Abrégé

The disclosure provides a method for creating one or more virtual private clouds (VPCs) for containerized workloads within a namespace in a networking environment of a container-based cluster. The method generally includes deploying, on the cluster, a VPC network configuration custom resource specifying network settings for configuring one or more VPCs within the namespace, deploying, on the cluster, a VPC custom resource specifying first parameters for creating a VPC, wherein the first parameters comprise at least an indication of the namespace where the VPC is to be created, and modifying a state of the cluster to match a first intended state of the cluster at least specified in the VPC custom resource and the network configuration custom resource, wherein modifying the state comprises: creating the VPC in the namespace based on the VPC custom resource and configuring the VPC based on the VPC network configuration custom resource.

Classes IPC  ?

• G06F 9/50 - Allocation de ressources, p. ex. de l'unité centrale de traitement [UCT]
• H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p. ex. prêt à l’emploi [plug-and-play]
• G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation

Abrégé

Some embodiments of the invention provide a method of performing layer 7 (L7) packet processing for a set of Pods executing on a host computer, the set of Pods managed by a container orchestration platform. The method is performed at the host computer. The method receives notification of a creation of a traffic control (TC) custom resource (CR) that is defined by reference to a TC custom resource definition (CRD). The method identifies a set of interfaces of a set of one or more managed forwarding elements (MFEs) executing on the host computer that are candidate interfaces for receiving flows that need to be directed based on the TC CR to a layer 7 packet processor. Based on the identified set of interfaces, the method provides a set of flow records to the set of MFEs to process in order to direct a subset of flows that the set of MFEs receive to the layer 7 packet processor.

Classes IPC  ?

• G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
• H04L 41/08 - Gestion de la configuration des réseaux ou des éléments de réseau
• H04L 41/0895 - Configuration de réseaux ou d’éléments virtualisés, p. ex. fonction réseau virtualisée ou des éléments du protocole OpenFlow

Abrégé

Disclosed are various embodiments for determining whether to initiate a remote device wipe in a mobile device management context. In one example, a system comprises a computing device configured to identify a device wipe condition for a client device and determine a wipe policy associated with the device wipe condition. A time for a time delay is initiated for a device wipe action of the client device. A wipe instruction is transmitted to execute the device wipe action based on an expiration of the time delay for the device wipe action.

Classes IPC  ?

• G06F 21/50 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation
• H04L 67/30 - Profils
• G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures

Abrégé

Disclosed are various examples for automatically analyzing telemetry data from managed devices in one or more organizations and alerting information technology (IT) administrators as early as possible when widespread issues are detected. Telemetry data can be collected from managed devices across multiple organizations and/or enterprises. The collected data can be used to identify events (e.g., system crashes, application crashes, system boot times, system shutdown times, application hangs, application foreground/usage events, device central processing unit (CPU) and memory utilization, battery performance, etc.) that may indicate a potential issue in the IT infrastructure. Time-series data associated with the detected events can be generated and analyzed. Upon detection of a potential issue in view of an analysis of the time-series data, an alert can be generated and presented to an IT administrator or other entity who can further analyze and potentially remedy the issue.

Classes IPC  ?

• G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
• H04L 43/02 - Capture des données de surveillance
• G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p. ex. des interruptions ou des opérations d'entrée–sortie

Abrégé

Disclosed are various embodiments for conditional time-based one time password token issuance based on locally aggregated device risk. Embodiments of this application can evaluate the security of the client device using mobile threat defense signals or a device posture summary before generating a seed on the client device to ensure the security of all the connected systems as a whole. Additionally, embodiments of this application can evaluate the security of the client device to determine if changes have been made that require a remedial action to be taken. In some embodiments, the client device may be completely disconnected from the network and capable of generating time-based one time passwords, while remaining offline. However, offline attacks may still occur; in such a situation, the client device can determine the security of the device and perform the remedial actions independent of other devices, systems, computing environments, or networks. In at least another embodiment, when the client device is determined to not be secure, the client device can inform the authentication service over a connected network that security issues may exist in the client device and actions may need to be taken at the authentication service to ensure the client does not further compromise the account.

Classes IPC  ?

• H04L 9/40 - Protocoles réseaux de sécurité

Abrégé

Some embodiments of the invention provide a method for performing data traffic monitoring for a system that includes a set of heterogeneous networks that includes at least an overlay first network layer that is built on top of an underlay second network layer. The method is performed at a federation controller for the system. The method directs (1) a first set of components in the overlay first network layer to perform a first trace operation to trace a packet exchanged between two machines and passing through network components defined in the overlay first network layer and underlay second network layer and (2) a second set of components in the underlay second network layer to perform a second trace operation to trace the packet. The method receives, from the first and second sets of components, first and second sets of trace data collected during the first and second trace operations. The collected trace data includes correlation data for correlating the first and second sets of data. The method uses the correlation data to correlate the first and second sets of trace data to generate a final trace report identifying a complete path traversed by the packet through the overlay first network layer and underlay second network layer.

Classes IPC  ?

• H04L 43/10 - Surveillance active, p. ex. battement de cœur, utilitaire Ping ou trace-route
• H04L 41/0226 - Correspondance ou conversion entre plusieurs protocoles de gestion de réseaux
• H04L 41/044 - Architectures ou dispositions de gestion de réseau comprenant des structures de gestion hiérarchisées
• H04L 43/04 - Traitement des données de surveillance capturées, p. ex. pour la génération de fichiers journaux
• H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p. ex. entités SDN ou NFV
• H04L 43/20 - Dispositions pour la surveillance ou le test de réseaux de commutation de données le système de surveillance ou les éléments surveillés étant des entités virtualisées, abstraites ou définies par logiciel, p. ex. SDN ou NFV
• H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]