;

flushing and halting the transport connection during the creating of a checkpoint of the at least one checkpoint corresponding
to the one or more sub-programs;

performing a loss-less migration of the one or more sub-programs from the first node to a second node, the loss-less migration
including resuming operation of the one or more sub-programs from the at least one checkpoint corresponding to the one or
more sub-programs; and

restoring the one or more states of the transport connection.

US Pat. No. 9,369,472

AUTHORIZATION FRAMEWORK

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving a request to access a resource of a computer system storing a first plurality of authorization plugins, the request
comprising a call to a login class;

identifying, by a hardware of the computer system, a second plurality of authorization plugins that is a proper subset of
the first plurality of authorization plugins, wherein the login class references a configuration file specifying the second
plurality of authorization plugins;

executing, by the hardware of the computer system, each of the second plurality of authorization plugins, wherein a plurality
of authorization decisions are generated by executing each of the second plurality of authorization plugins; and

generating, by the hardware of the computer system, an overall authorization decision by combining the plurality of authorization
decisions, wherein each of the plurality of authorization decisions is generated using an independent authorization process;

determining, by the hardware of the computer system, whether to grant the request in view of the overall authorization decision.

US Pat. No. 9,354,939

GENERATING CUSTOMIZED BUILD OPTIONS FOR CLOUD DEPLOYMENT MATCHING USAGE PROFILE AGAINST CLOUD INFRASTRUCTURE OPTIONS

Red Hat, Inc., Raleigh, ...

1. A method comprising:
collecting, by a processor, data representing application usage history from a current deployment and a previous deployment
of a first cloud computing environment;

determining over a period of time, by the processor, a customized set of application resources in a second cloud computing
environment to be used in view of temporary combinations of resources in the second cloud computing environment reported in
the data representing application usage history;

receiving a selection of one or more additional application resources to add to the customized set of application resources;
determining over the period of time, by the processor, a cost per user of the customized set of application resources and
the selected one or more additional application resources in the second cloud computing environment;

supplying, by the processor, a recommendation regarding whether to migrate from the first cloud computing environment to the
determined customized set of application resources and the selected one or more additional application resources in the second
cloud computing environment in view of the cost per user being higher or lower than an amount over the period of time; and

migrating one or more of the customized set of application resources or additional application resources in response to the
recommendation.

US Pat. No. 9,298,598

AUTOMATED VISUAL TESTING

Red Hat, Inc., Raleigh, ...

1. A method comprising:
generating, by a processing device, a screenshot of each of a plurality of images of a graphical user interface (GUI) of the
application;

masking, by the processing device, time-variant changes in the screenshot to generate a masked screenshot;
comparing, by the processing device, the time-variant changes in the masked screenshot with a plurality of patterns comprising
images previously generated by the application;

in response to the comparing, rendering a difference between the masked screenshot and the plurality of patterns when the
difference is below a threshold;

determining whether there are version-specific changes on the screenshot;
masking out the version-specific changes on the screenshot in response to a determination that there are version-specific
changes; and

hiding background of the screenshot in response to a determination that there are no version-specific changes.

US Pat. No. 9,286,570

PROPERTY REACTIVE MODIFICATIONS IN A RETE NETWORK

Red Hat, Inc., Raleigh, ...

1. A method comprising:
modifying, by a processing device executing a Rete rule engine, a particular property of an object that has traversed a Rete
network;

associating, by the processing device, a first data structure with the object, the first data structure indicating that the
particular property of the object has been modified;

determining, by the processing device, whether the particular property is a constraint relevant to a node of the Rete network
based on comparing the first data structure to a second data structure associated with the node, wherein the second data structure
identifies one or more modifiable properties that are constraints relevant to the node;

evaluating the object with the node responsive to determining that the particular property is a constraint relevant to the
node; and

determining not to evaluate the object with the node responsive to determining that the particular property is not a constraint
relevant to the node.

US Pat. No. 9,164,967

EXTRACTING FONT METADATA FROM FONT FILES INTO SEARCHABLE METADATA FOR PACKAGE DISTRIBUTION

Red Hat, Inc., Raleigh, ...

