Abstract: The present embodiments relate to a CI replication service that can replicate domain data from IDCS control plane to data plane and to all subscribed regions of a domain. For instance, the CI replication service can provide replication of required resources of a domain for AuthN and AuthZ from an IDCS local region to other regions for high availability (e.g., to improve latency). The CI replication service can replicate the resources from a domain's home region to all subscribed regions for local availability of data for workloads running in those regions. Further, when a new region is subscribed for a domain, then the service can bootstrap that domain's data from home region before enabling that region for the domain.

Abstract: NUMA-aware reader-writer locks may leverage lock cohorting techniques that introduce a synthetic level into the lock hierarchy (e.g., one whose nodes do not correspond to the system topology). The synthetic level may include a global reader lock and a global writer lock. A writer thread may acquire a node-level writer lock, then the global writer lock, and then the top-level lock, after which it may access a critical section protected by the lock. The writer may release the lock (if an upper bound on consecutive writers has been met), or may pass the lock to another writer (on the same node or a different node, according to a fairness policy). A reader may acquire the global reader lock (whether or not node-level reader locks are present), and then the top-level lock. However, readers may only hold these locks long enough to increment reader counts associated with them.

Abstract: A universal code editor (UCE) is described that can be used for authoring and editing artifacts associated with multiple different cloud services. A single instance of the UCE and the associated user interface (UI) can be used to select and edit one or more artifacts from different cloud services. The cloud services may be provided by the same cloud service provider or by different cloud service providers. In certain embodiments, the UCE is implemented as part of a cloud-based IDE.

Abstract: Techniques are disclosed for augmenting data sets used for training machine learning models and for generating predictions by trained machine learning models. The techniques generate synthesized data from sample data and train a machine learning model using the synthesized data to augment a sample data set. Embodiments selectively partition the sample data set and synthesized data into a training data and a validation data, which are used to generate and select machine learning models.

Abstract: The present disclosure describes an anomaly detection system that generates a resource group including a plurality of resources of a monitored environment based on a grouping property. The values of the grouping property associated with the plurality of resources satisfy a first condition. A first invariance identifying property is selected from a set of invariance identifying properties. It is determined whether values of the first invariance identifying property associated with the plurality of resources satisfy a second condition. Responsive to a successful determination, a first invariant is incorporated in a baseline, wherein the first invariant is defined by the grouping property and the first invariance identifying property. The baseline is used by the anomaly detection system for performing anomaly detection of the monitored environment.

Abstract: Techniques are disclosed for providing high performant packets processing capabilities in a virtualized cloud environment that enhance the scalability and high availability of the packets processing infrastructure. In certain embodiments disclosed herein, the VNICs functionality performed by network virtualization devices (NVDs) is offloaded from the NVDs to a fleet of computers, referred to as VNIC-as-a-Service System (or VNICaaS system). VNICaaS system is configured to provide Virtual Network Interface Cards (VNICs)-related functionality or service for multiple compute instances belonging to multiple tenants or customers of the CSPI. The VNICaaS system is capable of hosting multiple VNICs to process and transmit traffic in a distributed virtualized cloud networks environment. A single VNIC executed by the VNICaaS system can be used to process packets received from multiple compute instances.

Abstract: The present embodiments relate to a cloud shell extension framework. A cloud infrastructure (CI) service can invoke a cloud shell from a console to the CI. The service may request that context data to be added for use in a terminal session. The cloud shell extension can include a tool or script that can be used to obtain context data or sample code for preparing an environment specific to the service prior to the user interaction with the environment. The cloud shell extension can allow for a service to register an extension in the cloud shell framework, and their extension can be invoked when a client initiates the cloud shell with the service. The extension can allow for the invoked service to forward context data, such as environment variables, to be set in the terminal session for the client.

Abstract: Example embodiments facilitate efficient comparison operations of tree structures, resulting in comparison metrics (e.g., similarity or distance metrics or scores) used enhance software systems, such as search algorithms, code optimization software, enterprise database applications, and so on. Trees to be compared are converted into sets, i.e., serialized using a novel enumeration method. Metric functions can then be efficiently applied to the sets to facilitate the comparison operations. In an illustrative embodiment, subtrees of larger trees can be compared individually, pairwise, where the comparison results of the subtree comparisons can be selectively weighted and summed to yield an aggregated comparison metric that is tailored for a specific application or comparison priority.

