CITRIX SYSTEMS, INC. Patent applications |
Patent application number | Title | Published |
20160110416 | SYSTEMS AND METHODS FOR CACHING OF SQL RESPONSES USING INTEGRATED CACHING - Systems and methods of the present disclosure provide for caching, by a device intermediary to a client and a database, a result of a structured query language (SQL) query request. In some embodiments, the device intermediary to a plurality of clients and a database receives a SQL response from the database to a first SQL query request of a client of the plurality of clients. The device may maintain a cache of SQL responses from the database. The device may identify that the first SQL query request matches a rule of a policy for caching SQL responses from the database. The policy may include a cache action to take when the rule is matched. The device may perform, responsive to the policy, on the SQL response the cache action identified by the policy. | 04-21-2016 |
20160098362 | Methods and Systems for Filtering Communication Between Peripheral Devices and Mobile Computing Devices - The embodiments are directed to methods and systems for sending and receiving signals between one or more peripheral devices connected to a dongle system and an operating system. The methods and systems can detect when a dongle system has been connected to a mobile computing device. The methods and systems can receive an input to use the dongle system with a local operating system or a remote operating system. The methods and systems can also establish a communication channel between the local operating system and the remote operating system, and exchange signals between the dongle system and the remote operating system using one or more virtual filters. | 04-07-2016 |
20160094602 | METHODS AND SYSTEMS FOR DETECTION AND CLASSIFICATION OF MULTIMEDIA CONTENT IN SECURED TRANSACTIONS - An apparatus is provided for detecting the presence of multimedia content in one or more transactions and for classifying the multimedia content in the one or more transactions. The apparatus can include a traffic processor configured to acquire one or more handshake messages associated with the transactions. The apparatus can also include a multimedia detector configured to determine a domain name requested by a specific terminal based on the one or more handshake messages, and to detect the presence of the multimedia content data in the transactions using the determined domain name. The detection of the presence of the multimedia content can be used for at least one of optimizing or reporting of the multimedia content before the multimedia content is provided to the specific terminal. | 03-31-2016 |
20160094423 | Systems and Methods for Detecting Device Identity at a Proxy Background - A system and method is provided for determining a client device identity. In one implementation, a method is provided that can include receiving a request from a client device. The method can also include determining, based on the client device request, a subscriber identification. After determining the subscriber identification, the method can include acquiring, from a transactional history database, transactional device data associated with the subscriber identification. In some embodiments, the transactional device data can include one or more counts associated with one or more device types. The method can also include determining, based on the transactional device data, the client device identity. In some embodiments, the determination of the client device identity can include selecting a device type of the one or more device types with the maximum count and setting the client device identity to the selected device type. | 03-31-2016 |
20160080201 | NETWORK OFFERING IN CLOUD COMPUTING ENVIRONMENT - A cloud system may create and support multiple network offerings for virtual machines in a cloud zone. Physical networks comprising sets of network elements, such as routers, gateways, firewalls, load balancers, and other network hardware, may be created and updated within a zone. Network offerings may be defined and associated, using tags or other techniques, with virtual machine networks, physical networks and/or network elements. Cloud end users may request specific network offerings when creating virtual machines, or may request to move existing virtual machines from one network offering to another. The cloud system may use the requested network offering to identify the virtual machine network, physical network, and/or network elements corresponding to the requested network offering. The cloud system may allocate a new virtual machine network and configure the network elements within the associated physical network to provide network services to the virtual machine. | 03-17-2016 |
20160072766 | SYSTEMS AND METHODS FOR CARRIER GRADE NAT OPTIMIZATION - Methods and systems for maintaining NAT session management on a multi-core device are disclosed. A first core of the multi-core device that is intermediary between a plurality of clients and a plurality of servers may insert a NAT session into a local outbound session table stored in a memory of the first core. The first core may determine that a second core of the multi-core device will serve as a receiving core for a response to the request from the server to the client. The first core may insert the NAT session into a global session table responsive to determining that the second core will serve as the receiving core. | 03-10-2016 |
20160057070 | SYSTEMS AND METHODS FOR IMPLEMENTATION OF JUMBO FRAME OVER EXISTING NETWORK STACK - This disclosure is directed generally to systems and methods for implementation of Jumbo frames in an existing network stack. In some embodiments, a connection handler of a device receives data having a size greater than an Ethernet frame size. That data includes header data and payload data. The device partitions the data into segments including a first segment and a second segment. The first segment includes the header data and a first portion of the payload data, while the second segment includes a second portion of the payload data. The device stores the first and second segments in first and second network buffers, respectively, of a pool of network buffers. The device forms a packet chain of the first and second network buffers having a size greater than the Ethernet frame size. The device transmits the packet chain via a network connection. | 02-25-2016 |
20160057067 | SYSTEMS AND METHODS FOR PROVIDING FINE GRAINED CONTROL OVER MSS VALUES OF TRANSPORT LAYER CONNECTIONS - Systems and methods of providing fine grained control over MSS values of transport layer connections. A device intermediary to a plurality of clients and a plurality of servers can identify a first MSS value based on a MTU value of a VLAN interface responsive to a request to establish a transport layer connection. Device determines that a MSS value of the VLAN is less than the first MSS value. Device updates, responsive to the determination, the first MSS value to a second MSS value corresponding to the MSS value of the VLAN. Device determines that an MSS value specified by a profile configured for a virtual server of the device is less than the second MSS value. Device updates the second MSS value to the MSS value of the profile responsive to determining that the MSS value specified by the profile is less than the second MSS value. | 02-25-2016 |
20160057031 | SYSTEMS AND METHODS FOR HIGH VOLUME LOGGING AND SYNCHRONIZATION FOR LARGE SCALE NETWORK ADDRESS TRANSLATION - The present invention is related to a method for high volume logging for large scale network address translation. A first device intermediary to a plurality of clients and a plurality of database servers allocates a portion of memory to each packet engine in a plurality of packet engines executing on a respective core of a plurality of cores of the first device. The first device establishes large scale network address translation (LSN) for the plurality of clients, the first device logging LSN information of sessions to a corresponding logging buffer established in a respective packet engine's portion of memory. The first device identifies, for a LSN session, a packet engine from the plurality of packet engines to log the information for the LSN session and stores information of the LSN session to the logging buffer in the packet engine's portion of memory. | 02-25-2016 |
20160021057 | SYSTEMS AND METHODS TO SECURE A VIRTUAL APPLIANCE - The present disclosure relates to systems and methods for providing secure support to virtual appliances delivered to customer sites without passwords or enabled ports for service. A virtual appliance may be established on a first device. The virtual appliance may comprise a self-contained virtual machine with a pre-installed operating system and may be established with no root password enabled and a remote access port disabled. An administration tool may receive from a requestor a request to enable maintenance for the virtual appliance. The administration tool may generate, responsive to the request, a random password. The administration tool may enable, responsive to the request, the remote access port. The virtual appliance may wait for a connection to the remote access port for a predetermined period of time. The administration tool may transmit the random password to a service of a second device remote to the first device. | 01-21-2016 |
20150346931 | Method and System for Managing Peripheral Devices for Virtual Desktops - An electronic device is provided for managing assignment of peripheral devices in a virtualization environment. The electronic device can include a user interface configured to display one or more representations of virtual desktops. The virtual desktops are associated with corresponding virtual machines. The electronic devices can also include one or more processors configured to provide to the user interface to display one or more representations of the peripheral devices based on detection that the peripheral devices are communicatively coupled to a control virtual machine of the virtualization environment. The one or more processors can be further configured to detect one or more first inputs received with respect to the one or more representations of the virtual desktops and the one or more representations of the peripheral devices; and facilitate to establish one or more associations between the peripheral devices and the virtual machines. | 12-03-2015 |
20150341466 | SYSTEMS AND METHODS FOR REDIRECT HANDLING - The present invention is related to a method for routing requests among a plurality of database servers. A device intermediary to a client and a plurality of database servers receives a request to access a database provided by the plurality of database servers. The plurality of database servers can include a first database server configured to process write requests and one or more second database servers configured to process read requests. The device determines that the request to access the database is a read request. The device identifies, responsive to determining that the request is a read request, one of the one or more second database servers to send the request instead of the first database server. The device then transmits the request to the identified second database server. | 11-26-2015 |
20150341428 | SYSTEMS AND METHODS FOR PROVIDING LOAD BALANCING AS A SERVICE - The present disclosure is directed generally to systems and methods for providing load balancing as a service. A load balancer executing on a device intermediary to a server and a plurality of clients can receive a request from an agent executing on the server. The request can be to initiate establishment of a transport layer connection. The load balancer can accept the request to establish the transport layer connection with the server. The load balancer can receive a request to access the server from a client of the plurality of clients. The load balancer can forward the request to the server via the transport layer connection established between the load balancer and the server responsive to the request of the server. | 11-26-2015 |
20150341421 | SYSTEMS AND METHODS FOR JUST-IN-TIME STATE SHARING - Methods and systems for sharing variable states from an appliance to one or more servers is disclosed. The appliance may identify a script, and identify the variables associated with the script. The variables are shared with the servers so that the servers can execute the script. The script may also be shared with the servers. The script and the variables may be transmitted in-band with other traffic. | 11-26-2015 |
20150341383 | PROTECT APPLICATIONS FROM SESSION STEALING/HIJACKING ATTACKS BY TRACKING AND BLOCKING ANOMALIES IN END POINT CHARACTERISTICS THROUGHOUT A USER SESSION - Systems and methods for protection against session stealing is described. In embodiments of the present solution, a device intermediary to the client and the server may identify first properties of the client and associate the first properties with the session key. When the device receives subsequent request comprising the session key, the device matches the associated first properties with second properties of the second device that is sending the subsequent request. If there is a match, the subsequent request transmitted to the server. Otherwise, the subsequent request is rejected. | 11-26-2015 |
