An apparatus is provided. The apparatus including a plurality of network interfaces, including a first network interface and a second network interface. The apparatus also includes a processor with two or more independent processing units, including a first independent processing unit and a second independent processing unit. The apparatus further includes a memory having first instructions and second instructions stored thereon. Execution of the first instructions, cause the first independent processing unit to execute operations associated with a first operating system and communicate, via the first network interface, over a bi-direction communication, with one or more platform computing devices. Execution of the second instructions, cause the second independent processing unit to execute real-time operations associated with a second operating system and communicate, via the second network interface, with one or more computing devices each having one or more sensors thereon.

A system is described for preserving integrity of computing devices. A manifest that uniquely identifies files on a computing device is periodically captured from the computing device. The manifest is compared against a reference manifest, which represents an ideal or clean state of the device. If the manifest comparison indicates that there have been changes to the contents of the computing device, the system can determine whether the changes constitute a compromise to the endpoint's integrity. If it is determined that a change constitutes a compromise to the endpoint's integrity, the system can perform certain remedial actions, such as sending a message to an administrator or enforcing a base layer onto the device so that the content of the device is replaced with a clean image.

A computer program product and a network switch are provided. The network switch may include network ports, memory and a processor for processing program instructions to perform various operations. The computer program product may provide the program instructions for a network switch. The operations may include detecting a first neighbor network switch connection to a first port of the first network switch, accessing first neighbor network switch configuration data that is stored by the first network switch in association with the first port, and providing the configuration data that is stored in association with the first port of the first network switch to the first neighbor network switch over the first neighbor network switch connection to the first port. In one example, the configuration data is obtained from a second neighbor network switch that was previously connected to the first port prior to the first neighbor network switch.

A computer program product and a network switch are provided. The network switch may include network ports, memory and a processor for processing program instructions to perform various operations. The computer program product may provide the program instructions for a network switch. The operations may include detecting a first neighbor network switch connection to a first port of the first network switch, accessing first neighbor network switch configuration data that is stored by the first network switch in association with the first port, and providing the configuration data that is stored in association with the first port of the first network switch to the first neighbor network switch over the first neighbor network switch connection to the first port. In one example, the configuration data is obtained from a second neighbor network switch that was previously connected to the first port prior to the first neighbor network switch.

Responsive to a configuration event, a controller instance generates, according to a current version of a configuration interface between the controller instance and a data instance, a configuration message. The configuration message is obtained, via message service, by remote data instances. The remote data instances attempt to process the configuration message, according to whichever version of the configuration interface the respective data instances are using. Appropriate acknowledgements (based on whether the remote data instances could fully process the configuration message or not) are generated and returned to the controller instance that marks a record for the configuration message as complete for the remote instance or marks the record for the configuration message to be re-sent for the remote instance. After waiting some period of time to allow data instances with out-of-date versions to update, a configuration message update cycle re-sends the message to the appropriate remote data instances.

Responsive to a configuration event, a controller instance generates, according to a current version of a configuration interface between the controller instance and a data instance, a configuration message. The configuration message is obtained, via message service, by remote data instances. The remote data instances attempt to process the configuration message, according to whichever version of the configuration interface the respective data instances are using. Appropriate acknowledgements (based on whether the remote data instances could fully process the configuration message or not) are generated and returned to the controller instance that marks a record for the configuration message as complete for the remote instance or marks the record for the configuration message to be re-sent for the remote instance. After waiting some period of time to allow data instances with out-of-date versions to update, a configuration message update cycle re-sends the message to the appropriate remote data instances.

This disclosure describes an integrated management method to manage a service mesh data plane over a network fabric. The method includes determining at least one service mesh data plane policy for a microservice of a service mesh. The method further includes sending, over the network fabric, the at least one service mesh data plane policy to a virtual router associated with the microservice based at least in part on connectivity information maintained by a network fabric control plane manager of a configuration manager.

This disclosure describes an integrated management method to manage a service mesh data plane over a network fabric. The method includes determining at least one service mesh data plane policy for a microservice of a service mesh. The method further includes sending, over the network fabric, the at least one service mesh data plane policy to a virtual router associated with the microservice based at least in part on connectivity information maintained by a network fabric control plane manager of a configuration manager.

A network device may receive configuration information with a first command and a second command and may generate a data structure based on the first command. The network device may store files of the configuration information in the data structure based on the first command and may activate the files stored in the data structure, to configure the network device, based on a timestamp or a time period specified in the second command.

An intent decomposition method includes sending, by a first network device, a first sub-intent target value to a second network device. The method also includes receiving, by the first network device, a first message from the second network device. The first message is used to indicate that the first sub-intent target value is not achieved by the second device. The first message includes a first measurement value of the second network device. The method further includes re-decomposing, by the first network device, an intent based on the first measurement value, and sending first sub-intent target values obtained through re-decomposition to the second network device and one or more other network devices different from the first network device and the second network device until all the first sub-intent target values obtained through re-decomposition are achieved or none of the first sub-intent target values obtained through re-decomposition are achieved.