A cloud service brokerage system includes an electronic cloud service catalog containing cloud service defining information for a plurality of cloud services and a cloud service store coupled to the electronic cloud service catalog. The cloud service store includes cloud service publications each representing cloud service functionality corresponding to one or more of the cloud services. The cloud service store includes a user interface structure enabling generation of cloud service orders each including one or more of the cloud service publications.

Systems, methods, and computer-readable media for the secure creation of application containers for 5G slices. A MEC application in a MEC layer of a 5G network can be associated with a specific network slice of the 5G network. A backhaul routing policy for the MEC application can be defined based on the association of the MEC application with the specific network slice of the 5G network. Further, a SID for the MEC application that associates the MEC application with a segment routing tunnel through a backhaul of the 5G network can be generated. A MEC layer access policy for the MEC application can be defined based on the SID for the MEC application. As follows, access to the MEC application through the 5G network can be controlled based on both the backhaul routing policy for the MEC application and the MEC layer access policy for the application.

Aspects of the present invention disclose a method, computer program product, and system for validation of services. The method includes one or more processors receiving a request of a service. The method further includes one or more processors parsing the received request of the service to identify information included in the received request of the service. The method further includes one or more processors generating a checklist that corresponds to the received request of the service based on the identified information, wherein the generated checklist includes configuration and security checks that are associated with the received request of the service. The method further includes one or more processors determining a validation result utilizing the generated checklist, wherein the validation result indicates whether the requested service is deployed on a corresponding endpoint according to the configuration and security checks in the generated checklist.

Example virtual appliances disclosed herein include processor circuitry to accept a resource definition of a custom resource to be executed in a cloud computing environment. Disclosed example virtual appliances also include a lifecycle manager to manage a lifecycle of the custom resource based on a state machine. Disclosed example virtual appliances further include a database to: (i) query the lifecycle manager for a set of operations available to execute in a current lifecycle state of the custom resource; (ii) update a catalog item for the custom resource to present the set of operations available to execute in the current lifecycle state of the custom resource, the catalog item created based on the resource definition of the custom resource; and (iii) in response to selection of a first operation in the set of operations, send a message to cause the processor circuitry to execute the first operation.

A method, a corresponding apparatus and device for deploying a virtual machine instance in order to lower requirements for a communication capability of a virtualized value-added server (VAS) and improve processing efficiency of a service chain, where the method includes obtaining communication relationships between a VAS instances and a service switch (SSW) instances from a service template, where the VAS instances and the SSW instances provide services in a service chain, and the service chain and the communication relationships between the VAS instances and the SSW instances are defined in the service template, and deploying, according to the communication relationships, an SSW instance and a VAS instance that need to communicate with each other in the SSW instances and the VAS instances on a same physical machine.

During PDN connection establishment in the EPC, a UE and a session management entity (SME) (e.g., PGW-C+SMF) exchange information. In case the SME supports more than one S-NSSAI, before the SME provides an S-NSSAI to the UE, the SME should check such that the selected S-NSSAI is among the UE's subscribed S-NSSAIs by retrieving the Subscribed S-NSSAI from a UDM using, for example, the Nudm_SDM_Get service operation.

Implementations are directed to designing a redundant configuration for a virtualized network function with cost efficiency while improving reliability of entire service chain. A service chain design apparatus includes a redundancy target VNF determining unit that defines, as importance of each VNF, at least one of the number of service chains using the VNF or the number of accommodated users in the service chains using the VNF, and determines a VNF having high importance as a redundancy target VNF, and a redundancy determining unit that determines, when importance of the redundancy target VNF determined by the redundancy target VNF determining unit exceeds a predetermined threshold, the redundancy target VNF having the importance exceeding the predetermined threshold as a redundancy execution VNF.

A system includes one or more devices that include processors. The processors are configured to: receive a request to deploy a network slice within a network, retrieve network service descriptors, from a database, associated with the network slice; and instantiate the network slice within the network based on the network service descriptors.

Methods, systems, devices, and software are disclosed for providing application levels of service over a network. Embodiments of the invention maintain a list of registered applications (or application providers) that have registered with a network resources provider. Customers of the network resources provider may authenticate some or all of the registered applications, indicating a desire to allow traffic relating to those applications over their access networks. Customers may further set application levels of service with respect to those authenticated applications. Certain embodiments may manage network traffic to accord with the application levels of service.

A blockchain-based configuration profile provisioning system includes a client device that generates and broadcasts a blockchain transaction that identifies the client device and is directed to a blockchain address that is included in a blockchain. A blockchain device receives the blockchain transaction broadcast by the client device, executes a smart contract associated with the blockchain address, and determines that the execution of the smart contract has provided an indication that the client device identified in the blockchain transaction is authorized to receive a configuration profile. In response, the blockchain device causes a configuration profile token to be generated and transmitted. A configuration profile system receives the configuration profile token and, in response, retrieves and transmits the configuration profile to the client device.