Abstract: A policy server may include a policy parser that is communicably coupled to a configuration database. The policy parser may identify a policy data model in the configuration database associated with a policy. The policy data model may include a policy object expressed in a human-readable format. The policy server may include a policy engine for constructing a dynamic acyclic graph (DAG) representing the policy data model. The policy engine may include a code generation engine for parsing the DAG to generate code in a high-level language. The policy engine may include a compiler for compiling the generated code to generate binaries for implementing the policy. The policy server may include a policy dispatcher for generating a notification to a policy client to dispatch the binaries to at least one subscriber of the policy following the code being compiled. The policy server may asynchronously update the policy for the subscribers.

Abstract: Disclosed herein is a distributed, modular and highly available routing apparatus that is enabled to perform IP, MPLS VPN v4 and v6 services. The routing apparatus comprises a plurality of functional modules selected from the group consisting of a processor, a data storage module, an input/output module, a shared memory, and a network module. Each functional module is driven by a software architecture comprising a TCP/IP stack, a protocol serializer, a protocol de-serializer, an in-memory data store and one or more utility applications. The software architecture is stored partially or completely in the user space of the operating system of the routing apparatus.

Abstract: Systems and methods of the present disclosure are directed to defining a data store format for storing state information related to border-gateway protocol (BGP) routing information base (RIB) entries, BGP Neighbor Tables, intermediate system-intermediate system (IS-IS) adjacencies, Link-State Databases, Interface information, Chassis information, etc in a binary format. A brick data store (BDS) system can define tables, table properties, objects and attributes for an application in the system using configuration files expressed in Java Script Object Notation (JSON). The data format can be uniform across inter-process communication, file and in-memory representation.

Abstract: Disclosed herein is a distributed, modular and highly available routing apparatus that is enabled to perform IP, MPLS VPN v4 and v6 services. The routing apparatus comprises a plurality of functional modules selected from the group consisting of a processor, a data storage module, an input/output module, a shared memory, and a network module. Each functional module is driven by a software architecture comprising a TCP/IP stack, a protocol serializer, a protocol de-serializer, an in-memory data store and one or more utility applications. The software architecture is stored partially or completely in the user space of the operating system of the routing apparatus.

Abstract: A policy server may include a policy parser that is communicably coupled to a configuration database. The policy parser may identify a policy data model in the configuration database associated with a policy. The policy data model may include a policy object expressed in a human-readable format. The policy server may include a policy engine for constructing a dynamic acyclic graph (DAG) representing the policy data model. The policy engine may include a code generation engine for parsing the DAG to generate code in a high-level language. The policy engine may include a compiler for compiling the generated code to generate binaries for implementing the policy. The policy server may include a policy dispatcher for generating a notification to a policy client to dispatch the binaries to at least one subscriber of the policy following the code being compiled. The policy server may asynchronously update the policy for the subscribers.

Abstract: Disclosed herein is a distributed, modular and highly available routing apparatus that is enabled to perform IP, MPLS VPN v4 and v6 services. The routing apparatus comprises a plurality of functional modules selected from the group consisting of a processor, a data storage module, an input/output module, a shared memory, and a network module. Each functional module is driven by a software architecture comprising a TCP/IP stack, a protocol serializer, a protocol de-serializer, an in-memory data store and one or more utility applications. The software architecture is stored partially or completely in the user space of the operating system of the routing apparatus.

Abstract: Systems and methods of the present disclosure are directed to defining a data store format for storing state information related to border-gateway protocol (BGP) routing information base (RIB) entries, BGP Neighbor Tables, intermediate system-intermediate system (IS-IS) adjacencies, Link-State Databases, Interface information, Chassis information, etc in a binary format. A brick data store (BDS) system can define tables, table properties, objects and attributes for an application in the system using configuration files expressed in Java Script Object Notation (JSON). The data format can be uniform across inter-process communication, file and in-memory representation.

