Abstract: In one embodiment, a device obtains transaction data regarding a user account of an application performing a transaction within the application to access a particular document. The transaction data is captured by instrumentation code inserted into the application at runtime. The device identifies, based on the transaction data, a data mining policy for the transaction. The device generates, based on the data mining policy, identification information associated with the user account and the particular document. The device inserts, via the instrumentation code, tracing data into the particular document that causes a client that opens the particular document to send a web request for a uniform resource locator (URL) associated with the identification information.

Abstract: Technologies for testing resiliency of a data network with real-world accuracy without affecting the flow of production data through the network. A method according to the technologies may include receiving a production data packet and determining a preferred data route toward a destination node for the production data packet based on a first routing information base, wherein the first routing information base includes a database where routes and route metadata are stored according to a routing protocol. The method may also include, receiving a test data packet, and determining an alternate data route toward the destination node for the test data packet based on a second routing information base, wherein the second routing information base simulates an error in the preferred data route. The method may include sending the production data packet to the preferred data route and sending the test data packet to the alternate data route.

Abstract: Techniques are provided for an “on demand” or event-triggered end user monitoring/remote user monitoring (EUM/RUM) solution that is activated when the user has requested it, or an event (conditions of which are set by a user) occurs that triggers activation of the EUM/RUM solution. This EUM/RUM may be completely integrated into an enterprise IT Help Desk system, whereby support “tickets” are automatically generated when the monitoring solution is instantiated.

Abstract: Systems, methods, and computer-readable media are disclosed for proactively and adaptively rerouting data to a healthier path through network, as part of flow provisioning, based on environmental variables associated with devices in the network. The present technology includes identifying a routing path for forwarding traffic flows in a network, receiving diagnostic data of a routing device on the routing path. The diagnostic data include one or more environmental parameters associated with internal state and surroundings of the routing device. Further, the present technology includes comparing the diagnostic data of the routing device with a predetermined threshold and modifying, prior to a failure of the routing device, the routing path to bypass the routing device for at least a portion of the traffic flows based on the comparison between the diagnostic data of the routing device and the predetermined threshold.

Abstract: In one embodiment, a device obtains transaction data regarding a transaction attempted within a software development environment, wherein the transaction data is captured by instrumentation code inserted into the software development environment at runtime. The device identifies, based on the transaction data, an access policy for the transaction. The device makes, based on the access policy, a determination that the transaction is not authorized. The device causes, via the instrumentation code, the transaction to be blocked from completing within the software development environment.

Abstract: Techniques for a TCP proxy to communicate over a LEO satellite network on behalf of a client device by selecting a TCP congestion-control algorithm that is optimal for the LEO satellite network based on the time of day and/or location of the TCP proxy. Based on the locations of satellites during the day as they traverse predefined and patterned orbital paths, different TCP congestion-control algorithms may be more optimized to communicate data through the LEO satellite network. However, client devices generally use a single TCP congestion-control algorithm to communicate over WAN networks. Accordingly, a TCP proxy may be inserted on, for example, a router to communicate with the client device using a TCP congestion-control algorithm that the client device is configured to use, but then communicate over the LEO satellite network using a different TCP congestion-control algorithm that is optimal based on the time of day and/or other factors.

Abstract: Methods and apparatuses for prioritizing transactions are disclosed. An example method of an application performance monitor (APM) comprises intercepting a first packet being transmitted in a network that is monitored by the APM; determining that the first packet is associated with a transaction of the web application that is to be provided with an alternate level of service; modifying a field in the first packet to include metadata interpretable by at least one network device in the network to cause the at least one network device to provide the alternate level of service; and injecting the first packet into the network. The APM may cause network devices to prioritize a specific transaction of an application based on importance.

Abstract: In one embodiment, a device obtains transaction data regarding a transaction attempted by a client of an online application within the online application. The transaction data is captured by instrumentation code inserted into the online application at runtime. The device identifies, based on the transaction data, traffic in a network associated with the transaction. The device associates, based on the transaction data, a measure of importance with the traffic. The device causes the traffic to be sent by a networking device in the network according to its associated measure of importance.

Abstract: Methods are provided to perform a name resolution triggered monitoring agent selection for full stack observability. The methods involve obtaining a name resolution request for an enterprise service to be accessed by an endpoint device. A plurality of service instances are configured to provide the enterprise service. The methods further involve determining, based on the name resolution request, a monitoring agent from a plurality of monitoring agents of a monitoring service that monitors performance of the enterprise service and selecting a service instance, from the plurality of service instances, that is associated with the monitoring agent in a name resolution record. The methods further involve providing, to the endpoint device, location information for accessing the service instance and provisioning the monitoring agent to monitor the performance of the enterprise service executed by the service instance for the endpoint device.

Abstract: A method is provided that is performed using an application performance management agent running on an application and/or application microservices. The method comprises detecting a request to the application and/or application microservices for data, and inserting data compliance metadata into packet headers of packets that are to be sent in response to the request by the application and/or application microservices. The data compliance metadata comprises data-compliance markings associated with the data based on user/operator-defined data compliance requirements. The method further includes causing the packets to be sent into a network so that one or more network devices or services in the network can read the data compliance metadata and apply packet handling policies.

