A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport. According to another feature, data flows within the overlay directed to a particular edge region may be load-balanced while still preserving IPsec replay protection.

A method for distributed code execution involving a first serverless computing infrastructure, the first serverless computing infrastructure comprising one or more first infrastructure nodes, the one or more first infrastructure nodes comprising a first invocation controller node and one or more first executing nodes, the one or more first infrastructure nodes being communicatively coupled to one or more client nodes, the one or more client nodes being external to the one or more first infrastructure nodes, the method comprising receiving event information, identifying application logic associated with the event information, selecting, from an invoker group, an invoker node for executing the application logic, causing the invoker node to execute the application logic, causing the invoker node to provide a result of the executed application logic, and receiving the result.

A source of a transmission control protocol (TCP) connection includes a processor to establish the TCP connection based on a TCP source port number and a TCP destination port number associated with a destination. The processor also generates a TCP shim header including the TCP source port number and the TCP destination port number. The processor further generates a plurality of TCP headers including a plurality of proxy port numbers and a shim port number that indicates the TCP shim header. The source also includes a transceiver to transmit a plurality of packets comprising the plurality of TCP headers and the TCP shim header. The destination of the TCP connection includes a processor configured to establish the TCP connection and a transceiver to receive the plurality of packets via the TCP connection.

A method for load balancing is provided based on a user behavior pattern. The user behavior pattern is generated from historical user data to predict next operations a user would perform. Further, the user behavior pattern is bound to resource consumption, and a user and resource type is linked by a weighted value. Load balancing strategies are employed according to the weighted value of the user other than using connection count.

Provided is a process of autonomous distributed workload and infrastructure scheduling based on physical telemetry data of a plurality of different data centers executing a plurality of different workload distributed applications on behalf of a plurality of different tenants.

Some embodiments perform probabilistic request routing in addition to or instead of deterministic request routing. The probabilistic request routing is based on probabilistic models that predict the type of content being requested based on commonality in elements between different requests directed to the same type. The probabilistic models accurately route requests that have not been previously encountered and accurately route requests for content whose type is not previously known. The requests are routed across different subsets of servers that are optimized or configured for the predicted type. The probabilistic models can be defined using a decision tree. Machine learning generates and maintains the decision tree. Accuracy predicted by the different branches of the tree is updated through tracking the type of content passed in response to different routed requests. The tree structure is modified based on timestamps associated with the tree elements and based on newly encountered request elements.

A Secure Location Session Manager (SLSM) is an intelligent router for open mobile alliance (OMA) Secure User Plane Location (SUPL) Version 1.0 (and later) messages best implemented when multiple, geo-diverse SUPL servers are deployed in a distributed environment, such as an active-active redundant configuration within a wireless carrier's network. In a standalone option, the SLSM acts as a “middleman” for all SUPL positioning messages between a mobile device and a responsible SUPL server. In an embedded option, the SLSM resides within an existing server. The SLSM manages and stores session information for all pending and ongoing SUPL positioning sessions in internal tables for routing and load balancing purposes. The external interfaces of the SLSM consist of OMA ULP messages.

Solutions for enabling analytics for a virtualized application leverage reproducibility of information as a substitute for persisting information. Disclosed solutions include: collecting, by a virtualized application, first analytics data on a user equipment (UE); performing, by the virtualized application, a one-way function (e.g., a hash function) on persistent information (e.g., an international mobile equipment identity (IMEI) number) on the UE to generate a unique UE identification (ID); transmitting the first analytics data and the UE ID to a remote node across a network; collecting, by the virtualized application, second analytics data on the UE; and transmitting the second analytics data and the UE ID to the remote node across the network. Because the UE ID is deterministic, it may be generated repeatedly, as needed, (producing the same value each time) to compensate for the inability of the virtualized application to persist the UE ID on the UE.

Solutions for enabling analytics for a virtualized application leverage reproducibility of information as a substitute for persisting information. Disclosed solutions include: collecting, by a virtualized application, first analytics data on a user equipment (UE); performing, by the virtualized application, a one-way function (e.g., a hash function) on persistent information (e.g., an international mobile equipment identity (IMEI) number) on the UE to generate a unique UE identification (ID); transmitting the first analytics data and the UE ID to a remote node across a network; collecting, by the virtualized application, second analytics data on the UE; and transmitting the second analytics data and the UE ID to the remote node across the network. Because the UE ID is deterministic, it may be generated repeatedly, as needed, (producing the same value each time) to compensate for the inability of the virtualized application to persist the UE ID on the UE.

An illustrative workload management system obtains resource utilization data representing utilization of network equipment of a communication network, obtains utilities data representing information about utilities at network facilities at which the network equipment is deployed, and assigns, based on the resource utilization data and the utilities data, a workload among the network equipment deployed at the network facilities. Corresponding methods and systems are also described.