20150339164 | SYSTEMS AND METHODS FOR MANAGING SPILLOVER LIMITS IN A MULTI-CORE SYSTEM - The present disclosure is directed to a system for managing spillover via a plurality of cores of a multi-core device intermediary to a plurality of clients and one or more services. The system may include a device intermediary to a plurality of clients and one or more services. The system may include a spillover limit of a resource. The device may also include a plurality of packet engines operating on a corresponding core of a plurality of cores of the device. The system may include a pool manager allocating to each of the plurality of packet engines a number of resource uses from an exclusive quota pool and shared quota pool based on the spillover limit. The device may also include a virtual server of a packet engine of the plurality of packet engines. The virtual server manages client requests to one or more services. The device determines that the number of resources used by a packet engine of the plurality of packet engine has reached the allocated number of resource uses of the packet engine, and responsive to the determination, forwards to a backup virtual server a request of a client of the plurality of clients received by the device for the virtual server. | 11-26-2015 |
20150334162 | Navigation of Virtual Desktop Content on Devices - Methods and systems for navigating virtual desktop content on client devices (e.g., mobile devices) are disclosed. Virtual desktop navigation may be responsive to physical movement of the client device, such that virtual desktop content is panned and/or zoomed based on the user physically moving the client device in 3D space. A client device launches a graphical user interface for a virtual desktop on a display. Display resolution is determined, and movement information is generated based on physical movement of the client device. The display resolution and movement information are sent to a server. The client device receives, from the server, a portion of the graphical user interface based on the display resolution, a resolution of the graphical user interface, and the movement information. The portion of the graphical user interface is presented on the display, such that the displayed portion appears to change responsive to the movement of the device. | 11-19-2015 |
20150326475 | SYSTEMS AND METHODS FOR ACHIEVING MULTIPLE TENANCY USING VIRTUAL MEDIA ACCESS CONTROL (VMAC) ADDRESSES - The disclosure is directed towards systems and methods for segmenting network traffic using virtual media access control (vMAC) addresses. A device intermediary to a plurality of clients and a plurality of servers establishes a plurality of traffic domains to segment network traffic. The device generates a plurality of vMAC addresses to assign to the plurality of traffic domains. Each of the vMAC addresses can include an identifier of a traffic domain corresponding to the traffic domain to which the vMAC address is assigned. The device receives, from a second device, an address resolution protocol (ARP) request to determine a media access control (MAC) address to transmit data packets. The device selects, from the plurality of virtual MAC addresses, the virtual MAC address to use as the MAC address in a response based on an internet protocol (IP) address identified via the ARP request. The device then transmits, to the second device, a response to the request. The response can identify, as the MAC address, the selected vMAC address of a traffic domain. | 11-12-2015 |
20150326446 | AUTOMATIC ALERT GENERATION - Improved techniques of identifying when a device needs of service involve using data analytics to determine conditions when a device administrator of a computerized device is to be sent an alert regarding that device. Along these lines, a device monitoring system receives state data from a device that indicates the device is in a particular state, e.g., running certain applications, using some percentage of the processor and memory capacity, etc. The device monitoring system maps the device state data to a decision of whether or not to send a device administrator an alert concerning the device. The decision itself is a result of applying a model to the state data that is derived from the application of data analytics on historical device state data and administrator login data. | 11-12-2015 |
20150319178 | REMOTE ASSISTANCE FOR MANAGED MOBILE DEVICES - According to some aspects disclosed herein, a system for remote assistance and control of user devices subject to one or more remote assistance policies may be provided. In some embodiments, an administrator may request remote control of a managed user device. A managed application launcher may be provided by the user device and may be modified by the user device to remove managed applications or otherwise prevent access to applications that have a policy indicating that remote assistance is not allowed. The administrator may open a managed application included in the launcher and remotely control that application. In other embodiments, a user of the managed user device may initiate a request for remote assistance from within a managed application and/or the managed application launcher. The administrator's control of the user device and access to other applications on the user device may be limited based on the remote assistance policies. | 11-05-2015 |
20150319174 | Enterprise System Authentication and Authorization via Gateway - Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource. The methods and systems may also include receiving, by the computing device, the authorization information associated with the enterprise resource, transmitting, by the computing, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource, and passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource. | 11-05-2015 |
20150319039 | Policy Configuration Management Console - Methods and systems for managing policy configurations of different device types are described herein. An interface may be provided to a user where individual settings of different device types that are similar or the same are mapped to the same setting on the interface. The valid options or values for the individual device types are evaluated to identify common options or values. The user may select the common options or values of each common setting. The values selected as common settings values may be saved as the values for the corresponding individual settings of the different device types. | 11-05-2015 |
20150309811 | Modifying an Application for Managed Execution - Methods and systems for configuring mobile applications for managed execution are described herein. Executable application binaries may each be converted into a corresponding dynamic library. The dynamic libraries may be bundled with a managing application that is configured to manage execution of the dynamic libraries at a mobile computing device. Resource files consumed by the application binary may also be bundled with the managing application and accessible to the dynamic libraries during execution. The managing application may provide a workspace within which operation of the dynamic library occurs. Operation of the dynamic library may at least partially correspond to operation of the executable application binary. Execution of the dynamic library may be bound to a process that is executed for the managing application at a processor of a computing device. | 10-29-2015 |
20150301883 | SYSTEMS AND METHODS FOR PROPAGATING HEALTH OF A CLUSTER NODE - The present disclosure describes systems and methods for propagating port state to intermediary devices of a cluster in a static link aggregation environment. The methods and systems include a cluster comprising a plurality of intermediary devices in communication with a network device via a static link aggregation comprising aggregated ports from different intermediary devices of the cluster. A first device of the static link aggregation is configured to detect that a health of the first device is below a predetermined threshold and, responsive to the detection, identify one or more ports in the aggregated ports as down. A second device of the link aggregation is configured to, responsive to the identification, remove the ports from a distribution list for the static link aggregation. Upon detection that a health of a device is above a predetermined threshold, the first device may identify the ports as up. | 10-22-2015 |
20150294494 | REMOTE RENDERING OF THREE-DIMENSIONAL IMAGES USING VIRTUAL MACHINES - Remote rendering of three-dimensional images using virtual machines includes using a hypervisor executing on a physical computer to allocate exclusive and direct access to a graphics processing unit in the physical computer, to a first virtual machine. An agent executing on a second virtual machine intercepts three-dimensional draw commands generated by a three-dimensional application and forwards the intercepted draw commands to a rendering agent executing on the first virtual machine. The rendering agent then transmits the intercepted draw commands to the graphics processing unit for rendering upon which the graphics processing unit renders a three-dimensional image from the draw commands. The rendering agent obtains the rendered image from the graphics processing unit and forwards the image to the second virtual machine. Upon receiving the rendered image, the second virtual machine transmits the rendered image to another remote, physical computer where the rendered image is displayed to a user. | 10-15-2015 |
20150286357 | Snap Navigation of a Scrollable List - Methods, systems, and computer-readable media for providing snap navigation in a scrollable list are presented. Certain items of the content items in the scrollable list may represent natural or desirable breakpoints for scrolling through the list. As a list view scrolls through the scrollable list in response to user input, the list view may suspend scrolling when it reaches a breakpoint content item. In some embodiments, a computing device may determine that a given content item represents a breakpoint in the scrollable list based on a breakpoint rule. The breakpoint rule may be based on any suitable criteria for identifying the content item as a breakpoint for scrolling the list. For example, the breakpoint rule may be based on the content of the content item or a category of the content item. | 10-08-2015 |
20150271141 | SYSTEMS AND METHODS FOR A VPN ICA PROXY ON A MULTI-CORE SYSTEM - The present invention is directed towards systems and methods for sharing licenses across resources via a multi-core intermediary device. A device intermediary to a plurality of clients and a server may grant a license for a virtual private network (VPN) session established by a first core of a plurality of cores of the device with a client. A second core of the plurality of cores may receive a first request from the client to establish an application connection between an application and a server via the VPN session. The second core may send a second request to the first core to share the license of the VPN session responsive to determining that the first core owns the VPN session. The second core may establish the application connection responsive to receiving from the first core a response accepting the second request to share the license of the VPN session. | 09-24-2015 |
20150271013 | Ubiquitous Collaboration In Managed Applications - Methods and systems for an ubiquitous collaboration feature in a managed application environment are described herein. The collaboration service and/or server may store session information and one or more configuration files for use in rendering the collaboration features in combination with managed applications executing on a user's computing device. | 09-24-2015 |
20150268740 | METHOD AND SYSTEM FOR MAINTAINING ASPECT RATIO ON POINTING DEVICES - A first computing device is provided for optimizing motion of a pointer associated with a pointing device. The first computing device can include one or more processors configured to provide a first virtual machine. The first virtual machine can be configured to obtain at least one of a first attribute and a second attribute, relating to a display area, and determine, based on at least one of the first attribute and the second attribute, at least one of a first scaling factor and a second scaling factor. The first virtual machine can be further configured to optimize a motion of the pointer based on at least one of the first scaling factor and the second scaling factor, and provide information corresponding to the optimized motion of the pointer to the second virtual machine. | 09-24-2015 |
20150264035 | METHOD AND SYSTEM FOR SECURELY TRANSMITTING VOLUMES INTO CLOUD - A first computing device is provided for transmitting one or more volumes via a secured connection. The first computing device includes a volume service that is executable by one or more processors and is configured to instruct a cloud computing device to generate a worker virtual machine. The volume service is also configured to provide, via a connection different from the secured connection, a random number to the worker virtual machine. The volume service is further configured to instruct the cloud computing device to generate one or more target volumes associated with the cloud computing service and to associate the one or more target volumes with the worker virtual machine. The volume service is further instructed to provide, irrespective of the content type of the volumes and the size of the volumes, the one or more volumes to the worker virtual machine via the secured connection. | 09-17-2015 |
