Abstract: Embodiments are directed to managing communication. Credentials of a user may be provided to an authorization service such that the authorization service authenticates the user as a member of authorization groups and such that the user may be associated with a gateway on an overlay network. The authorization groups may be compared with user groups to associate the user with one or more user group. The gateway may be associated with one or more resource group based on the user groups. Policy information may be generated for the gateway based on each resource group. The policy information may be provided to the gateway to define policies associated with resources in the overlay network. The policy information may be enforced against source nodes providing overlay traffic directed to target nodes in the overlay network.

Abstract: Embodiments are directed to managing communication. Credentials of a user may be provided to an authorization service such that the authorization service authenticates the user as a member of authorization groups and such that the user may be associated with a gateway on an overlay network. The authorization groups may be compared with user groups to associate the user with one or more user group. The gateway may be associated with one or more resource group based on the user groups. Policy information may be generated for the gateway based on each resource group. The policy information may be provided to the gateway to define policies associated with resources in the overlay network. The policy information may be enforced against source nodes providing overlay traffic directed to target nodes in the overlay network.

Abstract: Embodiments are directed to managing communication over one or more networks. A monitoring engine may be instantiated to perform actions including receiving network traffic from a physical network that may be associated with network addresses of the physical network. The monitoring engine may analyze the network traffic to associate activity with gateway identifiers (GIDs) associated with gateway computers in an overlay network such that the GIDs are separate from the network addresses. The monitoring engine may be arranged to monitor the network traffic based on monitoring rules. The monitoring engine may provide metrics associated with the gateway computers based on the monitoring of the network traffic. The monitoring engine may compare the metrics to event rules. The monitoring engine may generate events based on affirmative results of the comparison. The events may be mapped to actions based on characteristics of the events and executed.

Abstract: Embodiments are directed to managing communication over one or more networks. A monitoring engine may be instantiated to perform actions including receiving network traffic from a physical network that may be associated with network addresses of the physical network. The monitoring engine may analyze the network traffic to associate activity with gateway identifiers (GIDs) associated with gateway computers in an overlay network such that the GIDs are separate from the network addresses. The monitoring engine may be arranged to monitor the network traffic based on monitoring rules. The monitoring engine may provide metrics associated with the gateway computers based on the monitoring of the network traffic. The monitoring engine may compare the metrics to event rules. The monitoring engine may generate events based on affirmative results of the comparison. The events may be mapped to actions based on characteristics of the events and executed.

Abstract: Embodiments are directed to managing communication over one or more networks. A monitoring engine may be instantiated to perform actions including receiving network traffic from a physical network that may be associated with network addresses of the physical network. The monitoring engine may analyze the network traffic to associate activity with gateway identifiers (GIDs) associated with gateway computers in an overlay network such that the GIDs are separate from the network addresses. The monitoring engine may be arranged to monitor the network traffic based on monitoring rules. The monitoring engine may provide metrics associated with the gateway computers based on the monitoring of the network traffic. The monitoring engine may compare the metrics to event rules. The monitoring engine may generate events based on affirmative results of the comparison. The events may be mapped to actions based on characteristics of the events and executed.

Abstract: Embodiments are directed to managing communication. Credentials of a user may be provided to an authorization service such that the authorization service authenticates the user as a member of authorization groups and such that the user may be associated with a gateway on an overlay network. The authorization groups may be compared with user groups to associate the user with one or more user group. The gateway may be associated with one or more resource group based on the user groups. Policy information may be generated for the gateway based on each resource group. The policy information may be provided to the gateway to define policies associated with resources in the overlay network. The policy information may be enforced against source nodes providing overlay traffic directed to target nodes in the overlay network.

Abstract: Embodiments are directed to managing communication. Credentials of a user may be provided to an authorization service such that the authorization service authenticates the user as a member of authorization groups and such that the user may be associated with a gateway on an overlay network. The authorization groups may be compared with user groups to associate the user with one or more user group. The gateway may be associated with one or more resource group based on the user groups. Policy information may be generated for the gateway based on each resource group. The policy information may be provided to the gateway to define policies associated with resources in the overlay network. The policy information may be enforced against source nodes providing overlay traffic directed to target nodes in the overlay network.

Abstract: Embodiments are directed to managing communication networks. One or more links associated with a gateway computer may be monitored. Each link may be associated with a network addresses, and the gateway computer is associated with a gateway identifier (GID). Metrics associated with the monitored links may be provided. Scores may be associated with the links based on the metrics. The scores may be modified based on policy information. The links may be compared based on the scores and the policy information. A comparison may be employed to activate a portion of the links such that the activated links may be employed to communicate over the networks with other gateway computers. The links may be compared based on updated metrics. The comparison of the updated metrics may be used to activate another portion of the links that are associated with the GID.

Abstract: Embodiments are directed to managing communication over one or more networks. A monitoring engine may be instantiated to perform actions including receiving network traffic from a physical network that may be associated with network addresses of the physical network. The monitoring engine may analyze the network traffic to associate activity with gateway identifiers (GIDs) associated with gateway computers in an overlay network such that the GIDs are separate from the network addresses. The monitoring engine may be arranged to monitor the network traffic based on monitoring rules. The monitoring engine may provide metrics associated with the gateway computers based on the monitoring of the network traffic. The monitoring engine may compare the metrics to event rules. The monitoring engine may generate events based on affirmative results of the comparison. The events may be mapped to actions based on characteristics of the events and executed.

