Abstract: Devices, systems, methods, and processes for sustainably reallocating resources based on within a plurality of computing nodes of a network, such as a managed network are described herein. Each computing node may be configured to transmit infrastructure data to an infrastructure monitor or ecosystem management tool. Additional sustainability data may also be accessed either internally or externally. The infrastructure data and sustainability data may be utilized to generate one or more scores that can be evaluated against each other. These scores may be configured to reflect various conditions or facts about the computing nodes including the overall sustainability. In order to increase sustainability levels, a variety of different resource configurations can be generated and evaluated against each other and the current configuration.

Abstract: Technologies for testing resiliency of a data network with real-world accuracy without affecting the flow of production data through the network. A method according to the technologies may include receiving a production data packet and determining a preferred data route toward a destination node for the production data packet based on a first routing information base, wherein the first routing information base includes a database where routes and route metadata are stored according to a routing protocol. The method may also include, receiving a test data packet, and determining an alternate data route toward the destination node for the test data packet based on a second routing information base, wherein the second routing information base simulates an error in the preferred data route. The method may include sending the production data packet to the preferred data route and sending the test data packet to the alternate data route.

Abstract: Techniques are described for classification-based data security management. The classification-based data security management can include utilizing device and/or data attributes to identify security modes for communication of data stored in a source device. The security modes can be identified based on a hybrid-encryption negotiation. The attributes can include a device resource availability value, an access trust score, a data confidentiality score, a geo-coordinates value, and/or a date/time value. The security modes can include a hybrid-encryption mode. The source device can utilize the hybrid-encryption mode to transmit the data, via one or more network nodes, such as an edge node, to one or more service nodes.

Abstract: Techniques are described for providing secure audio calls between a calling party and a receiving party. Upon receiving a call request from a call initiating party, a notification is sent to the intended call recipient. The call recipient can send a request for a secure call. Upon receiving the request for a secure call, a bi-directional multifactor authentication is performed to authenticate the identity of both the call initiating party and the call receiving party. In response to successfully authenticating both parties, a secure call between the parties is established. One or more secure key tokens or other metadata can be embedded in the call to ensure security of the call.

Abstract: The present disclosure describes a system and method for secure energy harvesting. An access point includes a memory and a processor communicatively coupled to the memory. The processor receives, from a wireless device, a token and an identifier for a first access point that generated the token and requests the first access point to validate the token. The processor also, in response to the first access point validating the token, wirelessly communicates a first charging frame to the wireless device.

Abstract: A connection request is received from a user device associated with a user. The connection request includes an identifier associated with a profile associated with the user, the profile being a static profile or a dynamic profile. An observability profile associated with the user is identified based on the profile when the profile is a static profile and based on a current traffic profile associated with the user device when the profile is a dynamic profile. Measurements associated with a data session are executed for the user device based on the observability profile and one or more configurations are adjusted in a network to improve performance of the data session based on the measurements.

Abstract: Techniques are described herein for managing access to sensitive data detected within an electronic communication. In some embodiments, such techniques may comprise receiving, from a sender, an electronic communication directed toward a first recipient. The techniques may then comprise identifying one or more pieces of sensitive data within the electronic communication, providing a content of the one or more pieces of sensitive data to a data hosting device to be stored in a memory location and first information associated with the first recipient used to access the memory location, updating the electronic communication to replace the one or more pieces of sensitive data with a reference to the memory location, and transmitting the electronic communication to the first recipient.

Abstract: Failure prediction signaling and cognitive user migration may be provided. A client device may receive at least a portion of failure prediction data. The client device may then analyze the at least the portion of the failure prediction data. The client device may then roam from a first computing device to a second computing device in response to analyzing the at least the portion of the failure prediction data.

Abstract: A network of devices can be stabilized by administering an energy-aware topology that corresponds to a desired state derived in part from one or more sustainability metrics. Devices suitable for stabilization can include a processor, a memory, a plurality of elements, a communication port coupled with one or more neighboring devices, and an energy-aware topology logic. The energy-aware topology logic can monitor incoming traffic from one or more neighboring devices, receive current state data associated with the plurality of elements, and receive update data from the one or more neighboring devices via a sustainability-related augmented IGP. Also, the energy-aware topology logic can generate a desired state for the device based on at least the received current state data and update data. One or more of the plurality of elements may be modified in response to the generated desired state, wherein the modification involves changing one or more sustainability-related capabilities.

Abstract: Network energy efficiency and green power selection may be optimized by employing graph-oriented service chains configured to share sustainability attributes and metadata augmentation. More specifically, network Service Function Chain (SFC) creation can include a set of power and energy-specific and sustainable attributes. In general, the goal of SFC is to enable the creation of a service path that matches the specific needs of an application or service. SFCs are composed of a sequence of network functions, such as firewalls, load balancers, intrusion detection systems, and other services. Each network function performs a specific task on the network traffic, and the packets are passed from one function to the next until they reach their destination. Overall, SFCs are a powerful tool for managing complex network environments, enabling network administrators to deploy and manage network services more efficiently and effectively.

