Abstract: The present disclosure is directed to systems and methods for clientless virtual private network (VPN) roaming with 802.1x authentication and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more components to perform operations including, receiving, at a local proxy, an 802.1x communication including authentication information from a remote device wirelessly connected to a visited network, wherein the remote device requests access to an enterprise network; authenticating the remote device with the enterprise network using the authentication information; establishing an encrypted tunnel between the visited network and the enterprise network; and transmitting data between the remote device and the enterprise network through the encrypted tunnel.

Abstract: A device for controlling an automated driving operation of a vehicle may have at least two brake systems, at least two steering systems, an engine controller, a first automated drive controller, a second automated drive controller, a surroundings sensor assembly, and inertial sensors. A third automated drive controller at least controls the vehicle into a standstill. The device is configured such that the automated driving operation is initiated and/or maintained only when the brake systems, steering systems, and at least two of the automated drive controllers are functional and such that the automated driving operation is interrupted if only one of the automated drive controllers is functional and/or if one of the brake systems and/or steering systems is not functional and/or if the engine controller is not functional, in which case the still functional automated drive controller assumes control of the vehicle and guides the vehicle into a standstill.

Abstract: Hip tethering devices comprise a femoral implant including a housing that anchors the femoral implant to the femur, at least one spring, and a slider, such that the slider can move relative to the housing via compression and expansion of the at least one spring. A tether has a first end that anchors to the acetabulum, the tether passes through the femoral head, and a second end couples to the slider of the femoral implant, such that the tether spans across the patient's hip joint and relative motion between the slider and the housing allows a limited degree of separation of the femoral head from the acetabulum, while the at least one spring applies a variable tension load to the tether that resists separation of the femoral head from the acetabulum.

Abstract: The present disclosure is directed to systems and methods for clientless virtual private network (VPN) roaming with 802.1x authentication and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more components to perform operations including, receiving, at a local proxy, an 802.1x communication including authentication information from a remote device wirelessly connected to a visited network, wherein the remote device requests access to an enterprise network; authenticating the remote device with the enterprise network using the authentication information; establishing an encrypted tunnel between the visited network and the enterprise network; and transmitting data between the remote device and the enterprise network through the encrypted tunnel.

Abstract: The present disclosure involves systems and methods for (a) model distributed applications for multi-cloud deployments, (b) derive, by way of policy, executable orchestrator descriptors, (c) model underlying (cloud) services (private, public, server-less and virtual-private) as distributed applications themselves, (d) dynamically create such cloud services if these are unavailable for the distributed application, (e) manage those resources equivalent to the way distributed applications are managed; and (f) present how these techniques are stackable. As applications may be built on top of cloud services, which themselves can be built on top of other cloud services (e.g., virtual private clouds on public cloud, etc.) even cloud services themselves may be considered applications in their own right, thus supporting putting cloud services on top of other cloud services.

Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.

Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.

Abstract: A baseboard management controller (BMC) can physically partition the computing resources of a physical host into different resource groups for concurrently running a different operating system per resource group. The BMC can allocate a first processor of the host to a first resource group and a second processor of the host to a second resource group. The BMC can separate the memory of the host into a first memory range for the first processor and a second memory range for the second processor, and the BMC can limit access to the first memory range to the first processor and limit access to the second memory range to the second processor. The BMC can also distribute physical or virtual peripheral devices of the host between the first processor and the second processor.

Abstract: A baseboard management controller (BMC) can physically partition the computing resources of a physical host into different resource groups for concurrently running a different operating system per resource group. The BMC can allocate a first processor of the host to a first resource group and a second processor of the host to a second resource group. The BMC can separate the memory of the host into a first memory range for the first processor and a second memory range for the second processor, and the BMC can limit access to the first memory range to the first processor and limit access to the second memory range to the second processor. The BMC can also distribute physical or virtual peripheral devices of the host between the first processor and the second processor.

Abstract: The present disclosure involves systems and methods for compiling abstract application and associated service models into deployable descriptors under control of a series of policies, maintaining and enforcing dependencies between policies and applications/services, and deploying policies as regularly managed policy applications themselves. In particular, an orchestration system includes one or more policy applications that are executed to apply policies to a deployable application or service in a computing environment. In general, the orchestration system operates to create one or more solution models for execution of an application on one or more computing environments (such as one or more cloud computing environments) based on a received request for deployment.