Abstract: Embodiments are directed to managing communication over one or more networks. A monitoring engine may be instantiated to perform actions including receiving network traffic from a physical network that may be associated with network addresses of the physical network. The monitoring engine may analyze the network traffic to associate activity with gateway identifiers (GIDs) associated with gateway computers in an overlay network such that the GIDs are separate from the network addresses. The monitoring engine may be arranged to monitor the network traffic based on monitoring rules. The monitoring engine may provide metrics associated with the gateway computers based on the monitoring of the network traffic. The monitoring engine may compare the metrics to event rules. The monitoring engine may generate events based on affirmative results of the comparison. The events may be mapped to actions based on characteristics of the events and executed.

Abstract: Embodiments are directed to managing communication networks. One or more links associated with a gateway computer may be monitored. Each link may be associated with a network addresses, and the gateway computer is associated with a gateway identifier (GID). Metrics associated with the monitored links may be provided. Scores may be associated with the links based on the metrics. The scores may be modified based on policy information. The links may be compared based on the scores and the policy information. A comparison may be employed to activate a portion of the links such that the activated links may be employed to communicate over the networks with other gateway computers. The links may be compared based on updated metrics. The comparison of the updated metrics may be used to activate another portion of the links that are associated with the GID.

Abstract: Embodiments are directed to secure communication over a network. If a source node sends a communication to a target node, a source gateway may forward the communication to the target node. The source gateway may provide a gateway identifier (GID) that may be associated with one or more target gateways associated with the target node. Further, the source gateway may embed marker information that includes at least a portion of the GID in the communication. If the GID is associated with more than one target gateway, a TMD selects one target gateway from the more than one target gateways. Also, the TMD provides a gateway key associated with the selected target gateway that is associated with the communication. And, the TMD may provide the communication to the selected target gateway that provides the communication to the target node.

Abstract: Embodiments are directed to managing communication over one or more networks. A monitoring engine may be instantiated to perform actions including receiving network traffic from a physical network that may be associated with network addresses of the physical network. The monitoring engine may analyze the network traffic to associate activity with gateway identifiers (GIDs) associated with gateway computers in an overlay network such that the GIDs are separate from the network addresses. The monitoring engine may be arranged to monitor the network traffic based on monitoring rules. The monitoring engine may provide metrics associated with the gateway computers based on the monitoring of the network traffic. The monitoring engine may compare the metrics to event rules. The monitoring engine may generate events based on affirmative results of the comparison. The events may be mapped to actions based on characteristics of the events and executed.

Abstract: Embodiments are directed to managing communication networks. One or more links associated with a gateway computer may be monitored. Each link may be associated with a network addresses, and the gateway computer is associated with a gateway identifier (GID). Metrics associated with the monitored links may be provided. Scores may be associated with the links based on the metrics. The scores may be modified based on policy information. The links may be compared based on the scores and the policy information. A comparison may be employed to activate a portion of the links such that the activated links may be employed to communicate over the networks with other gateway computers. The links may be compared based on updated metrics. The comparison of the updated metrics may be used to activate another portion of the links that are associated with the GID.

Abstract: Embodiments are directed towards upgrading hypervisors operating in hardware clusters that may be hosting one or more virtual clusters of virtual traffic managers. Virtual clusters may be arranged to span multiple computing devices in the hardware cluster. Spanning the virtual clusters across multiple hardware nodes the virtual cluster may enable the virtual clusters to remain operative while one or more hardware nodes may be upgraded. Hypervisor may include a management control plane for virtual clusters of virtual traffic managers. Hypervisors running on hardware nodes may manage the lower level networking traffic topology while the virtual traffic managers may manage the higher level network processing.

Abstract: Embodiments are directed to secure communication over a network. If a source node sends a communication to a target node, a source gateway may forward the communication to the target node. The source gateway may provide a gateway identifier (GID) that may be associated with one or more target gateways associated with the target node. Further, the source gateway may embed marker information that includes at least a portion of the GID in the communication. If the GID is associated with more than one target gateway, a TMD selects one target gateway from the more than one target gateways. Also, the TMD provides a gateway key associated with the selected target gateway that is associated with the communication. And, the TMD may provide the communication to the selected target gateway that provides the communication to the target node.

Abstract: Embodiments are directed to secure communication over a network. If a source node sends a communication to a target node, a source gateway may forward the communication to the target node. The source gateway may provide a gateway identifier (GID) that may be associated with one or more target gateways associated with the target node. Further, the source gateway may embed marker information that includes at least a portion of the GID in the communication. If the GID is associated with more than one target gateway, a TMD selects one target gateway from the more than one target gateways. Also, the TMD provides a gateway key associated with the selected target gateway that is associated with the communication. And, the TMD may provide the communication to the selected target gateway that provides the communication to the target node.