Abstract: Techniques are disclosed for bootstrapping a secure data center using a cross domain system with a proxying sidecar node. The cross domain system can be implemented at the secure data center to provide one-way ingress and egress channels for network traffic to the target data center. The cross domain system is connected to a host data center and can receive configuration data from the host data center to configure the proxying sidecar node. The proxying sidecar node can request bootstrapping data from the host data center on demand, receive the requested bootstrapping data, and send the bootstrapping data to nodes in the secure data center to provision one or more services in the secure data center. The received bootstrapping data passes into the secure data center via the ingress channel.

Abstract: Techniques for providing, to a resource on a private network of a service provider, access to a resource on a private network of a customer. Service to customer (S2C) resources deployed on a cloud infrastructure to facilitate the access. Whereas IP address ranges may overlap between private networks and/or private IP addresses may be used in one or more of the private networks, the S2C resources enable the data exchange between the private networks. For example, the S2C resources translate between IP addresses such that data within each private network uses IP addresses that can be properly processed by the private network.

Abstract: Techniques are disclosed for bootstrapping a secure data center using a cross domain system and a cluster of edge devices. The cross domain system can be implemented at the secure data center to provide one-way ingress and egress channels for network traffic to the target data center. The cross domain system is connected to a host data center and can receive configuration data from the host data center to configure the cluster of edge devices. The cross domain system can include a cluster configuration node that can request bootstrapping data from the host data center on demand, receive the requested bootstrapping data, and use the bootstrapping data to generate a virtual bootstrapping environment on the cluster of edge devices.

Abstract: Techniques are disclosed for bootstrapping a secure data center using a cross domain system with a static sidecar node. The cross domain system can be implemented at the secure data center to provide one-way ingress and egress channels for network traffic to the target data center. The cross domain system is connected to a host data center and can receive configuration data from the host data center to configure the static sidecar node. The static sidecar node can receive bootstrapping data from the host data center and store the bootstrapping data. The bootstrapping data can include software resources for provisioning services in the secure data center. The received bootstrapping data passes into the secure data center via the ingress channel.

Abstract: Example embodiments facilitate prioritizing the recycling of computing resources, e.g., server-side computing systems and accompanying resources (e.g., non-volatile memory, accompanying firmware, data, etc.) leased by customers in a cloud-based computing environment, whereby computing resources (e.g., non-volatile memory) to be forensically analyzed/inspected, sanitized, and/or updated are prioritized for recycling based on estimates of when the computing resources are most likely to require recycling, e.g., via background sanitizing and updating. Computing resources that are likely to be recycled first are given priority over computing resources that are more likely to be recycled later. By prioritizing the recycling of computing resources according to embodiments discussed herein, other cloud-based computing resources that are used to implement computing resource recycling can be efficiently allocated and preserved.

Abstract: Techniques are disclosed for using a multi-tenant framework for microservices in a microservices-based application to handle tenant-specific circuit breaking. The microservices-based application can include at least one microservice that incorporates the multi-tenant framework. The multi-tenant framework includes software components configured to provide multi-tenant functionality for the microservice. A first microservice may receive an indication associated with a tenant that a second microservice is overloaded. The first microservice can then receive a request containing tenant context data at an interface. A first software component of the multi-tenant framework can extract the tenant context data from the request. The first microservice may determine whether the tenant context data corresponds to the tenant. The first microservice can then trigger a circuit breaker for the second microservice.

Abstract: A time series forecasting system is disclosed that obtains a time series forecast request requesting a forecast for a particular time point. The forecast request identifies a primary time series dataset for generating the requested forecast and a set of features related to the primary time series dataset. The system provides the primary time series dataset and the set of features to a model to be used for generating the forecast. The model computes a feature importance score for one or more features and selects a subset of features based on their feature importance scores. The model determines attention scores for a set of data points in the primary time series dataset based on the selected subset of features. The system predicts an actual forecast for the particular time point based on the attention scores and outputs the actual forecast and explanation information associated with the actual forecast.