Abstract: Energy-aware configurations can be utilized to operate a network based on sustainability-related metrics. In many embodiments, a suitable device includes a processor, a memory commutatively coupled to the processor, a plurality of elements, a communication port, and an energy-aware topology logic configured to collect topology data from one or more network devices, wherein each of the one or more network devices include a plurality of elements. The energy-aware topology logic can receive power source data and power usage data related to plurality of elements and generate an element energy coefficient (EEC) for a plurality of elements. Subsequently, the energy-aware topology logic can also generate an energy-aware configuration for at least one of the one or more network devices, and then pass the generated energy-aware configuration to the at least one network device, wherein the energy-aware configuration is configured to steer traffic based on at least one sustainability-related metric.

Abstract: Devices, systems, methods, and processes for dynamically reducing the size of a video transmission are described herein. An energy-saving video transmission device can include a controller, a memory, a communication port coupled with at least a second device, and a virtual meeting logic configured to establish a virtual meeting with a video transmission. The video transmission is transmitted to at least the second device. The virtual meeting logic can determine a virtual meeting configuration and collect sustainability attributes data. Based on the collected data, an energy-saving video transmission rate can be selected. Often, this can indicate how often to capture and transmit keyframes of the video transmission instead of the entire video transmission. Finally, based on the energy-saving video transmission rate, a reduced size video transmission can be transmitted over a network.

Abstract: Techniques for identifying nodes in a data center fabric that are affected by a failure in the fabric, and selectively sending disaggregation advertisements to the nodes affected by the failure. The techniques include a process where a component monitors the network fabric to identify communication paths between leaf nodes, and determines what leaf nodes would be affected by a failure in those communication paths. The component may detect a failure in the network and determine which communication paths, and thus which leaf nodes, are affected by the failure and send disaggregation advertisements to the affected leaf nodes. In some examples, ingress leaf nodes send data through the fabric that indicate egress nodes for the communication paths. Intermediate nodes along may receive the data from the leaf nodes to identify communication paths, and the notify only affected nodes upon detecting a failure in the network.

Abstract: In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.

Abstract: Aspects of the disclosure are directed to metadata updating. In accordance with one aspect, an apparatus includes an external memory unit configured for storing an original descriptor tag; a descriptor loading block coupled to the external memory, the descriptor loading block configured to fetch the original descriptor tag from the external memory for storage in an internal cache memory and further configured to compare the original descriptor tag stored in the internal cache memory to each of a plurality of original base values; and a remap table database coupled to the descriptor loading block, the remap table database configured to store the plurality of original base values, a plurality of updated base values and a plurality of updated miscellaneous base values.

Abstract: Provided herein are techniques to facilitate enhanced cloud access security broker (CASB) functionality via in-band application observability in which a CASB can be implemented in-line between the client device and an embedded application security service. In one instance, a method may include, obtaining, by a CASB from a client device, a first message for an application transaction involving an application operating via the client device. The first message can be augmented to include first security metadata and can be forwarded to trigger one or more actions by an embedded application security service associated with the application. The CASB may obtain a second message from the embedded application security service that includes second security metadata, and one or more actions can be triggered at the CASB based, at least in part, on the second security metadata included in the second message.

Abstract: A network controller deploys a first component and a second component to run concurrently on a network device. The second component is an upgraded version of the first component. The first component receives a first instance of a packet routed to the network device and has a timestamp and a first ID, and the second component receives a second instance of the packet routed to the network device and has the timestamp and a second ID. The network controller receives first functionality data for the first component and second functionality data for the second component from the network device. Based on the first functionality data and the second functionality data, the network controller determines whether to continue operating the first component or the second component on the network device.

Abstract: Aspects presented herein relate to methods and devices for graphics processing including an apparatus, e.g., a GPU. The apparatus may receive a set of draw call instructions corresponding to a graphics workload, where the set of draw call instructions is associated with at least one run-time parameter. The apparatus may also obtain a first shader program associated with storing data in a system memory and at least one second shader program associated with storing data in a constant memory. Further, the apparatus may execute the first shader program or the at least one second shader program based on whether the at least one run-time parameter is less than or equal to a size of the constant memory. The apparatus may also update or maintain a configuration of a shader processor or a streaming processor based on executing the first shader program or the at least one second shader program.

Abstract: In one embodiment, a method comprises: receiving, by a process, an executed function flow of a daisy chained serverless function-as-a-service (FaaS) function, the executed function flow having been injected with a particular trace identifier in response to an initial event trigger and span identifiers having been injected by each service that was executed; generating, by the process, a serverless flow graph associated with the particular trace identifier based on linking a path of serverless functions according to correlation of the span identifiers between the serverless functions; performing, by the process, a trace-based analysis of the serverless flow graph through comparison to a baseline of expectation; detecting, by the process, one or more anomalies in the serverless flow graph according to the trace-based analysis; and mitigating, by the process, the one or more anomalies in the serverless flow graph.

Abstract: This disclosure provides systems, devices, apparatus, and methods, including computer programs encoded on storage media, for fast incremental shared constants. In aspects, a CPU may determine/update shared constant data for a first draw call of a plurality of draw calls. The shared constant data, which may correspond to at least one shader, may be updated based on a draw call update for the first draw call. The CPU may communicate the updated shared constant data for the first draw call to a GPU. The GPU may receive, in at least one register, the updated shared constant data from the CPU and configure the at least one register based on the updated shared constant data corresponding to the draw call update of the first draw call of the plurality of draw calls.