Abstract: In one embodiment, a device in a network identifies a set of network entities. The device determines characteristics of the network entities. The device assigns each of the set of network entities to one or more hyperedges of a hypergraph based on the characteristics. The device applies a security policy to a particular one of the network entities based on the one or more hyperedges of the hypergraph to which the particular network entity is assigned.

Abstract: Systems and methods are disclosed for anticipating a video switch to accommodate a new speaker in a video conference comprising a real time video stream captured by a camera local to a first videoconference endpoint is analyzed according to at least one speaker anticipation model. The speaker anticipation model predicts that a new speaker is about to speak. Video of the anticipated new speaker is sent to the conferencing server in response to a request for the video on the anticipated new speaker from the conferencing server. Video of the anticipated new speaker is distributed to at least a second videoconference endpoint.

Abstract: In one embodiment, a device in a network identifies a set of network entities. The device determines characteristics of the network entities. The device assigns each of the set of network entities to one or more hyperedges of a hypergraph based on the characteristics. The device applies a security policy to a particular one of the network entities based on the one or more hyperedges of the hypergraph to which the particular network entity is assigned.

Abstract: A first party, such as a residential subscriber to an Internet Service Provider (ISP), logically partitions its computing resources into an end user partition and a crowd sourced cloud partition. The first party installs a crowd sourced cloud application in each cloud partition. Together, a cloud provider computing system and each cloud application orchestrate cloud services over a communications network, such as the Internet. For each crowd sourced cloud application, orchestration involves registering cloud services with the cloud provider, provisioning each registered cloud service that is requested by the cloud provider, and operating each provisioned service. For the cloud provider, orchestration involves publishing each registered service as available to crowd sourced cloud users, receiving requests for cloud services from a crowd sourced cloud user, and requesting, from a crowd sourced cloud application, a registered service responsive to the request for cloud services.

Abstract: A crowd-sourced cloud environment allows for, and benefits from, modes of interaction between among the service providers (including the “resource providers” and the “cloud provider”) and consumers (also referred to herein as “tenants”) that are not practiced in a DC-centric cloud environment—specifically, the use of Internet-based social networking technology and Internet-based online marketplace technology to facilitate resource pooling and interaction between crowd-sourced cloud resource providers, the cloud provider, and crowd-sourced cloud consumers.

Abstract: Resource provider specifications, characterizing computing resources of computing resource providers, are received. The reachability of each IP address included in the received specification is determined. An agent is deployed that is operable to determine the value of each of a set of metrics in the environment of the host at which the agent is deployed. The agent determines the value of each metric of the set of metrics in the environment of the relevant host, and communicates the determined values to one or more computing devices that validate whether the resources characterized by the communicated values are sufficient to provide the performance characterized by the received specification and that each ISP router complies with a predetermined policy. For each computing resource provider validated and determined to comprise an ISP router compliant with policy, the specified computing resources are added to a pool of resources for cloud computing.

Abstract: Disclosed are systems, methods, and computer-readable storage media for fog enabled telemetry in real time multimedia applications. An edge computing device can receive first sensor data from at least a first sensor and a collaboration data stream from a first client device. The collaboration data stream can including at least one of chat, audio or video data. The edge computing device can convert the first sensor data into a collaboration data stream format, yielding a first converted sensor data, and then embed the first converted sensor data into the collaboration data stream, yielding an embedded collaboration data stream. The edge computing device can then transmit the embedded collaboration data stream to an intended recipient.

Abstract: In one embodiment, a device in a network monitors a plurality of traffic flows in the network. The device extracts a plurality of features from the monitored plurality of traffic flows. The device generates a context model by using deep learning and reinforcement learning on the plurality of features extracted from the monitored traffic flows. The device applies the context model to a particular traffic flow associated with a client, to determine a context for the particular traffic flow. The device personalizes data sent to the client from a remote source based on the determined context.

Abstract: A method provided in a network including edge devices to collect data from data producers connected to the edge devices and to communicate with cloud-based prosumers connected with the edge devices. Data analytics tasks are identified. The data analytics tasks are used to process data collected from a data producer among the data producers to produce a result for consumption by one or more of the cloud-based prosumers. For each data analytics task it is determined whether a computational complexity of the data analytics task is less than or equal to a predetermined computational complexity. Each data analytics task determined to have a computational complexity less than or equal to the predetermined computational complexity is assigned to an edge device among the edge devices. Each data analytics task determined to have a computational complexity that exceeds the predetermined computational complexity is assigned to a prosumer among the prosumers.

Abstract: A client receives map objects that define respective physical objects of a floor plan of a building, including a floor plan outer boundary, one or more rooms, and connected pathways traversable by a person. The client renders, in scalable vector graphic form, the map objects into a map of the floor plan that depicts the respective physical objects, including the one or more rooms, the connected pathways, and the outer boundary. The client displays the map. The client receives an update message that defines a change to the floor plan with respect to a map object identified in the update message, and renders the change with respect to the identified map object into the map to depict the change on the map without rendering any other ones of the map objects that were previously rendered into the map. The client displays the map with the change depicted on the map.