1. A method comprising:
determining that a font of a file being opened by a user was not recognized;
downloading, from a remote server, font metadata comprising information extracted from a font package and used to identify
the font package available for download from the remote server, wherein the font package comprises glyph content data to facilitate
rendering the font and the font metadata comprises textual metadata without the glyph content data;

identifying, by a package installer executed by a processor of a client device, the font package in view of the font metadata
and in response to determining that the font of the file was not recognized;

displaying, at the client device, a graphical user interface (GUI) to indicate an additional font needs to be installed; and
downloading, by the package installer in response to an input from the user via the GUI, the font package from the remote
server for local installation.

US Pat. No. 9,092,161

SELECTION OF ALLOCATION POLICY AND FORMAT FOR VIRTUAL MACHINE DISK IMAGES

Red Hat Israel, Ltd., Ra...

1. A method comprising:
determining, by a processor, one or more capabilities of a storage device, wherein the determining is performed by a system
call to a host operating system;

determining, by the processor, one or more capabilities the storage device lacks by taking a complement of the one or more
capabilities with respect to a defined set of capabilities;

selecting, by the processor, one of a plurality of allocation policies for allocating storage on the storage device for a
disk image of the virtual machine, wherein the selecting is in view of: (i) the one or more capabilities of the storage device,
(ii) the one or more capabilities that the storage device lacks, and (iii) a parameter that indicates a tradeoff between performance
and storage consumption; and

allocating storage for the disk image on the storage device in accordance with the selected policy.

US Pat. No. 9,058,196

HOST MACHINE LEVEL TEMPLATE CACHING IN VIRTUALIZATION ENVIRONMENTS

Red Hat Israel, Ltd., Ra...

1. A method comprising: receiving a command to start a virtual machine, the virtual machine having a read-only layer and a
copy-on-write (COW) layer;
remotely accessing the COW layer of the virtual machine from a network storage;
determining whether the read-only layer of the virtual machine is cached in a local storage;
upon determining that the read-only layer of the virtual machine is cached in the local storage, starting, by a processing
device, the virtual machine in view of a combination of the remotely accessed COW layer and the cached read-only layer of
the virtual machine, wherein the COW layer comprises a first link to check for the read-only layer stored in the local storage
and a second link to a copy of the read-only layer stored in the network storage, and wherein the read-only layer comprises
a third link to check for one of an additional read-only layer or a base read-only layer stored in the local storage and a
forth link to check for one of a copy of the additional read-only layer or a copy of the base read-only layer stored in the
network storage; and

in response to receiving a command to generate a point-in-time copy of the virtual machine in view of exceeding a threshold
amount of changes, designating the COW layer as a new read-only layer and generating a new COW layer that links to the new
read-only layer in the local storage and the new read-only layer in the network storage.

US Pat. No. 9,058,199

PRE-WARMING DESTINATION FOR FAST LIVE MIGRATION

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
identifying, by a source host processor, a destination host as an indication to the source host processor to enter a pre-warm-up
phase for live migration of a source virtual machine residing on the source host processor to the destination host;

responsive to the source host processor entering the pre-warm-up phase, copying, by the source host processor, one or more
data segments corresponding to a portion of a state of the source virtual machine to the destination host, the one or more
data segments corresponding to a portion of memory employed by the source virtual machine; and

receiving a command to migrate the source virtual machine to the destination host after copying the one or more data segments
to the destination host.

US Pat. No. 9,910,888

MAP-REDUCE JOB VIRTUALIZATION

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving a map-reduce job written in a first map-reduce language, wherein the map-reduce job is to be performed in parallel
on a plurality of nodes of a plurality of clusters, wherein the first map-reduce language is a general map-reduce language
that describes functions supported by multiple map-reduce frameworks but is not specific to any of the multiple map-reduce
frameworks;

selecting one or more clusters from the plurality of clusters to run the map-reduce job, wherein the selected one or more
clusters of the plurality of clusters operate a different map-reduce framework from other clusters of the plurality of clusters;

identifying a second map-reduce language associated with the selected one or more clusters;
converting the first map-reduce language of the map-reduce job into the second map-reduce language; and
causing the map-reduce job in the second map-reduce language to be run on the plurality of nodes of the selected one or more
clusters.