Abstract: A system and technique for a Request Forwarder as for a computer network architecture is disclosed to provide selective access to one or more cloud services. In some implementations, a computer system may receive a request for access to a cloud service, the request including a container credential. The computer system may determine an identification of the container using the container credential. The computer system may verify that the container requesting access to the cloud service is authorized based at least in part on stored policies. Based at least in part on the determination that the container requesting access to the cloud service is authorized: receiving instance credential from a metadata service. The computer system may include the instance credential with the request. The computer system may send the request to the cloud service. In various examples, the Request Forwarder can be provided as a service.

Abstract: Log data that includes a plurality of log records is asynchronously processed to validate a configuration of each log record and data included in each log record. It is determined that one or more attributes of a particular subset of log records of the plurality of log records corresponds to one or more errors. Using the particular subset, one or more enriched log records are generated by augmenting each log record of the particular subset of log records with error information that indicates one or more categories corresponding to the one or more errors. A user interface is generated to facilitate correction of the one or more errors, the user interface comprising a plurality of interactive elements corresponding to a plurality of error metrics of different categories of errors, wherein the one or more categories of the one or more errors are included in the different categories of errors.

Abstract: The present disclosure relates to systems and methods that enhance log data processing by asynchronously processing log data for detecting log messages that include errors and enriching the log messages with annotations that identify the errors. More particularly, log data that includes log records can be received. The log data can be asynchronously processed to validate a configuration of each log record and to validate data included in each log record. An attribute of a particular log record can be determined to correspond to an error. A category of the error can be determined. An enriched log record can be generated by augmenting the particular log record with error information indicating the category. The enriched log record can be transmitted via a user interface to facilitate correction of the error.

Abstract: Techniques described herein relate to systems and methods of data storage, and more particularly to providing layering of file system functionality on an object interface. In certain embodiments, file system functionality may be layered on cloud object interfaces to provide cloud-based storage while allowing for functionality expected from a legacy applications. For instance, POSIX interfaces and semantics may be layered on cloud-based storage, while providing access to data in a manner consistent with file-based access with data organization in name hierarchies. Various embodiments also may provide for memory mapping of data so that memory map changes are reflected in persistent storage while ensuring consistency between memory map changes and writes. For example, by transforming a ZFS file system disk-based storage into ZFS cloud-based storage, the ZFS file system gains the elastic nature of cloud storage.

Abstract: The present disclosure relates to techniques for identifying out-of-domain utterances.

Abstract: Domain specific inlining for interpreters includes obtaining an interpreter source code including compiler directives. A host compilation is performed on the interpreter source code to obtain a compiled interpreter. Performing host compilation includes inlining code blocks based on the plurality of compiler directives. The compiled interpreter is outputted.

Abstract: A network virtualization device receives a storage request from a compute instance executed by a host machine separate from the network virtualization device, the storage request comprising data to be stored. Responsive to receiving the storage request, the network virtualization device divides the data to be stored into a set of one or more data stripes. For a first data stripe in the set of data stripes, the network virtualization device determines, from a plurality of extent servers, a first extent server to which the first data stripe is to be sent for storing the first data stripe, transmits the first data stripe to the first extent server, wherein the first extent server stores the first data stipe to a first physical storage device, and receives, from the first extent server, an acknowledgement confirming that the first data stripe was stored.

Abstract: Embodiments upsell a hotel room selection by providing a first plurality of hotel room choices, each first plurality of hotel room choices comprising a first type of hotel room and a corresponding first price. Embodiments receive a first selection of one of the first plurality of hotel room choices. In response to the first selection, embodiments provide a second plurality of hotel room choices, the second plurality of hotel room choices comprising a subset of the first types of hotel room choices and a corresponding optimized price that is different from the respective corresponding first price.

Abstract: The disclosed systems, methods, and computer readable media relate to managing persistent memory within a smart network interface card (smartNIC) of a cloud-computing environment, or at storage device of the host instance on which the smartNIC operates and to which the smartNIC has access. The smartNIC may be configured with various modes that enable passthrough of input/output operations to or from non-volatile remote storage (e.g., a block storage data plane volume) or storage of at least some of the data corresponding to the input/output operations within the persistent memory managed by the smartNIC. The smartNIC may be configured to select a storage location for data between a pool of candidate storage including the persistent storage managed by the smartNIC or the non-volatile remote storage. These techniques improve communications between the smartNIC and the non-volatile remote storage and reduce the risk of network jitters and overall network latency.

