Embodiments described herein provide methods and apparatus for configuring a service based architecture for discovery of a Network Function, NF. A method in a Network Function Discovery Orchestration includes configuring, in a domain name system, DNS, a first DNS entry associating a first domain name of the NF with at least one NF Internet Protocol, IP, address of the NF, and a second DNS entry associating the first domain name with at least one edge security node IP address of an edge security node in the first PLMN, wherein, the first DNS entry is for use in resolving requests for the NF which originate from within the first PLMN, and the second DNS entry is for use in resolving requests for the NF which originate from outside the first PLMN. Further methods and apparatus in a Network Repository Function, a Domain Name System and an edge security node are also provided.

A method of automatically creating trust communities in a fleet of devices. The method includes finding candidate devices in a fleet of devices via one or more candidate discovery techniques and generating device-related data based on the candidate devices that are found, analyzing the device-related data via an analytics engine and creating one or more fleet orchestrator device lists based on the analysis of the device-related data, and automatically creating one or more new trust communities or suggesting joining one or more previously existing trust communities based at least on the one or more fleet orchestrator device lists for the candidate devices, wherein the one or more new trust communities or previously existing trust communities include at least a sub-set of the devices in the fleet, and wherein at least one of the managed devices in the sub-set of devices is configured as a root device to publish files via a file sharing function.

A method of automatically creating trust communities in a fleet of devices. The method includes finding candidate devices in a fleet of devices via one or more candidate discovery techniques and generating device-related data based on the candidate devices that are found, analyzing the device-related data via an analytics engine and creating one or more fleet orchestrator device lists based on the analysis of the device-related data, and automatically creating one or more new trust communities or suggesting joining one or more previously existing trust communities based at least on the one or more fleet orchestrator device lists for the candidate devices, wherein the one or more new trust communities or previously existing trust communities include at least a sub-set of the devices in the fleet, and wherein at least one of the managed devices in the sub-set of devices is configured as a root device to publish files via a file sharing function.

Examples of techniques for validation of approver identifiers in a cloud computing environment are described herein. An aspect includes receiving, by a processor, a template that defines a plurality of actions to be performed by the processor. Another aspect includes determining for a first action of the plurality of actions whether the template specifies a first user identifier under which to run the first action. Another aspect includes, based on determining that the template specifies the first user identifier, determining whether the template specifies a second user identifier to approve running of the first action under the first user identifier. Another aspect includes, based on determining that the template specifies the second user identifier to approve running of the first action under the first user identifier, validating whether the second user identifier has permission to approve the running of the first action under the first user identifier.

Examples of techniques for validation of approver identifiers in a cloud computing environment are described herein. An aspect includes receiving, by a processor, a template that defines a plurality of actions to be performed by the processor. Another aspect includes determining for a first action of the plurality of actions whether the template specifies a first user identifier under which to run the first action. Another aspect includes, based on determining that the template specifies the first user identifier, determining whether the template specifies a second user identifier to approve running of the first action under the first user identifier. Another aspect includes, based on determining that the template specifies the second user identifier to approve running of the first action under the first user identifier, validating whether the second user identifier has permission to approve the running of the first action under the first user identifier.

Systems, methods, and computer-readable storage media are provided to populate databases with routing data for containers to eliminate the need for continuously accessing a global discovery service. An example method includes initiating, from a source container operating on a first machine in a first rack, a communication with a destination container operating on a second machine on a second rack, wherein a local database on the first machine does not know an address of the destination container. The method includes accessing a global discovery service to provide the address of the destination container, populating the local database on the first machine with the address of the destination container and routing a packet from the source container to the destination container according to the address of the destination container.

Systems, methods, and computer-readable storage media are provided to populate databases with routing data for containers to eliminate the need for continuously accessing a global discovery service. An example method includes initiating, from a source container operating on a first machine in a first rack, a communication with a destination container operating on a second machine on a second rack, wherein a local database on the first machine does not know an address of the destination container. The method includes accessing a global discovery service to provide the address of the destination container, populating the local database on the first machine with the address of the destination container and routing a packet from the source container to the destination container according to the address of the destination container.

Examples include group leader role queries. Examples include detection of a loss of communication, via a first communication protocol, between first and second computing devices, transmission, via a second communication protocol, of a query for information about the second computing device currently having the group leader role. Examples further include a determine not to assume the group leader role with the first computing device based on receiving a response to the query via the second communication protocol from the second computing device.

A system is disclosed for acquiring and managing data regarding external IP (EIP) addresses of services offered in a trusted public cloud environment. The system monitors an application program interface of a service executing in a trusted public cloud environment for occurrence of an event that is related to an EIP of the service. When an event is detected, the system extract EIP related data and metadata of the service, generates a message with the extracted EIP data, and posts the message to a central message queue. The system monitors the message queue for the presence of a new message. Upon detecting a new message, the system processes the message, extracts EIP related data. metadata, and identifies an action. A central database that stores EIP related information of services executing in the trusted public cloud environment is updated based on the identified action.

A signature comprised of a plurality of data blocks formatted in accordance with a multicast communications protocol is received from a target appliance. When it is determined that one or more of the plurality of data blocks has been populated with user data, a representation of at least a portion of signature is provided to an analytics engine for processing whereby the user data within the one or more of the plurality of data blocks is replaced with a predicted, original data. The predicted, original data is then usable to provision a controlling device with a command code set for use in communicating commands to the target appliance.