Abstract: The present disclosure involves systems and methods for (a) model distributed applications for multi-cloud deployments, (b) derive, by way of policy, executable orchestrator descriptors, (c) model underlying (cloud) services (private, public, server-less and virtual-private) as distributed applications themselves, (d) dynamically create such cloud services if these are unavailable for the distributed application, (e) manage those resources equivalent to the way distributed applications are managed; and (f) present how these techniques are stackable. As applications may be built on top of cloud services, which themselves can be built on top of other cloud services (e.g., virtual private clouds on public cloud, etc.) even cloud services themselves may be considered applications in their own right, thus supporting putting cloud services on top of other cloud services.

Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.

Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.

Abstract: A baseboard management controller (BMC) can physically partition the computing resources of a physical host into different resource groups for concurrently running a different operating system per resource group. The BMC can allocate a first processor of the host to a first resource group and a second processor of the host to a second resource group. The BMC can separate the memory of the host into a first memory range for the first processor and a second memory range for the second processor, and the BMC can limit access to the first memory range to the first processor and limit access to the second memory range to the second processor. The BMC can also distribute physical or virtual peripheral devices of the host between the first processor and the second processor.

Abstract: A baseboard management controller (BMC) can physically partition the computing resources of a physical host into different resource groups for concurrently running a different operating system per resource group. The BMC can allocate a first processor of the host to a first resource group and a second processor of the host to a second resource group. The BMC can separate the memory of the host into a first memory range for the first processor and a second memory range for the second processor, and the BMC can limit access to the first memory range to the first processor and limit access to the second memory range to the second processor. The BMC can also distribute physical or virtual peripheral devices of the host between the first processor and the second processor.

Abstract: The present disclosure involves systems and methods for compiling abstract application and associated service models into deployable descriptors under control of a series of policies, maintaining and enforcing dependencies between policies and applications/services, and deploying policies as regularly managed policy applications themselves. In particular, an orchestration system includes one or more policy applications that are executed to apply policies to a deployable application or service in a computing environment. In general, the orchestration system operates to create one or more solution models for execution of an application on one or more computing environments (such as one or more cloud computing environments) based on a received request for deployment.

Abstract: The present disclosure involves systems and methods for (a) model distributed applications for multi-cloud deployments, (b) derive, by way of policy, executable orchestrator descriptors, (c) model underlying (cloud) services (private, public, server-less and virtual-private) as distributed applications themselves, (d) dynamically create such cloud services if these are unavailable for the distributed application, (e) manage those resources equivalent to the way distributed applications are managed; and (f) present how these techniques are stackable. As applications may be built on top of cloud services, which themselves can be built on top of other cloud services (e.g., virtual private clouds on public cloud, etc.) even cloud services themselves may be considered applications in their own right, thus supporting putting cloud services on top of other cloud services.

Abstract: The present disclosure involves systems and methods for compiling abstract application and associated service models into deployable descriptors under control of a series of policies, maintaining and enforcing dependencies between policies and applications/services, and deploying policies as regularly managed policy applications themselves. In particular, an orchestration system includes one or more policy applications that are executed to apply policies to a deployable application or service in a computing environment. In general, the orchestration system operates to create one or more solution models for execution of an application on one or more computing environments (such as one or more cloud computing environments) based on a received request for deployment.

Abstract: A baseboard management controller (BMC) can physically partition the computing resources of a physical host into different resource groups for concurrently running a different operating system per resource group. The BMC can allocate a first processor of the host to a first resource group and a second processor of the host to a second resource group. The BMC can separate the memory of the host into a first memory range for the first processor and a second memory range for the second processor, and the BMC can limit access to the first memory range to the first processor and limit access to the second memory range to the second processor. The BMC can also distribute physical or virtual peripheral devices of the host between the first processor and the second processor.

Abstract: In one embodiment, a method comprises identifying, by an orchestrator executed by a physical machine, a plurality of virtualized network functions required for implementation of a virtualized network service for a customer, each virtualized network function having a corresponding and distinct virtualized container specifying attributes for defining execution of the corresponding virtualized network function within one or more physical machines; and setting by the orchestrator an interdependency indicator within each virtualized container based on association with the virtualized network service, enabling identification of each of the virtualized network functions as interdependent for coordinated execution of the virtualized network service.