20150256795 | PARTICIPATING IN AN ONLINE MEETING WHILE DRIVING - A technique enables a user to participate in an online meeting. The technique involves receiving, by processing circuitry of a vehicle, a join instruction to join the online meeting. The technique further involves performing, by the processing circuitry of the vehicle, a communications exchange with a remote online meeting server in response to the join instruction, the communications exchange establishing an online meeting session with the remote online meeting server to join the processing circuitry of the vehicle to the online meeting. The technique further involves outputting, after the online meeting session is established and by the processing circuitry of the vehicle, video of the online meeting on a display screen which is integrated with the vehicle. Along these lines, the display screen can output a static image while the vehicle is moving and moving video while the vehicle is not moving (e.g., parked). | 09-10-2015 |
20150256600 | SYSTEMS AND METHODS FOR MEDIA FORMAT SUBSTITUTION - Systems and methods are disclosed for media format substitution. In accordance with one implementation, a method is provided for media format substitution. The method includes receiving from a client device a request for media data having a first media format, determining whether the client device supports a second media format, and based on the determination, sending to the client device a content type identifier associated with the second media format. The method also includes obtaining the media data from a content server or a content cache, generating, based on the obtained media data, formatted media data corresponding to the second media format, and sending the formatted media data to the client device. | 09-10-2015 |
20150244781 | SYSTEMS AND METHODS FOR POLICY BASED INTEGRATION TO HORIZONTALLY DEPLOYED WAN OPTIMIZATION APPLIANCES - The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server. | 08-27-2015 |
20150242106 | Navigating a Hierarchical Data Set - Methods, systems, and computer-readable media for providing navigation in a hierarchical data set are presented. In some embodiments, a computing device may generate a user interface including a first node as a focused node at a fixed focal point along with a subset of a first plurality of related nodes having a relationship with the first node. In some instances discussed herein, user input may be received selecting a second node as the focused node, such as a scrolling action dragging the second node to the fixed focal point. The user interface may be updated to display a subset of a second plurality of related nodes having a relationship with the second node. In some arrangements, the hierarchical data set may correspond to an organizational chart, a workflow, a directory structure, a categorized list, a taxonomy, or any other type of hierarchical data. | 08-27-2015 |
20150237303 | TECHNIQUES FOR INTERFACING A USER TO AN ONLINE MEETING - A technique is directed to interfacing a user to an online meeting. The technique includes performing an evaluation operation on a set of input/output (I/O) devices available for use by the user during the online meeting, each I/O device of the set being constructed and arranged to perform a same I/O function. The evaluation operation assesses online meeting performance of each I/O device of the set. The technique further includes selecting an I/O device based on a result of the evaluation operation. The technique further includes involving the selected I/O device of the set in the online meeting and excluding a non-selected I/O device of the set from the online meeting. Accordingly, the best suited I/O device can automatically be selected to improve the user experience. In some arrangements, rather than automatically switching I/O devices, the user is automatically prompted with a recommended I/O device to use. | 08-20-2015 |
20150199515 | EVALUATING APPLICATION INTEGRITY - Methods, systems, computer-readable media, and apparatuses for evaluating application integrity are presented. In one or more embodiments, an application store, which may be provided by one or more computing devices, may analyze one or more aspects of an application. Subsequently, the application store may determine, based on the one or more analyzed aspects of the application, an integrity score for the application. Based on the integrity score, the application store may determine whether to publish the application in the application store. In response to determining to publish the application in the application store, the application store then may publish the application in the application store. Alternatively, in response to determining not to publish the application in the application store, the application store may generate a notification indicating that the application has an insufficient integrity score. | 07-16-2015 |
20150199213 | PROVIDING MOBILE APPLICATION MANAGEMENT FUNCTIONALITIES - Methods, systems, computer-readable media, and apparatuses for providing mobile application management (MAM) functionalities are presented. In some embodiments, a mobile device may initialize a partially managed application associated with a first managed user account and an unmanaged user account. The mobile device may execute first managed tasks associated with the first managed user account in accordance with a first set of MAM policies provided by a first MAM service provider. The mobile device may execute unmanaged tasks associated with the unmanaged account independent of the first set of MAM policies. In some embodiments, the mobile device may initialize the multi-account managed application associated with a second managed user account. | 07-16-2015 |
20150195182 | SYSTEMS AND METHODS FOR CLOUD-BASED PROBING AND DIAGNOSTICS - Systems and methods of the present disclosure are directed to providing centralized diagnostic services to a plurality of heterogeneous computing environments deployed at different data centers on different networks. In some embodiments, a centralized diagnostic tool establishes a connection to a server of a data center that deploys a computing environment with components. The centralized diagnostic tool validates automatically a component of the computing environment based on a corresponding configuration file received from the server for the component. The centralized diagnostic tool establishes a virtual device simulating a client application executing on a client device. The client application can be configured to communicate with the component. The centralized diagnostic tool automatically initiates a request using a predetermined protocol flow, and the virtual device transmits the request to the component. The virtual device receives a response to the request indicative of a status of the computing environment. | 07-09-2015 |
20150188777 | PROVIDING MOBILE DEVICE MANAGEMENT FUNCTIONALITIES - Methods, systems, computer-readable media, and apparatuses for providing mobile device management (MDM) functionalities are presented. In some embodiments, a pseudo device representative of a physical end user device may be established within a cloud computing environment. The pseudo device may be provisioned for use with MDM service providers and configured to receive commands from the MDM service providers on behalf of the physical end user device. In some embodiments, multiple pseudo devices each representative of a physical end user device may be established within a cloud computing environment. A first pseudo device may be provisioned for use with a first MDM service provider and configured to receive commands from the first MDM service provider on behalf of the physical end user device. A second pseudo device may be provisioned for use with a second MDM service provider and configured to receive commands from the second MDM service provider. | 07-02-2015 |
20150178883 | METHODS AND SYSTEMS FOR MAINTAINING STATE IN A VIRTUAL MACHINE WHEN DISCONNECTED FROM GRAPHICS HARDWARE - The present disclosure is directed towards methods and systems for maintaining state in a virtual machine when disconnected from graphics hardware. The virtual machine is one of a plurality of virtual machines hosted by a hypervisor executing on a computing device. A control virtual machine may be hosted by a hypervisor executing on a computing device. The control virtual machine may store state information of a graphics processing unit (GPU) of the computing device. The GPU may render an image from a first virtual machine. The control virtual machine may remove, from the first virtual machine, access to the GPU. The control virtual machine may redirect the first virtual machine to a GPU emulation program. The GPU emulation program may render the image from the first virtual machine using at least a portion of the stored state information. | 06-25-2015 |
20150178105 | Method and System for Optimizing Virtual Disk Provisioning - A first computing device is provided for virtual disk provisioning. The first computing device includes one or more processors configured to provide a first virtual disk and a first publish differencing disk. The one or more processors are further configured to obtain meta data associated with the first virtual disk and the first publish differencing disk, and generate one or more first differencing patches and one or more second differencing patches. The first and second differencing patches having a binary format. The first computing device further includes a storage configured to store data associated with the first virtual disk and the first publish differencing disk, the meta data, and the one or more first and second differencing patches. The first computing device further includes a communication subsystem configured to provide one or more first and second differencing patches to provision the virtual machine associated with a second computing device. | 06-25-2015 |
20150163245 | SYSTEMS AND METHODS FOR MANAGING DOMAIN NAME SYSTEM SECURITY (DNSSEC) - The present invention is directed towards systems and methods for providing multiple modes of a zone for DNSSEC by an intermediary device. The method includes providing, by a device intermediary to a plurality of clients and a plurality of servers, a plurality of modes of a zone for Domain Name Service. The device receives a selection of a first mode of the zone of the plurality of modes of the zone. The device receives information identifying to enable DNS Security for the selected first mode. The device establishes the zone for DNS in accordance with the selected first mode and with DNS Security enabled. | 06-11-2015 |
20150156273 | PERSONALIZED CONTENT DELIVERY USING PEER-TO-PEER PRECACHING - A method and apparatus for peer-to-peer video precaching is described. In one embodiment, the method comprises building a user profile, periodically checking for new content of objects in the user profile, maintaining a data base of available objects and location of said objects, and determining the download location of an object requested by a user. | 06-04-2015 |
20150156271 | SYSTEMS AND METHODS FOR IDENTIFYING A PROCESSOR FROM A PLURALITY OF PROCESSORS TO PROVIDE SYMMETRICAL REQUEST AND RESPONSE PROCESSING - Described herein is a method and system for distributing request and responses across a multi-core system. Each core executes a packet engine that further processes data packets allocated to that core. A flow distributor executing within the multi-core system forwards client requests to a packet engine on a core that is selected based on a value generated when a hash is applied to a tuple comprising a client IP address, a client port, a server IP address and a server port identified in the request. The packet engine selects a first IP address and a first port of the core, and determines whether a hash of a tuple comprising those values identifies the selected core. A modification is then made to the client request so that the client request includes a tuple comprising the first IP address, the server IP address, the first port and the server port. | 06-04-2015 |
20150149404 | COLLABORATIVE ONLINE DOCUMENT EDITING - A technique for facilitating online collaboration among users of client machines allows multiple users to work together and concurrently on a set of documents. In response to a request from a user, a server opens a document in a software application running on the server and virtualizes the software application to the client machines. Multiple users can then operate the software application from the respective client machines to edit the document via remote control. The server multiplexes pointer input from the client machines to provide pointer input to the software application from one user at a time. Multiplexing of pointer input takes place seamlessly and automatically in response to user activity with respect to the virtualized software application. | 05-28-2015 |
20150142800 | GENERATING ELECTRONIC SUMMARIES OF ONLINE MEETINGS - An improved technique of organizing content of online meetings involves generating an electronic summary based on a textual metadata derived from content presented in an online meeting. An online meeting server collects content such as audio, video, and slide files presented in a particular online meeting. From metadata associated with such content, the online meeting server generates an electronic summary of the particular online meeting which includes a textual description of the content. The online meeting server then stores the electronic summary and the content presented in the particular online meeting in a repository that is configured to store content from other online meetings. | 05-21-2015 |
