Central processing units (CPUs) are configured to support host access instruction(s) that are associated with accessing solid state storage. A resource management module, implemented independently of the CPUs, receives a resource allocation request that includes a usage type identifier and requested amount of a resource, where the usage type identifier is associated with a group identifier. Adjustable resource configuration information is accessed to obtain: (1) a maximum associated with the usage type identifier, (2) a minimum associated with the usage type identifier, and (3) a group limit associated with the group identifier. Resource state information is accessed and it is determine whether to grant the request based at least in part on the maximum, minimum, group limit, and resource state information. The resource allocation request is then granted or denied based on the determination.

Systems and methods are provided for a computer-implemented method of implementing an on-demand computing network environment. A network specification is received from a user. Resources from one or more resource providers are provisioned. The on-demand computing network is configured, where configuring comprises assigning a first provisioned resource as a hub device and assigning one or more second provisioned resources as rim devices, where a particular rim device comprises a bridge device, where the bridge device repackages data received from the on-demand computing network prior to forwarding that data such that the data received from the on-demand computing network appears to terminate at the bridge device to an observer viewing the data between the hub device and the bridge device.

Systems and methods include, subsequent to performing auto segmentation on a network that includes a set of policies of allowable and block communications, observing communication between a plurality of hosts on the network; determining unassigned communication paths based on the observing that are either blocked because of a lack of a policy of the set of policies or because there is no policy of the set of policies for coverage thereof; and assigning the unassigned communication paths to corresponding policies of the set of policies. The assigning can be based on heuristics. The assigning can be performed without reperforming auto segmentation.

The present disclosure generally relates to database modification, and in particular, database modification in the context of networked platforms accessible by user computing devices. One example context to which such database modification techniques can be applied is a network provider providing a plurality of individual network portals via which users may access network resources and perform other transactions. Such a network provider may maintain a network resource availability database that needs to be updated in response to each network resource access requests being received and granted via the plurality of individual network portals. The techniques described herein allow the network resource availability database of such a network provider to be updated differently depending on the context in which resource requests are granted.

Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.

Example implementations relate to a data processing method for monitoring at least one performance metric associated with a characteristic of a virtual network function; the method comprising instantiating the virtual network function, monitoring said at least one performance metric associated with the characteristic of the virtual network function; and adapting allocated resources supporting the virtual network function according to said monitoring.

The use of device context in applying security policies is provided by receiving a Domain Name Service (DNS) query for a network resource from a user device (UD) at a DNS analysis server, the DNS query including a functional label describing a context of the UD; analyzing the DNS query to determine whether the UD is permitted to access the network resource based on the functional label; and in response to the functional label indicating that the UD is not permitted to access the network resource, transmitting a block page to the UD. The functional label can be added to the DNS query by a Mobile Device Management application on the UD, a router associated with the UD, or an enterprise server. Contexts for previously blocked DNS queries can be aggregated to identify UDs sharing at least one value with the previously blocked DNS queries as security compromised devices.

A device may determine that a network function of a network is to use a secure communication protocol. The network function may be configured to facilitate communication via the network. The device may identify a component of a resource configuration that is to instantiate the network function. The device may instantiate, using the component, a proxy for the network function. The device may configure the proxy to obtain a certificate that is associated with the secure communication protocol. The device may cause the proxy to use the certificate to communicate with another proxy that is associated with the network function to perform an operation associated with the network function.

There is provided allocating cloud computing resources to process a user session by a gateway in a mobile communications network, and allocating the cloud computing resources in pairs to user sessions. Rules for the pair of allocated resources are determined such that incoming control plane traffic associated with the session is forwarded to the both cloud computing resources forming the pair.

A method for optimizing network device resources that includes receiving, by an optimizer, first resource utilization data, making a first determination, based on the first resource utilization data, that resource utilization exceeds an upper threshold, starting, based on the first determination, an optimization process, that includes identifying a resource optimization entry of a resource class optimization queue, and initiating optimization of a resource fragment specified by the resource optimization entry. After initiating optimization of the region of the memory, the method additionally includes receiving second resource utilization data, making a second determination, based on the second resource utilization data, that the resource utilization is below a lower threshold, and halting, based on the second determination, the optimization process.