Abstract: Presented herein are techniques to facilitate infrastructure and policy orchestration in a shared workspace network environment. In one example, a method may include obtaining, by a service broker, a reservation request from a consumer network for a consumer, wherein the reservation request seeks a reservation to reserve, at least in part, at least one workspace device for the consumer for a workspace for a particular day and a particular time period; based on determining that the at least one workspace device is available, providing a response to the consumer network that includes a first indicator for identifying the reservation of the workspace and at least one second indicator identifying the at least one workspace device; and upon receiving a session request from the consumer network that includes the second indicator, establishing a management tunnel to interconnect the consumer network and the at least one workspace device via the service broker.

Abstract: This disclosure describes techniques for redirecting data traffic based on endpoint risk. An example method includes determining a risk associated with a first endpoint connected to a redirection point; determining that the risk exceeds a threshold; and based on determining that the risk exceeds the threshold, causing the redirection point to direct data traffic to a second endpoint and to refrain from directing the data traffic to the first endpoint.

Abstract: Techniques are described for classification-based data security management. The classification-based data security management can include utilizing device and/or data attributes to identify security modes for communication of data stored in a source device. The security modes can be identified based on a hybrid-encryption negotiation. The attributes can include a device resource availability value, an access trust score, a data confidentiality score, a geo-coordinates value, and/or a date/time value. The security modes can include a hybrid-encryption mode. The source device can utilize the hybrid-encryption mode to transmit the data, via one or more network nodes, such as an edge node, to one or more service nodes.

Abstract: This disclosure describes techniques for authentication using wearable devices. An example method includes determining that a user is wearing a secondary device; determining that the secondary device has detected a signal output by a primary device; determining that the user has confirmed an authentication factor output by the primary device; and enabling the user to access a secured resource via the primary device.

Abstract: Methods and devices provide fault injection testing techniques in a production network environment without risking service outages for hosted computing services, by providing examples of a remote network controller configured to communicate with network devices of a network; a remote fault injection communication protocol configuring a remote network controller in communication with a network device to signal a failure injection; and a failure injection module configuring a network device to configure a network device processor to implement a failure injection signaled according to the remote failure injection communication protocol. The method includes a network controller transmitting a failure injection signal in a control plane packet over a network connection to a network device, and the network device creating a child process by executing, in a dedicated runtime environment, a copy of one or more processes impacted by a parsed failure type.

Abstract: A method comprises: at a network device configured to be connected to a network and having control and data planes, and interfaces configured for network operations in the network: upon receiving, from a controller, instructions to form a local twin of the network device that is a virtual replica of the network device to be used for test purposes, creating the local twin and configuring the local twin to include virtual control and data planes, and virtual interfaces, which are virtual replicas of, and operate independently from, the control and data planes, and the interfaces, of the network device, respectively; and hosting the local twin on physical resources of the network device such that the local twin is configured for virtual network operations on the network device that replicate, but are independent from, the network operations.

Abstract: A first connection is established between a meeting server and a first endpoint device associated with a user. At least one multimedia stream for an online collaborative session is provided from the meeting server to the first endpoint device. The meeting server obtains an indication that a first strength of a first short-range wireless communication connection between an audio device and the first endpoint device is less than a second strength of a second short-range wireless communication connection between the audio device and a second endpoint device associated with the user. A second connection is established between the meeting server and the second endpoint device. The at least one multimedia stream is provided from the meeting server to the second endpoint device via the second connection in response to obtaining the indication.

Abstract: Techniques for expressing, communicating, de-conflicting, and enforcing consistent access policies between an IBN architecture and a Cloud-Native architecture. Generally, network administrators and/or users of a Cloud-Native architecture and an IBN architecture express access policies independently for the two different domains or architectures. According to the techniques described herein, a Network Service Endpoint (NSE) of the Cloud-Native architecture may exchange access policies with a network device of the IBN architecture. After exchanging access policies, conflicts between the sets of access policies may be identified, such as differences between allowing or denying communications between microservices and/or applications. The conflicts may be de-conflicted using various types of heuristics or rules, such as always selecting an access policy of the IBN architecture when conflicts arise.

Abstract: Techniques are provided for an “on demand” or event-triggered end user monitoring/remote user monitoring (EUM/RUM) solution that is activated when the user has requested it, or an event (conditions of which are set by a user) occurs that triggers activation of the EUM/RUM solution. This EUM/RUM may be completely integrated into an enterprise IT Help Desk system, whereby support “tickets” are automatically generated when the monitoring solution is instantiated.

Abstract: In one embodiment, an agent executed by a device intercepts webpage code for a website sent from an application server to a client of the website. The agent identifies a portion of the webpage code as being used for webpage analytics. The agent forms modified webpage code by disabling the portion of the webpage code, based on one or more performance metrics associated with the website. The agent sends the modified webpage code to the client of the website.