20150139236 | SYSTEMS AND METHODS FOR BRIDGING A WAN ACCELERATOR WITH A SECURITY GATEWAY - The solution described herein provides systems and methods for the interoperability of network processing programs that process network packets at different levels of the network stack. This solution bridges the communications of a network packet between a first network processing program operating at a first level of a network stack in an intermediary and a second network processing program operating at a second level of the network stack of the intermediary. The first network processing program may modify an incoming network packet so that the packet may traverse the network stack to an upper level of the stack to the second network processing program. After processing the network packet at the upper layers of the stack or by the second network processing program, the first network processing program modifies the network pack in order to transmit the packet to the intended destination while traversing the intermediary. | 05-21-2015 |
20150128227 | SYSTEMS AND METHODS FOR USING AN HTTP-AWARE CLIENT AGENT - Systems and methods are described for using a client agent operating in a virtual private network environment to intercept HTTP communications. Methods include: intercepting at the network layer, by a client agent executing on a client, an HTTP request from an application executing on the client; modifying the HTTP request; and transmitting, via a transport layer connection, the modified HTTP request to a server. Additional methods may comprise adding, removing, or modifying at least one cookie in the HTTP request. Still other methods may comprise modifying at least one name-value pair contained in the HTTP request. Corresponding systems are also described. | 05-07-2015 |
20150124828 | SYSTEMS AND METHODS FOR PORT ALLOCATION - Systems and methods of the present disclosure relate to allocating ports for packets distributed via a computer network. A packet engine on a core of a multicore device intermediary between a client and a server receives a first packet from the client. The first packet includes an outer header of an encapsulation protocol encapsulating a payload with an inner header. The first packet is directed by a packet distributor of the device to the first core selected based on a first tuple of the outer header. A port allocator of the packet engine determines a source port number to cause the packet distributor to identify the first core based on a second tuple of the inner header. The packet engine modifies the inner header of the payload to include the determined source port number. The device forwards the first packet including the modified inner header to the server. | 05-07-2015 |
20150124827 | SYSTEMS AND METHODS FOR PERFORMING SERVICE TAG SWITCHING IN AN APPLICATION DELIVERY CONTROLLER - The disclosure is directed towards systems and methods for performing service tag switching. A device intermediary to a client and a server receives a packet including a virtual network device identifier tag that identifies a list of functions to be performed on the packet. The device tags the packet with a first service tag identifying a first functional entity of the device to which to route the packet. The device routes the packet to the first functional entity configured to perform a first function. Responsive to the first function being performed, the device selects a subsequent service tag identifying a subsequent functional entity to route the packet. The device tags the packet with the subsequent service tag and routes the packet to the subsequent functional entity. Once all of the list of functions to be performed on the packet have been performed, the device forwards the packet to its destination. | 05-07-2015 |
20150121061 | SYSTEMS AND METHODS FOR MANAGING A GUEST VIRTUAL MACHINE EXECUTING WITHIN A VIRTUALIZED ENVIRONMENT - The present disclosure relates to methods and systems for managing a guest virtual machine executing within a virtualized environment. A daemon is established on a guest virtual machine executing within a virtualized environment. The daemon is configured to communicate with a management service virtual machine executing within the virtualized environment. The daemon receives, from the management service virtual machine via an application layer protocol, a request identifying an action type of a plurality of predetermined action types. The daemon identifies the action type of the plurality of predetermined action types from the received request and performs an action corresponding to the identified action type. In some implementations, the application layer protocol is one of Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS). | 04-30-2015 |
20150120876 | METHODS AND SYSTEMS FOR OPTIMAL DELIVERY OF INTERNET VIDEO OVER WIRELESS NETWORKS - A system and method is provided for controlling multimedia data transmission to a communication device via a network. The system comprises a de-muxer configured to obtain a first multimedia data for transmission and a flow controller configured to evaluate an estimated buffer time associated with the communication device. If the estimated buffer time satisfies a first threshold condition, the flow controller updates a current transmitting state to be a pacing state. And if the estimated buffer time satisfies a second threshold condition, the flow controller updates the current transmitting state to be a bursting state. The system also comprises a muxer configured to transmit the first multimedia data at a transmitting rate corresponding to the bursting state or the pacing state. | 04-30-2015 |
20150117626 | USING AUDIO SIGNALS TO IDENTIFY WHEN CLIENT DEVICES ARE CO-LOCATED - A technique manages an online meeting. The technique includes providing an audio output signal to a first client device currently participating in the online meeting. The audio output signal directs the first client device to play a particular sound (e.g., a unique tone or a unique series of tones). The technique further involves receiving an audio input signal from a second client device. The audio input signal includes the particular sound. The technique further involves identifying the second client device as being co-located with the first client device in response to the audio input signal which includes the particular sound. Such operation enables the electronic circuitry (e.g., a processing circuit of an online meeting server) to learn whether any client devices are co-located and accordingly associate multiple devices to a single user connected to the online meeting. | 04-30-2015 |
20150113526 | METHOD AND SYSTEM FOR DISPLAYING GRAPHICS FOR A LOCAL VIRTUAL MACHINE - A computing device is provided for displaying images that are two dimensional (2D) or three dimensional (3D). The computing device includes one or more processors configured to obtain graphical data that has been generated by one or more applications associated with a first virtual machine and map one or more virtual apertures or one or more actual buffers associated with the first virtual machine to a textual buffer associated with a second virtual machine. The virtual apertures are in a virtual memory space and the actual buffers are in a physical memory space. The one or more processors are also configured to process the graphical data based on the mapping. The computing device also includes a display device configured to display the 2D or 3D images using the processed graphical data. | 04-23-2015 |
20150106946 | SECURE CLIENT DRIVE MAPPING AND FILE STORAGE SYSTEM FOR MOBILE DEVICE MANAGEMENT TYPE SECURITY - Methods and systems for providing a secure client drive mapping and/or file storage for mobile device management type security may include executing a managed application for presentation on a mobile device, receiving a request to save a data file locally on the mobile device, and determining whether the data file contains sensitive data are described herein. Subsequently, when the data file contains sensitive data and responsive to the request, the methods and system may also include encrypting the data file, storing the encrypted data file on the mobile device, and linking the encrypted data file to an unencrypted version of the data file, the unencrypted version of the data file not containing the sensitive data. | 04-16-2015 |
20150106424 | METHODS AND SYSTEMS FOR LOAD BALANCING USING FORECASTING AND OVERBOOKING TECHNIQUES - Methods and systems for establishing user sessions between a client and a server or server farm can be carried out by a load balancing agent executing on a computer in communication with the client, server or server farm. The load balancing agent can intercept a connection request generated by an application executing on a client and responsively select a server on which to establish a user session. Selecting the server can be based on overbooking a particular server and choosing a server with a predetermined amount of forecasted load. Forecasted load can be determined by summing the current load on a server with a current load calculated by multiplying: the average load on the user sessions hosted by the server; by the number of cached user sessions stored on the server; and by the probability that a cached user session reconnects. | 04-16-2015 |
20150089497 | SEPARATE, DISPOSABLE EXECUTION ENVIRONMENT FOR ACCESSING UNVERIFIED CONTENT - Methods and systems are disclosed for opening unverified content in a separate, disposable virtualized environment using a temporary virtual machine (VM). In one example, the disclosed method includes intercepting a request to open/access unverified content from a third-party remote server, and comparing the particular information/attributes of the unverified content against predetermined criteria. Then, the user device may connect using a remote presentation protocol to the temporary VM in the separate, disposable environment such that the output of the unverified content may be transported to and displayed in the separate, disposable environment. The connection with the temporary VM may be terminated and the separate, disposable environment may be wiped clean to reduce the risk of malicious code in the unverified content. | 03-26-2015 |
20150067542 | GUI WINDOW WITH PORTAL REGION FOR INTERACTING WITH HIDDEN INTERFACE ELEMENTS - A computer is operated by displaying a window on a display device, where the window is an opaque window overlaid on the entirety of a system desktop that includes graphical representations of system controls and application controls. The window displays user interface elements of an application program executing on the computer, and also includes a portal region displaying an image of the system desktop including counterparts of the system controls and application controls. The computer provides user-controlled operation of the system controls and application controls based on simulated user interaction with the counterparts of the system controls and application controls in the portal region. The application program can effectively coordinate the use of the display by itself and by the system and other applications using the system desktop, relieving the user of this task. | 03-05-2015 |
20150067212 | SYSTEMS AND METHODS FOR INITIALIZATION AND LINK MANAGEMENT OF NICS IN A MULTI-CORE ENVIRONMENT - The present application is directed towards systems and methods for coordination and management of a shared resource in a multi-core system. In a multi-core system, multiple cores may be utilizing a shared resource. However, internal resources common to the shared resource may need to be initialized by only one core, and independent and uncoordinated initialization by multiple cores may cause errors. The present invention provides systems and methods for coordinating such initialization and use through a handshaking protocol. | 03-05-2015 |
20150067184 | Methods and Systems for Quantifying the Holistic Quality of Experience for Internet Multimedia - A system and method is provided for providing a composite Quality of Experience (QoE) metrics associated with a multimedia transmitted via a network. The method includes obtaining multimedia data corresponding to the multimedia transmitted via the network and acquiring metrics associated with the multimedia data. The metrics includes at least one multimedia transmitting metrics and at least one multimedia quality metrics. The method also includes normalizing the metrics and determining, based on the one or more normalized metrics, the composite multimedia QoE metrics. | 03-05-2015 |
20150067142 | AGGREGATION OF METRICS FOR TRACKING ELECTRONIC COMPUTING RESOURCES BASED ON USER CLASS HIERARCHY - An improved technique involves collecting data from a hosting environment that provides access to electronic computing resources and computing aggregated metrics from the data for a particular level of a user class hierarchy by aggregating metric values collected for subordinate levels of the user class hierarchy. Along these lines, a tracking server, upon receiving resource usage data, arranges the data in entries having values of metrics that describe some attribute related to resource usage and pertaining to a user class hierarchy. For a given level of the user class hierarchy, the tracking server performs an aggregation operation (e.g., a summation) of metric values over entries pertaining to subordinate levels of the user class hierarchy. The tracking server stores the result of the aggregation operation in an aggregation table for future report generation. | 03-05-2015 |
