Some embodiments of the invention provide a method for processing requests for performing operations on resources in a software defined datacenter (SDDC). The resources are software-defined (SD) resources in some embodiments. The method initially receives a request to perform an operation with respect to a first resource in the SDDC. The method identifies a policy that matches (i.e., is applicable to) the received request for the first resource by comparing a set of attributes of the request with sets of attributes of a set of policies that place constraints on operations specified for resources. In some embodiments, several sets of attributes for several policies can be expressed for resources at different hierarchal resource levels of the SDDC. The method rejects the received request when the identified policy specifies that the requested operation violates a constraint on operations specified for the first resource.

In a wireless mesh network having multiple network managers, the network managers maintain network security through the use of encryption keys and packet counters. To ensure that each network manager can authenticate communications with any node of the network, the authentication data is replicated in a disjoint manner in all network managers. Advantageously, network reliability is assured by providing redundant managers that can seamlessly maintain network operation even if multiple network managers fail; newly joining managers can obtain full authentication data for the network upon joining; and network throughput is increased by ensuring that any of the multiple managers can authenticate the communications of any network node. The disjoint replication of the authentication data across all network managers is performed with low data-rate manager-to-manager packets propagated through the network. The disjoint security methods and systems can advantageously be used in wireless battery monitoring systems, for example.

Example methods, apparatus, and systems to manage quality of service with respect to service level agreements in a computing device are disclosed. An example apparatus includes a first mesh proxy assigned to a first platform-agnostic application, the first mesh proxy to generate a first resource request signal based on a first service level agreement requirement from the first platform-agnostic application; a second mesh proxy assigned to a second platform-agnostic application, the second mesh proxy to generate a second resource request signal based on a second service level agreement requirement from second platform-agnostic application; and a load balancer to allocate hardware resources for the first platform-agnostic application and the second platform-agnostic application based on the first resource request signal and the second resource request signal.

A control device may be configured to form a network at a unique coordinated startup time. The control device may identify a role assigned to the control device in a previously-formed network that the control device was attached to. The control device may determine a unique coordinated startup time for the control device based on the role assigned to the control device in the previously-formed network. The control device may initiate a network formation procedure at the unique coordinated startup time for the device. For example, the network formation procedure may cause the control device to attach to another control device in the network. The network formation procedure is configured to enable the control device to assume the role assigned to the control device in the previously-formed network in the new network.

A control device may be configured to delay an attachment procedure while attachment messages are being transmitted over the network. The control device may be configured to initiate an attachment procedure with a router device on a network at the end a back-off period of time. The attachment procedure may include transmitting attachment messages (e.g., parent request messages) that enable the control device to transmit and receive messages over the network through the router device. During the back-off period of time, the control device may determine an attachment message is received from another control device on the network. And, if an attachment message (e.g., a parent request messages and/or a link request message) is received from another control device, the control device may increase the back-off period of time (e.g., delaying when the control device initiates its attachment procedure).

A control device may communicate messages with devices in a network through a parent device, and receive messages from auxiliary parent devices. The control device may store a respective communication metric associated with each of the parent device and the one or more auxiliary parent devices. The control device may set an auxiliary parent device of the one or more auxiliary parent devices as the parent device of the control device, e.g., when a respective communication metric of the auxiliary parent device determined to be set as the parent device indicates a stronger communication link than the parent device. The control device may determine that the respective communication metric of the auxiliary parent device indicates a stronger potential communication link than the parent device when the average received signal strength indicator of auxiliary parent device is greater than the average received signal strength indicator of the parent device.

A method of updating software, performed by respective machines in a linear communication orbit includes, at a local server executed by a respective machine, receiving, via the linear communication orbit, update metadata. At an update module executed by the respective machine, an update module evaluates software version information using the update metadata to determine a set of one or more updates to be applied to one or more software programs. A patch module sends, via the linear communication orbit, requests for one or more software update files corresponding to the set of one or more updates, and receives the one or more software update files corresponding to the set of one or more updates. The update module then updates the one or more of the software programs by applying the received one or more software update files to the one or more of the software programs.

A set of computers can be grouped into a first group and second group of computers to receive a file object. The first group of computers are commanded to perform a peer-to-peer download of the file object from a source. The second group of computers are commanded to perform a peer-to-peer download of the file object from a computer in the first group of computers.

A network device includes a transmitter and a receiver to establish a secure connection with one or more network nodes as part of a Autonomic Control Plane (ACP) network. The network device also includes a processor coupled to the transmitter and receiver. The processor receives a request from an application to initiate a connection with a destination network node. The processor also receives packets from the application for transmission toward the destination network node. When the packets from the application are unencrypted, the processor end-to-end encrypts the unencrypted packets without notifying the application. The transmitter then transmits the encrypted packets towards the destination network node across the ACP network.

An example method includes propagating a message including an instruction, from a gateway to a plurality of ancillary nodal devices (devices) in a flood network. Each of the plurality of devices is within an equal number of transmissive steps of the gateway through the flood network such that the message is propagated with approximately equivalent delay to each of the plurality of devices and substantially simultaneously received by all of the devices. The method also includes substantially simultaneously transmitting the message from each respective one of the devices to end nodal devices (end nodes) of a group of end nodes in the flood network in communication with the respective one of the devices. The method further includes, upon receipt of the message from the devices, substantially simultaneously executing the instruction, by each of the group of the end nodes of the flood network.