Abstract: Techniques are provided for generating training data to facilitate fine-tuning embedding models. Training data including anchor utterances is obtained. Positive utterances and negative utterances are generated from the anchor utterances. Tuples including the anchor utterances, the positive utterances, and the negative utterances are formed. Embeddings for the tuples are generated and a pre-trained embedding model is fine-tuned based on the embeddings. The fine-tuned model can be deployed to a system.

Abstract: Techniques for determining recommended allocations of resources among different platforms that sell a common type of inventory. Determining the allocations can include obtaining parameters of a campaign from a client. Determining the allocations can include combining current campaign parameters and scoring with historical campaign performance data to create recommendations for dividing resources among different media platforms.

Abstract: Techniques for using honeypots to lure attackers and gather data about attackers and attack patterns on Infrastructure-as-a-Service (IaaS) instances. The gathered data may then be analyzed and used to proactively prevent such attacks.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Techniques disclosed herein include receiving a request to perform an upgrade. The upgrade can comprise changes to firmware or software of the network interface card. Input/Output (I/O) traffic can be monitored on one or more paths between the network interface card and a storage device. The paths can have a path capacity comprising a bandwidth of Input/Output traffic. The spare Input/Output traffic capacity can be calculated based at least in part on the Input/Output traffic and the path capacity. Whether to remove a path can be determined based at least in part on the spare Input/Output traffic capacity. The upgrade can be performed with the path halted in accordance with a determination to remove the path. The upgrade can be performed with the path included in accordance with a determination to not remove the path.

Abstract: Systems, devices, and methods of the present invention detect deceptive or fake content in text. In an example, a computer system generates, from text a discourse tree that represents rhetorical relationships between fragments of the text. The computer system generates a communicative discourse tree from the discourse tree. The computer system identifies a number of non-trivial rhetorical relations associated with the nonterminal nodes in the communicated discourse tree and, for each terminal edge having a communicative action, a level of nesting of the communicative action. The computer system derives, from the number of non-trivial rhetorical relations and the levels of nesting of the identified communicative actions, a complexity score that is indicative of a level of deception in the text.

Abstract: Techniques are disclosed for scaling an IP address in overlay networks without using load balancers. In certain implementations, an overlay IP address can be attached to multiple compute instances via virtual network interface cards (VNICs) associated with the multiple compute instances. Traffic directed to the multi-attached IP address is distributed across the multiple compute instances. In some other implementations, ECMP techniques in overlay networks are used to scale an overlay IP address. In forwarding tables used for routing packets, the IP address being scaled is associated with multiple next hop paths to multiple network virtualization devices (NVDs) associated with the multiple compute instances. When a particular packet directed to the overlay IP address is to be routed, one of the multiple next hop paths is selected for routing the packet. This enables packets directed to the IP address to be distributed across the multiple compute instances.

Abstract: Techniques for computing and storing object identity hash values are disclosed. In some embodiments, a runtime system generates a value, such as a nonce, that is unique to a particular allocation region within memory. The runtime system may mix the value with one or more seed values that are associated with one or more respective objects stored in the allocation region. The runtime system may obtain object identifiers for the respective objects by applying a hash function to the result of mixing the seed value with at least the value associated with the allocation region. Conditioning operations may also be applied before, during or after the mixing operations to make the values appear more random. The nonce value may be changed from time to time, such as when memory is recycled in the allocation region, to reduce the risk of hash collisions.

Abstract: A network may be organized to provide components. Components may be generated by combining other components (sub-components) together, and components may be provided by resources in the network. This network may be represented by a graph of nodes representing components and resources. In order to efficiently analyze this graph to generate a network plan, the graph may be subdivided into independent sub-graphs. Individual resources may be shared by individual sub-graphs and considered independent when those resources are underutilized or otherwise unconstrained. Models may be used to predict which resources are unconstrained and allow those resources to be shared by otherwise independent sub-graphs, thereby increasing the decomposition of the graph and improving the efficiency of the network plan analysis.

Abstract: Techniques are described herein for training and applying machine learning models. The techniques include implementing an entropy-based loss function for training high-capacity machine learning models, such as deep neural networks, with anti-modeling. The entropy-based loss function may cause the model to have high entropy on negative data, helping prevent the model from becoming confidently wrong about the negative data while reducing the likelihood of generalizing from disfavored signals.