20150067096 | REDIRECTING LOCAL STORAGE TO CLOUD STORAGE - One embodiment is directed to a method of providing access to cloud storage performed by a mobile computing device. The method includes (a) receiving a file-level access command to perform a file-level operation on a file of filesystem storage of the mobile computing device, the filesystem storage including remote storage provided by a remote storage platform and locally-cached storage provided by local storage, (b) evaluating whether the file-level access command is directed to a pre-determined portion of the filesystem provided by the remote storage platform, (c) in response to evaluating, if the file-level access command is directed to the pre-determined portion, then performing a synchronization operation to ensure that the file is stored on local storage in synchronization with the remote storage platform, and (d) fulfilling the file-level access command by accessing the local storage once the file is stored on local storage in synchronization with the remote storage platform. | 03-05-2015 |
20150067044 | EFFICIENTLY ACCESSING WEB CONFERENCES FROM A MOBILE DEVICE - A technique for joining a web conference on a mobile device includes running a program on the mobile device that displays a list of web conference invitations for web conferences scheduled to be held at or near the current time, receiving a user selection of one of the listed web conference invitations, and initiating a web conference for the selected web conference invitation using a web conference client installed on the mobile device. The technique enables mobile users to join web conferences quickly and with few manual operations. | 03-05-2015 |
20150067026 | ACQUIRING ONLINE MEETING DATA RELATING TO AN ONLINE MEETING - A technique acquires online meeting data relating to an online meeting. The technique involves running, by processing circuitry, a set of programs (e.g., an operating system, a slideshow application, a word processing program, other programs, etc.) to carry out an online meeting which shares online meeting content among a set of users. The technique further involves performing, while the processing circuitry runs the set of programs to carry out the online meeting, a set of information collection operations by the processing circuitry. The set of information collection operations collects online meeting data from the set of programs. The collected online meeting data includes non-bitmap text-based information extracted from the set of programs (e.g., keywords, phrases, etc. obtained via procedure calls using standard APIs to the set of programs). The technique further involves storing, by the processing circuitry, the collected online meeting data in a designated location of computer memory. | 03-05-2015 |
20150066501 | PROVIDING AN ELECTRONIC SUMMARY OF SOURCE CONTENT - A technique provides an electronic summary of source content. The technique involves performing, on the source content, a content recognition operation to electronically generate text output from the source content. The technique further involves electronically evaluating text portions of the text output based on predefined usability criteria to produce a respective set of usability properties for each text portion of the text output. The technique further involves providing, as the electronic summary of the source content, summarization output which summarizes the source content. The summarization output includes a particular text portion of the text output which is selected from the text portions of the text output based on the respective set of usability properties for each text portion of the text output. | 03-05-2015 |
20150058807 | COMBINATION COLOR AND PEN PALETTE FOR ELECTRONIC DRAWINGS - An improved technique involves embedding a pen selection within a selected color. When a user selects a color for a new stroke by moving a cursor over a color icon, a pen palette appears within the selected color icon. In some arrangements, the improved techniques further involve automatically selecting a pen by default as the previous pen used for that color, so that only a single color selection need be made rather than separate pen and color selections. In this way, the user may then quickly and fluidly select both a color, then a pen for a drawing stroke. Such a color and pen selection process may be seen to simulate the actions in drawing on a whiteboard. | 02-26-2015 |
20150058753 | SHARING ELECTRONIC DRAWINGS IN COLLABORATIVE ENVIRONMENTS - An improved technique involves providing for a gesture-based undo command for use within a collaborative drawing environment. Such an undo function that is both gesture-based and capable of being used within a collaborative environment takes full advantage of the capabilities of tablet computers and laptop computers having touch screens. The gesture-based undo command may involve a multi-point linear swipe such as a two-point linear swipe gesture in order to easily distinguish an undo command from a drawing command. | 02-26-2015 |
20150055659 | Method for Prioritizing Network Packets at High Bandwidth Speeds - The embodiments are directed to methods and appliances for scheduling a packet transmission. The methods and appliances can assign received data packets or a representation of data packets to one or more connection nodes of a classification tree having a link node and first and second intermediary nodes associated with the link node via one or more semi-sorted queues, wherein the one or more connection nodes correspond with the first intermediary node. The methods and appliances can process the one or more connection nodes using a credit-based round robin queue. The methods and appliances can authorize the sending of the received data packets based on the processing. | 02-26-2015 |
20150049604 | Efficient In-Band Communication of Quality-Of-Service Policies Between Virtual Classification Devices and Enforcement Devices - The embodiments are directed to methods and appliances for configuring a classification tree. The methods and appliances, can receive data packets having a source media access control (MAC) address. The methods and appliances can encode the source MAC address based on a determination of a message type. The methods and appliances can provide the encoded source MAC address to a quality-of-service (QoS) engine, wherein the encoded source MAC address configures the classification tree used by the QoS engine for authorizing the transmission of one or more data packets. | 02-19-2015 |
20150046997 | Accessing Enterprise Resources While Providing Denial-of-Service Attack Protection - A method for accessing enterprise resources while providing denial-of-service attack protection. The method may include receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource. The method may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier. The method may also include retrieving, after authentication of the credentials, the location identifier from the client device. The method may additionally include providing access to the resource based on the location identifier. | 02-12-2015 |
20150043345 | PERFORMING QoS ON UNKNOWN BANDWIDTHS THROUGH RATE ESTIMATING TCP CONGESTION HANDLERS - A system and method is provided for scheduling data packets. The system includes one or more packet engines configured to provide one or more congestion indications for a plurality of connections of a communication link. The system also includes a packet scheduler configured to receive the one or more congestion indications, estimate a link rate of the communication link using the one or more congestion indications and classification information, and schedule the data packets for transmission via the plurality of connections using the estimated link rate and the classification information. | 02-12-2015 |
20150043335 | HIGH PERFORMANCE QUALITY-OF-SERVICE PACKET SCHEDULING FOR MULTIPLE PACKET PROCESSING ENGINES - A system and method is provided for optimizing network traffic. The system includes a packet engine of a plurality of packet engines configured to acquire a data packet, to store the data packet in a queue, and to provide a request including a packet token representing the data packet, information regarding the size of the data packet, and a connection token. The system also includes a packet scheduler configured to receive the request; schedule the data packet using the connection token and the information regarding the size of the data packet; and provide the packet token and a notification to the packet engine for allowing the packet engine for transmitting the data packet. | 02-12-2015 |
20150040183 | NETWORK POLICY IMPLEMENTATION FOR A MULTI-VIRTUAL MACHINE APPLIANCE WITHIN A VIRTUALIZATION ENVIRONMENT - A networking policy implementation for a multi-virtual machine appliance that includes a method for selecting a network implementation by applying a network policy to existing network configurations within a virtualization environment of a computing device. A control program that executes within the virtualization environment, receives an event notification generated by a virtual machine in response to a lifecycle event. The control program, in response to receiving the notification, invokes a policy engine that applies a network policy to existing network configurations of the virtualization environment. This network policy can correspond to the virtual machine or to a network object connected to virtual interface objects of the virtual machine. The policy engine then identifies an existing network configuration that has attributes which satisfy the network policy, and selects a network implementation that satisfies the network policy and the network configuration. | 02-05-2015 |
20150040122 | AUTONOMIC VIRTUAL MACHINE SESSION LINGERING - Virtual machine sessions may be hosted by a virtualization computing platform. A portion of the virtual machine sessions that are inactive may be identified. The virtualization computing platform may continue to host the virtual machine sessions that are inactive. A determination may be made that utilization of one or more resources associated with the virtualization computing platform exceeds a threshold. Responsive to determining that utilization of the one or more resources associated with the virtualization computing platform exceeds the threshold, the virtualization computing platform may cease to host one or more of the portion of virtual machine sessions that are inactive. | 02-05-2015 |
20150039763 | SYSTEMS AND METHODS FOR LEAST CONNECTION LOAD BALANCING BY MULTI-CORE DEVICE - The present invention is directed towards systems and methods for load balancing by a multi-core device intermediary between clients and services. The device may establish sub-slots in each slot of the device's packet engines. The number of sub-slots may correspond to the packet engine count. Each slot may track a different number of active connections allocated to a service. The device may assign a first and second service to each packet engine in a first slot corresponding to no active connections. These services may be assigned to different sub-slots in adjacent packet engines. The device may update, responsive to allocation of a first active connection to the first service, the first service from a sub-slot in the first slot of a first packet engine, to a corresponding sub-slot in a second slot. The second slot may correspond to one active connection allocated to the first service. | 02-05-2015 |
20150039674 | SYSTEMS AND METHODS FOR PERFORMING RESPONSE BASED CACHE REDIRECTION - The present disclosure relates to methods and systems for performing response based cache redirection to a cache proxy. A device intermediary to a plurality of clients and a plurality of servers and in communication with a plurality of cache proxies, receives a request for content from a client. The request is for content from a server of the plurality of servers. The device forwards the request to the server. The device identifies a cache redirection policy that specifies an amount of bytes of a response to buffer to calculate a signature of the content of the response. The device computes the signature of the content of the response based on the amount of bytes of the response received from the server and buffered by the device. The device selects a cache proxy based on the computed signature and forwards the request of the client to the selected cache proxy. | 02-05-2015 |
20150036493 | SYSTEMS AND METHODS FOR LOAD BALANCING NON-IP DEVICES - The present disclosure relates to methods and systems for providing load balancing for layer 2 devices. A device intermediary to a plurality of clients and a plurality of servers and a plurality of layer 2 devices establishes, for each layer 2 device, a first traffic domain corresponding to ingress traffic received from the plurality of clients and a second traffic domain of the device corresponding to ingress traffic received from the plurality of clients. The device associates a first virtual local area network (VLAN) with the first traffic domain and a second VLAN with the second traffic domain. The device establishes a plurality of services. Each service corresponds to a layer 2 device and includes a corresponding subnet internet protocol (SNIP) address hosted on the device. The device establishes a virtual server to load balance the plurality of services corresponding to each of the plurality of layer 2 devices. | 02-05-2015 |
20150026108 | Managing Computer Server Capacity - Systems and methods are disclosed for using machine learning (e.g., neural networks and/or combinatorial learning) to solve the non-linear problem of predicting the provisioning of a server farm (e.g., cloud resources). The machine learning may be performed using commercially available products, such as the SNNS product from The University of Stuttgard of Germany. The system, which includes a neural network for machine learning, is provided with an identification of inputs and outputs to track, and the system provides correlations between those. Rather than static rules, the machine learning provides dynamic provisioning recommendations with corresponding confidence scores. Based on the data collected/measured by the neural network, the provisioning recommendations will change as well as the confidence scores. | 01-22-2015 |
