Abstract: A virtual network system for a computer network is provided. The system includes a first host executing a virtual network function manager. The system also includes a second host executing a management virtual machine. The management virtual machine is in communication with the virtual network function manager and with one or more virtual network function component instantiations. The management virtual machine is programmed to route messages between the one or more virtual network function component instantiations and the virtual network function manager.

Abstract: A virtual network system for a computer network is provided. The system includes a first host executing a virtual network function manager. The system also includes a second host executing a management virtual machine. The management virtual machine is in communication with the virtual network function manager and with one or more virtual network function component instantiations. The management virtual machine is programmed to route messages between the one or more virtual network function component instantiations and the virtual network function manager.

Abstract: A remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network.

Abstract: A virtual network system for a computer network is provided. The system includes a first host executing a virtual network function manager. The system also includes a second host executing a management virtual machine. The management virtual machine is in communication with the virtual network function manager and with one or more virtual network function component instantiations. The management virtual machine is programmed to route messages between the one or more virtual network function component instantiations and the virtual network function manager.

Abstract: A client access network includes a cluster of servers. The cluster of servers includes a boot node, an administrator node, a computing node, and a storage node. The client access network further includes a plurality of segregated subnetworks. The plurality of segregated subnetworks includes a boot subnetwork, an administration subnetwork, a public subnetwork, and a private subnetwork. The client access network further includes at least one hardware security module, a dedicated subnet in operable communication with the at least one hardware security module and each of the plurality of segregated subnetworks, and a router in operable communication with the at least one hardware security module and each of the cluster of servers. The router is further configured to route traffic among the plurality of segregated subnetworks and the dedicated subnet.

Abstract: A virtual network system for a computer network is provided. The system includes a first host executing a virtual network function manager. The system also includes a second host executing a management virtual machine. The management virtual machine is in communication with the virtual network function manager and with one or more virtual network function component instantiations. The management virtual machine is programmed to route messages between the one or more virtual network function component instantiations and the virtual network function manager.

Abstract: A system for monitoring the security of a connected Internet of Things (IoT) device is provided. The system includes a network doppelganger (ND) computer device. The ND computer device is in communication with the IoT device and a service provider computer device associated with the IoT device. The ND computer device is programmed to store a plurality of policies associated with the service provider computer device. The ND computer device is also programmed to receive a communication from the IoT device addressed to the service provider computer device. The ND computer device is further programmed to analyze the communication in view of the plurality of policies to determine whether the communication is approved. If the communication is approved, the ND computer device is programmed to route the communication to the service provider computer device.

Abstract: A remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network.

Abstract: A virtual network system for a computer network is provided. The system includes a first host executing a virtual network function manager. The system also includes a second host executing a management virtual machine. The management virtual machine is in communication with the virtual network function manager and with one or more virtual network function component instantiations. The management virtual machine is programmed to route messages between the one or more virtual network function component instantiations and the virtual network function manager.

Abstract: Methods, systems, and devices for enabling public key infrastructure (PKI) in the generic could environment and the network function virtualization (NFV) environment. A host device may receive, from an orchestrator of a computer network environment, an indication of a workload to be executed by a virtual machine (VM) hosted on the host device, where the indication includes an identifier of the workload. The VM may transmit a request for a certificate to a hardware security module associated with the host device including the identifier of the workload. After transmitting the request for the certificate, the VM may receive the requested certificate from the HSM. In some cases, the VM may determine a private key associated with the workload and include the private key within the request for the certificate. Additionally or alternatively, the HSM may determine the private key. Here, the HSM may include the private key within the certificate.

Abstract: A system for monitoring the communication with a connected Internet of Things (IoT) device is provided. The system includes a first computing device including a least one processor in communication with at least one memory device. The at least one memory device stores a plurality of instructions, which when executed by the at least one processor cause the at least one processor to execute an IoT device communication application. The IoT device communication application monitors the IoT device. The instructions also cause the at least one processor to store IoT device data including a current location of the IoT device, determine an optimal communication path between the IoT device communication application and the IoT device based on the IoT device data, and transfer execution of the IoT device communication application to a second computing device based on the optimal communication path.

