Systems and methods for receiving information on network firewall policy configurations are disclosed. Based on the received firewall configuration information, a configuration of a firewall and/or subnet of network devices is automatically provisioned and/or configured to control network traffic to and from the subnet.

A system for data transmission between a client device, a server device and a plurality of automation devices, wherein the server device includes a descriptive representation of each of the plurality of automation devices, wherein the server device includes a server instance, which server instance is configured to load one of the descriptive representations based on a hostname identifying one of the plurality of automation devices, and wherein the server instance is configured to transmit data from the automation device to a client application on the client device based on the loaded descriptive representation of the automation device.

Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.

Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.

An operator node is configured to enable the management of nodes communicatively coupled to the operator node via a network. A selection of node objects is received by the operator node, the selected node objects including software components for inclusion within a node configuration. A configuration policy is generated based on the selected objects, the configuration policy including a set of tests (such as scripts or executables) that, when run, test for the presence of one or more of the selected node objects. A target node is scanned to determine the configuration of the target node, and the set of tests are applied to identify a set of objects identified by the policy but not installed at the target node. The target node is then re-configured to install the identified set of objects at the target node.

An operator node is configured to enable the management of nodes communicatively coupled to the operator node via a network. A selection of node objects is received by the operator node, the selected node objects including software components for inclusion within a node configuration. A configuration policy is generated based on the selected objects, the configuration policy including a set of tests (such as scripts or executables) that, when run, test for the presence of one or more of the selected node objects. A target node is scanned to determine the configuration of the target node, and the set of tests are applied to identify a set of objects identified by the policy but not installed at the target node. The target node is then re-configured to install the identified set of objects at the target node.

Example implementations relate to a logical rack controller. In an example, a logical rack controller receives an inventory of a plurality of physical computing racks. The logical rack controller receives a logical rack definition that indicates selected physical infrastructure from among the inventory to form a logical rack. The logical rack controller validates the logical rack definition by verifying network connectivity of the selected physical infrastructure. After validation of the logical rack definition, the logical rack controller provides, to a provisioning controller, an interface to the logical rack. The provisioning controller can utilize the interface to access the logical rack.

Example implementations relate to a logical rack controller. In an example, a logical rack controller receives an inventory of a plurality of physical computing racks. The logical rack controller receives a logical rack definition that indicates selected physical infrastructure from among the inventory to form a logical rack. The logical rack controller validates the logical rack definition by verifying network connectivity of the selected physical infrastructure. After validation of the logical rack definition, the logical rack controller provides, to a provisioning controller, an interface to the logical rack. The provisioning controller can utilize the interface to access the logical rack.

A dynamic controller to automatically generate layer 3 network connections between devices and/or networks associated with a virtual computing environment in response to a request for such connections is provided such that communications associated with the computing environment may be transmitted between the endpoints. For example, the dynamic controller may connect one or more cloud service provider networks, one or more customer-controlled data centers, one or more customer networks, and the like, based on information provided in a connection request. A layer 3 communication controller may also be instantiated within a core network that manages the flow of communications between the connected networks, such as by translating messages between the connected networks so that messages intended for a connected network may match the supported communication protocols of that network and/or providing one or more security features to the transmitted communications.

A dynamic controller to automatically generate layer 3 network connections between devices and/or networks associated with a virtual computing environment in response to a request for such connections is provided such that communications associated with the computing environment may be transmitted between the endpoints. For example, the dynamic controller may connect one or more cloud service provider networks, one or more customer-controlled data centers, one or more customer networks, and the like, based on information provided in a connection request. A layer 3 communication controller may also be instantiated within a core network that manages the flow of communications between the connected networks, such as by translating messages between the connected networks so that messages intended for a connected network may match the supported communication protocols of that network and/or providing one or more security features to the transmitted communications.