Abstract: In one embodiment, a method includes receiving a packet associated with a flow at a network device, classifying the packet at the network device based on information received from a policy layer, inserting a Network Address Translation (NAT) indicator for the flow into the packet, and transmitting the packet in a service chain comprising network address translation. The NAT indicator is associated with the flows before and after network address translation to provide symmetry between the service chain and a return traffic service chain. An apparatus and logic are also disclosed herein.

Abstract: A method is disclosed for routing packets in an intermediate node between a mobile node and a correspondent node in a packet-switched network, only one of said nodes being macro-mobility enabled, comprising at the intermediate node: —exchanging lower-layer-address-update-related messages with said macro-mobility enabled node; —mapping source address, destination address and potentially protocol parameters of lower-layer packets exchanged between the mobile node and the correspondent node in such a way that the macro-mobility enabled node can communicate with the other node as if the other node is also macro-mobility enabled, and such that the other node can communicate with the intermediate node as if the intermediate node is a non-macro-mobility-enabled node. Also associated devices, update methods for devices, and servers are disclosed.

Abstract: The present invention provides a method for implementation in a first mobile unit that supports an air interface with a network element. The method includes determining, while the first mobile unit is participating in a call, that at least one channel associated with the air interface is unable to support voice transmission. The method also includes rendering a first user-detectable signal in response to determining that said at least one channel is unable to support voice transmission.

Abstract: The invention pertains to a method for providing access to a mobile communication network comprising at least one base transceiver station, wherein the communication network is being visited by a piece of user equipment having a home operator in a home network. The method comprises at the base transceiver station: receiving a channel request from said user equipment, creating a virtual machine associated with said home operator of said user equipment, establishing a channel using said virtual machine, and allocating channel resources of said at least one base station to accommodate said channel. The invention also pertains to a base station system to carry out the method of the invention.

Abstract: The present invention provides a method of route optimization. The method may include obtaining a packet associated with a first address associated, by a home agent, with a first mobile unit and routing the packet to a second address associated with a second mobile unit along a forward link of a communication path that bypasses the home agent.

Abstract: In one embodiment, a method includes receiving a packet associated with a flow at a network device, classifying the packet at the network device based on information received from a policy layer, inserting a Network Address Translation (NAT) indicator for the flow into the packet, and transmitting the packet in a service chain comprising network address translation. The NAT indicator is associated with the flows before and after network address translation to provide symmetry between the service chain and a return traffic service chain. An apparatus and logic are also disclosed herein.

Abstract: Methods and systems are provided for securing integrated base stations, such as base station routers (BSRs), in which a SIM card is operatively coupled with a secured portion of a base station and a secure association is established therebetween to facilitate encryption key exchange between the secured portion of the base station and a core network.

Abstract: In one embodiment, a method comprises identifying, by an orchestrator executed by a physical machine, a plurality of virtualized network functions required for implementation of a virtualized network service for a customer, each virtualized network function having a corresponding and distinct virtualized container specifying attributes for defining execution of the corresponding virtualized network function within one or more physical machines; and setting by the orchestrator an interdependency indicator within each virtualized container based on association with the virtualized network service, enabling identification of each of the virtualized network functions as interdependent for coordinated execution of the virtualized network service.

Abstract: The present invention provides improved security in a virtual machine. By extending the capabilities of modern secure processors, privacy of computation is provided from both the owner of the equipment and other users executing on the processor, which is an advantageous feature for rentable, secure computers. In addition to the hardware extensions required to secure a virtualizable computer, an infrastructure for the deployment of such processors is also provided. Furthermore, a signaling flow to establish the various relationships between the owner, user and manufacturer of the equipment is disclosed.

Abstract: The invention includes a method and apparatus for reconfiguring a first base station element to attempt to serve at least a portion of the plurality of wireless terminals served by a second base station element in response to detection of a failure condition at a second base station element that was serving the plurality of wireless terminals prior to the occurrence of the failure condition.