Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be accessed from a cryptographic service. The private session key can be communicated from the user space software to a network communication device. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can be configured to generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive, by the network communication device from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be accessed from a cryptographic service. The private session key can be communicated from the user space software to a network communication device. Outbound session backets can be communicated from the user space software to the network communication device. The network communication device can be configured to generate encrypted outbound session packets by encrypting the outbound session packets using the private session key; communicate to the client device, via the secured communication tunnel, the encrypted outbound session packets; receive from the client device, via the secured communication tunnel, inbound session packets; generate decrypted inbound session packets by decrypting the inbound session packets using the private session key; and communicate the decrypted inbound session packets.

Abstract: A network communication device can receive a private session key from a data processing system. A first work queue element can be received in a send queue of the network communication device. The first work queue element can indicate outbound session data to be communicated to a client device. Responsive to receiving the first work queue element, the network communication device can generate encrypted outbound session data by encrypting the outbound session data using the private session key. The network communication device can communicate, via remote directory memory access (RDMA) over a secured communication tunnel, the encrypted outbound session data to the client device.

Abstract: A protocol stack can be offloaded to a network communication device. A private session key can be communicated from the user space software to a network communication device via an application programming interface. Outbound session packets can be communicated from the user space software to the network communication device. The network communication device can be configured to process headers in the outbound session packets, generate encrypted outbound session packets by encrypting the outbound session packets using the private session key, and communicate to a client device via the secured communication tunnel, the encrypted outbound session packets.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: A secure communication tunnel between user space software and a client device can be established. A private session key can be communicated from the user space software to a network communication device in at least one User Datagram Protocol datagram. Outbound session backets can be communicated from the user space software to the network communication device.

Abstract: A method of synchronizing network configuration in a multi-tenant network includes receiving a request to change a status of the multi-tenant network to a desired network configuration, validating the desired network configuration against a first network configuration, determining one or more configuration managers the first request to change impacts, attaching a tenant identifier to the first request to change, storing the first requested change in a data repository, sending a notification to each of the one or more configuration managers the first request to change impacts, querying the data repository for all requested changes stored in the data repository having a configuration manager identifier that corresponds to the first of the one or more configuration managers the requested change impacts, de-multiplexing all the requested changes by tenant identifier, and applying the desired configuration to at least one network device.

Abstract: A method of synchronizing network configuration in a multi-tenant network includes receiving a request to change a status of the multi-tenant network to a desired network configuration, validating the desired network configuration against a first network configuration, determining one or more configuration managers the first request to change impacts, attaching a tenant identifier to the first request to change, storing the first requested change in a data repository, sending a notification to each of the one or more configuration managers the first request to change impacts, querying the data repository for all requested changes stored in the data repository having a configuration manager identifier that corresponds to the first of the one or more configuration managers the requested change impacts, de-multiplexing all the requested changes by tenant identifier, and applying the desired configuration to at least one network device.

Abstract: A method and a system for managing a network are described. A plurality of agents is deployed in a plurality of devices in the network. A control device in the network controls the network through the plurality of agents. A remote manager, which is external to the network, controls the network through the control device. The remote manager can also control other networks simultaneously through other control devices. Further, a storage registry can maintain records related to the network on either the control device or the remote manager or both. The records maintained in the storage registry can be viewed, queried or modified through a management portal. Authorized users of the network and technical personnel may be given different rights to manage the network, both locally through the control device and from a remote physical location through the remote manager.

Abstract: The invention affords a system and method for establishing one or more virtual backbone tunnels coupled with an existing network infrastructure and dedicated to a particular user for facilitating the transmission of soft bandwidth services across the network.

Abstract: A dynamic activation system which contains an intelligent central data repository which enables service providers to add or alter services and equipment to existing networks by providing a central data store of information which can receive, retrieve, and conform data from one attached operations systems or piece of network equipment for use by all attached operations systems and equipment. The intelligent central data repository provides a directory based storage of global and exchanged local data, determines which systems and equipment require updating, and formats the update or new data for use by each operation system or piece of equipment. The intelligent central data repository can be configured to push or pull data to the operation systems and attached equipment and can analyze the data resident on the attached equipment or operation systems to determine if any data has been altered or added before pushing or pulling data.