This application provides a data processing method and a related device, to keep data consistency between a management device and a forwarder in a multi-head management scenario. The method performed by a first management device in the plurality of management devices includes: sending a lock instruction to the forwarder; performing difference comparison between target data of the first management device and corresponding data that is on the forwarder and that corresponds to the target data to obtain a comparison result; and synchronizing the target data with the corresponding data if the first management device determines, by using the comparison result, that the target data and the corresponding data do not match, so that the target data matches the corresponding data.

A technique for remote administration of a device to he administered. A relay device receives a request to activate a filter for administration of the device to he administered from a referring administration server. This activation request includes information relating to rights assigned to a third-party administration server for delegating the administration of the device to he administered. The relay device then applies a filter to a message received from the third-party administration server intended for the device to he administered, the message received from the third-party administration server being filtered by the filter when it does not comply with the rights assigned to the third-party administration server.

A technique for remote administration of a device to he administered. A relay device receives a request to activate a filter for administration of the device to he administered from a referring administration server. This activation request includes information relating to rights assigned to a third-party administration server for delegating the administration of the device to he administered. The relay device then applies a filter to a message received from the third-party administration server intended for the device to he administered, the message received from the third-party administration server being filtered by the filter when it does not comply with the rights assigned to the third-party administration server.

A computer manages reconfigurations of a Byzantine fault-tolerant, distributed computing system comprising a network of first nodes adhering to a given consensus protocol at a reconfiguration service. The computer services the network by receiving a request of change of status of a second node with respect to the network. The computer informs at least a subset of the first nodes of the received request. The computer obtains an approval of the request, whereby at least a subset of the first nodes collectively approve the change of status as a result of contributions processed according to the given consensus protocol. The computer updates a configuration log according to request approvals obtained by servicing the network. The computer addresses requests of clients about configurations of the network based on the updated configuration log.

A computer manages reconfigurations of a Byzantine fault-tolerant, distributed computing system comprising a network of first nodes adhering to a given consensus protocol at a reconfiguration service. The computer services the network by receiving a request of change of status of a second node with respect to the network. The computer informs at least a subset of the first nodes of the received request. The computer obtains an approval of the request, whereby at least a subset of the first nodes collectively approve the change of status as a result of contributions processed according to the given consensus protocol. The computer updates a configuration log according to request approvals obtained by servicing the network. The computer addresses requests of clients about configurations of the network based on the updated configuration log.

There is provided a method for network management. Transmission of a request for performance of a management task on the network is initiated towards a second entity (20), which is configured to manage network slices of the network. The request comprises information identifying a first network slice (40) of the network and a first programming construct executable to cause the second entity (20) to identify one or more second network slices of the network that are supporting the first network slice (40) and/or one or more first network nodes (60) of the network supporting the first network slice (40). The request comprises a second programming construct executable to cause the second entity (20) to select the first network slice (40), one or more identified second network slices, and/or one or more identified first network nodes (60), on which to perform the management task.

A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.

A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.

Aspects of the disclosure are directed to a software defined network (SDN) having a sharded control plane. The SDN may include a host device and a sharded control plane. The sharded control plane may include a first controller and a second controller sharded by one or more dimensions. The first controller and the second controller may be configured to process requests received from the first host device based on their respective sharded one or more dimensions. The one or more dimensions may be networks or functions.

Aspects of the disclosure are directed to a software defined network (SDN) having a sharded control plane. The SDN may include a host device and a sharded control plane. The sharded control plane may include a first controller and a second controller sharded by one or more dimensions. The first controller and the second controller may be configured to process requests received from the first host device based on their respective sharded one or more dimensions. The one or more dimensions may be networks or functions.