Examples described herein relate to systems and methods for containing a faulty stimulus. A computer-implemented method may include listing in a suspect list every received stimulus including the faulty stimulus, and implicitly testing the stimuli by respectively acting upon those stimuli by a software application. Responsive to successfully acting upon each of the stimuli besides the faulty stimulus, each non-faulty stimulus is deleted from the suspect list and, responsive to such deletion, made available to a downstream node. Responsive to acting upon the faulty stimulus, the software application crashes which leaves the faulty stimulus listed in the suspect list. The software application then restarts and deems the faulty stimulus as being faulty based upon the faulty stimulus still being listed in the suspect list after the restart.

Examples described herein relate to a management system that determines which services to redeploy on one or more platforms. A platform can receive a configuration to perform during a failure of connectivity with a management system. The platform can monitor activity of one or more services. The platform can, based on failure of connectivity with the management system and recovery of connectivity with the management system, provide the monitored activity of one or more services to the management system to influence services re-deployed by the management system. In some examples, based on failure to re-establish a connection with the management system within an amount of time, the platform can connect with the management system using a secondary management interface.

One or more virtual supervisory control and data acquisition (SCADA) controllers are provided. The virtual SCADA controller(s) may be deployed upon a detection of a failure of a physical SCADA controller. An on-site module may detect failure including a security breach which causes the physical SCADA controller to be disconnected from a network and the virtual SCADA controller(s) to take over control. The virtual SCADA controller(s) may be on-site or off-site.

One or more virtual supervisory control and data acquisition (SCADA) controllers are provided. The virtual SCADA controller(s) may be deployed upon a detection of a failure of a physical SCADA controller. An on-site module may detect failure including a security breach which causes the physical SCADA controller to be disconnected from a network and the virtual SCADA controller(s) to take over control. The virtual SCADA controller(s) may be on-site or off-site.

In each node system, a request execution unit executes, for each state update request, state update processing of updating an object representing a state of a target specified in the request, and returns a response indicative of completion of the request without executing tamper-evidence processing. The tamper-evidence execution unit executes tamper-evidence processing of detecting whether one or more common completion requests of one or a plurality of update completion requests are tampered with by comparing updated objects of two or more node systems or summaries thereof. The update completion request is a state update request for which the execution of the state update processing has been completed. The common completion request is an update completion request that is common among two or more node systems of the plurality of node systems.

In each node system, a request execution unit executes, for each state update request, state update processing of updating an object representing a state of a target specified in the request, and returns a response indicative of completion of the request without executing tamper-evidence processing. The tamper-evidence execution unit executes tamper-evidence processing of detecting whether one or more common completion requests of one or a plurality of update completion requests are tampered with by comparing updated objects of two or more node systems or summaries thereof. The update completion request is a state update request for which the execution of the state update processing has been completed. The common completion request is an update completion request that is common among two or more node systems of the plurality of node systems.

A method includes causing an evaluation profile user interface to be output by a display. The evaluation profile user interface includes a key performance indicator (KPI) input field to receive a user input identifying one or more selected KPIs, one or more parameter input fields to receive one or more additional user inputs, and one or more evaluation input fields to receive one or more anomaly detection instructions based upon which the one or more selected KPIs are processed to determine an anomalous condition of the one or more selected KPIs. The user inputs and the anomaly detection instruction(s) are processed to generate a configured evaluation profile. At least one of received current performance data or historical performance data is processed based on the configured evaluation profile to determine that the received current performance data or the historical performance data indicates an active anomaly or a predicted anomaly.

A method includes causing an evaluation profile user interface to be output by a display. The evaluation profile user interface includes a key performance indicator (KPI) input field to receive a user input identifying one or more selected KPIs, one or more parameter input fields to receive one or more additional user inputs, and one or more evaluation input fields to receive one or more anomaly detection instructions based upon which the one or more selected KPIs are processed to determine an anomalous condition of the one or more selected KPIs. The user inputs and the anomaly detection instruction(s) are processed to generate a configured evaluation profile. At least one of received current performance data or historical performance data is processed based on the configured evaluation profile to determine that the received current performance data or the historical performance data indicates an active anomaly or a predicted anomaly.

Described is an improved approach to remove data outliers by filtering out data correlated to detrimental events within a system. One or more detrimental even conditions are defined to identify and handle abnormal transient states from collected data for a monitored system.

Embodiments of the present disclosure include systems and methods for determining readiness for switchover operations for network devices. A policy definition specifying a set of criteria and a set of instructions is received. Based on the set of instructions, a first supervisor module is determined whether it is ready for a switchover operation based on the set of criteria. The switchover operation includes a second supervisor module configured as a backup to the first supervisor module taking over for the first supervisor module. A set of conditions are determined whether they are satisfied. When the set of conditions are determined to be satisfied and the first supervisor module is determined to be ready for the switchover operation, the switchover operation is triggered to cause the second supervisor module to take over for the first supervisor module.