Abstract: A scanner service can be configured to scan one or more nodes associated with a container management service. The container management service can be configured to manage a set of services by allocating managed containers associated with the set of services to the one or more nodes. The scanner service can be configured to identify vulnerabilities of processes running on the one or more nodes. The vulnerabilities can be attributed to the containers and/or the associated services rather than to the nodes. The scanner service is aware of the container management service and communicates vulnerabilities of associated containers.

Abstract: Routines are used to connect bot queries entered via a bot interface and database queries executed on a database. Each routine is associated with routine configurations, including (a) query attributes associated with bot queries that trigger the routine, (2) a database query executed or to be executed for the routine, and/or (3) display settings for displaying information returned from the database query in a bot response. Each routine is configured to generate an output structured data object (SDO) indicating information returned from the database query and the display settings applicable to the information. The output SDOs from the various routines are transmitted to the bot application via a single API endpoint. The routine configurations are entered by a design user through one or more design user interfaces rendered by an integrative configuration application module.

Abstract: Techniques for implementing an infrastructure orchestration service are described. A configuration file for a deployment to a first execution target and a second execution target can be received. A first safety plan can be generated for the first execution target that comprises a first list of resources and operations associated with deployment at the first execution target. Approval of the first safety plan can be received. A second safety plan can be generated for the second execution target that comprises a second list of resources and operations associated with deployment at the second execution target. A determination can be made whether the second safety plan is a subset of the first safety plan. If the determination is that the second safety plan is a subset of the first safety plan, the second safety plan can automatically be approved and transmitted to the second execution target for deployment.

Abstract: Methods, systems, and computer readable media for reporting a reserved load to a network function in a communications network are disclosed. One method includes determining, by a NF service producer, a current compute load metric value for the NF service producer operating in a communications network and detecting a number of active sessions supported at the NF service producer. The method further includes deriving a reserved compute load metric value corresponding to a predicted number of subsequent service requests at the NF service producer based on the number of active sessions and a predictive reserved load percentage value and calculating an adjusted reported compute load metric value amounting to a sum of the current compute load metric value and the reserved compute load metric value.

Abstract: A computer comprising one or more processors and memory may implement multiple threads that perform a lock operation using a data structure comprising an allocation field and a grant field. Upon entry to a lock operation, a thread allocates a ticket by atomically copying a ticket value contained in the allocation field and incrementing the allocation field. The thread compares the allocated ticket to the grant field. If they are unequal, the thread determines a number of waiting threads. If the number is above the threshold, the thread enters a long term wait operation comprising determining a location for long term wait value and waiting on changes to that value. If the number is below the threshold or the long term wait operation is complete, the thread waits for the grant value to equal the ticket to indicate that the lock is allocated.

Abstract: A data object has a lock and a condition indicator associated with it. Based at least partly on detecting a first setting of the condition indicator, a reader stores an indication that the reader has obtained read access to the data object in an element of a readers structure and reads the data object without acquiring the lock. A writer detects the first setting and replaces it with a second setting, indicating that the lock is to be acquired by readers before reading the data object. Prior to performing a write on the data object, the writer verifies that one or more elements of the readers structure have been cleared.

Abstract: Techniques discussed herein manage backups of a service cell (SC). Each SC may include a data plane that is isolated from other SCs and comprises a distributed computing cluster (a cluster). A manifest that specifies one or more backup policies may be used to generate a full backup or a partial backup of a data set stored by the cluster. In accordance with the manifest, a signal may be sent to nodes of the cluster. In response, the nodes may transmit locally-stored data (e.g., data segments) to specified locations at a remote storage. The system may maintain a mapping of which segments correspond to data that was stored in the cluster at a time corresponding to a full or partial backup.

Abstract: The illustrative embodiments provide a consensus protocol with a priority-based leadership election approach. Each server or node in the cluster has an associated priority based on the capabilities and capacities of the servers. The leadership election is divided into two phases: a term increase phase and an election voting phase. A candidate sends a message to peers in the cluster to determine whether all peers agree to allow the candidate to increase the term number. If there is no opposition, then the candidate increases the term number and then proceeds to the election voting phase. Each peer determines whether the candidate requesting the term increase has a log that is up to date. If the log of the candidate is equally as advanced as the peer's log, then the peer approves or opposes the term increase based on a priority comparison.

Abstract: A method may include receiving a request for a big data query including characteristics and user parameters and accessing a set of rules based at least in part on respective properties of one or more big data query engines, the set of rules correlating the one or more characteristics, the one or more user parameters and the respective properties. The method may include determining a candidate list including a subset of the big data query engines, determined based on the set of rules. Using a machine learning model, the method may include generating respective probability scores for each big data query engine. The method may include selecting and executing the big data query using a particular big data query engine. The method may include identifying a trigger indicating a performance issue with the particular big data query engine and switching the execution to a second big data query engine.

Abstract: Techniques for filtering queries to a large language model (LLM) based on their relevance to an enterprise domain associated with the LLM involve training a machine learning model using historical LLM query data and associated relevance scores. These scores indicate how closely a query relates to the enterprise's operations. The trained model is then applied to new input queries, generating relevance scores for the input queries. Queries meeting a predetermined relevance threshold are passed to the LLM for processing. For queries falling below this threshold, remedial actions are taken instead of processing by the LLM. The techniques optimize computational resource allocation by prioritizing queries relevant to the enterprise while filtering out less pertinent ones. The techniques create a relevance-based gatekeeping mechanism for LLM query processing, enhancing efficiency and focusing the LLM's capabilities on enterprise-specific tasks.

