公开(公告)号：US20180357447A1

公开(公告)日：2018-12-13

申请号：US15619101

申请日：2017-06-09

Applicant: Red Hat, Inc.

Inventor： Huamin Chen ,  Jay Vyas

IPC: G06F21/62 ,  G06F21/60 ,  G06F11/14 ,  G06F17/30

Abstract: Secure containerized user specific isolated data storage is disclosed. For example, a first isolated guest is instantiated, including a first account specific database with a write-protected schema, a write-protected first lower storage layer and a first upper storage layer. A first account is authenticated with the first isolated guest. A first change to the first account specific database is saved in the first upper storage layer based on executing a first database command from the first account. A second isolated guest is instantiated, including a second account specific database with the write-protected schema, a write-protected second lower storage layer and a second upper storage layer. The second account is authenticated with the second isolated guest. A second change to the second account specific database is saved in the second upper storage layer based on executing the second database command from the second account.

公开(公告)号：US20180351870A1

公开(公告)日：2018-12-06

申请号：US15608264

申请日：2017-05-30

Applicant: Red Hat, Inc.

Inventor： Huamin Chen ,  Jay Vyas

IPC: H04L12/851 ,  G06F3/06

Abstract: On demand data volume provisioning is disclosed. For example, a first memory accessible to first and second accounts stores a temporary directory. Physically separate second and third memories are across a network from the first memory. The first account requests to create a first file in the temporary directory. A first storage controller creates a first storage layer assigned to the first account in the second memory linked to the temporary directory. The first file is stored on the first storage layer and first metadata associated with the first storage layer is updated. The second account requests to create a second file in the temporary directory. A second storage controller creates a second storage layer assigned to the second account in the third memory linked to the temporary directory. The second file is stored on the second storage layer and second metadata associated with the second storage layer is updated.

公开(公告)号：US20180349789A1

公开(公告)日：2018-12-06

申请号：US15608585

申请日：2017-05-30

Applicant: Red Hat, Inc.

Inventor： Huamin Chen ,  Jay Vyas

IPC: G06N99/00 ,  G06F9/48 ,  G06F17/30

Abstract: A system and method for optimizing CI using code review quality includes a memory, a processor in communication with the memory, a classifier executing on the processor, a high priority integration queue, and a low priority integration queue. In an example, the classifier may receive pull requests for code changes and determine reliability factors. The classifier may also determine a reliability value of the pull requests based on the reliability factors and classify each of the pull requests into a classification, such as a trusted classification and an untrusted classification. Then, the classifier sends the pull requests in the trusted classification to the high priority integration queue and the pull requests in the untrusted classification to the low priority integration queue.

公开(公告)号：US20180349174A1

公开(公告)日：2018-12-06

申请号：US15608234

申请日：2017-05-30

Applicant: Red Hat, Inc.

Inventor： Jay Vyas ,  Huamin Chen

IPC: G06F9/48 ,  G06F9/455 ,  G06F9/50

CPC classification number: G06F9/4843 ,  G06F9/45558 ,  G06F2009/4557

Abstract: A method for scheduling containers includes receiving attribute values for every node, generating location metrics for each node based on each node's attribute values, generating distance values, including a first distance value corresponding to the distance between a first node and second node. Each distance value represents the distance between respective location metrics for respective nodes. A distance matrix is populated with the distance values. The scheduler initiates an attempt to schedule a container at the first node, compares attribute requirements of the container to the first attribute values, and determines that at least one of the attribute requirements of the container exceeds a respective attribute value of the first attribute values. The second node is selected from the distance matrix based on the first distance value, and the scheduler initiates an attempt to schedule the container at the second node selected from the distance matrix.

公开(公告)号：US20180343115A1

公开(公告)日：2018-11-29

申请号：US15604586

申请日：2017-05-24

Applicant: Red Hat, Inc.

Inventor： Huamin Chen ,  Jay Vyas

IPC: H04L9/08 ,  H04L9/06

Abstract: An example method may include receiving, at a session key service, a first session key and a first public key of a client device to be authenticated to a web server. The first session key being encrypted by the client device using a second public key of the web server. The web server is a subscriber of the session key service hosted in a cloud-based environment. The method may also include decrypting, using a first private key of the web server, the first session key to obtain a plaintext session key, encrypting the plaintext session key using the first public key of the client device to generate a second session key, and sending the second session key to the web server to facilitate a decryption of the second session key by the client device for an authentication of the client device to the web server.

