Abstract: Architecture that facilitates the virtual specification of a connection between physical endpoints. A network can be defined as an abstract connectivity model expressed in terms of the connectivity intent, rather than any specific technology. The connectivity model is translated into configuration settings, policies, firewall rules, etc., to implement the connectivity intent based on available physical networks and devices capabilities. The connectivity model defines the connectivity semantics of the network and controls the communication between the physical nodes in the physical network. The resultant virtual network may be a virtual overlay that is independent of the physical layer. Alternatively, the virtual overlay can also include elements and abstracts of the physical network(s). Moreover, automatic network security rules (e.g., Internet Protocol security-IPSec) can be derived from the connectivity model of the network.

Abstract: Embodiments are directed to providing a multi-tenant relay service that securely relays data between computer systems. A computer system receives a portion of data that is to be passed from a first computer system belonging to a first tenant to a second, different computer system. The instantiated multi-tenant relay service is configured to securely relay data for multiple different tenants. The computer system creates a secure routing channel for routing the data of the first tenant between the first computer system and the second computer system. The secure routing channel applies a unique identifier to each portion of data received from the first tenant. The computer system also routes the received data from the first computer system to the second computer system through the secure routing channel using the applied unique identifier.

Abstract: Embodiments are directed to providing a multi-tenant relay service that securely relays data between computer systems. A computer system receives a portion of data that is to be passed from a first computer system belonging to a first tenant to a second, different computer system. The instantiated multi-tenant relay service is configured to securely relay data for multiple different tenants. The computer system creates a secure routing channel for routing the data of the first tenant between the first computer system and the second computer system. The secure routing channel applies a unique identifier to each portion of data received from the first tenant. The computer system also routes the received data from the first computer system to the second computer system through the secure routing channel using the applied unique identifier.

Abstract: Architecture that facilitates the virtual specification of a connection between physical endpoints. A network can be defined as an abstract connectivity model expressed in terms of the connectivity intent, rather than any specific technology. The connectivity model is translated into configuration settings, policies, firewall rules, etc., to implement the connectivity intent based on available physical networks and devices capabilities. The connectivity model defines the connectivity semantics of the network and controls the communication between the physical nodes in the physical network. The resultant virtual network may be a virtual overlay that is independent of the physical layer. Alternatively, the virtual overlay can also include elements and abstracts of the physical network(s). Moreover, automatic network security rules (e.g., Internet Protocol security-IPSec) can be derived from the connectivity model of the network.

Abstract: Modeling operational policies of operating a business's or institution's actual or planned IT system. The IT system may include components such as applications, application hosts, one or more networks or components thereof, hardware, and interrelationships between the components. The IT system is to be operated in accordance with operational policies that govern existence or numerosity of components, how the components are interrelated, how the components and interrelationships are configured, and/or manual or automated processes for managing and maintaining the IT system. The modeling may involve generating code that conforms to a language by declaring abstractions using types that correspond to the components of the IT system, by declaring types of interrelationships that correspond to the interrelationships of the IT system, and by defining constraints upon and between the abstract types, where the constraints correspond to operational policies of operating the IT system.

Abstract: In accordance with certain aspects of the model-based policy application, each of a plurality of policies is associated with appropriate parts of a model of a heterogeneous system. A deployment agent is invoked to apply each of the plurality of policies to components associated with the parts of the model. An identification of a change to one of the plurality of policies is received, and the deployment agent is also invoked to apply the changed policy to selected ones of the components associated with the parts of the model.

Abstract: The present modeling technique allows context to be associated with structural elements. These structural elements are defined within a containing class (i.e., a context-supported class). Thus, knowledge that is captured about complex internal behavior of the structural elements (e.g., constraints) may be incorporated within the context-supported class without requiring business logic. The context-supported structure includes one or more parts associated with the context-supported structure through relationships. The context-supported structure may also include one or more connectors associated with the context-supported structure. The connectors connect two types of classes together to enforce a specific constraint. The two types of classes may be parts associated with the context-supported structure or other classes that are not part of the context-supported structure.