A network control device includes a storage and a processor. The storage stores an identifying value and a severity value for each of network elements. The identifying values are hierarchized based on inclusion relationships between the network elements. The severity values respectively indicate a severity in sharing a risk of a failure in the network elements. When first and second paths are designated, the processor detects, for each of a plurality of target identifying values corresponding to a plurality of network elements implementing the first path, a longest matched identifying value having a longest region matching the target identifying value from among a plurality of identifying values corresponding to a plurality of network elements implementing the second path. The processor calculates a sum of severity values corresponding to the detected longest matched identifying values, and evaluates the second path for the first path based on the sum.

Techniques are disclosed for redirecting network traffic of virtualized application workload to a host-based firewall. For example, a system comprises a software defined networking (SDN) controller of a multi-tenant virtualized data center configured to: receive a security policy expressed as one or more tags to redirect traffic of a virtualized application workload to a host-based firewall (HBF) of the multi-tenant virtualized data center; configure network connectivity to the HBF in accordance with the security policy; a security controller that manages the HBF configured to: obtain the one or more tags from the SDN controller; receive one or more firewall policies expressed in terms of the one or more tags, wherein each of the one or more firewall policies specifies a function of the HBF; and configure the function of the HBF in accordance with the one or more firewall policies.

Systems and methods of managing information technology infrastructure are described. A method includes identifying a run trigger between a first node and a second node, each node maintaining a configuration for a portion of a cloud computing infrastructure associated with executing a portion of a cloud-based application. The run trigger initiates in response to an action at the first node and comprises a source identifier identifying the first node and a destination identifier identifying the second node. Then a run is queued on the second node based on the run trigger, the run including a process executed on the second portion of the cloud computing infrastructure with data received by the second node and associated with a run source identifier. The run on the second node is then planned and executed, causing the cloud computing infrastructure to modify infrastructure resources associated with the second portion of the cloud computing infrastructure.

Systems and methods of managing information technology infrastructure are described. A method includes identifying a run trigger between a first node and a second node, each node maintaining a configuration for a portion of a cloud computing infrastructure associated with executing a portion of a cloud-based application. The run trigger initiates in response to an action at the first node and comprises a source identifier identifying the first node and a destination identifier identifying the second node. Then a run is queued on the second node based on the run trigger, the run including a process executed on the second portion of the cloud computing infrastructure with data received by the second node and associated with a run source identifier. The run on the second node is then planned and executed, causing the cloud computing infrastructure to modify infrastructure resources associated with the second portion of the cloud computing infrastructure.

The present invention extends to methods, systems, and computer program products for tool registry for automating DevOps toolchains. Submission of a DevOps tool, authentication information, and tool configuration data is received from a user. Subsequently, the DevOps tool is selected for inclusion in a DevOps job. The DevOps tool including the authentication information and tool configuration data is automatically accessed from the tool registry. The DevOps tool is configured in accordance with the accessed authentication information and accessed tool configuration data as part of the DevOps job and for interaction with the one or more other DevOps tools. The DevOps job is deployed.

Various embodiments disclosed herein are related to an apparatus. In some embodiments, the apparatus includes a processor and a memory. In some embodiments, the memory includes instructions that, when executed by the processor, cause the apparatus to collect, at a cloud server, service data from a collector framework service of an edge network. In some embodiments, the memory includes instructions that, when executed by the processor, cause the apparatus to provide a configuration to the collector framework service based on the service data.

Various embodiments disclosed herein are related to an apparatus. In some embodiments, the apparatus includes a processor and a memory. In some embodiments, the memory includes instructions that, when executed by the processor, cause the apparatus to collect, at a cloud server, service data from a collector framework service of an edge network. In some embodiments, the memory includes instructions that, when executed by the processor, cause the apparatus to provide a configuration to the collector framework service based on the service data.

Some embodiments provide a method, for configuring logical network entities at a host computer. The method receives configuration data for a particular logical networking entity implemented at the host computer. The method identifies that the configuration data for the particular logical networking entity includes at least two conflicting configuration settings for the particular logical networking entity. At least one of the configuration settings for the particular logical networking entity is based on association of a configuration profile to a group of logical entities that includes the particular logical networking entity. The method determines a particular one of the conflicting configuration settings with a highest priority to apply to the particular logical networking entity at the host computer.

The present invention provides for fabricating virtual networks and allocating request-notifications therein for providing support-services securely and efficiently. In operation, a virtual network is fabricated based on network-registration requests received from plurality of computing devices. Further, a primary data structure representative of registered computing devices categorized into devices offering services and requiring services is generated based on information embedded in network-registration requests. Furthermore, a secondary data structure is generated by sub-categorising categorised computing devices based on information embedded in network-registration requests. Yet further, request-notifications for completing incoming support-requests from registered computing devices requiring services are generated. Subsequently, request-notifications are allocated based on evaluation of one or more computing devices offering services out of plurality of computing devices based on data mapping using primary data structure, secondary data structure, and predefined attributes. Finally, support-information sharing and tracking of request-notifications are enabled based on acceptance of request-notification by evaluated computing devices.

A network control system for managing a plurality of switching elements that implement a plurality of logical datapath sets. The network control system includes first and second controllers for generating requests for modifications to first and second logical datapath sets. The first controller is further for determining whether to make modifications to the first logical datapath set. The second controller is further for determining whether to make modifications to the second logical datapath set. Each controller is further for receiving logical control plane data that specifies logical datapath sets and for converting the logical control plane data to physical control plane data for propagating to the switching elements.