Abstract: Novel techniques are disclosed for accessing resources in both CSP-provided infrastructure in a region and a remote infrastructure through various control planes associated with a virtual private label cloud (vPLC). In some embodiments, the CSP-provided infrastructure in a region and a remote infrastructure are connected through a communication channel. In some embodiments, a control plane associated with the CSP-provided infrastructure in a region can provide access to both infrastructures (i.e., the CSP-provided infrastructure in a region and the remote infrastructure). In some embodiments, a control plane associated with the vPLC in the CSP-provided infrastructure in a region can provide access to both infrastructures. Yet, in other embodiments, a control plane associated with the vPLC but located within the remote infrastructure can provide access to both infrastructures.

Abstract: Novel techniques are disclosed for virtualizing a cloud infrastructure in a region provided by a cloud service provider (CSP) to allow a reseller of the CSP to provide reseller-offered cloud services using a securely isolated portion of the CSP-provided infrastructure in the region and have a direct business relationship with the reseller'customers. In certain embodiments, the CSP-provided infrastructure in a region is organized into one or more data centers. In certain embodiments, the securely isolation portion of the CSP-provided infrastructure comprises at least one compute resource or a memory resource.

Abstract: Novel techniques are disclosed for enabling customizable consoles of different virtual private label clouds (vPLCs). In some embodiments, one console server may execute multiple consoles for multiple vPLCs and CSP. In other embodiments, one console server may be dedicated to a vPLC-specific console. In certain embodiments, console customization including a customized set of console user interfaces (UIs) may be performed for each vPLC-specific console.

Abstract: Novel techniques of resource allocation services for virtual private label cloud (vPLC) are disclosed. A vPLC is created for a reseller of a Cloud Services Provider (CSP) using CSP-provided infrastructure in a region such that the reseller can provide one or more reseller-offered cloud services to customers of the reseller. In certain embodiments, the resource allocation services check a first-level policy and a resource database to determine whether a requested resource is allowed and available to be allocated to a vPLC associated with a reseller. The resource allocation services may further check a second-level policy and the resource database to determine whether the requested resource is allowed and available to be allocated to a customer of the reseller. In some embodiments, the resource allocation services may allocate resources for a vPLC according to a partitioning requirement.

Abstract: Novel techniques are disclosed that enable the creation of a two-tier marketplace comprising a CSP marketplace and one or more marketplaces for virtual private label clouds (vPLCs). Each marketplace can be created and operated independently. In some embodiments, a publisher may publish a solution offering directly on a vPLC marketplace without involving the CSP marketplace. In other embodiments, a solution offering published on a marketplace may be automatically republished on another marketplace. Yet, in another embodiment, a customer subscribing to a vPLC marketplace can see a composite view of a directly published solution listing and a republished solution listing.

Abstract: Novel techniques are disclosed for enabling identity cloud service for virtual private label clouds (vPLCs). A vPLC is created for a reseller of a Cloud Services Provider (CSP) using CSP-provided infrastructure in a region such that the reseller can provide one or more reseller-offered cloud services to customers of the reseller. In some embodiments, the identity management may be configured with either a shared identity cloud service (IDCS) stack model or an independent IDCS stack model. In certain embodiments, two-tier vPLC-aware identity management functions are performed for resellers of the CSP and customers of the resellers.

Abstract: Novel techniques for creating service endpoints associated with different virtual private label clouds (vPLCs) for accessing a cloud service are disclosed. In certain embodiments, an endpoint management service (EMS) uses a novel architecture that enables the concurrent use of multiple vPLC-specific service endpoints with one endpoint per cloud service per vPLC to access the same cloud service running on multiple vPLC-specific resources. In some embodiments, each vPLC-specific service endpoint may be associated with a fully qualified domain name (FQDN) and an IP address.

Abstract: Novel techniques for resource usage monitoring, billing, and enforcement for virtual private label clouds (vPLCs) are disclosed. In some embodiments, resource usage for a vPLC associated with a reseller is monitored at both reseller level and customer-of-reseller level using resource IDs, and stored as usage information in two levels and associated with a tenancy ID for the reseller (at the reseller level) and tenancy IDs for customers of the reseller (at the customer-of-reseller level). In some embodiments, a two-level billing process generates invoices using two-level pricing information and the generated invoices to either resellers or customers of resellers directly. In some embodiments, usage enforcement can be performed per vPLC or per customer tenancy of a reseller's customer.

Abstract: Techniques for facilitating connectivity to vPLCs created in a CSP-provided infrastructure in a region. Within the CSP-provided infrastructure in a region, when the destination of a packet is determined to be an endpoint associated with a particular vPLC, the packet is tagged with information related to the particular vPLC. The vPLC-related information for the particular vPLC can include, for example, a vPLC identifier identifying the particular vPLC, an identifier identifying a customer associated with the endpoint, a virtual cloud network identifier identifying a virtual cloud network (VCN) belonging to the particular vPLC and where the endpoint is part of the VCN, and other vPLC-related information. The packet is then routed or communicated within the CSP-provided infrastructure in a region along with the tagged vPLC-related information. The vPLC-related information is used as part of the connectivity and for routing of packets within the CSP-provided infrastructure in a region.

