Resource metrics are obtained for resources from distributed resources associated with operations of an enterprise. Metric types from the distributed resources defined in the metrics are grouped and aggregated into aggregated metric types within a data model. Each aggregated metric type data value of the data model is weighed. The weighted aggregated data values are used to calculate an overall service health value of the enterprise. A current instance of the data model is processed to render one or more single views within an interface to a user of the enterprise. Each single view includes the overall service health value along with a custom-level of detail for each aggregated metric type and the corresponding aggregated metric data values.

A bandwidth management system includes a plurality of queues respectively corresponding to a plurality of zones. An enqueuing module receives network traffic from one or more incoming network interfaces, determines a belonging zone to which the network traffic belongs, and enqueues the network traffic on a queue corresponding to the belonging zone. A dequeuing module selectively dequeues data from the queues and passes the data to one or more outgoing network interfaces. When dequeuing data from the queues the dequeuing module dequeues an amount of data from a selected queue, and the amount of data dequeued from the selected queue is determined according to user load of a zone to which the selected queue corresponds.

The disclosure is directed to providing content access control in information centric networking (ICN) networks. Methods and systems include hardware and/or software that perform operations for sending to a content provider of an ICN network an access request for content in response to receiving a first content request from a client. The operations also include receiving from the content provider access control information for the content. The operations further include sending to the client a challenge. Additionally, the operations include receiving from the client an authorization of the content provider that includes information obtained by the client from the content provider based on the challenge. Furthermore, the operations include verifying the authorization received from the client using the access control information received from the content provider. Moreover, the operations include sending to the client the content.

A method of remotely accessing data on a network communication device including submitting a request for data on a network communication device located in a data center from a remote location. The method further including accessing remotely the network communication device located in the data center, collecting the data in the request from the network communication device located in the data center, filtering a user parameter from the data, and providing filtered data to the remote location.

Methods, systems, and computer storage media for providing access to computing environments are provided. Based on a resource-ownership policy manager (i.e., a self-service engine and a runtime policy evaluation engine) that provides resource-ownership policy operations executed to apply a resource owner's policies only on resource owned by the resource owner. In operation, at runtime, a first resource instance is identified and an entity is determined to be the resource owner of the first policy and first resource instance. The first policy is applied to the first resource instance because the entity owns both the first policy and the first resource instance. A second resource instance is identified and the entity is determined not to be the resource owner of the second resource instance. A second resource policy of the entity is not applied to the second resource instance because the entity is not the owner of the second resource instance.

The present disclosure relates to systems, methods, and computer-readable media for managing routing of traffic between clients and resource instances when providing stateful services. For example, systems disclosed herein involve a load balancer that routes probe request(s) from clients to corresponding resource instances having access to stateful session data for a stateful session between the resource instance(s) and corresponding client(s). The resource instances may provide instance identifiers to the clients for use in generating subsequent session calls. In this way, systems described herein ensure that subsequent session calls are passed to the correct resource instances having access to relevant session information.

Some embodiments are associated with multi-tenant software defined data center network traffic management. A data center computing system may calculate a first value for a first traffic flow, associated with a first user, using a dynamic, distributed, and substantially real-time model. The system may calculate a second value for to a second traffic flow, associated with a second user, using the dynamic, distributed, and substantially real-time model. The system may then dynamically allocate network resources to the first and second traffic flows based on the first and second priorities. Some embodiments may establish a plurality of network device queues and perform queue selection for optimization. According to some embodiments, the first user may be categorized as a premium user while the second user is categorized as an enterprise user.

Disclosed are various examples for staging client devices. A computing device assigns a first policy to a client device. The computing device later authenticates a user account based at least in part on receipt of a user authentication message from the client device. The computing device then selects a second policy to assign to the client device based at least in part on authentication of the user account. The computing device then assigns the second policy to the client device.

Device Assisted Services (DAS) for protecting network capacity is provided. In some embodiments, DAS for protecting network capacity includes monitoring a network service usage activity of the communications device in network communication; classifying the network service usage activity for differential network access control for protecting network capacity; and associating the network service usage activity with a network service usage control policy based on a classification of the network service usage activity to facilitate differential network access control for protecting network capacity.

Described embodiments provide systems and methods for resource appropriation in a multi-tenant environment using risk and value modeling. A resource server can provide a plurality of applications access to a plurality of resources in response to requests from clients based in part on risk scores and value scores. The resource server can generate and execute a risk model and a value model to determine a risk score and a value score for each of the applications. The resource server can use the risk and value scores to determine access to a particular resource for a requested application. The resource server can assign a first allocation of resource tokens to an application. The resource tokens can correspond to access privileges to plurality of resources. The resource server can dynamically modify the resource allocation for applications responsive to changes to a risk score or value score of a respective application.