Abstract: A method, computer system, and computer program product are provided for managing content items, including tracking and/or updating content items. A content item is received from an author. A key is associated with the content item. Based on the key, a user is identified who is presenting the content item in a communication session. In response to determining that the author has updated the content item, the user is notified that an updated version of the content item is available for presentation in the communication session.

Abstract: Automating and extending path tracing through wireless links is provided by receiving request to perform a network trace over a wireless link provided by an Access Point (AP) configured as a transparent forwarder between a trace source and a trace target; monitoring a trace packet from a first time of arrival at the AP, a first time of departure from the AP, a second time of arrival at the AP, and a second time of departure from the AP; monitoring a buffer status of the AP at the first time of arrival and the second time of arrival; and in response to identifying a network anomaly based on the trace packet and the buffer status, adjusting a network setting at the AP.

Abstract: A method, computer system, and computer program product are provided for applying a dynamic security policy to shared content in collaborative applications. A selection of one or more content items is received for sharing in a communication session. A security policy is queried using a key that is associated with each of the one or more content items to determine a security policy for each of the one or more content items. A plurality of users participating in the communication session are identified. Each content item of the one or more content items is selectively presented to a subset of the plurality of users based on an identity of a respective user and the security policy of each content item.

Abstract: This disclosure describes techniques for providing information associated with an inter-cluster segment. For instance, system(s) may determine dependencies for first services associated with a first cluster and second dependencies for second services associated with a second cluster. The system(s) may then determine information for interconnections between the first cluster and the second cluster. The information may include at least dependencies for third services included in the inter-cluster segment and/or performance information for the third services. The system(s) may then generate a user interface that includes the first dependencies for the first services, the second dependencies for the second services, and the information for the inter-cluster segment. This way, a user is able to use the user interface to identify both problems occurring within the clusters and/or problems that are caused by the third services in the inter-cluster segment.

Abstract: This disclosure describes dynamically placing workloads using cloud service energy efficiency. The techniques include obtaining energy efficiency metrics (EEMs) that indicate the carbon footprint for different data centers of cloud service providers. In some configurations, an Energy Efficiency Quotient (EEQ) may be generated by an Energy Telemetry Engine (ETE) that indicates the energy efficiency for each data center/Point of Presence (POP) where a workload may be migrated/hosted. The ETE can be used to rank the different host locations (e.g., different data according to their EEQ. In some examples, one or more other metrics (e.g., latency, bandwidth, . . . ) may be used to identify any POPs that do not meet specified conditions (e.g., latency constraints, bandwidth constraints, . . . ). When a suitable host location is determined (e.g. a POP meets both the performance and EEQ specifications), the workload may be placed onto one or more resources of the selected data center.

Abstract: Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.

Abstract: Methods are provided in which a domain name system (DNS) service obtains a lookup request for information about a source of a traffic flow being transmitted to a network resource external of a service cluster and performs, based on the lookup request, a lookup operation for a microservice that is the source of the traffic flow, among a plurality of microservices of the service cluster registered with the DNS service. The methods further include providing information about the microservice based on the lookup operation. The information includes at least a name of the microservice for visibility of the microservice external of the service cluster.

Abstract: In one embodiment, a microservice, that provides one or more services for one or more distributed business transactions offered by an application, obtains a service request for a particular business transaction involving a particular user device executing the application. The microservice determines whether the service request includes an indication of authentication results for the particular business transaction that satisfy one or more authentication requirements of the microservice. The microservice sends, based on the indication of authentication results for the particular business transaction not satisfying the one or more authentication requirements of the microservice, a request for the particular user device to perform authentication for the particular business transaction to satisfy the one or more authentication requirements.

Abstract: In one embodiment, a service determines authentication credentials for a web application transaction. The service determines one or more performance metrics regarding the web application transaction. The service generates an enhanced web token comprising the one or more performance metrics regarding the web application transaction. The service sends the enhanced web token and the authentication credentials along a path of the web application transaction, the path including one or more services configured to use the one or more performance metrics sent in addition to the authentication credentials to process the web application transaction.

Abstract: Techniques are described for end-to-end network tracing involving external services. In one example, a synthetic agent identifies one or more external services that are involved in a process for interacting with a target application server. In response to identifying the one or more external services, the synthetic agent obtains telemetry data associated with the one or more external services. The synthetic agent correlates the telemetry data associated with the one or more external services and telemetry data associated with the target application server to generate an end-to-end network trace associated with the target application server.

Abstract: A method comprising: at a management entity configured to communicate with a network: upon detecting a performance problem on a network path in the network, generating a trigger probe having a correlation identifier, the trigger probe configured to transit the network path and, on one or more designated network nodes of the network path, trigger (i) capturing a full device state, including a control plane state and a data plane state, and (ii) exporting a report of the full device state with the correlation identifier; sending the trigger probe along the network path; receiving, from each of the one or more designated network nodes, the report that includes the correlation identifier and the full device state; and correlating each report to the performance problem based on the correlation identifier in each report, to diagnose a root cause of the performance problem using the full device state in each report.

