The present technology is directed to providing fault management with dynamic restricted access in a tenant network. The tenant network can be a private 5G cellular network or other wireless communication network. The present technology can identify a fault event within the tenant network based on received telemetry data, associate the fault event with a vendor component included in the tenant network, and generate a vendor fault context. The vendor fault context can be generated to include only the portion of telemetry data that is determined to be related to the fault event or the vendor component. The present technology can further use the vendor fault context to create a time-bound user account for remotely accessing the tenant network for fault triage and management. The time-bound user account can be associated to a static role-based access control (RBAC) scheme configured with access restrictions determined based on the vendor fault context.

Computing devices and method for performing a secure neighbor discovery. A local computing device transmits an encrypted local node identifier and an encrypted local challenge to a remote computing device. The remote computing device generates a local challenge response based on the local challenge; and transmits an encrypted remote node identifier and an encrypted local challenge response to the local computing device. The local computing device determines that the received local challenge response corresponds to an expected local challenge response generated based on the local challenge. The remote computing device further transmits an encrypted remote challenge. The local computing device generates a remote challenge response based on the remote challenge; and transmits an encrypted remote challenge response to the remote computing device. The remote computing device determines that the received remote challenge response corresponds to an expected remote challenge response generated based on the remote challenge.

Systems and methods are provided for implementing a centralized configurator server/service in the cloud that can take the place of conventional mobile devices used for provisioning IoT devices or WiFi clients in a network. In order to provision the IoT devices or WiFi clients, a mobile device or access point (AP) may be used to relay Device Provisioning Protocol (DPP) messages and/or information between the centralized configurator server/service and the IoT devices or WiFi clients.

Systems and methods are provided for implementing a centralized configurator server/service in the cloud that can take the place of conventional mobile devices used for provisioning IoT devices or WiFi clients in a network. In order to provision the IoT devices or WiFi clients, a mobile device or access point (AP) may be used to relay Device Provisioning Protocol (DPP) messages and/or information between the centralized configurator server/service and the IoT devices or WiFi clients.

In one implementation, a computing device includes a secure storage to store a plurality of security elements, a processor, and a storage medium including instructions. The instructions are executable by the processor to: receive a configuration request for a first server, the configuration request including one or more logical references to security settings of the first server; retrieve, from the secure storage, one or more security elements corresponding to the one or more logical references in the configuration request; and configure an operating system volume for the first server based on the configuration request and the one or more security elements.

Systems and methods provided for a sensor certificate lifecycle manager for a network management system of an enterprise network for the automated generation of unique certificates for sensors used to act like a client device in the enterprise network for the purposes of troubleshooting. Furthermore, the network management and command center in association with the sensor certificate lifecycle manager manages a pool of signed unique certificates and have control over the lifecycle of such certificates, such as for revoking, transferring, and reassigning certificates for the sensors.

It is provided a method for configuring a target device. The method comprises the steps of: transmitting a configuration request message to the target device, the configuration request message comprising a configuration request and a request signature, wherein the request signature is based on the configuration request; receiving a configuration response message from the target device, the configuration response message comprising a configuration response and a response signature, wherein the response signature is based on the configuration response and the request signature; verifying the response signature to determine whether the configuration response message is valid, based on the configuration response, the request signature and a public key for the target device; and transmitting a configuration commit message to the target device only when the configuration response message is valid, the configuration commit message comprising a configuration commit indicator and a commit signature.

The present disclosure describes a telemetry redundant measurement avoidance protocol (TRMAP) that solves redundant data collection problems in telemetry systems. The TRMAP can operate in a non-supervised environment and/or in a distributed manner, and does not require a central controller to manage multiple collection agents in one or multiple telemetry systems. The TRMAP can also be an opt-in-based protocol that favors altruistic data sharing and reuse between collection agents. In these ways, the TRMAP provides freedom and collaboration among developers or other entities that desired telemetry data, while allowing non-compliant collection agents to coexist, if possible.

Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with protecting a CPU during a DDOS attack includes monitoring network traffic data from plurality of client devices. Each of the plurality of client devices are classified as a valid device or a potential attacker device based on the monitoring. Next a determination of when CPU utilization of a network traffic manager apparatus is greater than a stored threshold value is made. The CPU utilization of the network traffic manager increases as a number of the plurality of client devices classified as the potential attacker device increases. One or more network actions are performed on the plurality of client devices classified as the potential attacker device to protect the CPU when the determination indicates the CPU utilization is greater than the stored threshold value.

Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with protecting a CPU during a DDOS attack includes monitoring network traffic data from plurality of client devices. Each of the plurality of client devices are classified as a valid device or a potential attacker device based on the monitoring. Next a determination of when CPU utilization of a network traffic manager apparatus is greater than a stored threshold value is made. The CPU utilization of the network traffic manager increases as a number of the plurality of client devices classified as the potential attacker device increases. One or more network actions are performed on the plurality of client devices classified as the potential attacker device to protect the CPU when the determination indicates the CPU utilization is greater than the stored threshold value.