US Pat. No. 9,712,436

ADAPTIVE LOAD BALANCING FOR BRIDGED SYSTEMS

1. A computer-implemented method, comprising:
generating, by a processor device, a first unique virtualized layer-2 network address for a first unique combination of a
virtual network interface and a first physical network interface;

generating, by the processor device, a second unique virtualized layer-2 network address for a second unique combination of
the virtual network interface and a second physical network interface;

assigning, by the processor device, the first unique virtualized layer-2 network address to a first mapping associating the
virtual network interface with the first physical network interface;

assigning, by the processor device, the second unique virtualized layer-2 network address to a second mapping associating
the virtual network interface with the second physical network interface;

receiving, by the processor device, an outbound packet associated with the virtual network interface;
selecting, by the processor device, one of the first physical network interface or the second physical network interface for
the outbound packet;

replacing, by the processor device, a source layer-2 network address of the outbound packet with the first unique virtualized
layer-2 network address in view of the first mapping when selecting the first physical network interface to send the outbound
packet for the virtual network interface or replacing the source layer-2 network address of the outbound packet with the second
virtualized layer-2 network address in view of the second mapping when selecting the second physical network interface to
send the outbound packet; and

sending, by the processor device, the outbound packet with the first unique virtualized layer-2 network address via the first
physical network interface or sending the outbound packet with the second unique virtualized layer-2 network address via the
second physical network interface.

US Pat. No. 9,507,928

PREVENTING THE DISCOVERY OF ACCESS CODES

Red Hat, Inc., Raleigh, ...

1. A method of authenticating a user, the method comprising:
determining a color to display on one or more keys of a virtual keypad;
determining a symbol to display on the one or more keys of the virtual keypad;
displaying a first set of keys of the virtual keypad on a display coupled to a computing device in accordance with a key's
determined color and symbol, wherein the same symbol is displayed on a first key and a second key of the first set of keys,
and a color of the first key is different from a color of the second key;

receiving a set of user touch inputs via the display, the set of user touch inputs corresponding to one or more keys of the
virtual keypad displayed on the display, each user touch input specifying a symbol and color displayed on the selected key;

comparing the set of user touch inputs with a sequence of symbols;
comparing the set of user touch inputs with a sequence of colors, wherein an access code authenticates the user, and each
entry in the access code specifies a symbol in the sequence of symbols and a color in the sequence of colors; and

authenticating the user in accordance with the comparison of the set of user touch inputs with the sequence of symbols and
the sequence of colors.

US Pat. No. 9,489,228

DELIVERY OF EVENTS FROM A VIRTUAL MACHINE TO A THREAD EXECUTABLE BY MULTIPLE HOST CPUS USING MEMORY MONITORING INSTRUCTIONS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
providing, by a processing device executing a hypervisor to a virtual machine executing a guest, a first notification identifying
a first designated memory range writeable by a virtual central processing unit (VCPU) associated with the virtual machine
to communicate with a thread running on a first host central processing unit (CPU);

providing, by the hypervisor to the VCPU, a first instruction to write to the first designated memory range to communicate
with the thread;

identifying movement of the thread from running on the first host CPU to running on a second host CPU;
providing in response to identifying movement of the thread from running on the first host CPU to running on the second host
CPU, by the hypervisor to the virtual machine, a second notification identifying a second designated memory range writeable
by the VCPU to communicate with the thread running on the second host CPU;

providing, by the hypervisor to the VCPU, a second notification to write to the second designated memory range to communicate
with the thread;

executing, by the second host CPU running the thread, a memory monitoring instruction to identify the second designated memory
range; and

writing, by the VCPU, data identifying an event for execution by the thread to the second designated memory range, without
causing an exit to the hypervisor.

US Pat. No. 9,448,818

DEFINING CLASSES AS SINGLETON CLASSES OR NON-SINGLETON CLASSES

Red Hat, Inc., Raleigh, ...

1. A method comprising:
receiving, by a processing device, a first request to generate an application from source code, wherein the source code comprises
a class, and wherein the first request specifies a first value;

generating by the processing device, in response to the first request, a first instance of the application, wherein in view
of the first value, the class is implemented in the first instance as a singleton and at most one object of the class exists
in the first instance at any time;

receiving, by the processing device, a second request to generate the application from the source code, wherein the second
request specifies a second value that is different than the first value; and

generating by the processing device, in response to the second request, a second instance of the application, wherein in view
of the second value, the class is implemented in the second instance as a non-singleton.

