Abstract: Devices, systems, methods, and processes for determining enforcement readiness in a workload protection solution are described herein. Often, a user may desire to initiate enforcement on a network, but may not know if the various workloads, agents, or other components of the workload protection solution are in a condition to begin enforcement. As a result, embodiments described herein can generate an enforcement validation status or overall enforcement readiness determination by evaluating a plurality of different configurations, attributes, or other settings associated with any desired workloads subject to the policy to be enforced. Upon evaluation, a notification can be generated to the user in the form of a graphical user interface or other similar output device that is configured to show any determined error or issue preventing enforcement readiness. As a result, these can be addressed by a user until enforcement can be activated, easing the overall enforcement process.

Abstract: Devices, systems, methods, and processes for facilitating a first-time user experience for a workload protection solution are described herein. This can be done through a segmentation setup assistant that can be configured to gather data related to a network and generate one or more prompts for a user to input data related to the network. This data can be associated with a network's organization, infrastructure, environment, and the like. For example, providing various internet protocol addresses and subnets related to different network devices, data centers, and applications can be utilized to generate an automated hierarchy and/or suggestions on how to properly segment and setup a network for workload protection. In this way, a user may be able to configure the system via the setup assistant and thus be more apt to correctly setup a network with a workload protection solution and provide a more optimal security outcome.

Abstract: This disclosure provides solutions for automatically grouping network devices (e.g., endpoints) into clusters based on device characteristics. In some aspects, the disclosed technology also provides solutions for generating user selectable queries based on cluster characteristics. A process of the disclosed technology can include steps for identifying one or more device characteristics associated with a first network device, identifying one or more cluster characteristics for each of a first cluster and a second cluster, and comparing the device characteristics associated with the first network device with the one or more cluster characteristics for the first cluster and the second cluster. The process can further include steps for adding the first network device to the first cluster based on the cluster characteristics for the first cluster and the device characteristics for the first network device. Systems and machine-readable media are also provided.

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for discovering policy scopes within an enterprise network and managing network policies for discovered policy scopes. In one aspect, a method includes identifying one or more communities of devices in an enterprise network; defining, from the one or more communities of devices, policy scopes in the enterprise network; generating a hierarchical representation of the policy scopes; identifying, based on the hierarchical representation of the policy scopes, one or more policies governing traffic flow between devices associated with each of the policy scopes; and managing application of the one or more policies at the devices.

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for discovering policy scopes within an enterprise network and managing network policies for discovered policy scopes. In one aspect, a method includes identifying one or more communities of devices in an enterprise network; defining, from the one or more communities of devices, policy scopes in the enterprise network; generating a hierarchical representation of the policy scopes; identifying, based on the hierarchical representation of the policy scopes, one or more policies governing traffic flow between devices associated with each of the policy scopes; and managing application of the one or more policies at the devices.

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

Abstract: Determining top venues from aggregated user activity location data is disclosed, including: receiving a set of location data associated with user activities; determining a plurality of stop events using the set of location data associated with the user activities; and selecting a plurality of top venues based at least in part on the plurality of stop events. Furthermore, top venues associated with user activities can be used to detect group activities and/or tour activities.

Abstract: Determining top venues from aggregated user activity location data is disclosed, including: receiving a set of location data associated with user activities; determining a plurality of stop events using the set of location data associated with the user activities; and selecting a plurality of top venues based at least in part on the plurality of stop events. Furthermore, top venues associated with user activities can be used to detect group activities and/or tour activities.

Abstract: The disclosed technology relates to intent driven network management. A system is configured to maintain an inventory store comprising records for a set of network entities in a network, wherein each network entity in the set of network entities is associated with a record in the inventory store. The system receives a user intent statement comprising an action and a flow filter representing network data flows on which the action is to be applied and queries, based on the flow filter, the inventory store to identify a plurality of network entities in the set of network entities to which the user intent statement applies. The system generates a plurality of network policies that implement the user intent statement based on the plurality of network entities and the action and enforces the plurality network policies.

Abstract: One embodiment of an invention which computes a location based alignment of two tracks over a set route. Once aligned, a comparison of performance statistics is made at each position along the track. Time and distance gap information is also computed at each position. The results are then displayed in a plot (17) so one can see where different performance statistics changed, including time gap information (19). The data is also linked to a map (8) so one can visualize the locations more clearly. It is also possible to compare multiple tracks (25) to one reference track (23) for greater insight.

Abstract: Determining top venues from aggregated user activity location data is disclosed, including: receiving a set of location data associated with user activities; determining a plurality of stop events using the set of location data associated with the user activities; and selecting a plurality of top venues based at least in part on the plurality of stop events. Furthermore, top venues associated with user activities can be used to detect group activities and/or tour activities.

Abstract: One embodiment of an invention which computes a location based alignment of two tracks over a set route. Once aligned, a comparison of performance statistics is made at each position along the track. Time and distance gap information is also computed at each position. The results are then displayed in a plot (17) so one can see where different performance statistics changed, including time gap information (19). The data is also linked to a map (8) so one can visualize the locations more clearly. It is also possible to compare multiple tracks (25) to one reference track (23) for greater insight.

Abstract: A heat exchanger comprises at least one tube or plate pair defining a fluid flow passage which is reduced in height across a portion of its width. A turbulizer comprising a plurality of rows of convolutions is received inside the fluid flow passage in either the low pressure drop or high pressure drop orientation. The turbulizer includes convolutions of reduced height in order to at least partially fill the reduced-height portions of the fluid flow passage and thereby reduce bypass flow. In some preferred embodiments of the invention, heat exchanger tubes or plate pairs define fluid flow passages which are reduced in height along their edges, and the turbulizer is similarly reduced in height along its edges.