Embodiments described herein are directed to configuring managed computing devices utilizing containerized applications. For instance, a mobile device manager may provide configuration settings to a computing device via, for example, an enterprise network. A host operating system (OS) executing on the computing device determines and applies the settings that are applicable to the host OS. The configuration settings are stored for configuring containerized applications executing on the computing device. For instance, as new containerized applications are launched by the host OS, the containerized applications retrieve the configuration settings and determine and apply the settings that are applicable to the containerized applications. Results of applying the configuration settings to the host OS and the containerized applications are merged and sent to the mobile device manager. The host OS and the containerized application may, for example, implement the settings in order to be compliant with an enterprise's policy.

Apparatuses, methods, and systems are disclosed for determining mobile network policy freshness. One method includes accessing a first policy associated with a first mobile network, a first policy identifier, and a freshness parameter. The method includes determining, based on the freshness parameter, whether the first policy is fresh. The method includes transmitting a registration message to a second mobile network. The registration message includes the first policy identifier in response to determining that the first policy is not fresh.

Apparatuses, methods, and systems are disclosed for determining mobile network policy freshness. One method includes accessing a first policy associated with a first mobile network, a first policy identifier, and a freshness parameter. The method includes determining, based on the freshness parameter, whether the first policy is fresh. The method includes transmitting a registration message to a second mobile network. The registration message includes the first policy identifier in response to determining that the first policy is not fresh.

Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

A stream processing system in a first zone of a telecommunication network may obtain at least one policy for processing trace data of virtual network functions (VNFs) in the first zone, and obtain the trace data of the VNFs from a data distribution platform of the telecommunication network, where the trace data is published in accordance with a topic to the data distribution platform by the VNFs, and where the stream processing system comprises a subscriber to the topic. The first stream processing system may additionally forward at least a first portion of the trace data to a second stream processing system of the telecommunication network in accordance with the at least one policy, where the first portion comprises less than all of the trace data, and where the second stream processing system is for a region of the telecommunication network that includes the first zone and a second zone.

Some embodiments provide a method of replicating messages for a logical network. At a particular tunnel endpoint in a particular datacenter, the method receives a message to be replicated to members of a replication group. The method replicates the message to a set of tunnel endpoints of the replication group located in a same segment of the particular datacenter as the particular tunnel endpoint. The method replicates the message to a first set of proxy endpoints of the replication group, each of which is located in a different segment of the particular datacenter and for replicating the message to tunnel endpoints located in its respective segment of the particular datacenter. The method replicates the message to a second set of proxy endpoints of the replication group, each of which is located in a different datacenter and for replicating the message to tunnel endpoints located in its respective datacenter.

Some embodiments provide a method of replicating messages for a logical network. At a particular tunnel endpoint in a particular datacenter, the method receives a message to be replicated to members of a replication group. The method replicates the message to a set of tunnel endpoints of the replication group located in a same segment of the particular datacenter as the particular tunnel endpoint. The method replicates the message to a first set of proxy endpoints of the replication group, each of which is located in a different segment of the particular datacenter and for replicating the message to tunnel endpoints located in its respective segment of the particular datacenter. The method replicates the message to a second set of proxy endpoints of the replication group, each of which is located in a different datacenter and for replicating the message to tunnel endpoints located in its respective datacenter.

A system includes an orchestrator for a software-defined network and configured to receive a request for operation of the software-defined network, a software-defined network controller in communication with the orchestrator through a northbound application programming interface, at least one network element in communication with the software defined network controller though a southbound application programming interface, and a mutable network element configured to receive the request and instantiate a virtual function within the mutable network element to test the at least one network element in accordance with the request.

A system includes an orchestrator for a software-defined network and configured to receive a request for operation of the software-defined network, a software-defined network controller in communication with the orchestrator through a northbound application programming interface, at least one network element in communication with the software defined network controller though a southbound application programming interface, and a mutable network element configured to receive the request and instantiate a virtual function within the mutable network element to test the at least one network element in accordance with the request.