公开(公告)号：US20180331969A1

公开(公告)日：2018-11-15

申请号：US15593744

申请日：2017-05-12

Applicant: Red Hat, Inc.

Inventor： Huamin Chen ,  Jay Vyas

IPC: H04L12/911 ,  G06F3/06

Abstract: A system for reducing overlay network overhead includes a memory, a processor in communication with the memory, a first container and a second container running on a first host, and a container scheduler executing on the processor. Each of the first container and second container expose a network service port(s). The container scheduler executes on the processor to assign a network complexity weight to the first host. The network complexity weight is based on a quantity of network service ports that the first container and the second container expose. The container scheduler also filters hosts based on resource availability corresponding to each host and ranks the hosts based on a respective network complexity weight corresponding to each host. Additionally, the container scheduler dispatches a third container to a second host based on the resource availability and network complexity weight corresponding to the second host.

公开(公告)号：US20180314539A1

公开(公告)日：2018-11-01

申请号：US15497429

申请日：2017-04-26

Applicant: Red Hat, Inc.

Inventor： Jay Vyas ,  Huamin Chen

IPC: G06F9/455 ,  G06F9/50

Abstract: A system includes a memory, a processor in communication with the memory, a hypervisor executing on the processor, a pool of hypervisor resources, and a cloud-sharing module (CSM). The CSM runs in a kernel to assign an anonymous identity to a hypervisor resource from the pool of hypervisor resources. The CSM broadcasts a transaction for the hypervisor resource and determines which provider owns the hypervisor resource. A first provider is associated with a second anonymous identity and a second provider is associated with a third anonymous identity. Additionally, the CSM receives mining information that includes a block associated with the transaction, where the block is part of a blockchain. The CSM completes the transaction for the first anonymous identity associated with the hypervisor resource between the second anonymous identity and the third anonymous identity.

公开(公告)号：US20180203635A1

公开(公告)日：2018-07-19

申请号：US15405822

申请日：2017-01-13

Applicant: Red Hat, Inc.

Inventor： Huamin Chen ,  Jay Vyas

IPC: G06F3/06

CPC classification number: G06F3/061 ,  G06F3/0659 ,  G06F3/0683

Abstract: Categorizing computing process output data streams for flash storage devices is disclosed. A first computing process characteristic of a first computing process that generates a first output data stream is determined. A structure that correlates the first computing process characteristic to a first stream identifier is accessed. A first filter driver is associated with the first computing process to configure the first filter driver to receive the first output data stream. The first filter driver is associated with a flash storage device. The first stream identifier is sent to the first filter driver.

公开(公告)号：US10013275B2

公开(公告)日：2018-07-03

申请号：US15354420

申请日：2016-11-17

Applicant: Red Hat, Inc.

Inventor： Jay Vyas ,  Huamin Chen

IPC: G06F9/455 ,  H04L29/08

CPC classification number: G06F9/5055 ,  H04L67/10

Abstract: Methods and systems for executing code referenced from a microservice registry are disclosed. For example, a microservice registry is stored in a memory. The microservice registry includes references to a plurality of microservices including a first microservice. An isolated guest executing on one or more processors receives a request to execute an executable code and determines that the executable code is unavailable in the first isolated guest. The isolated guest determines that, based on the microservice registry, the first microservice executes the executable code. The isolated guest forwards the first request to the first microservice and receives a result of the request from the first micro service.

公开(公告)号：US20180109464A1

公开(公告)日：2018-04-19

申请号：US15297871

申请日：2016-10-19

Applicant: Red Hat, Inc.

Inventor： Huamin Chen ,  Jay Vyas

IPC: H04L12/911 ,  H04L29/08 ,  H04L12/26

CPC classification number: H04L47/70 ,  G06F9/00 ,  G06F11/00 ,  H04L41/0896 ,  H04L41/5009 ,  H04L41/5019

Abstract: The present disclosure provides for dynamic resource allocation to a container on a host. For example, in a first directed acyclic graph (“DAG”), a CPU resource usage of a container may be detected. In a second DAG, an I/O resource usage of the container may be detected. In a third DAG, a network traffic resource usage of the container may be detected. Each detected resource may be associated with a distinct control group. Each detected resource usage may be compared to a detected service level objective (“SLO”). Resources that fail to meet the SLO may be adjusted. Each adjusted resource usage may be compared to the SLO, and any resources that continue to fail to meet the SLO may be further adjusted. An orchestrator may be notified when a resource has been adjusted to a threshold limit and the container may be migrated to a second host.