Abstract: An example method for zero touch deployment of multi-tenant services in a home network environment is provided and includes receiving router configuration information of a home router located in a home network, the router configuration information including at least one slice setting for a service deployment at the home router, and configuring the slice setting on the home router for the service from a remote network separate from the home network. The slice setting can logically divide the home router to enable separation of the service from other services provisioned and configured on the home router. In specific embodiments, the method further includes receiving a request for the service from a service user entity, sending a slice provisioning request to a router manager for provisioning the service in the home router, and receiving a slice provisioned response comprising the router configuration information from the router manager.

Abstract: In one embodiment, a device and a services provisioning system establish an over-the-air connection with each other, and perform device posture validation to obtain a unique identification (ID) of the device at the provisioning system. The device and provisioning system then participate in device and user authentication in response to a confirmed unique ID by a backend access control system, where the device generates a secure key pair after successful user authentication. In response to the device being approved for services (e.g., checked by the provisioning system via a registration system), the provisioning system provides a root certificate to the device, and the device sends a certificate enrollment request back to the provisioning system. In response to a certificate authority signing the certificate request, the provisioning system returns a valid certificate to the device, and the valid certificate is installed on the device.

Abstract: The present disclosure describes methods and systems for providing and enforcing scalable federated policies for network-provided flow-based performance metrics. Due to different security concerns related to different domains, varying group policies can be applied to different domains to ensure proper sharing and receipt of flow-based performance metrics. Some policies can limit the type of performance metric being shared among the nodes in the domain. Some policies allow less information to be exposed by specifying aggregated performance metrics to be shared among the nodes in the domain. A group key management infrastructure can be provided to enforce these group policies in the network in a scalable manner.

Abstract: Techniques are presented herein for enabling performance monitoring of flows within a management and provisioning tunnel used for communicating packets between a wireless controller and wireless access point devices. A wireless controller that is configured to communicate with at least one wireless access point obtains a packet to be sent to the wireless access point for wireless transmission in a wireless network by the wireless access point. The wireless controller identifies, based on the packet, traffic session flow information associated with the packet. The wireless controller encapsulates the packet with a tunneling header that comprises the traffic session flow information and sends the encapsulated packet to the wireless access point. The tunneling header may also comprise an application identifier (ID) associated with the packet.

Abstract: Techniques are provided for obtaining header information from a packet configured for real-time communications transport over a network. The header information is used to monitor network performance of one or more secure portions of the network. The packet is encrypted using a security protocol and encapsulated using a transport protocol to produce a transport packet for transmission over the network. The transport packet header information is inserted into the transport packet prior to transmission over the network. The header information is used by a downstream network device or network analyzer to determine performance metrics for the network without decrypting the encrypted packet.

Abstract: In one embodiment, a device and a services provisioning system establish an over-the-air connection with each other, and perform device posture validation to obtain a unique identification (ID) of the device at the provisioning system. The device and provisioning system then participate in device and user authentication in response to a confirmed unique ID by a backend access control system, where the device generates a secure key pair after successful user authentication. In response to the device being approved for services (e.g., checked by the provisioning system via a registration system), the provisioning system provides a root certificate to the device, and the device sends a certificate enrollment request back to the provisioning system. In response to a certificate authority signing the certificate request, the provisioning system returns a valid certificate to the device, and the valid certificate is installed on the device.

Abstract: The present disclosure describes methods and systems for providing and enforcing scalable federated policies for network-provided flow-based performance metrics. Due to different security concerns related to different domains, varying group policies can be applied to different domains to ensure proper sharing and receipt of flow-based performance metrics. Some policies can limit the type of performance metric being shared among the nodes in the domain. Some policies allow less information to be exposed by specifying aggregated performance metrics to be shared among the nodes in the domain. A group key management infrastructure can be provided to enforce these group policies in the network in a scalable manner.

Abstract: The present disclosure describes a technique for performing performance monitoring of service chains. Variations on performance monitoring can include: passive monitoring, active monitoring, or hybrid monitoring. To provide performance monitoring, the Network Service Header (NSH) is modified to include telemetry information usable for monitoring the performance of a particular traffic flow being transported over a service path.

Abstract: A first party, such as a residential subscriber to an Internet Service Provider (ISP), logically partitions its computing resources into an end user partition and a crowd sourced cloud partition. The first party installs a crowd sourced cloud application in each cloud partition. Together, a cloud provider computing system and each cloud application orchestrate cloud services over a communications network, such as the Internet. For each crowd sourced cloud application, orchestration involves registering cloud services with the cloud provider, provisioning each registered cloud service that is requested by the cloud provider, and operating each provisioned service. For the cloud provider, orchestration involves publishing each registered service as available to crowd sourced cloud users, receiving requests for cloud services from a crowd sourced cloud user, and requesting, from a crowd sourced cloud application, a registered service responsive to the request for cloud services.

Abstract: In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile.