Abstract: Systems, methods, and apparatuses enable a microservice to identify server-to-server communication paths between servers in a networked environment. The system identifies a server connected to a security microservice managed by a management microservice. The system deploys a security policy on the identified server, and identifies the server-to-server communication paths between the identified server and one or more of a plurality of servers. The system identifies the active communication paths from the identified server to one or more of a plurality of servers, or a subset of communication paths determined based on search criteria. When the system identifies servers of the one or more of the plurality of servers without an existing security policy, the system processes the identified server. In one embodiment, processing the identified servers includes applying a security policy to the identified servers.

Abstract: Systems, methods, and apparatuses enable a microservice-based application to dynamically update components of the system without disrupting messaging occurring between microservices in the system. Microservices of a microservice-based application store data indicating mappings between data object versions and message object versions and which is used update system components in a controlled manner. As used herein, a data object generally refers to any data generated by a microservice and that can be sent to one or more other microservices using a publish-subscribe messaging pattern or other messaging architecture. A message object refers to data used to encapsulate one or more data objects and used to send the data object from one component to another in the system.

Abstract: Systems, methods, and apparatuses enable a security microservice to provision security services to a resource (e.g., a virtual machine) by assigning the virtual machine to an island virtual switch. An island virtual switch is a virtual switch that does not have a direct connection to a physical link, and instead interfaces with a network traffic interceptor having a connection to a virtual switch with a connection to a physical link, to direct network traffic to and form the assigned virtual machine. The network traffic interceptor performs intercept operations on at least a portion of network traffic between the virtual switch and the island virtual switch associated with the virtual machine in order to perform security operations of the portion of network traffic.

Abstract: Systems, methods, and apparatuses enable to enable the insertion and configuration of interface microservices at servers or other types of computing devices in a computing environment in response to changes to security policies affecting one or components of the computing environment. In one embodiment, a security application detects servers in a computing environment and generates profile data for the detected servers. The security application assigns detected servers to security policy groups by applying a set of filters to the generated profile data for each server in an order specified by a set of precedence rules. The security policy groups are each associated with one or more security policies that define security rules and other configurations used to provide security services to servers that are members of the corresponding security policy group.

Abstract: Systems and methods are disclosed that relate to network security within a virtual network, and how to add microservices in a scalable virtual network. For example, one embodiment discloses a method of receiving a deployment request to deploy a security microservice in a security service, the deployment request including a deployment specification. The method further includes determining whether an interface microservice is available on one or more hosts by accessing one or more host records for the one or more hosts, and selecting a host on which to deploy the security microservice utilizing the deployment specification. When the interface microservice does not exist on the selected host, the method further includes initializing the interface microservice on the selected host, attaching the interface microservice to a hypervisor of the selected host, connecting the security microservice to the interface microservice of the selected host, and deploying the security microservice on the selected host.

Abstract: Systems, methods, and apparatuses enable a microservice to identify server-to-server communication paths between servers in a networked environment. The system identifies a server connected to a security microservice managed by a management microservice. The system deploys a security policy on the identified server, and identifies the server-to-server communication paths between the identified server and one or more of a plurality of servers. The system identifies the active communication paths from the identified server to one or more of a plurality of servers, or a subset of communication paths determined based on search criteria. When the system identifies servers of the one or more of the plurality of servers without an existing security policy, the system processes the identified server. In one embodiment, processing the identified servers includes applying a security policy to the identified servers.

Abstract: Systems, methods, and apparatuses enable a microservice to intercept and filter network traffic generated by virtual machines (VMs) and routed by a virtual switch (vSwitch). The system assigns a unique port group and identifier (e.g., a VLAN) to each VM, and maintains a mapping between the unique identifier and a VLAN used to communicate network traffic from the vSwitch to a physical switch. When network traffic is sent from a VM, the network traffic is intercepted by a trunk and sent to a microservice. The microservice performs a mapping procedure to identify the VLAN for transmitting the network traffic to the physical switch. The microservice determines whether the network traffic requires further inspection or analysis, or whether the network traffic can be transmitted to the physical switch using the VLAN identified during the mapping procedure.

Abstract: Systems and methods are disclosed that relate to network security within a virtual network, and how to add microservices in a scalable virtual network. For example, one embodiment discloses a method of receiving a deployment request to deploy a security microservice in a security service, the deployment request including a deployment specification. The method further includes determining whether an interface microservice is available on one or more hosts by accessing one or more host records for the one or more hosts, and selecting a host on which to deploy the security microservice utilizing the deployment specification. When the interface microservice does not exist on the selected host, the method further includes initializing the interface microservice on the selected host, attaching the interface microservice to a hypervisor of the selected host, connecting the security microservice to the interface microservice of the selected host, and deploying the security microservice on the selected host.

Abstract: Systems, methods, and apparatuses enable a microservice-based application to dynamically update components of the system without disrupting messaging occurring between microservices in the system. Microservices of a microservice-based application store data indicating mappings between data object versions and message object versions and which is used update system components in a controlled manner. As used herein, a data object generally refers to any data generated by a microservice and that can be sent to one or more other microservices using a publish-subscribe messaging pattern or other messaging architecture. A message object refers to data used to encapsulate one or more data objects and used to send the data object from one component to another in the system.