Abstract: The present disclosure involves systems and methods for compiling abstract application and associated service models into deployable descriptors under control of a series of policies, maintaining and enforcing dependencies between policies and applications/services, and deploying policies as regularly managed policy applications themselves. In particular, an orchestration system includes one or more policy applications that are executed to apply policies to a deployable application or service in a computing environment. In general, the orchestration system operates to create one or more solution models for execution of an application on one or more computing environments (such as one or more cloud computing environments) based on a received request for deployment.

Abstract: The present disclosure involves systems and methods for (a) model distributed applications for multi-cloud deployments, (b) derive, by way of policy, executable orchestrator descriptors, (c) model underlying (cloud) services (private, public, server-less and virtual-private) as distributed applications themselves, (d) dynamically create such cloud services if these are unavailable for the distributed application, (e) manage those resources equivalent to the way distributed applications are managed; and (f) present how these techniques are stackable. As applications may be built on top of cloud services, which themselves can be built on top of other cloud services (e.g., virtual private clouds on public cloud, etc.) even cloud services themselves may be considered applications in their own right, thus supporting putting cloud services on top of other cloud services.

Abstract: A baseboard management controller (BMC) can physically partition the computing resources of a physical host into different resource groups for concurrently running a different operating system per resource group. The BMC can allocate a first processor of the host to a first resource group and a second processor of the host to a second resource group. The BMC can separate the memory of the host into a first memory range for the first processor and a second memory range for the second processor, and the BMC can limit access to the first memory range to the first processor and limit access to the second memory range to the second processor. The BMC can also distribute physical or virtual peripheral devices of the host between the first processor and the second processor.

Abstract: In one embodiment, a method comprises identifying, by an orchestrator executed by a physical machine, a plurality of virtualized network functions required for implementation of a virtualized network service for a customer, each virtualized network function having a corresponding and distinct virtualized container specifying attributes for defining execution of the corresponding virtualized network function within one or more physical machines; and setting by the orchestrator an interdependency indicator within each virtualized container based on association with the virtualized network service, enabling identification of each of the virtualized network functions as interdependent for coordinated execution of the virtualized network service.

Abstract: In one embodiment, a method includes receiving a packet associated with a flow at a network device, classifying the packet at the network device based on information received from a policy layer, inserting a Network Address Translation (NAT) indicator for the flow into the packet, and transmitting the packet in a service chain comprising network address translation. The NAT indicator is associated with the flows before and after network address translation to provide symmetry between the service chain and a return traffic service chain. An apparatus and logic are also disclosed herein.

Abstract: A method is disclosed for routing packets in an intermediate node between a mobile node and a correspondent node in a packet-switched network, only one of said nodes being macro-mobility enabled, comprising at the intermediate node: —exchanging lower-layer-address-update-related messages with said macro-mobility enabled node; —mapping source address, destination address and potentially protocol parameters of lower-layer packets exchanged between the mobile node and the correspondent node in such a way that the macro-mobility enabled node can communicate with the other node as if the other node is also macro-mobility enabled, and such that the other node can communicate with the intermediate node as if the intermediate node is a non-macro-mobility-enabled node. Also associated devices, update methods for devices, and servers are disclosed.

Abstract: The present invention provides a method for implementation in a first mobile unit that supports an air interface with a network element. The method includes determining, while the first mobile unit is participating in a call, that at least one channel associated with the air interface is unable to support voice transmission. The method also includes rendering a first user-detectable signal in response to determining that said at least one channel is unable to support voice transmission.

Abstract: The invention pertains to a method for providing access to a mobile communication network comprising at least one base transceiver station, wherein the communication network is being visited by a piece of user equipment having a home operator in a home network. The method comprises at the base transceiver station: receiving a channel request from said user equipment, creating a virtual machine associated with said home operator of said user equipment, establishing a channel using said virtual machine, and allocating channel resources of said at least one base station to accommodate said channel. The invention also pertains to a base station system to carry out the method of the invention.

Abstract: The present invention provides a method of route optimization. The method may include obtaining a packet associated with a first address associated, by a home agent, with a first mobile unit and routing the packet to a second address associated with a second mobile unit along a forward link of a communication path that bypasses the home agent.

Abstract: In one embodiment, a method includes receiving a packet associated with a flow at a network device, classifying the packet at the network device based on information received from a policy layer, inserting a Network Address Translation (NAT) indicator for the flow into the packet, and transmitting the packet in a service chain comprising network address translation. The NAT indicator is associated with the flows before and after network address translation to provide symmetry between the service chain and a return traffic service chain. An apparatus and logic are also disclosed herein.