Abstract: Aspects of the disclosure include a dynamic cloud workload reallocation based on an active ransomware attack. An example method includes receiving a first message that a computing instance is potentially infected by ransomware. The method further includes receiving a security state-based metric related to the computing instance based at least in part on the first message. The method further includes comparing the security state-based metric to a threshold metric. The method further incudes determining a likelihood of a ransomware attack based at least in part on the comparison. The method further includes transmitting second message to a job scheduler to reschedule workloads directed toward the computing instance based at least in part on the determination.

Abstract: Discussed herein is a framework that facilitates access to services offered in a target cloud environment for resources deployed in a source cloud environment. The source cloud environment is different and independent with respect to the target cloud environment. A compute instance executed in a source cloud environment generates a request to use a service provided in the target cloud environment. The request is transmitted from the source cloud environment to the target cloud environment via an intercloud service gateway. The service is executed in the target cloud environment based on an access role that is associated with the compute instance.

Abstract: Techniques for managing customer experience content are disclosed. A system detects new information, such as a news story, a new service request, or a modification to a testimonial or case study, associated with a set of customer experience content, such as a customer testimonial. The system analyzes the new information to identify a sentiment associated with the new information. The system generates an effectiveness score for a particular set of customer experience content based on the new information. The system provides attribute data associated with the new information, and attribute data associated with the customer experience content, to a machine learning model to generate the effectiveness score. The system compares the effectiveness score to one or more threshold values to determine an action to perform associated with the customer experience content.

Abstract: Techniques are described for communications in an L2 virtual network. In an example, the L2 virtual network includes a plurality of L2 compute instances hosted on a set of host machines and a plurality of L2 virtual network interfaces and L2 virtual switches hosted on a set of network virtualization devices. An L2 virtual network interface emulates an L2 port of the L2 virtual network. Storm control information applicable to the L2 port is sent to a network virtualization device that hosts the L2 virtual network interface.

Abstract: Machine learning techniques are disclosed for rebuilding transactions to predict cash position. In one aspect a method includes obtaining data for an original transaction, classifying the original transaction into a class of multiple classes based on the data, predicting first tranche delay days for the original transaction based on the class and the data, predicting a tranche count for the original transaction based on the class and the data, predicting a tranche interval for the original transaction based on the class and the data; and rebuilding the original transaction as one or more future transactions based on the class, the first tranche delay days, the tranche count, and tranche interval. Each of the one or more future transactions comprise an updated amount of the original transaction, an updated date upon which the original transaction is anticipated, or both.

Abstract: The present embodiments relate to identifying a ransomware attack. One embodiment relates to a method comprising configuring an operating system to collect metrics related to a hardware component. A message can be received from a user space library to validate an instruction detected in a cache, the instruction being associated with the hardware component. A metric can be compared to a threshold metric. The metric can be associated with the hardware component. A likelihood of a ransomware attack can be determined based at least in part on the comparison. A message can be transmitted to the user space library comprising the determination of the likelihood of the ransomware.

Abstract: Techniques for automatically discovering and protecting sensitive data are disclosed. In some embodiments, a set of data objects is searched for data matching a first set of one or more regular expressions and for metadata matching a second set of one or more regular expressions. A confidence score is then generated for a particular data objects in the set of data objects as a function of regular expressions in the first set of one or more regular expressions that match data stored in the particular data object and regular expression in the second set of one or more regular expressions that match metadata associated with the particular data object. One or more operations may be performed to protect sensitive data stored in the particular data object based, at least in part, on the confidence score.

Abstract: Techniques for providing candidate actions to a service agent based on a customer incident and associated attributes are disclosed. In one or more embodiments, a customer incident response system allows a customer support team to leverage a data ecosystem available to provide service agents with contextually relevant insights into a current data context that describes the customer incident. The system allows an administrator to configure connections to endpoints for external and/or third-party services, including artificial intelligence (AI), machine learning, static content, temporally based content, and rules-based content. Once configured, the system displays a series of insight cards near an incident workspace, where each insight card includes an action that the service agent may execute to attempt to resolve the customer incident. The system allows for external AI engines to generate insights and potential next actions to address the customer incident while enjoying a simplified setup.