20150020220 | SYSTEMS AND METHODS FOR APPLICATION BASED INTERCEPTION OF SSL/VPN TRAFFIC - A method for allowing or denying, by an appliance, access to a resource by an application on a client via a virtual private network connection includes basing the decision to allow or deny access on identification of the application. The appliance intercepts a request from an application on a client on a first network to access via a virtual private network connection a resource on a second network. The appliance identifies the application and associates with the intercepted request an authorization policy based on the identity of the application. The appliance determines, using the authorization policy and the identity of the application, to either allow or deny access by the application to the resource. | 01-15-2015 |
20140380410 | SYSTEMS AND METHODS FOR HTTP CALLOUTS FOR POLICIES - A method of identifying an action of a policy in association with communications between a client and one or more servers includes determining, by an intermediary, a policy action based on using a callout based policy. In one aspect, an intermediary receives communications between a client and one or more servers. The intermediary identifies a policy for the communications, the policy specifying a request and a server to communicate the request. Responsive to the policy, the intermediary transmits the request to the server. Based on the server response to the request, the intermediary determines an action of the policy. In another aspect, a system for the present method includes a an intermediary and a policy engine for identifying a policy to specify a request and a destination server. Responsive to a server response to the request, the intermediary determines an action of the policy. | 12-25-2014 |
20140373090 | SYSTEMS AND METHODS FOR PROVIDING A SMART GROUP - The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component. | 12-18-2014 |
20140365563 | SYSTEMS AND METHODS FOR CONTENT INJECTION - The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance. | 12-11-2014 |
20140359728 | SYSTEMS AND METHODS FOR USING END POINT AUDITING IN CONNECTION WITH TRAFFIC MANAGEMENT - The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result. | 12-04-2014 |
20140351447 | SYSTEMS AND METHODS FOR MULTIPATH TRANSMISSION CONTROL PROTOCOL CONNECTION MANAGEMENT - The present invention is directed towards systems and methods for multipath transmission control protocol connection (MPTCP) management. A first device, intermediary between a second device and a third device, may establish a protocol control structure responsive to establishment of a MPTCP session between the first device and the second device. The first device may maintain, via the protocol control structure, an identification of a plurality of subflows comprising transmission control protocol (TCP) connections in the MPTCP session between the first device and the second device. The first device may convert or translate, via the protocol control structure, subflow-specific sequence identifiers of packets transmitted via each of the plurality of subflows, to sequence identifiers unique across the plurality of subflows and identifying related packets from each subflows to be processed at the third device. The third device may receive the packets with the converted sequence identifiers in a single TCP connection. | 11-27-2014 |
20140350997 | USER-DEFINED WORKFLOWS IN APP-BASED COLLABORATIVE WORKSPACE SYSTEM - An online collaborative workspace system includes a set of first subsystems and a workflow subsystem. The first subsystems provide a project-oriented social network environment in which system users collaboratively interact with user-defined application objects that store user data and user-determined application functions executed to display the user data and interlink the application objects into project-scale organizations. The first subsystems can include commenting, task and status subsystems. The workflow subsystem includes a workflow builder and a workflow engine. The workflow builder provides a visual interface enabling a user to define custom workflows for the application objects, where a workflow is a cause-effect structure identifying a trigger event that causes the workflow to be executed and defining an action performed on or by an application object in response to the trigger event. The workflow engine receives system events and executes workflows having corresponding triggers. | 11-27-2014 |
20140349691 | SYSTEMS AND METHODS FOR LOAD BALANCING AND VIRTUAL PRIVATE NETWORKING FOR SMS CENTER - The present disclosure is directed towards systems and methods for compressing messages, such as Short Message Service (SMS) or text messages between fixed or mobile devices through communications networks. The data of, for example, SMS messages is compressed and forwarded through a communication network to an appliance having a processing unit. The appliance decompresses the message and controls its delivery through network communication devices, where the decompressed SMS message is forwarded to its destination. | 11-27-2014 |
20140344925 | SYSTEMS AND METHODS FOR REDUCING DENIAL OF SERVICE ATTACKS AGAINST DYNAMICALLY GENERATED NEXT SECURE RECORDS - In one aspect, the present disclosure is directed to a method for reducing denial of service (DoS) attacks against dynamically generated next secure (NSEC) records. A domain name system (DNS) proxy may prevent spoofed IP addresses by forcing clients to transmit DNS queries via transmission control protocol (TCP), by replying to a user datagram protocol (UDP) DNS request with a blank or predetermined resource record with a truncation bit set to indicate that the record is too large to fit within a single UDP packet payload. Under the DNS specification, the client must re-transmit the DNS request via TCP. Upon receipt of the retransmitted request via TCP, the DNS proxy may generate fictitious neighbor addresses and a signed NSEC record and transmit the record to the client. Accordingly, the DNS Proxy need not waste time and processor cycles generating and signing records for requests from spoofed IP addresses via UDP. | 11-20-2014 |
20140344807 | OPTIMIZED VIRTUAL MACHINE MIGRATION - A virtualization computing platform may host a virtual machine. The virtual machine may be hosted by a first set of resources of the virtualization computing platform. A second set of resources for hosting the virtual machine may be identified. The second set of resources may comprise resources of the virtualization computing platform that are distinct from the first set of resources. At least a portion of a plurality of files associated with the virtual machine may be copied from the first set of resources to the second set of resources. A virtual memory swap file may be identified from among the plurality of files associated with the virtual machine. Based on identifying the virtual memory swap file as a virtual memory swap file, the virtual memory swap file may be treated differently from one or more other of the plurality of files associated with the virtual machine. | 11-20-2014 |
20140344806 | Context Aware Virtual Desktop - Methods and systems for using context data captured by a computing device to generate a virtual desktop display are described herein. The computing device along with a host device may form a remote access environment whereby a virtual machine is provided on the computing device. The computing device may capture the context data and identify contextual information. The host device may then generate content based on the contextual information and incorporate the content into composite screen display data configured to display a context aware virtual desktop screen. The composite screen display data is transmitted to the computing device, and thus, the computing device is provided with a context aware virtual desktop screen. | 11-20-2014 |
20140344754 | Providing Enhanced User Interfaces - Methods, systems, computer-readable media, and apparatuses for providing enhanced user interfaces are presented. In some embodiments, a computing device may generate a user interface that presents a selectable control element. Subsequently, the computing device may receive input selecting the control element. In response to receiving the input selecting the control element, the computing device may update the user interface to present a ring that includes at least one band of icons. In addition, the ring may have a first portion that is visible and a second portion, different from the first portion, that is hidden. In some instances, the computing device then may receive a selection of an icon included in the at least one band of icons. In response to receiving the selection of the icon, the computing device may update the user interface to hide the ring. | 11-20-2014 |
20140344738 | PROVIDING CONTEXTUAL MENUS - Methods, systems, and computer-readable media for providing contextual menus are presented. In some embodiments, a computing device may receive user input. Subsequently, the computing device may determine, based on the received user input, that a drag-and-drop operation has been completed, where the drag-and-drop operation includes at least one item being dragged from a source palette to a target palette. In response to determining that the drag-and-drop operation has been completed, the computing device may cause a contextual menu associated with the at least one item to be displayed. In some arrangements, the contextual menu may be a configuration menu. Additionally or alternatively, causing the contextual menu to be displayed may include animating the contextual menu as a panel that slides into view from at least one edge of a displayed user interface. | 11-20-2014 |
20140344736 | Bound Based Contextual Zoom - Methods and systems for bound based contextual zoom are disclosed. Legacy WINDOWS desktop and web applications were designed for a mouse or other high-precision pointing device, and as such, small controls and closely grouped controls/icons were commonly designed/used on the screen. Interacting with such applications remoted to a touch-based device (e.g., a smartphone or tablet) is difficult. Bound based contextual zoom overcomes at least some of these limitations by permitting a user to zoom in on an area of interest within an application or desktop, and for a period of time long enough to complete the touch interaction. The area zoomed might be a group of controls on a ribbon bar, the minimize/maximize/close buttons in the top-right corner of a window, a group of form input controls, or any other natural cluster of related user interface (UI) elements. The size of the area zoomed and the zoom factor applied are calculated to allow a user to complete their task without overly obscuring the rest of the application/desktop. | 11-20-2014 |
20140344459 | METHODS AND SYSTEMS FOR CREATING AND MANAGING NETWORK GROUPS - The embodiments are directed to methods and devices for creating one or more network groups. The methods and devices can define a network group with one or more properties. The methods and devices can identify a plurality of isolated networks, and can assign the plurality of isolated networks to the defined network group. The methods and devices can assign machines to at least one of the plurality of isolated networks, wherein the network group enables unrestricted routing. | 11-20-2014 |
20140344446 | PROXIMITY AND CONTEXT AWARE MOBILE WORKSPACES IN ENTERPRISE SYSTEMS - Methods and systems for configuring computing devices using mobile workspace contexts based on proximity to locations are described herein. A mobile computing device determines that the device is proximate to a location, another device, or an individual associated with an enterprise system. The mobile computing device may then receive a mobile workspace context associated with the location, device, or individual, such as one or more specific wireless networks, enterprise applications, and/or documents, and may configure the device based on the received mobile workspace context. Additional methods and systems are described herein for transmitting and receiving sets of device capabilities between multiple devices, establishing communication sessions, and sharing various capabilities between devices. Still additional methods and systems are described for determining and accessing the capabilities of enterprise system resources using mobile computing devices in an enterprise system. | 11-20-2014 |
20140344420 | PROXIMITY AND CONTEXT AWARE MOBILE WORKSPACES IN ENTERPRISE SYSTEMS - Methods and systems for configuring computing devices using mobile workspace contexts based on proximity to locations are described herein. A mobile computing device determines that the device is proximate to a location, another device, or an individual associated with an enterprise system. The mobile computing device may then receive a mobile workspace context associated with the location, device, or individual, such as one or more specific wireless networks, enterprise applications, and/or documents, and may configure the device based on the received mobile workspace context. Additional methods and systems are described herein for transmitting and receiving sets of device capabilities between multiple devices, establishing communication sessions, and sharing various capabilities between devices. Still additional methods and systems are described for determining and accessing the capabilities of enterprise system resources using mobile computing devices in an enterprise system. | 11-20-2014 |