Abstract: A system for monitoring the security of a connected Internet of Things (IoT) device is provided. The system includes a network doppelgänger (ND) computer device. The ND computer device is in communication with the IoT device and a service provider computer device associated with the IoT device. The ND computer device is programmed to store a plurality of policies associated with the service provider computer device. The ND computer device is also programmed to receive a communication from the IoT device addressed to the service provider computer device. The ND computer device is further programmed to analyze the communication in view of the plurality of policies to determine whether the communication is approved. If the communication is approved, the ND computer device is programmed to route the communication to the service provider computer device.

Abstract: A remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network.

Abstract: Improved virtualized application performance is provided through disabling of unnecessary functions, such as unnecessary encryption and decryption operations. An example method performed by a hypervisor includes the steps of obtaining a request from a first virtual machine to perform one or more of encrypting and decrypting of a communication between the first virtual machine and a second virtual machine; determining when the first and second virtual machines execute on a same host as the hypervisor; and in response to the first and second virtual machines executing on the same host: processing the communication without performing the one or more of encrypting and decrypting of the communication, wherein the hypervisor initiates an encryption of further communications between the first virtual machine and the second virtual machine in response to at least one of the first virtual machine and the second virtual machine being moved from the same host.

Abstract: A remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network.

Abstract: A remote attestation system for a computer network includes an attestation operations subsystem configured to manage attestation procedures for the remote attestation system, and an attestation server pool including a plurality of attestation servers. The plurality of attestation servers is configured to perform attestation of at least one host in a data center. The system further includes an attestation state database configured to store a state of attestation of the at least one host, an attestation policy database configured to store at least one operator policy of the computer network, and an end-user service portal configured to provide access to the remote attestation system by users of the computer network.

Abstract: Improved virtualized application performance is provided through disabling of unnecessary functions, such as unnecessary encryption and decryption operations. An example method performed by a hypervisor includes the steps of obtaining a request from a first virtual machine to perform one or more of encrypting and decrypting of a communication between the first virtual machine and a second virtual machine; determining when the first and second virtual machines execute on a same host as the hypervisor; and in response to the first and second virtual machines executing on the same host: processing the communication without performing the one or more of encrypting and decrypting of the communication, wherein the hypervisor initiates an encryption of further communications between the first virtual machine and the second virtual machine in response to at least one of the first virtual machine and the second virtual machine being moved from the same host.

Abstract: Improved virtualized application performance is provided through disabling of unnecessary functions, such as unnecessary encryption and decryption operations. An example method performed by a hypervisor includes the steps of obtaining a request to one or more of encrypt and decrypt a communication between a first virtual machine and a second virtual machine; determining if the first and second virtual machines execute on a same host as the hypervisor (e.g., by evaluating a context of the communication); and processing the communication without encrypting or decrypting the communication if the first and second virtual machines execute on the same host. Lawful Interception is performed by forwarding an unencrypted version of the communication to an authorized agency.

Abstract: Methods, systems, and devices for enabling public key infrastructure (PKI) in the generic could environment and the network function virtualization (NFV) environment. A host device may receive, from an orchestrator of a computer network environment, an indication of a workload to be executed by a virtual machine (VM) hosted on the host device, where the indication includes an identifier of the workload. The VM may transmit a request for a certificate to a hardware security module associated with the host device including the identifier of the workload. After transmitting the request for the certificate, the VM may receive the requested certificate from the HSM. In some cases, the VM may determine a private key associated with the workload and include the private key within the request for the certificate. Additionally or alternatively, the HSM may determine the private key. Here, the HSM may include the private key within the certificate.

Abstract: A virtual network system for a computer network is provided. The system includes a first host executing a virtual network function manager. The system also includes a second host executing a management virtual machine. The management virtual machine is in communication with the virtual network function manager and with one or more virtual network function component instantiations. The management virtual machine is programmed to route messages between the one or more virtual network function component instantiations and the virtual network function manager.