US Pat. No. 9,411,570

INTEGRATING SOFTWARE PROVISIONING AND CONFIGURATION MANAGEMENT

Red Hat, Inc., Raleigh, ...

1. A method comprising:
initiating, by a hardware processor of a provisioning server, a first provisioning process on a first target machine utilizing
a first provisioning object and a second provisioning process on a second target machine utilizing a second provisioning object,
wherein the first provisioning object comprises an identification of first software to be installed on the first target machine
and the second provisioning object comprises an identification of second software to be installed on the second target machine,
wherein the first provisioning process comprises one or more of installation, reinstallation, or virtualization of the first
software at the first target machine by communicating with a helper client in operation at the first target machine and the
second provisioning process comprises one or more of installation, reinstallation, or virtualization of the second software
at the second target machine by communicating with the helper client in operation at the second target machine, and wherein
the helper client enables replacement of running systems and installation of virtualized profiles;

hosting, by the provisioning server, one or more exception plugins that further customize the first provisioning process of
the first software at the first target machine or the second provisioning process of the second software at the second target
machine;

linking to or mirroring, by the provisioning server, a provisioning database comprising a distribution tree list, wherein
the distribution tree list comprises an inventory of software that is hosted or mirrored by the provisioning server, and wherein
the inventory of software identifies the first software and the second software;

providing, by the provisioning server, an identification of the first target machine and an identification of a first management
class to a first configuration management system that is separate from the provisioning server, wherein the first configuration
management system is a first type of configuration management system and performs configuration management services for a
first plurality of target machines other than installation, reinstallation, and virtualization, wherein the first type indicates
that the first management class has a first format, wherein the first plurality of target machines comprises the first target
machine, and wherein the first configuration management system performs configuration management services for the first software
at the first target machine according to the first management class; and

providing, by the provisioning server, an identification of the second target machine and an identification of a second management
class to a second configuration management system that is separate from the provisioning server, wherein the second configuration
management system is a second type of configuration management system that is different than the first type and performs configuration
management services for a second plurality of target machines other than installation, reinstallation, and virtualization,
wherein the second type indicates that the second management class has a second format that is different than the first format,
wherein the second plurality of target machines comprises the second target machine, and wherein the second configuration
management system performs configuration management services for the second software at the second target machine according
to the second management class.

US Pat. No. 9,288,058

EXECUTING COMPLIANCE VERIFICATION OR REMEDIATION SCRIPTS

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
identifying, by a hardware processor, a first compliance script;
determining a value of a cryptographic hash function of at least part of the first compliance script;
determining, using the value of the cryptographic hash function, an installation path of a second compliance script;
identifying a security context associated with the second compliance script at installation time; and
executing, by the hardware processor, the second compliance script within the security context to determine whether a parameter
of a computer system is within an allowed range.

US Pat. No. 9,223,616

VIRTUAL MACHINE RESOURCE REDUCTION FOR LIVE MIGRATION OPTIMIZATION

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
monitoring, by a processing device of a host machine managing a virtual machine (VM), a rate of modification of memory pages
of the VM during a live migration of the VM;

comparing, by the processing device of the host machine, the rate of modification to a rate of migration of the memory pages
during the live migration; and

when the rate of modification exceeds the rate of migration, adjusting, by the host machine, one or more resources of the
VM to decrease the rate of modification to be less than the rate of migration, wherein the adjusting comprises at least one
of dividing the one or more resources by a first constant factor or multiplying a delay by a second constant factor, and wherein
the adjusting is in view of the rate of migration and the rate of modification, and wherein the adjusting adjusts a speed
of a first virtual CPU and a speed of a second virtual CPU separately.

US Pat. No. 9,172,543

DETERMINING CRL SIZE IN VIEW OF SYSTEM CAPABILITY

Red Hat, Inc., Raleigh, ...

1. A method comprising:
emulating certificate revocation list (CRL) generation by generating, at periodic intervals, a plurality of CRLs in view of
test data;

terminating, by a processing device, the generation of the plurality of CRLs in response to evaluating a defined test completion
condition;

determining a cumulative number of revoked certificates in view of the plurality of CRLs generated by the processing device;
and

determining, in view of a defined ratio of a CRL size and a number of issued certificates, a number of certificates that may
be issued by a certificate server.