Abstract: The present disclosure relates to a framework that provides execution of serverless functions in a cloud environment based on occurrence of events/notifications from services in an entirely different cloud environment. A target agent obtains a notification from a source agent, where the target agent is deployed in a target cloud environment and the source agent is deployed in a source cloud environment that is different than the target cloud environment. The target agent determines a function that is to be invoked based on the notification. Upon successfully verifying whether the target agent is permitted to invoke the function that is deployed in a target customer tenancy of the target cloud environment, the target agent invokes the function in the target customer tenancy of the target cloud environment.

Abstract: Techniques for tracing attributes through queries in a set of nested queries are disclosed. A graphical user interface displays individual sub-queries as separate visual representations. Based on detecting a selection, a system analyzes data underlying the visual representations to identify queries, among the set of nested queries, that are associated with a particular attribute. One selection results in the system analyzing the underlying data to identify an origin query for an attribute, from among the set of nested queries. Another selection results in the system analyzing the underlying data to identify queries, from among the set of nested queries, that use the attribute received from a selected query. Another selection results in the system generating SQL code for a selected subset of queries, among the set of nested queries.

Abstract: Techniques are disclosed for creating an attachment between two compute instances. An infrastructure and a generalized method is described for attaching two or more cloud resources (e.g., two compute instances) in spite of the compute resources being provisioned by two different services from different cloud tenancies. An automated process is described that is executed for wiring the compute instances. The automated process can be generally applied to attach any two compute instances providing two different services and provisioned from two different service tenancies.

Abstract: The present disclosure relates to managing services by a managed service provider (MSP) in a cloud based infrastructure. A control plane of the MSP is established in a first tenancy, and a first access plane of the MSP is established in a second tenancy of a cloud environment. The control plane is configured to manage a plurality of services offered by the MSP to a first host machine included in the second tenancy. A first request is transmitted from the control plane to the first access plane, where the first request is forwarded by the first access plane to the first host machine, and corresponds to a service utilized by the first host machine and managed by the control plane of the MSP. In response to the first request being validated, a first state of the first host machine is modified in the second tenancy based on the first request.

Abstract: Techniques for managing lifecycles of sets of foreign resources are disclosed, including: opening, in a runtime environment configured to use a garbage collector to manage memory in a heap, a memory session; allocating a first subset of a set of foreign memory to a memory segment associated with the memory session, the foreign memory including off-heap memory that is not managed by the garbage collector; encountering, in the runtime environment, an instruction to close the memory session; responsive to encountering the instruction to close the memory session, deallocating the subset of the set of foreign memory.

Abstract: Techniques for using a machine learning model to recommend remediation actions for issues identified in data objects are disclosed. A system applies a machine learning model to data representing one or more data objects to generate recommendations for remediating issues in the one or more data objects. The machine learning model is trained on training datasets of historical data object records. The training dataset identifies issues arising from the modifications and remediation actions addressing the issues. The system trains the machine learning model to learn correlations between identified issues and recommended remediation actions. The trained machine learning model recommends remediation actions for particular sets of data object data. The system presents the recommendations, together with a display of the data object, in a graphical user interface.

Abstract: Techniques for managing temporal dependencies between sets of foreign resources are disclosed, including: allocating, in a runtime environment, a segment of foreign memory to a first memory session, the runtime environment being configured to use a garbage collector to manage memory in a heap, and the foreign memory including off-heap memory that is not managed by the garbage collector; opening, in the runtime environment, a second memory session that descends from the first memory session; while the second memory session is open, encountering a request to close the first memory session; responsive to encountering the request to close the first memory session, determining that the first memory session has at least one open descendant memory session; responsive to determining that the first memory session has at least one open descendant memory session, declining the request to close the first memory session.

Abstract: Techniques for implementing an infrastructure orchestration service are described. A safety plan comprising a list of resources and operations based at least in part on a deployment configuration file can be received. Upon receiving approval of the safety plan, an operation corresponding to at least one of the list of resources can be prepared to be performed. The operation can be compared to the safety plan. If the operation is part of the safety plan, the operation can be performed. If the operation is not part of the safety plan, the deployment can be halted, and a notification that the deployment is not in compliance with the safety plan can be transmitted.