Abstract: Novel techniques are disclosed for providing vPLC-specific metadata service including customized vPLC-specific metadata. In certain embodiments, each vPLC may generate a customized metadata using its corresponding vPLC-specific customization instructions. In some embodiments, a vPLC-specific metadata service may be performed using pre-generated customized vPLC-specific metadata, on-the-fly customized metadata, pre-generated CSP-format metadata, or combinations thereof.

Abstract: In some aspects, a computing device of the virtual cloud network may select one or more filters from a plurality of filters for a data pipeline, the plurality of filters comprising at least one of: a malware filter; a content filter; a signature filter; a content analyzer; a machine learning filter; or an artificial intelligence filter. A sequential order for the one or more selected filters in the data pipeline can be determined. A message may be received in the data pipeline from a network interface card (NIC), the network interface card being configured as a one-way transfer device. The message in the data pipeline may be filtered by passing the message through the one or more selected filters in the determined sequential order. The computing device of the virtual cloud network may provide logs of events occurring in the data pipeline via a logging network.

Abstract: In some aspects, a computing device of the disconnected network may generate an application programming interface (API) configured to present a set of filter types. A selection of one or more filters types from the set of filter types may be received via an API. A sequential order for the selected filter types may be received via an API. A data pipeline with the selection of filters in the sequential order may be generated. A message received at a one-way transfer device may be analyzed by passing the message through the selected filters in the sequential order. A log of events occurring in the data pipeline may be received via a logging network. The log of events may be presented via the application programing interface. The data pipeline may be terminated upon receiving a termination command via the application programming interface.

Abstract: A computing device of the control plane may disconnect a server from at least one of a network path or a first boot storage device, the server having an initial network address. The computing device of the control plane may store a server state of the server in a storage device of the control plane. The computing device of the control plane may connect the server to an update storage device containing an update code. The computing device of the control plane may instruct the server to execute the update code. The computing device of the control plane may determine that the server has executed the update code. The computing device of the control plane may restore the server to the server state. The computing device of the control plane may reconnect the server to at least one of the network path or the first boot storage device.

Abstract: The present embodiments relate to providing near real-time communications from a public network to a private network. A first computing device in a public network can obtain data packets to be provided to the private network from an application executing on the first computing device. A trust module executed by the first computing device can authenticate the user, application, and the data packets to be provided to the private network and add metadata relating to the sending user, recipient user, etc. The data packets can be forwarded to the private network via a cross-domain system (CDS). The metadata and the digital signature on the data packets can be verified by a trust module executing on a second computing device in the private network. The second computing device can receive the data packets and store the data packets for subsequent actions to be performed in the private network.

Abstract: The present embodiments relate to providing near real-time communications from a public network to a private network. A first computing device in a public network can obtain data packets to be provided to the private network from an application executing on the first computing device. A trust module executed by the first computing device can authenticate the user, application, and the data packets to be provided to the private network and add metadata relating to the sending user, recipient user, etc. The data packets can be forwarded to the private network via a cross-domain system (CDS). The metadata and the digital signature on the data packets can be verified by a trust module executing on a second computing device in the private network. The second computing device can receive the data packets and store the data packets for subsequent actions to be performed in the private network.

Abstract: A system in which a device may automatically provision another device with credentials, at the behest of a cloud-based service, based in part on the physical proximity of the device to be provisioned. The provisioning device and the device to be provisioned may use a radio access technology (RAT) with a limited radio range. Account information associated with the device to be provisioned is known to the cloud-based service, which authenticates the device to be provisioned via the device with credentials.

Abstract: The present embodiments relate to providing near real-time communications from a public network to a private network. A first computing device in a public network can obtain data packets to be provided to the private network from an application executing on the first computing device. A trust module executed by the first computing device can authenticate the user, application, and the data packets to be provided to the private network and add metadata relating to the sending user, recipient user, etc. The data packets can be forwarded to the private network via a cross-domain system (CDS). The metadata and the digital signature on the data packets can be verified by a trust module executing on a second computing device in the private network. The second computing device can receive the data packets and store the data packets for subsequent actions to be performed in the private network.

Abstract: A system in which a device may automatically provision another device with credentials, at the behest of a cloud-based service, based in part on the physical proximity of the device to be provisioned. The provisioning device and the device to be provisioned may use a radio access technology (RAT) with a limited radio range. Account information associated with the device to be provisioned is known to the cloud-based service, which authenticates the device to be provisioned via the device with credentials.

Abstract: Various technologies described herein pertain to configuring an access point in a local network for operation in a community Wi-Fi network. The community Wi-Fi network includes access points in differing local networks that share respective network bandwidth capacities with member computing devices of the community Wi-Fi network. A request to join the access point to the community Wi-Fi network is transmitted from the access point to a community aggregation system. Responsive to the request, the community aggregation system transmits a firmware update to the access point. The access point installs the firmware update in memory of the access point. Moreover, responsive to installation of the firmware update, the access point can share network bandwidth capacity with the member computing devices of the community Wi-Fi network. Further, the community aggregation system supports transparent handoffs between access points in to the community Wi-Fi network.

Abstract: A system in which a device may automatically provision another device with credentials, at the behest of a cloud-based service, based in part on the physical proximity of the device to be provisioned. The provisioning device and the device to be provisioned may use a radio access technology (RAT) with a limited radio range. Account information associated with the device to be provisioned is known to the cloud-based service, which authenticates the device to be provisioned via the device with credentials.