Abstract: In various embodiments described herein, a method of dynamic software distribution and synchronization, includes identifying a software state change of a network device, generating a secure manifest configured for the network device, selecting a distribution strategy, propagating the secure manifest and one or more software objects, and receiving a synchronization report.

Abstract: In some embodiments described herein, methods for dynamically joining a cloud-managed network fabric can include various steps querying at least one adjacent switch, authenticating with a fabric switch, exchanging network proximity data, obtaining an agent session token from a cloud controller, and establishing a secure connection with the cloud controller.

Abstract: In some embodiments, a device, includes a processor, and a memory communicatively coupled to the processor, wherein the memory includes a material target state programming logic. The logic is configured to receive a material target state, initiate a programming sequence associated with the material target state, execute individual configuration operations, receive a programming outcome report, compile a programming status report, and transmit the programming status report.

Abstract: In some embodiments, a method of adaptively synchronizing state data, includes updating an in-memory data with at least one current state change, receiving a data subscription request, registering, the data subscription request upon a determination that the data subscription request is valid, identifying one or more data objects associated with the subscription request, retrieving the current version of the one or more data objects, and transmitting the one or more data objects.

Abstract: Devices, networks, systems, methods, and processes for dynamically proxying traffic between interconnects of devices in a fabric are described herein. A communication network may include multiple switches, including gateway switches and non-gateway switches. Each switch can run a proxy agent for each port of the switch and for each link on each port. The switch may proxy data traffic within the communication network by utilizing the proxy agent. A non-gateway switch can send a connection request to a gateway switch to connect to an external cloud controller. The gateway switch may proxy the connection request to the external cloud controller and receive a session cookie. The non-gateway switch can establish a logical connection with the external cloud controller based on the session cookie.

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

Abstract: In general, embodiments of the invention relate managing the interaction of applications with one or more file systems and/or data managed by the file systems. More specifically, embodiments of the invention relate to providing applications with access to an overlay file system (OFS) and then servicing OFS operations using a file system module and one or more underlay file systems (UFSes) that are not directly accessible to the applications.

Abstract: A method and system for deploying applications. The method includes deploying an application image of an application to a computing device, where the application is accessible using a first uniform resource locator (URL). The method also includes sending an application creation message to an authoritative domain name system (DNS) server to create a record mapping the first URL to a second URL. The first URL is in a first domain and the second URL is in a second domain. The method further includes providing, to the computing device, a digital certificate associated with the application. The method further includes generating certificate data using the digital certificate and sending, to a remote application server, the second URL and certificate data. A client software module may establish a connection to the application on the computing device using the second URL and the certificate data.

Abstract: A method for logging events of computing devices. The method includes receiving, by a management service, a log event message from a computing device. The log event message includes a log event associated fingerprint. The method further includes reconstructing, by the management service, an object corresponding to the log event associated fingerprint and reconstructing, by the management service, at least one parent object of the object corresponding to the log event associated fingerprint. The method also includes gathering, by the management service, configuration information from the object corresponding to the log event associated fingerprint, and from the at least one parent object.

Abstract: A method and system for verifying integrity of computing devices. The method includes providing a first integrity associated with a server executing on a computing device to a management service, and receiving, in response to providing the first integrity measurement, a first mutual attestation value from the management service. The method further includes providing a second integrity associated with a network adaptor executing on a computing device to a management service, and receiving, in response to providing the second integrity measurement, a second mutual attestation value from the management service. The method further includes performing a mutual attestation between the server and the network adaptor using the first mutual attestation value and the second mutual attestation value, and notifying the management service that the mutual attestation has been successfully completed.

Abstract: A method and system for configuring computing devices. The method includes receiving, by a computing device, a first cache list object from a management service. The method also includes comparing the first cache list object to a second cache list object on the computing device, and based on the comparing, identifying a first object fingerprint that is present in the first cache list object and that is not present in the second cache list object. The method further includes obtaining, from a location that is external to the computing device, a first object corresponding to the first object fingerprint; and updating a configuration of the computing device using the first object.

Abstract: A method and system for authenticating applications. The method includes receiving, by a service virtual machine (SVM), a secret from a management service. The SVM is executing on a computing device. The method also includes providing, by the SVM, the secret to an application executing on an application virtual machine (AVM). The AVM is executing on the computing device. The method further includes providing, by the application, the secret to a remote application server in order for the remote application server to authenticate the application.

Abstract: A method and system for key management. The method includes receiving, by a control domain on a server, a request for a tenant key, and obtaining an authorization secret from a management service, where the management service is external to the server. The method further includes, in response to the request, decrypting, after obtaining the authorization secret, an encrypted platform master key to obtain a platform master key, decrypting an encrypted tenant key to obtain the tenant key using the platform master key, and providing the tenant key to an entity that issued the request.

Abstract: In general, embodiments of the invention relate to a method and system for managing network access for applications. More specifically, embodiments of the invention provide mock Internet Protocol (IP) addresses to the applications, where the applications may use the mock IP addresses to communicate with other systems (e.g., other computing devices, the management service, or any other system that is accessible via the network). Each mock IP address may be associated with one or more policies, where the policies dictate how packets that includes the mock IP address are processed. In one or more embodiments of the invention, the mock IP addresses may be used to maintain a class of service (CoS) between applications executing on the computing devices and an application service provider (ASP).

Abstract: In general, embodiments of the invention relate to a method and system for managing network access for applications. More specifically, embodiments of the invention provide mock Internet Protocol (IP) addresses to the applications, where the applications may use the mock IP address to communicate with other systems. Each mock IP address may be associated with one or more policies, where the policies dictate how packets that include the mock IP address is processed.