Abstract: Disclosed herein is a distributed, modular and highly available routing apparatus that is enabled to perform IP, MPLS VPN v4 and v6 services. The routing apparatus comprises a plurality of functional modules selected from the group consisting of a processor, a data storage module, an input/output module, a shared memory, and a network module. Each functional module is driven by a software architecture comprising a TCP/IP stack, a protocol serializer, a protocol de-serializer, an in-memory data store and one or more utility applications. The software architecture is stored partially or completely in the user space of the operating system of the routing apparatus.

Abstract: A system and method for realizing a building system is disclosed. In an embodiment, a holistic approach to a complex building system involves using high-productivity high-performance computing resources, such as cloud services, to manage a complex building system from building inception through to building operation. Because high-productivity high-performance computing resources are used, modeling, optimization, simulation, and verification can be performed from a single platform on a scale which heretofore has not been applied to complex building systems. Additionally, the holistic approach to complex building systems involves using a centralized database to manage all of the information related to a building system.

Abstract: A system and method for realizing a building system is disclosed. In an embodiment, a holistic approach to a complex building system involves using high-productivity high-performance computing resources, such as cloud services, to manage a complex building system from building inception through to building operation. Because high-productivity high-performance computing resources are used, modeling, optimization, simulation, and verification can be performed from a single platform on a scale which heretofore has not been applied to complex building systems. Additionally, the holistic approach to complex building systems involves using a centralized database to manage all of the information related to a building system.

Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.

Abstract: A system and method for realizing a building system is disclosed. In an embodiment, a holistic approach to a complex building system involves using high-productivity high-performance computing resources, such as cloud services, to manage a complex building system from building inception through to building operation. Because high-productivity high-performance computing resources are used, modeling, optimization, simulation, and verification can be performed from a single platform on a scale which heretofore has not been applied to complex building systems. Additionally, the holistic approach to complex building systems involves using a centralized database to manage all of the information related to a building system.

Abstract: A lubricator valve assembly adapted for connection in a pipe string for use in a well includes a tubular valve body having a bore formed longitudinally therethrough; a valve seat connected to the valve body and in communication with the bore; a valve element mounted in the bore and rotatable with respect to the valve seat between positions opening and closing the bore; an operator in connection between the valve element and a hydraulic control system, the operator moving the valve element between the open and close bore positions in response to the hydraulic control system; and a system for opening the valve element upon failure of the hydraulic system.

Abstract: Systems and methods relating to a method for generating a threat analysis and modeling tool are described. In an implementation, aggregate analysis is performed upon applications of an enterprise for complete risk management of the enterprise. The threat analysis model is generated by defining the application, its attributes and the rules related to the application. An application task list is generated from a common task list for the application. Countermeasures for known attacks pertaining to the application are described in the application task list, which allows the developer to reduce the risk of attacks.

Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.

Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.

Abstract: Systems and methods relating to a method for generating a threat analysis and modeling tool are described. In an implementation, aggregate analysis is performed upon applications of an enterprise for complete risk management of the enterprise. The threat analysis model is generated by defining the application, its attributes and the rules related to the application. An application task list is generated from a common task list for the application. Countermeasures for known attacks pertaining to the application are described in the application task list, which allows the developer to reduce the risk of attacks.

Abstract: A lubricator valve assembly adapted for connection in a pipe string for use in a well includes a tubular valve body having a bore formed longitudinally therethrough; a valve seat connected to the valve body and in communication with the bore; a valve element mounted in the bore and rotatable with respect to the valve seat between positions opening and closing the bore; an operator in connection between the valve element and a hydraulic control system, the operator moving the valve element between the open and close bore positions in response to the hydraulic control system; and a system for opening the valve element upon failure of the hydraulic system.

Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.

Abstract: The flow of packet-based traffic is controlled to meet a desired rate by calculating, as a moving average, a current rate of packet-based traffic on a link, calculating the sum of the error between the calculated current rate and the desired rate, and determining whether or not packets can flow in response to the calculated sum of the error. When the sum of the error between the current rate and the desired rate indicates that the current rate is less than the desired rate, packets are allowed to flow and when the sum of the error indicates that the current rate is greater than the desired rate, packets are not allowed to flow. The magnitude of bursts can also be controlled by artificially controlling the minimum values of the current rate and the sum of the error. The flow control algorithm can be used for rate shaping or rate limiting.