A network device may be configured to receive network traffic. The network device may be configured to identify one or more entry points of the network device associated with the network traffic and to determine, based on the one or more entry points of the network device, a source zone associated with the network traffic. The network device may be configured to identify one or more exit points of the network device associated with the network traffic and to determine, based on the one or more exit points of the network device, a destination zone associated with the network traffic. The network device may be configured to identify, based on the source zone and the destination zone, a set of security policies and to apply a security policy, of the set of security policies, to the network traffic.

An improved data storage system and apparatus including an improved storage controller that provides storage compute functionality that enables the acceleration of datacenter software, and that enables easier deployment of application software portions onto storage devices, in a manner that supports runtime performance acceleration of network-latency-throttled applications. Mechanisms and methods are provided for server hosted applications to initiate deployment of, initiate execution of, and interoperate with a multitude of softwares on a multitude of storage devices, where these softwares execute proximate to storage contents on the storage devices.

Systems and methods are disclosed for an augmented Service Capability Exposure Function (A-SCEF). The A-SCEF may receive upstream or downstream traffic and direct or process that traffic in accordance with policy profiles. The policy profiles may be associated with various entities that may have interrelationships. The policy profiles may allow a network operator to better control multiple entities on the network while simplifying use of the network for the customers, such as those associated with a large number of internet of things (IOT) devices.

Systems, methods, and related technologies for segmentation management are described. In certain aspects, an entity communicatively coupled to a network is selected and one or more characteristics of the entity may be determined. A segmentation policy may be selected based on the one or more characteristics of the entity and one or more tags to be assigned to the entity based on the segmentation policy may be determined. A zone for the entity based on the one or more tags may be determined and one or more enforcement points associated with the zone for the entity may be determined. One or more enforcement actions may then be assigned to the one or more enforcement points based on the zone associated with the entity.

An approach for providing secure communication services is disclosed. A secure data tunnel from a source node to a destination node is established via a plurality of secure segments across a data communications network. A data path is established via the secure data tunnel, where the data path supports a performance enhancing mechanism that improves performance of data communications over the data path. The performance enhancing mechanism multiplexes data packet flows from the source node for transmission over the data path, and performs one or more of connection startup latency reduction, acknowledgment message spoofing, window sizing adjustment, compression and selective retransmission.

A policy-based printing system is implemented to allow access to a private domain to print using a public domain. The private domain includes private servers that store documents. The public domain includes servers and a printing device. A public policy server uses a domain list and a protocol connection with a private authentication server to validate a user and identify which private domain to access. The public policy server receives requests from the printing device to process a print job of a document in the private domain. The private server processes the requests using the policy and a ledger to determine whether to allow the print job to the printing device.

A policy-based printing system is implemented to allow access to a private domain to print using a public domain. The private domain includes private servers that store documents. The public domain includes servers and a printing device. A public policy server uses a domain list and a protocol connection with a private authentication server to validate a user and identify which private domain to access. The public policy server receives requests from the printing device to process a print job of a document in the private domain. A list is generated from the private server storing the documents based on the policy or other criteria. The list is provided to the user so that an approved listed document can be selected for printing.

Methods and apparatus are disclosed for preventing network attacks in a network slice. A method may comprise: obtaining security requirements of a network slice instance; determining respective security policy to be applied to each of a plurality of constituent network slice subnet instances of the network slice instance based on the security requirements of the network slice instance; and causing each of the plurality of constituent network slice subnet instances to be provided with one ore more security function instances configured according to respective determined security policy. The method can be performed in a network slice layer.

Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML files.

Embodiments described herein may be directed to systems, methods, apparatuses, devices, computer program products, computer-executable instructions, and/or applications for providing a remote cloud browsing session. An apparatus may receive a request for Internet content from a user device, access the Internet content from an Internet content source, and transmit second Internet content to the user device based on the requested Internet content.