US Pat. No. 10,110,440

DETECTING NETWORK CONDITIONS BASED ON DERIVATIVES OF EVENT TRENDING

Red Hat, Inc., Raleigh, ...

1. A method comprising:receiving network traffic data from a plurality of resources of a network;
generating a plurality of second order derivatives for the plurality of resources of the network in view of the received network traffic data;
identifying a first derivative of the plurality of second order derivatives having a first peak, the first derivative being associated with a first trend line of a first resource and corresponding to a first condition of the network and a second derivative of the plurality of second order derivatives having a second peak, the second derivative being associated with a second trend line of a second resource and corresponding to a second condition of the network from the plurality of second order derivatives for the plurality of resources, wherein the first derivative and the second derivative are identified in view of the first peak and the second peak exceeding a threshold during a defined interval of time and wherein the first condition is different than the second condition;
identifying the first resource of the network associated with the first condition and the second resource of the network associated with the second condition;
detecting, in view of the first peak and the second peak occurring during the defined interval of time, an inception of an event with respect to the network during the defined interval of time;
generating, in view of the inception of the event, a configuration command; and
issuing, in view of the condition, the configuration command to the first and second resources via the network.

US Pat. No. 9,853,908

UTILIZING ACCESS CONTROL DATA STRUCTURES FOR SHARING COMPUTING RESOURCES

Red Hat Inc., Raleigh, N...

1. A method comprising:
maintaining, by a processing device, a first variable identifying a number of processing streams waiting to access a resource;
performing an atomic operation on a second variable comprising a first portion and a second portion, the atomic operation
comprising incrementing the first portion to reflect a number of available units of the resource and further comprising reading
the second portion reflecting a value of the first variable.

US Pat. No. 9,672,062

BATCHED MEMORY PAGE HINTING

Red Hat, Inc., Raleigh, ...

1. A method comprising:
releasing, by a processing device executing a guest operating system, a plurality of memory pages in use by the guest operating
system;

adding, by the guest operating system, the memory pages to a set of memory pages;
determining, by the guest operating system, that the set of memory pages satisfies a predetermined threshold quantity; and
responsive to the determining, notifying a hypervisor that the memory pages released by the guest operating system are available
for reuse by the hypervisor without being copied to persistent storage.

US Pat. No. 9,355,004

INSTALLING MONITORING UTILITIES USING UNIVERSAL PERFORMANCE MONITOR

Red Hat Israel, Ltd., Ra...

1. A method, comprising:
establishing, by a first computing device, a first secure channel between the first computing device and a second computing
device, and a second secure channel between the first computing device and the second computing device;

identifying, by a processing device of the first computing device, a first monitoring tool to monitor one or more virtual
machines and a second monitoring tool to monitor one or more physical devices;

determining, by the processing device, that the second computing device includes the first monitoring tool and does not include
the second monitoring tool; and

transmitting to the second computing device an executable that is different than the first monitoring tool and the second
monitoring tool and that, when executed by the second computing device, causes the second computing device to: execute the
first monitoring tool, direct output from the first monitoring tool to the first computing device via the first secure channel,
obtain from a designated location the second monitoring tool, install the second monitoring tool, execute the second monitoring
tool, and direct output from the second monitoring tool to the first computing device via the second secure channel.

US Pat. No. 9,317,325

APPLICATION IDLING IN A MULTI-TENANT CLOUD-BASED APPLICATION HOSTING ENVIRONMENT

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
detecting, by a reverse proxy of a node of a plurality of nodes in a cloud computing architecture, an idle application hosted
on the corresponding node, the plurality of nodes hosting a plurality of applications;

instructing the node hosting the idle application to shut down the idle application;
changing, by a processing device, a configuration of the reverse proxy to prevent the application that is shut down from receiving
an incoming access request and to restart the application that is shut down in response to detecting the incoming access request;

receiving a request to create a new application on one of the plurality of nodes;
assigning a weight to each active application, the weight being in view of at least one of a software type or an application
size;

determining capacity for each of the plurality of nodes in view of a number of active applications, a number of idle applications,
and a number of shut down applications hosted on the corresponding node; and

instructing a node having a greatest capacity among the plurality of nodes to create the new application.

