Abstract: The present disclosure relates to systems, methods, and computer-readable media for determining instances of parity drift in target cloud computing systems as well as determining when instances of parity drift require addressing. For example, in various implementations, a cloud parity drift detection system compiles information about services, configurations, versions, etc. along with additional data from a reference cloud system into a job package and provides the job package to one or more target cloud computing systems. The cloud parity drift detection system can then utilize the job package to compare corresponding information on the reference cloud system to a target data set of the target cloud system to determine instances of parity drift at the target cloud system. Additionally, the cloud parity drift detection system can determine and act when instances of parity drift require addressing.

Abstract: The present disclosure relates to systems, methods, and computer-readable media for determining instances of parity drift in target cloud computing systems as well as determining when instances of parity drift require addressing. For example, in various implementations, a cloud parity drift detection system compiles information about services, configurations, versions, etc. along with additional data from a reference cloud system into a job package and provides the job package to one or more target cloud computing systems. The cloud parity drift detection system can then utilize the job package to compare corresponding information on the reference cloud system to a target data set of the target cloud system to determine instances of parity drift at the target cloud system. Additionally, the cloud parity drift detection system can determine and act when instances of parity drift require addressing.

Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. An execution service remote from a cloud computing environment being managed implements workflows to manage different aspects of the cloud computing environment, including monitoring, incident management, deployment, and/or buildout. The execution service issues requests to perform management actions for network devices in the cloud computing environment. A device access service in the cloud computing environments receives the requests, and, in response to the requests, the device access service obtains access control data to access the network devices and perform the requested management actions for the network devices.

Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. An execution service remote from a cloud computing environment being managed implements workflows to manage different aspects of the cloud computing environment, including monitoring, incident management, deployment, and/or buildout. The execution service issues requests to perform management actions for network devices in the cloud computing environment. A device access service in the cloud computing environments receives the requests, and, in response to the requests, the device access service obtains access control data to access the network devices and perform the requested management actions for the network devices.

Abstract: Network buildout of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A buildout service is located in a remote cloud computing environment separate from the cloud computing environments at which buildout is being performed. The buildout service implements workflows to manage different aspects of network buildout in the cloud computing environments. The buildout service does not have access to restricted data in the cloud computing environments, including access control data, such that the buildout service cannot directly interact with network devices. The buildout service issues requests for device configuration to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access and configure the network devices.

Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.

Abstract: Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.

Abstract: Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list.

Abstract: Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list.

Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.

Abstract: Software deployment to network devices in cloud computing environments subject to data control policies is provided in a manner that ensures compliance with the data control policies. A deployment service is located in a remote cloud computing environment separate from the cloud computing environments to which software is being deployed. The deployment service does not have access to restricted data in the cloud computing environments, including access control data, such that the deployment service cannot directly interact with network devices. The deployment service issues deployment requests to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access the network devices and issue commands to install the software on the network devices.

Abstract: Network buildout of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A buildout service is located in a remote cloud computing environment separate from the cloud computing environments at which buildout is being performed. The buildout service implements workflows to manage different aspects of network buildout in the cloud computing environments. The buildout service does not have access to restricted data in the cloud computing environments, including access control data, such that the buildout service cannot directly interact with network devices. The buildout service issues requests for device configuration to hardware proxies in the cloud computing environments. In response to the requests, the hardware proxies obtain access control data to access and configure the network devices.

Abstract: Monitoring of cloud computing environments subject to different data control policies is performed in a manner that ensures compliance with the data control policies. A monitoring service is located in a remote cloud computing environment separate from the cloud computing environments being monitored. The monitoring service does not have access to restricted data in the cloud computing environments, including access control data, such that the monitoring service cannot directly interact with network devices. The monitoring service issues requests for monitoring data to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and obtain the requested data, which is returned to the monitoring service.

Abstract: Network management of cloud computing environments subject to different data control policies is standardized in a manner that ensures compliance with the data control policies. Executions services and source of truth services are located in a remote cloud computing environment separate from the cloud computing environments being managed. The execution services implement workflows to manage different aspects of the cloud computing environments, including monitoring, incident management, deployment, and buildout. The source of truth services provide network configuration information for the cloud computing environments to allow automated operation of the execution services. The execution services issue requests for management operations to device access services in the cloud computing environments. In response to the requests, the device access services obtain access control data to access the network devices and perform the management operations.

Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.

Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.

Abstract: A process of tracking the lifecycle of a network cluster. A method readies a device for provisioning in a network cluster to place the device in a provision ready state. The method further provisions the device to place the device in an in provision state and when provisioned places the device in an in validation state. The method validates the provisioning of the device by, in parallel, validating the automatic configuration operation of the device and validating the human configuration operation of the device when the device is in the in validation state. When the device is validated, the method changes the device state to a production ready state.

Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.

Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.

Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.