Abstract: One or more data packets intended for a workload running on the server are received from an endpoint at a proxy associated with a server. The proxy associated with the server determines whether the one or more data packets intended for the workload are encrypted with a certificate associated with a policy group that includes the workload. The one or more data packets are provided to the workload based on whether the one or more data packets intended for the workload are encrypted with a certificate associated with a policy group that includes the workload.

Abstract: One or more security groups associated with a cloud provider are determined. One or more network polices associated with a container-orchestrator system are determined. One or more network security policies are generated based on the one or more determined security groups associated with the cloud provider and the one or more determined network policies associated with the container. The one or more network security policies are distributed to one or more VM instances of a cloud network. The one or more VM instances are configured to enforce network security based on the one or more network security policies.

Abstract: Metadata associated with a workload is determined. The workload is associated with a consumer of a service. One or more policies associated with the metadata are retrieved. An agent is configured to perform policy-controlled service routing of communications comprising the data packets with respect to the workload based on the one or more policies.

Abstract: Measures for routing data packets in a data center network are provided. A packet forwarding function in a server in a data center network is configured to forward data packets to/from virtual systems hosted on that server. The packet forwarding function is configured to make forwarding decisions for received data packets based on the destination internet protocol (IP) address of the received data packet, and forward the data packet at least on the basis of the forwarding decision.

Abstract: A policy group associated with one or more data packets received from a workload is determined. The one or more data packets are encrypted with a certificate associated with the policy group. The encrypted one or more data packets are sent to an endpoint.

Abstract: Measures for routing data packets in a data center network are provided. A packet forwarding function in a server in a data center network is configured to forward data packets to/from virtual systems hosted on that server. The packet forwarding function is configured to make forwarding decisions for received data packets based on the destination internet protocol (IP) address of the received data packet, and forward the data packet at least on the basis of the forwarding decision.

Abstract: Measures, including systems, methods and non-transitory computer-readable storage mediums, for use in operating a data center network, the data center network including an interconnect fabric including a plurality of spine switches, a plurality of top-of-rack switches and a plurality of compute servers. The interconnect fabric is configured to implement a plurality of independent spine switch planes. Each spine switch plane in the plurality of independent spine switch planes includes a different spine switch in the plurality of spine switches. The configuring includes configuring Layer 2 networking within each independent spine switch plane in the plurality of independent spine switch planes.

Abstract: Measures for routing data packets in a data center network are provided. A packet forwarding function in a server in a data center network is configured to forward data packets to/from virtual systems hosted on that server. The packet forwarding function is configured to make forwarding decisions for received data packets based on the destination internet protocol (IP) address of the received data packet, and forward the data packet at least on the basis of the forwarding decision.

Abstract: Measures for controlling communication access in a data center network are provided. A packet forwarding function in a server in a data center network is configured to access an access control data store when making forwarding decisions for received data packets which are being routed to/from virtual systems hosted on that server. In response to receipt, at the server, of a setup notification relating to setup of a virtual machine on the server, one or more entries are populated in the access control data store. The entries comprise an internet protocol (IP) address of the virtual system and at least one associated IP address of one or more other communication endpoints.

Abstract: Measures for establishing connectivity in a data center network are provided. A virtual connection is created between a virtual system hosted on a server in a data center network, and a packet forwarding function in that server. Additionally, an entry is populated in a packet forwarding data store in the server, which includes an internet protocol (IP) address of the virtual system and an associated identifier for the created virtual connection. The packet forwarding data store is accessed by the packet forwarding function when making forwarding decisions for received data packets.

Abstract: Measures for controlling communication access in a data center network are provided. A packet forwarding function in a server in a data center network is configured to access an access control data store when making forwarding decisions for received data packets which are being routed to/from virtual systems hosted on that server. In response to receipt, at the server, of a setup notification relating to setup of a virtual machine on the server, one or more entries are populated in the access control data store. The entries comprise an internet protocol (IP) address of the virtual system and at least one associated IP address of one or more other communication endpoints.