US Pat. No. 9,058,198

SYSTEM RESOURCE SHARING IN A MULTI-TENANT PLATFORM-AS-A-SERVICE ENVIRONMENT IN A CLOUD COMPUTING SYSTEM

Red Hat Inc., Raleigh, N...

1. A method, comprising:
receiving, by a virtual machine (VM) executed by a processing device, identification of resource-usage groups that each define
resource constraints to apply to applications;

establishing a resource control policy on the VM for each of the identified resource-usage groups, the resource control policy
to enforce the resource constraints of its associated resource-usage group;

for each established resource control policy, configuring resource control tools of the VM to implement the resource control
policy;

receiving, by the VM, a request to initialize an application on the VM, the request comprising identifying information about
the application;

identifying, by the VM in view of the identifying information, a resource-usage group of the resource-usage groups that the
application is assigned;

applying, by the resource control tools to the application, the resource control policy of the identified resource-usage group
that the application is assigned; and

executing the application with the defined resource constraints, which correspond to the identified resource-usage group that
the application is assigned, applied to the VM, the application executed on the VM with other applications having different
owners than an owner of the application.

US Pat. No. 9,563,456

FEATURE DRIVEN BACKEND SWITCHING

Red Hat Israel, Ltd., Ra...

1. A method comprising:
receiving, by a hypervisor executed by a processing device of a computer system, an indication from a guest to use a feature
of a backend device, wherein the guest is currently utilizing a first device as the backend device;

responsive to the indication from the guest to use the feature of the backend device, determining, by the hypervisor, that
support of the feature of the backend device is provided by a second device that is not currently utilized by the guest as
the backend device; and

switching the guest to use the second device as the backend device.

US Pat. No. 9,454,589

PROVIDING MESSAGES FOR A JAVA MESSAGE SERVICE

Red Hat, Inc., Raleigh, ...

1. A method comprising:
determining, by a processing device executing an application programming interface (API) stub, a timestamp information associated
with a first JAVA¬ô message service (JMS) message, wherein the timestamp information represents a time when the JMS message
is either generated by the processing device or received by the processing device;

determining, by the processing device executing the API stub, a destination information associated with the JMS message; and
converting the JMS message into a first key-value data pair comprising a key data and a value data, wherein the key data comprises
the timestamp information and the value data comprises the destination information of the first JMS message.

US Pat. No. 9,438,484

MANAGING MULTI-LEVEL SERVICE LEVEL AGREEMENTS IN CLOUD-BASED NETWORKS

Red Hat, Inc., Raleigh, ...

1. A method, comprising:
identifying, by a processor, within a multi-level service level agreement (SLA) for a cloud network, a first commitment level
indicating a first amount of resources needed by a first amount of instantiated virtual machines and a second commitment level
indicating a second amount of resources needed by a second amount of instantiated virtual machines, the cloud network provided
by a plurality of providers and including at least two providers;

detecting a triggering event that indicates a change should be made from the first commitment level to the second commitment
level;

generating a resource aggregation table comprising a plurality of sets of resources in the cloud network, each set of resources
from a provider, the resources in the set of resources in conformance with the second amount of resources identified by the
second commitment level;

selecting at least one set of resources from the plurality of sets from a first provider to meet the second commitment level;
and

adjusting, by the processor, resources used within the cloud network from the first commitment level to the second commitment
level using the selected set of resources in response to detecting the triggering event.

US Pat. No. 9,379,940

VIRTUAL DEVICE PROFILE TO CONFIGURE VIRTUAL NETWORK INTERFACE CARDS

Red Hat Israel, Ltd., Ra...

1. A method comprising:
presenting on a graphic user interface (GUI), by a management server of a host executing a virtual machine (VM), a plurality
of attributes of a virtual network interface card (VNIC);

assigning, via the GUI, a respective one of a plurality of values to each one of the plurality of attributes;
storing the plurality of values in a profile on the management server; and
configuring, by a processing device associated with the management server, a second VNIC using the plurality of values in
the profile.

US Pat. No. 9,355,264

SECRETLY TRANSMITTING MESSAGES OVER PUBLIC CHANNELS

Red Hat, Inc., Raleigh, ...

1. A method comprising:
establishing, by a processing device, an agreement between a first enterprise service bus (ESB) of a first computer system
and a second ESB of a second computer system;

encoding, by the processing device, data from the first ESB of the first computer system in a non-published file;
publishing, by the processing device, the non-published file to a server independent from the first ESB and the second ESB,
wherein the independent server is accessible to a public and a private subscriber over a public channel; and

notifying, by the processing device, the second ESB of the second computer system of the published file to be downloaded from
the independent server and decoded at the second ESB of the second computer system in view of the agreement.

US Pat. No. 9,176,796

SHARED MEMORY REUSABLE IPC LIBRARY

Red Hat, Inc., Raleigh, ...

1. A method comprising:
forming, by a processing device, a client server interprocess communication (IPC) interface comprising a unified IPC library
for a client application and a server application, the unified IPC library comprising a client IPC library and a server IPC
library;

providing, by the processing device, an initialization function in the server IPC library to establish an IPC connection between
the client application and the server application in request to a first IPC message among a plurality of IPC messages in the
client IPC library, wherein the initialization function initializes a plurality of functions at the server application;

interfacing, by the processing device, at the client IPC interface, the client application with the client IPC library and
the server application with the server IPC library, wherein the client application communicates with the server application
by transmitting data associated with executing of the first IPC message from the client IPC library of the unified IPC library
to the server IPC library of the unified IPC library, wherein the server IPC library sends the data to the server application;

the server application to share the unified IPC library, wherein the sharing comprising:
initializing, by the processing device, a communication with the server application upon validation of a security object in
an initialization request against the initialization function;

in response to determining that the security object is valid, requesting, by the processing device, an exit function from
the plurality of functions for a shutdown of the communication at the server application upon disconnection from the client
application; and

requesting, by the processing device, a proper handler function from the plurality of functions with replying to a request
with a second IPC message among the plurality of IPC messages in the client IPC library of the unified IPC library with parameters
previously defined in the IPC connection.

US Pat. No. 9,100,311

METERING SOFTWARE INFRASTRUCTURE IN A CLOUD COMPUTING ENVIRONMENT

Red Hat, Inc., Raleigh, ...

1. A method comprising:
determining, by a processing device, a first duration of usage of a hardware resource on which a virtual machine is instantiated
in a cloud;

determining, by the processing device from the virtual machine on the cloud, a second duration of usage of a software resource
that is utilized by a user on the virtual machine, the software resource comprising at least part of an operating system;
and

calculating, by the processing device, a usage of the cloud by the user in view of the first duration and the second duration.

US Pat. No. 9,654,351

GRANULAR PERMISSION ASSIGNMENT

Red Hat, Inc., Raleigh, ...

1. A method comprising:
maintaining a data store to store a plurality of reusable role definitions for assigning roles to users with respect to resources
in a system of a plurality of systems, the plurality of systems comprising a cloud provider system and a content management
system;

creating, by a processing device, the plurality of reusable role definitions for the cloud provider system, wherein each of
the plurality of reusable role definitions comprises a resource type and an action set permitted to be performed on a plurality
of resources of the resource type;

storing the plurality of reusable role definitions in the data store;
receiving, by the processing device, a first request to assign a user to a first role, the first request specifying a first
cloud computing resource of a plurality of cloud computing resources of a respective resource type in the e cloud provider
system;

identifying, by the processing device, a role definition corresponding to the respective resource type in the data store storing
the reusable role definitions, the identified role definition comprising the respective resource type and an action set permitted
to be performed in the cloud provider system on the plurality of cloud computing resources of the respective resource type;

creating, by the processing device, the first role for the user on the first cloud computing resource, wherein creating the
first role comprises associating the identified role definition with the first cloud computing resource and the user;

receiving, by the processing device, a second request to assign the user to a second role, the second request specifying a
second cloud computing resource of the plurality of cloud computing resources of the respective resource type; and

creating, by the processing device, the second role for the user on the second cloud computing resource in view of the identified
role definition corresponding to the resource type, wherein the identified role definition that was used for the first role
of the user is being reused for the second role of the user, and wherein creating the second role comprises associating the
identified role definition with the second cloud computing resource and the user.