Abstract: Systems, methods, and apparatuses enable to enable the insertion and configuration of interface microservices at servers or other types of computing devices in a computing environment in response to changes to security policies affecting one or components of the computing environment. In one embodiment, a security application detects servers in a computing environment and generates profile data for the detected servers. The security application assigns detected servers to security policy groups by applying a set of filters to the generated profile data for each server in an order specified by a set of precedence rules. The security policy groups are each associated with one or more security policies that define security rules and other configurations used to provide security services to servers that are members of the corresponding security policy group.

Abstract: Systems and methods are disclosed that relate to network security within a virtual network, and how to add microservices in a scalable virtual network. For example, one embodiment discloses a method of receiving a deployment request to deploy a security microservice in a security service, the deployment request including a deployment specification. The method further includes determining whether an interface microservice is available on one or more hosts by accessing one or more host records for the one or more hosts, and selecting a host on which to deploy the security microservice utilizing the deployment specification. When the interface microservice does not exist on the selected host, the method further includes initializing the interface microservice on the selected host, attaching the interface microservice to a hypervisor of the selected host, connecting the security microservice to the interface microservice of the selected host, and deploying the security microservice on the selected host.

Abstract: Systems and methods are disclosed that relate to network security within a virtual network, and how to add microservices in a scalable virtual network. For example, one embodiment discloses a method of receiving a deployment request to deploy a security microservice in a security service, the deployment request including a deployment specification. The method further includes determining whether an interface microservice is available on one or more hosts by accessing one or more host records for the one or more hosts, and selecting a host on which to deploy the security microservice utilizing the deployment specification. When the interface microservice does not exist on the selected host, the method further includes initializing the interface microservice on the selected host, attaching the interface microservice to a hypervisor of the selected host, connecting the security microservice to the interface microservice of the selected host, and deploying the security microservice on the selected host.

Abstract: Methods and systems for a computing cluster are provided. An application programming interface (API) at a manager application is exposed. The API specifies input identifying nodes and connections between the nodes to implement storage protection policies in the computing cluster. A user input that includes instructions to implement multiple destination nodes and respective connections between a source node and the destination nodes is received. A topology that includes the source node, the destination nodes, and the connections between the source node and the destination nodes is traversed. Based on traversing the topology, commands are sent to a storage system of the cluster to implement a destination volume corresponding to the destination node and multiple protection configurations. Each of the protection configurations corresponds to a respective one of the connections.

Abstract: A method includes exposing an application programming interface (API) at a manager application, the manager application running on a server in a computing cluster, wherein the API specifies input identifying nodes and connections between the nodes to implement storage protection policies in the computing cluster; receiving user input to the manager application according to the API, where the user input includes instructions to implement a secondary node and a connection between a primary node and the secondary node, the user input received at the manager application at a level of specificity that includes the secondary node and the connection between the primary node and the secondary node, thereby defining arbitrary protection topologies.

Abstract: A testing tool records a user session with a transactional server and generates a test for subsequently testing the server. Through a user interface of the testing tool, the user can define verification steps to automatically test for expected server responses during test execution. The test is displayed to the user as a tree having nodes which represent steps of the test. Via the user interface, the user can modify node properties and perform other types of tree edit operations to edit the test, without the need to know a scripting or other programming language. When a user selects a node that corresponds to a particular field or other object of the server screen, the testing tool automatically displays the screen with the object highlighted. The testing tool also allows the test author to use a spreadsheet to conveniently specify data sets for running multiple iterations of a test.

Abstract: A testing tool records a user session with a transactional server and generates a test for subsequently testing the server. Through a user interface of the testing tool, the user can define verification steps to automatically test for expected server responses during test execution. The test is displayed to the user as a tree having nodes which represent steps of the test. Via the user interface, the user can modify node properties and perform other types of tree edit operations to edit the test, without the need to know a scripting or other programming language. When a user selects a node that corresponds to a particular field or other object of the server screen, the testing tool automatically displays the screen with the object highlighted. The testing tool also allows the test author to use a spreadsheet to conveniently specify data sets for running multiple iterations of a test.

Abstract: A testing tool automatically records a series of user steps taken during a user session with a transactional server and generates a test for testing the functionality of server. Through a user interface of the testing tool, the user can define verification steps to automatically test for expected server responses during test execution. The testing tool displays the test to the user as a tree having nodes (displayed as icons) which represent steps of the test. Via the user interface, the user can modify node properties and perform other types of tree edit operations to edit the test, without the need to know a scripting or other programming language. When the user selects a node that corresponds to a particular field or other object of the server screen, the testing tool automatically displays the screen with the object highlighted.

Abstract: A testing tool automatically records a series of user steps taken during a user session with a transactional server and generates a test for testing the functionality of server. Through a user interface of the testing tool, the user can define verification steps to automatically test for expected server responses during test execution. The testing tool displays the test to the user as a tree having nodes (displayed as icons) which represent steps of the test. Via the user interface, the user can modify node properties and perform other types of tree edit operations to edit the test, without the need to know a scripting or other programming language. When the user selects a node that corresponds to a particular field or other object of the server screen, the testing tool automatically displays the screen with the object highlighted.