Abstract: This disclosure describes techniques for providing business value information with health information for services. For instance, system(s) may determine health scores for the services, such as by using key performance indicators associated with the services. The system(s) may also determine the business values associated with the services. A business value associated with a service may include, but is not limited to, a revenue, a cost, a worth of a transaction, and/or any other type of business value. The system(s) may then generate a user interface that includes the health scores and the business values. A user may then use the user interface to prioritize the services, such as when problems occur with the services. By using the user interface to prioritize the services, the user is able to use both the health scores and the business values when prioritizing the services.

Abstract: This disclosure describes techniques for providing information associated with an inter-cluster segment. For instance, system(s) may determine dependencies for first services associated with a first cluster and second dependencies for second services associated with a second cluster. The system(s) may then determine information for interconnections between the first cluster and the second cluster. The information may include at least dependencies for third services included in the inter-cluster segment and/or performance information for the third services. The system(s) may then generate a user interface that includes the first dependencies for the first services, the second dependencies for the second services, and the information for the inter-cluster segment. This way, a user is able to use the user interface to identify both problems occurring within the clusters and/or problems that are caused by the third services in the inter-cluster segment.

Abstract: This disclosure describes techniques for determining risk scores and root-cause scores associated with services. For instance, system(s) may determine health scores for the services, such as by using key performance indicators associated with the services. The system(s) may then use the health scores to determine the risk scores and the root-cause scores for the services. A risk score may indicate a probability and/or likelihood that a service will experience problems because of the health of service(s) that are upstream and/or downstream from the service. A root-cause score may indicate a probability and/or likelihood that a service is the cause for problem(s) that are occurring. In some circumstances, the system(s) then generate a user interface that includes the health sores, the risk scores, and/or the root-cause scores. This way, a user is able to view the user interface to determine potential problems and/or current service problems.

Abstract: A method, computer system, and computer program product are provided for controlling data access and visibility using a context-based security policy. A request from an endpoint device to receive data is received at a server, wherein the request includes one or more contextual attributes of the endpoint device including an identity of a user of the endpoint device. The one or more contextual attributes are processed to determine that the endpoint device is authorized to receive the data. A security policy is determined for the data based on the one or more contextual attributes. The data is transmitted, including the security policy, to the endpoint device, wherein the endpoint devices enforces the security policy to selectively permit access to the data by preventing the endpoint device from displaying the data to an unauthorized individual.

Abstract: In one embodiment, a service associates a plurality of descriptive tags with a node in a network, based on an inspection of packets sent by the node that is performed by one or more sensors deployed to the network. The service identifies, based on the plurality of descriptive tags, data to be extracted from traffic of the node by an edge device located at an edge of the network. The service determines, based on the plurality of descriptive tags, an external destination to which the data should be sent by the edge device after extraction. The service sends a data pipeline configuration to the edge device, wherein the data pipeline configuration causes the edge device to extract the data from the traffic sent by the node and to send the data to the external destination.

Abstract: This disclosure describes techniques for selectively providing access to a physical space. An example method includes identifying a location of a device associated with an authorized user based on an electromagnetic signal received by at least one sensor from the device. The electromagnetic signal has a frequency that is greater than or equal to 24 gigahertz (GHz). The example method further includes determining that the location of the device is within a threshold distance of a location of a threshold to a secured space and determining that an authentication score indicating that an individual carrying the device is the authorized user is greater than a threshold score. The authentication score is associated with multiple authentication factors identified by the device. Based on determining that the authentication score is greater than the threshold score, the threshold is unlocked and/or opened.

Abstract: This disclosure describes techniques for enabling selective connections between user devices and trusted network devices. An example method includes receiving a beacon from a network device. The beacon includes a trust level of the network device. The method further includes determining that the trust level of the network device satisfies a predetermined trust criterion. Based on determining that the trust level of the network device satisfies the predetermined trust criterion, the method includes transmitting a connection request to the network device. Further, user data is received from the network device.

Abstract: Techniques for expressing, communicating, de-conflicting, and enforcing consistent access policies between an IBN architecture and a Cloud-Native architecture. Generally, network administrators and/or users of a Cloud-Native architecture and an IBN architecture express access policies independently for the two different domains or architectures. According to the techniques described herein, a Network Service Endpoint (NSE) of the Cloud-Native architecture may exchange access policies with a network device of the IBN architecture. After exchanging access policies, conflicts between the sets of access policies may be identified, such as differences between allowing or denying communications between microservices and/or applications. The conflicts may be de-conflicted using various types of heuristics or rules, such as always selecting an access policy of the IBN architecture when conflicts arise.

Abstract: Methods are provided in which a domain name system (DNS) service obtains a lookup request for information about a source of a traffic flow being transmitted to a network resource external of a service cluster and performs, based on the lookup request, a lookup operation for a microservice that is the source of the traffic flow, among a plurality of microservices of the service cluster registered with the DNS service. The methods further include providing information about the microservice based on the lookup operation. The information includes at least a name of the microservice for visibility of the microservice external of the service cluster.