Systems, methods and/or computer program products for managing and dynamically automating service mesh communications between microservices, eliminating unnecessary exposure of microservice ports and increasing security between microservices of the service mesh. The control plane collects data describing communications between microservices and tracks the frequency at which microservices communicate. Collected data is fed to machine learning models which outputs a forecast predicting future communication interactions between microservices. Using the predicted requirements for facilitating communications between microservices of the service mesh, an allowed list of communications can be generated describing the microservices allowed to send and receive communications, duration of communications allowed, when such communications are allowed, and the ports that will be used for facilitating the communication between microservices. Administrators of the service mesh may manually override the one or more approved aspects of the dynamically generated allowed list configured automatically by the service mesh.

Systems, methods and/or computer program products for managing and dynamically automating service mesh communications between microservices, eliminating unnecessary exposure of microservice ports and increasing security between microservices of the service mesh. The control plane collects data describing communications between microservices and tracks the frequency at which microservices communicate. Collected data is fed to machine learning models which outputs a forecast predicting future communication interactions between microservices. Using the predicted requirements for facilitating communications between microservices of the service mesh, an allowed list of communications can be generated describing the microservices allowed to send and receive communications, duration of communications allowed, when such communications are allowed, and the ports that will be used for facilitating the communication between microservices. Administrators of the service mesh may manually override the one or more approved aspects of the dynamically generated allowed list configured automatically by the service mesh.

Distributed network address discovery in non-uniform node networks can be performed. Regarding a client request for a service, network management component (NMC) can determine a network address space associated with a client based on a network identifier associated with the client or a node identifier. NMC can determine a group of candidate nodes (CN group) from a group of nodes based on network addresses associated with nodes of the node group and the network address space. NMC can determine a group of available candidate nodes (ACN group), from the CN group, available and able to process the request and perform the service based on operational statuses associated with the nodes of the CN group or services associated with those nodes. From the ACN group, NMC can determine a ranked list of network addresses associated with available nodes that can process the request based on defined service performance criteria.

This disclosure describes various methods, systems, and devices related to mirrored traffic forwarding in a hybrid network. An example method includes receiving, from a source forwarder in a source network, a mirrored data packet. A session of the mirrored data packet may be identified based on a header of the mirrored data packet. A destination forwarder in a destination network may be identified based on the session. The destination network may be different than the source network. The mirrored data packet may be forwarded to the destination forwarder.

Systems, methods, and instrumentalities are disclosed for switching a control scheme to control a set of system modules and/or modular devices of a surgical hub. A surgical hub may determine a first control scheme that is configured to control a set of system modules and/or modular devices. The surgical hub may receive an input from one of the set of modules or a device located in an OR. The surgical hub may make a determination that at least one of a safety status level or an overload status level of the surgical hub is higher than its threshold value. Based on at least the received input and the determination, the surgical hub may determine a second control scheme to be used to control the set of system modules. The surgical hub may send a control program indicating the second control scheme to one or more system modules and/or modular devices.

A system that provides for the accessing and playing of media files having differing associated rights such as non-DRM media files, purchased and downloaded media files, subscription download files such as tethered downloads, and subscription streamed DRM files. The system also provides a method and user interface for sharing a media collection among computing devices in communication via a network. The system allows access and playback, from each computing device on a network, of all media files in a media collection, regardless of their associated rights.

A system that provides for the accessing and playing of media files having differing associated rights such as non-DRM media files, purchased and downloaded media files, subscription download files such as tethered downloads, and subscription streamed DRM files. The system also provides a method and user interface for sharing a media collection among computing devices in communication via a network. The system allows access and playback, from each computing device on a network, of all media files in a media collection, regardless of their associated rights.

A method at a network element for securely sharing services across domains, the method including receiving a request at the network element to add a first domain and an edge domain to a system; provisioning a public key of the network element to the first domain and the edge domain; receiving a public key of the first domain; populating, in the network element, a table with services provided by the first domain or the edge domain; populating, in the network element, a second table with applications installed at the first domain or edge domain and permissions for services for the applications; and controlling access to the services by the applications.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.