20140344332 | Multimedia Redirection in a Virtualized Environment Using a Proxy Server - Methods and systems for multimedia redirection in a virtualized environment using a proxy server are described herein. The proxy server may store scripting code that may be injected into web content retrieved from a content resource server. The injected scripting code may cause an instantiated application in the virtualized environment to intercept/override at least some method calls in the web content. The proxy server may send the redirected multimedia content and other information to a client agent application executing on a user's computing device for rendering. | 11-20-2014 |
20140344326 | SYSTEMS AND METHODS FOR DEPLOYING A SPOTTED VIRTUAL SERVER IN A CLUSTER SYSTEM - The present invention is directed towards systems and methods deploying a virtual server on a subset of devices in a cluster of devices. A first device of a cluster of devices intermediary between at least one client and at least one server, may identify a first virtual server to establish on one or more devices of the cluster. The first device may associate, to the identified virtual server, a group comprising a subset of devices in the cluster of devices. The cluster may establish the first virtual server on each device in the group responsive to associating the group to the first virtual server. Each virtual server on each device of the group may be assigned a same internet protocol address. | 11-20-2014 |
20140344232 | METHODS AND SYSTEMS FOR VALIDATING MULTIPLE METHODS OF INPUT USING A UNIFIED RULE SET - A system and methods for validating input data acquired through an interactive or non-interactive source. The system includes a common definition of input validation rules, and the capability of validating input without committing the input to the system. | 11-20-2014 |
20140340468 | JOINING AN ELECTRONIC CONFERENCE IN RESPONSE TO SOUND - A technique joins an electronic device to an electronic conference hosted by a conference server. The technique involves sensing, by the electronic device, sound input. The technique further involves receiving, by the electronic device, sound from a sound initiating device (e.g., a primary device of a user). The technique further involves automatically establishing, based on the sound received from the sound initiating device, a communications channel from the electronic device (e.g., a helper device of the user) to the electronic conference hosted by the conference server to enable a user of the electronic device to participate in the electronic conference through the communications channel by using the electronic device. Once the electronic device has joined the electronic conference, a user can operate the electronic device in a variety of ways to enhance the overall experience, e.g., as a control panel to replace a control panel of the sound initiating device. | 11-20-2014 |
20140331333 | Image Analysis and Management - Systems, methods and apparatuses are described herein that allow an enterprise to analyze and manage work product images that are stored on a mobile device. Employees of an enterprise may use a mobile device to store both work product images (e.g., images of sensitive or proprietary information) and non-work product images (e.g., personal images). An enterprise may desire to enforce security protocols on the work product images, but the employee may not want the security protocols applied to the non-work product images. In some embodiments, by installing and executing an image manager that is able to analyze and manage images, the enterprise can enforce security protocols on only the work product images. Such security protocols may include the prevention of unauthorized viewing of the work product image (e.g., by encrypting the work product image) or deleting any work product image from the mobile device when the employee's employment has ended. | 11-06-2014 |
20140331285 | Mobile Device Locking with Context - A method and system for locking a mobile device on an interface are described. A user logs on to a mobile device with a user name. The mobile device then determines a context for the mobile device based on one or more operational parameters and/or the user name. For example, a context for the mobile device may be a current location of the device. Based on the context and user name, the mobile device may run in locked mode. In locked mode, applications are selected to be presented on the mobile device based on the user name and context. The mobile device is locked on a springboard that presents only the selected applications to the user for launching. A user may switch between launched applications on the mobile device, but the user may only switch between launched applications that are presented on the springboard. | 11-06-2014 |
20140331063 | Disrupting Password Attack Using Compression - Methods and systems for disrupting password attacks using compression are described. A user password may be stored on a mobile computing device. The password may be compressed, for example, using a Huffman compression algorithm, and may be subsequently encrypted using a short secret as a key. The user password may be stored as the compressed and encrypted key. The compressed and encrypted password may be stored such that a brute force password attack, for example, using every possible short secret, would reveal too may possible matches to allow an attacker to select the real password. | 11-06-2014 |
20140331060 | User and Device Authentication in Enterprise Systems - Methods and systems for authenticating users of client devices to allow access of resources and services in enterprise systems are described herein. An authentication device may validate a user based on authentication credentials received from a client device. Validation data stored by the authentication device, and a corresponding access token transmitted to the client device, may be used to authenticate the user for future resource access requests. A user secret also may be stored by the authentication device and used to validate the user for future resource access requests. Additionally, after validating a user with a first set of authentication credentials, additional sets of credentials for the user may be retrieved and stored at an access gateway for future requests to access other services or resources in an enterprise system. | 11-06-2014 |
20140330990 | Application with Multiple Operation Modes - A method and system for operating an application with multiple modes are described. A plurality of applications may be presented to a user on a mobile device and one of the displayed applications may be selected. The selected application may have one or more contexts that are determined based on one or more operational parameters. For example, a context for the selected application may be that the application is configured to access an enterprise account. Based on the context, the selected application may be run on the mobile device in one of a plurality of operations modes. The operation modes may comprise managed, unmanaged, and partially managed modes, among others. | 11-06-2014 |
20140330948 | UNDIFFERENTIATED SERVICE DOMAINS - Guest domains (virtual machines) may execute at a virtualization server. During execution, the guest domains may request various services to facilitate their operation. The virtualization server may disaggregate the services requested by the guest domains among various service domains. A service domain may be configured to provide one the services. The virtualization server may also maintain a pool of partially initialized service domains. When a guest domain requests a particular service, one of the partially initialized service domains may be selected from the pool, and the partially initialized service domain may complete initialization to become an initialized service domain. The initialized service domain may thus be configured to provide the service requested by a guest domain. The virtualization server may periodically replenish the pool of partially initialized service domains to ensure that a partially initialized service domain is available upon demand from one of the guest domains. | 11-06-2014 |
20140330910 | UPDATING THE RECIPIENTS OF A PREVIOUSLY DELIVERED ELECTRONIC MESSAGE - A system and method for updating the list of recipients of a previously delivered email message are provided. An electronic message server may store an electronic message and a list of recipients associated with that electronic message. Recipient information identifying a new recipient to be added to the list of recipients may be received from an email client. The list of recipients may be updated based on the recipient information such that the new recipient is added to the list of recipients for the electronic message. The recipient information may be provided to another electronic message client that stores a copy of the electronic message as well as a copy of the list of recipients. The copy of the list of recipients may also be updated based on the recipient information such that the new recipient is added to the copy of the list of recipients. | 11-06-2014 |
20140304810 | SYSTEMS AND METHODS FOR PROTECTING CLUSTER SYSTEMS FROM TCP SYN ATTACK - The present solution is directed to systems and methods for synchronizing a random seed value among a plurality of multi-core nodes in a cluster of nodes for generating a cookie signature. The cookie signature may be used for protection from SYN flood attacks. A cluster of nodes comprises one master node and one or more other nodes. Each node comprises one master core and one or more other cores. A random number is generated at the master core of the master node. The random number is synchronized across every other core. The random number is used to generated a secret key value that is attached in the encoded initial sequence number of a SYN-ACK packet. If the responding ACK packet does not contain the secret key value, then the ACK packet is dropped. | 10-09-2014 |
20140304798 | SYSTEMS AND METHODS FOR HTTP-BODY DOS ATTACK PREVENTION WITH ADAPTIVE TIMEOUT - The present disclosure is directed generally to systems and methods for changing an application layer transaction timeout to prevent Denial of Service attacks. A device intermediary to a client and a server may receive, via a transport layer connection between the device and the client, a packet of an application layer transaction. The device may increment an attack counter for the transport layer connection by a first predetermined amount responsive to a size of the packet being less than a predetermined fraction of a maximum segment size for the transport layer connection. The device may increment the attack counter by a second predetermined amount responsive to an inter-packet-delay between the packet and a previous packet being more than a predetermined multiplier of a round trip time. The device may change a timeout for the application layer transaction responsive to comparing the attack counter to a predetermined threshold. | 10-09-2014 |
20140304499 | SYSTEMS AND METHODS FOR SSL SESSION MANAGEMENT IN A CLUSTER SYSTEM - The present invention is directed towards systems and methods for managing one or more SSL sessions. A first node from a cluster of nodes intermediary between a client and a server may receive a first request from the client to use a first session established with the server. The first request may include a session identifier of the first session. The first node may determine that the first session is not identified in a cache of the first node. The first node may identify, via a hash table responsive to the determination, an owner node of the first session from the cluster using a key. The key may be determined based on the session identifier. The first node may send a second request to the identified owner node for session data of the first session. The session data may be for establishing a second session with the server. | 10-09-2014 |
20140304498 | SYSTEMS AND METHODS FOR NEXTPROTO NEGOTIATION EXTENSION HANDLING USING MIXED MODE - This disclosure is directed to systems and methods for handling the processing of a next protocol negotiation extension for a transport layer security (TLS) session. A device, intermediary to a client and a server, may receive a client hello message from the client in a handshake to establish a transport layer security (TLS) session with the server. The client hello message may include a next protocol negotiation extension. The device may include a first TLS processor that is software based and a second TLS processor that is hardware based. The device may determine that the client hello message includes the next protocol negotiation extension. The device may establish, responsive to the determination, the TLS session using the first TLS processor. The device may process, upon establishment of the TLS session using the first TLS processor, encrypted data for the TLS session using the second TLS processor. | 10-09-2014 |
20140304425 | SYSTEMS AND METHODS FOR TCP WESTWOOD HYBRID APPROACH - Methods and systems for providing congestion control to a transport control protocol implementation are described. A device detects that there is a congestion event on a transport control protocol (TCP) connection of the device. The device determines that a bandwidth estimate is lower than half a current value of a slow start threshold for the TCP connection. In response to the determination, the device changes the slow start threshold to half of the current value of the slow start threshold for the TCP connection. The bandwidth estimate can be the product of the eligible rate estimate and the minimum round trip time. In some implementations, the transport control protocol implementation is a TCP Westwood implementation. | 10-09-2014 |
