Abstract

The disclosure provides a method for creating one or more virtual private clouds (VPCs) for containerized workloads within a namespace in a networking environment of a container-based cluster. The method generally includes deploying, on the cluster, a VPC network configuration custom resource specifying network settings for configuring one or more VPCs within the namespace, deploying, on the cluster, a VPC custom resource specifying first parameters for creating a VPC, wherein the first parameters comprise at least an indication of the namespace where the VPC is to be created, and modifying a state of the cluster to match a first intended state of the cluster at least specified in the VPC custom resource and the network configuration custom resource, wherein modifying the state comprises: creating the VPC in the namespace based on the VPC custom resource and configuring the VPC based on the VPC network configuration custom resource.

IPC Classes  ?

• G06F 9/50 - Allocation of resources, e.g. of the central processing unit [CPU]
• H04L 41/0806 - Configuration setting for initial configuration or provisioning, e.g. plug-and-play
• G06F 9/455 - EmulationInterpretationSoftware simulation, e.g. virtualisation or emulation of application or operating system execution engines

Abstract

Some embodiments of the invention provide a method of performing layer 7 (L7) packet processing for a set of Pods executing on a host computer, the set of Pods managed by a container orchestration platform. The method is performed at the host computer. The method receives notification of a creation of a traffic control (TC) custom resource (CR) that is defined by reference to a TC custom resource definition (CRD). The method identifies a set of interfaces of a set of one or more managed forwarding elements (MFEs) executing on the host computer that are candidate interfaces for receiving flows that need to be directed based on the TC CR to a layer 7 packet processor. Based on the identified set of interfaces, the method provides a set of flow records to the set of MFEs to process in order to direct a subset of flows that the set of MFEs receive to the layer 7 packet processor.

IPC Classes  ?

• G06F 9/455 - EmulationInterpretationSoftware simulation, e.g. virtualisation or emulation of application or operating system execution engines
• H04L 41/08 - Configuration management of networks or network elements
• H04L 41/0895 - Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements

Abstract

Disclosed are various embodiments for determining whether to initiate a remote device wipe in a mobile device management context. In one example, a system comprises a computing device configured to identify a device wipe condition for a client device and determine a wipe policy associated with the device wipe condition. A time for a time delay is initiated for a device wipe action of the client device. A wipe instruction is transmitted to execute the device wipe action based on an expiration of the time delay for the device wipe action.

IPC Classes  ?

• G06F 21/50 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
• H04L 67/30 - Profiles
• G06F 21/55 - Detecting local intrusion or implementing counter-measures

Abstract

Disclosed are various examples for automatically analyzing telemetry data from managed devices in one or more organizations and alerting information technology (IT) administrators as early as possible when widespread issues are detected. Telemetry data can be collected from managed devices across multiple organizations and/or enterprises. The collected data can be used to identify events (e.g., system crashes, application crashes, system boot times, system shutdown times, application hangs, application foreground/usage events, device central processing unit (CPU) and memory utilization, battery performance, etc.) that may indicate a potential issue in the IT infrastructure. Time-series data associated with the detected events can be generated and analyzed. Upon detection of a potential issue in view of an analysis of the time-series data, an alert can be generated and presented to an IT administrator or other entity who can further analyze and potentially remedy the issue.

IPC Classes  ?

• G06F 21/55 - Detecting local intrusion or implementing counter-measures
• H04L 43/02 - Capturing of monitoring data
• G06F 11/34 - Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation

Abstract

Disclosed are various embodiments for conditional time-based one time password token issuance based on locally aggregated device risk. Embodiments of this application can evaluate the security of the client device using mobile threat defense signals or a device posture summary before generating a seed on the client device to ensure the security of all the connected systems as a whole. Additionally, embodiments of this application can evaluate the security of the client device to determine if changes have been made that require a remedial action to be taken. In some embodiments, the client device may be completely disconnected from the network and capable of generating time-based one time passwords, while remaining offline. However, offline attacks may still occur; in such a situation, the client device can determine the security of the device and perform the remedial actions independent of other devices, systems, computing environments, or networks. In at least another embodiment, when the client device is determined to not be secure, the client device can inform the authentication service over a connected network that security issues may exist in the client device and actions may need to be taken at the authentication service to ensure the client does not further compromise the account.

IPC Classes  ?

• H04L 9/40 - Network security protocols

Abstract

Some embodiments of the invention provide a method for performing data traffic monitoring for a system that includes a set of heterogeneous networks that includes at least an overlay first network layer that is built on top of an underlay second network layer. The method is performed at a federation controller for the system. The method directs (1) a first set of components in the overlay first network layer to perform a first trace operation to trace a packet exchanged between two machines and passing through network components defined in the overlay first network layer and underlay second network layer and (2) a second set of components in the underlay second network layer to perform a second trace operation to trace the packet. The method receives, from the first and second sets of components, first and second sets of trace data collected during the first and second trace operations. The collected trace data includes correlation data for correlating the first and second sets of data. The method uses the correlation data to correlate the first and second sets of trace data to generate a final trace report identifying a complete path traversed by the packet through the overlay first network layer and underlay second network layer.

IPC Classes  ?

• H04L 43/10 - Active monitoring, e.g. heartbeat, ping or trace-route
• H04L 41/0226 - Mapping or translating multiple network management protocols
• H04L 41/044 - Network management architectures or arrangements comprising hierarchical management structures
• H04L 43/04 - Processing captured monitoring data, e.g. for logfile generation
• H04L 41/40 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
• H04L 43/20 - Arrangements for monitoring or testing data switching networks the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV
• H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]