Abstract: Described herein is a token exchange framework between two different cloud services providers. A multi-cloud infrastructure included in a first cloud environment that is provided by a first cloud services provider (CSP) receives a first request from a user associated with an account in a second cloud environment that is provided by a second CSP. The first request corresponds to using of a service provided by the first cloud environment and includes a first token issued by the second CSP. The multi-cloud infrastructure obtains a second token issued by the first CSP based on validating the first token with respect to a trust configuration corresponding to the second CSP. The trust configuration is previously generated and maintained by the first CSP in the first cloud environment. The multi-cloud infrastructure transmits the second token to the service to enable the user to utilize the service provided by the first cloud environment.

Abstract: Described herein is a token exchange framework between two different cloud services providers. A multi-cloud infrastructure included in a first cloud environment that is provided by a first cloud services provider (CSP) receives a first request from a user associated with an account in a second cloud environment that is provided by a second CSP. The first request corresponds to using of a service provided by the first cloud environment and includes a first token issued by the second CSP. The multi-cloud infrastructure obtains a second token issued by the first CSP based on validating the first token with respect to a trust configuration corresponding to the second CSP. The trust configuration is previously generated and maintained by the first CSP in the first cloud environment. The multi-cloud infrastructure transmits the second token to the service to enable the user to utilize the service provided by the first cloud environment.

Abstract: The present disclosure relates to network connectivity and reachability monitoring in cloud environments. In an example, a computer receives, from a device of a customer, input indicating a destination that belongs to a virtual cloud network and a set of vantage points for testing the destination. Based on the input, a first source is deployed to a first network location associated with a first vantage point and a second source is deployed to a second network location associated with a second vantage point. Each source is configured to send probes of different types to the destination. The computer system receives, probe data from each source based on probes sent by the source to the destination. Based on the received probe data, the computer system generates test data indicating at least one of connectivity or reachability of the destination. The test data is presented at a user interface.

Abstract: Operations may include receiving, from a first network entity, a first request for a first certificate revocation list (CRL) that identifies a first CRL distribution point (CDP) corresponding to the first CRL; mapping the first CDP to a first CRL identifier of a set of available CRL identifiers; locating, in a CRL repository, a first CRL based on the first CRL identifier; and transmitting the first CRL to the first network entity.

Abstract: Techniques are described for using taints and assertions to protect data within one or more networks. Instead of being restricted to perimeter-based security and defining and creating rules that are difficult to maintain, techniques described herein allow users to protect data using assertions that are enforced at different enforcement points within one or more networks. According to some configurations, the assertions/policy statements defined by a user specify where data is allowed to travel throughout one or more networks. Assertions/policy statements can be as simple as “Red data never leaves my tenancy”, “Blue data never reaches the internet”, “Blue data is not stored with Red data”, “Green data never leaves Data Zone 2”, and the like. In some examples, a policy statement can protect the flow of data based on a number of hops the resource is from where the data is stored.

Abstract: Operations of a certificate authority (CA) service may include aggregating in a certificate repository, a plurality of sets of CA certificates, in which each set of CA certificates is issued by a particular CA that is associated with a particular trust zone and that is trusted by a particular set of network entities located in the particular trust zone. The operations may further include distributing for access by an additional set of network entities, an aggregate set of CA certificates that includes the plurality of sets of CA certificates. The additional set of network entities may utilize the plurality of sets of CA certificates to authenticate network entities located in different trust zones.

Abstract: Operations of a certificate bundle validation service may include receiving a first certificate bundle that includes a first set of one or more digital certificates, and a digital signature, associated with the first certificate bundle; determining, using a public key of an asymmetric key pair associated with a second set of one or more digital certificates, that the digital signature is generated using a private key of the asymmetric key pair; and responsive to determining that the digital signature is generated using the private key, storing the first certificate bundle in a certificate repository as a trusted certificate bundle.

Abstract: Described herein is a token exchange framework between two different cloud services providers. A multi-cloud infrastructure included in a first cloud environment that is provided by a first cloud services provider (CSP) receives a first request from a user associated with an account in a second cloud environment that is provided by a second CSP. The first request corresponds to using of a service provided by the first cloud environment and includes a first token issued by the second CSP. The multi-cloud infrastructure obtains a second token issued by the first CSP based on validating the first token with respect to a trust configuration corresponding to the second CSP. The trust configuration is previously generated and maintained by the first CSP in the first cloud environment. The multi-cloud infrastructure transmits the second token to the service to enable the user to utilize the service provided by the first cloud environment.

Abstract: Operations of a certificate bundle distribution service may include: detecting a trigger condition to distribute a certificate bundle that includes a set of one or more certificate authority certificates; partitioning each particular network entity of a plurality of network entities associated with a computer network into one of a plurality of certificate distribution groups based on a network address of the particular network entity, in which each particular certificate distribution group includes a particular subset of network entities from the plurality of network entities; selecting a particular certificate distribution group, of the plurality of certificate distribution groups, for distribution of the certificate bundle; and transmitting the certificate bundle to the particular subset of network entities in the particular certificate distribution group.

Abstract: In accordance with various embodiments, described herein is a system (Data Artificial Intelligence system, Data AI system), for use with a data integration or other computing environment, that leverages machine learning (ML, DataFlow Machine Learning, DFML), for use in managing a flow of data (dataflow, DF), and building complex dataflow software applications (dataflow applications, pipelines). In accordance with an embodiment, the system can provide data governance functionality such as, for example, provenance (where a particular data came from), lineage (how the data was acquired/processed), security (who was responsible for the data), classification (what is the data about), impact (how impactful is the data to a business), retention (how long should the data live), and validity (whether the data should be excluded/included for analysis/processing), for each slice of data pertinent to a particular snapshot in time; which can then be used in making lifecycle decisions and dataflow recommendations.