20140304415 | SYSTEMS AND METHODS FOR DIAMETER LOAD BALANCING - The present disclosure is directed generally to systems and methods for Diameter load balancing. In some embodiments, an intermediary device may receive a diameter connection request from a client that includes a CER. The intermediary device may initiate a connection with a server of a plurality of servers and place the server protocol control block in a reuse pool. Responsive to opening the connection with the server, the intermediary device may forward the received CER. The intermediary device may then receive a CEA message from the server and establish an AVP-based persistent connection. The intermediary device may modify the received CEA message, and then forward the message to the client. When the intermediary device receives a diameter message from a client, the intermediary device may match an AVP of the message with an AVP associated with a persistent server connection, and forward the diameter message to the corresponding server. | 10-09-2014 |
20140304414 | SYSTEMS AND METHODS FOR DYNAMICALLY EXPANDING LOAD BALANCING POOL - The present application is directed towards systems and methods for configuring and applying autoscaling to a service group of an intermediary device for a domain based server. All the IP addresses resolved by the domain name of the server and that are determined as up will automatically become members of the service group. The resolver monitor will resolve the server's domain name based on the TTL (Time to Live) value in the address record or whenever the appropriate command is executed. Each time the domain is resolved, if there is a change in the number of IP addresses resolved, then the members of the service group will shrink or expand based on the number of IP addresses resolved | 10-09-2014 |
20140304413 | SYSTEMS AND METHODS FOR STARTUP ROUND ROBIN ENHANCEMENT - The present solution allows users, such as administrators to configure slow start parameters for new services. These slow start parameters specify a rate at which requests should be given to a newly added or up service. The users can also chose to automatically increase the load in multiples of the chosen rate by specifying an increment interval. The services are given the configured rate for the interval, and once the interval is reached, the next multiple of the rate of requests is given. The increase of rate of requests is done automatically until an existing service request rate is reached. At that point in time this functionality is disabled and the existing and new services are treated the same. | 10-09-2014 |
20140304412 | SYSTEMS AND METHODS FOR GSLB PREFERRED BACKUP LIST - The present application is directed towards systems and methods for a user to configure the backup locations to use by an intermediary device providing Global Server Load Balancing (GSLB) services when a primary location is down. In some embodiments, when GSLB is based on static proximity of the location of the client to the GSLB sites and if the primary location is DOWN, then request may be load balanced among all the other locations. But this may not be desirable in many cases. So we need to provide option to the user to specify the preferred list of backup locations to service a client request. The present solution achieves this configurability by using a GSLB policy based on preferred location. One can configure preferred location(s) via a GSLB policy to redirect the client to preferred location(x). One can configure individual policies for different client locations. Based on implementation requirements, one can configure country level granularity, state level granularity and so on. | 10-09-2014 |
20140304409 | SYSTEMS AND METHODS FOR MAINTAINING SESSION PERSISTENCE IN A CLUSTER SYSTEM - The present application is directed towards systems and methods for managing ownership of one or more SSL sessions. A cluster of nodes intermediary between at least one client server may maintain a succession list for at least one session of a first client from the at least one client. The succession list may include a list of nodes within the cluster and an order of succession for the nodes to transfer ownership of the at least one session. A first node of the cluster may enter an operational state for managing one or more sessions between the at least one client and the at least one server. A second node of the cluster may initiate, based on the succession list and responsive to the first node entering the operational state, a transfer of ownership of the at least one session from the second node to the first node. | 10-09-2014 |
20140304402 | SYSTEMS AND METHODS FOR CLUSTER STATISTICS AGGREGATION - For multiple multi-core nodes in a cluster, the filtered statistics clients contacts the aggregator on a master node of the cluster, referred to as the cluster configuration owner (“CCO”) or cluster coordinator and expects the stats aggregated from all the cluster nodes. The aggregator on the CCO nodes relay the client request to packet engines on the CCO node and to an aggregator on each of the other nodes in the cluster. Then the CCO node aggregator gets responses from other cores on the node and responses from all other cluster node aggregators. The CCO node aggregator aggregates the responses and sends back the aggregated response to the clients. Communication between nodes is via a static authenticated communication channel. | 10-09-2014 |
20140304401 | SYSTEMS AND METHODS TO COLLECT LOGS FROM MULTIPLE NODES IN A CLUSTER OF LOAD BALANCERS - The systems and methods of the present solution are directed to collecting log information from multiple nodes in a multi-nodal cluster. Generally, a logging process runs to collect log information from multiple nodes in a multi-nodal cluster, e.g., a cluster of appliances. The logging process collects the log information and merges the collected log information to create a coherent unified log. The logging process may run on a node designated for the purpose. The designated node may be internal or external to the cluster. The logging process determines a topology for the cluster, establishes a communication channel with each active intermediary device identified in the topology, collects log entries from each active intermediary device, each log entry comprising information on network traffic traversing the respective intermediary device, and merges the collected log entries into a unified cluster log comprising information on network traffic traversing the cluster. | 10-09-2014 |
20140304399 | SYSTEMS AND METHODS FOR PROVIDING MONITORING IN A CLUSTER SYSTEM - The present application is directed towards systems and methods for providing monitoring in a cluster system. The systems and methods distribute the monitors for a service and the ownership of a service across a cluster system comprising a plurality of nodes. The nodes in the cluster can be configured to have different sets of virtual servers (sometimes referred to as “vservers”) and services. The ownership and monitoring of the services can be distributed among all the nodes in the cluster. The system can identify a service in a cluster system and identify a master node that has ownership of the service. The master node can transmit a service status update to other nodes in the cluster system. | 10-09-2014 |
20140304393 | SYSTEMS AND METHODS FOR EXPORTING APPLICATION DETAILS USING APPFLOW - The present disclosure is directed towards systems and methods for lightweight identification of flow information by application. A flow monitor executed by a processor of a device may maintain a counter. The flow monitor may associate an application with the value of the counter and transmit, to a data collector executed by a second device, the counter value and a name of the application. The flow monitor may monitor a data flow associated with the application to generate a data record. The flow monitor may transmit the data record to the data collector, the data record including an identification of the application consisting of the counter value and not including the name of the application. The data collector may then re-associate the data record with the application name based on the previously received counter value. | 10-09-2014 |
20140304361 | SYSTEMS AND METHODS FOR DISTRIBUTED HASH TABLE CONTRACT RENEWAL - The present application is directed towards ASDR table contract renewal. In some embodiments, a core may cache an ASDR table entry received from an owner core such that when the entry is needed again the core does not need to re-request the entry from the owner core. As storing a cached copy of the entry allows the non-owner core to use an ASDR table entry without requesting the entry from the owner core, the owner core may be unaware of an ASDR table entry's use by a non-owner core. To ensure the owner core keeps the ASDR table entry alive, which the non-owner core has cached, the non-owner core may perform contract renewal for each of its recently used cached entries. The contract renewal method may include sending a message to the owner core that indicates which cached ASDR table entries the non-owner core has recently used or accessed. Responsive to receiving the message the owner core may reset a timeout period associated with the ASDR table entry. | 10-09-2014 |
20140304355 | SYSTEMS AND METHODS FOR APPLICATION-STATE, DISTRIBUTED REPLICATION TABLE CACHE POISONING - The present application is directed towards invalidating (also referred to as poisoning) ASDR table entries that are determined to be inaccurate because of changes to a multi-node system. For example, when a node leaves or enters a multi-node system, the ownership of the entries in the ASDR table can change thus invalidating cached and replica entries. More specifically, the system and methods disclosed herein include searching an ASDR table for cached entries responsive to the system determining the multi-node system has changed. After finding a cached entry, the system may determine if the entry should be poisoned. The decision to poison the entry may be responsive to the creation time of the entry, the time when the change to the multi-node system occurred, and in the case of a replica, the owner of the replica's position in a replication chain relative to source of the replica. | 10-09-2014 |
20140304354 | SYSTEMS AND METHODS FOR RELIABLE REPLICATION OF AN APPLICATION-STATE, DISTRIBUTED REPLICATION TABLE - The present application is directed towards using a distributed hash table to track the use of resources and/or maintain the persistency of resources across the plurality of nodes in the multi-node system. More specifically, the systems and methods can maintain the persistency of resources across the plurality of nodes by the use of a global table. A global table may be maintained on each node. Each node's global table enables efficient storage and retrieval of distributed hash table entries. Each global table may contain a linked list of the cached distributed hash table entries that are currently stored on a node. | 10-09-2014 |
20140304352 | SYSTEMS AND METHODS FOR CLUSTER PARAMETER LIMIT - The present disclosure is directed towards a system and method for handling limit parameters for spillover conditions of virtual servers across multiple nodes in a cluster system. The cluster system may comprise a plurality of nodes, wherein one node may be elected as a master node and the remaining nodes are designated as slave nodes. The master node may monitor the cluster system and establish limit parameters for the cluster system and apply them to the plurality of nodes. The limit parameters may be based upon the number of open connections in the cluster system and the number of nodes. The master node may establish an ideal quota value for each node to balance the number of open connections in the cluster. | 10-09-2014 |
20140304326 | PROVIDING A NATIVE DESKTOP USING CLOUD-SYNCHRONIZED DATA - Methods, systems, computer-readable media, and apparatuses for providing a native desktop using cloud-synchronized data are presented. In some embodiments, a desktop management service provided by at least one computing device may selectively store data from a remote desktop. Subsequently, the desktop management service may synchronize the stored data with a cloud-based data storage platform. Thereafter, the desktop management service may cause a native desktop to be presented on a client device using the synchronized data. In some arrangements, the extracted, analyzed, and/or selectively stored data may include one or more application shortcuts, one or more documents, one or more registry keys, one or more personalization settings, or one or more layout settings. Additionally or alternatively, the remote desktop may be associated with a first operating system, and the native desktop may be associated with a second operating system different from the first operating system. | 10-09-2014 |
20140304325 | SYSTEMS AND METHODS FOR ETAG PERSISTENCY - The systems and methods of the present solution are directed to providing Entity Tag persistency by a device intermediary to a client and a plurality of servers. An intermediary device between a client and one or more back-end servers can receive an entity requested by the client from an origin server that provides the requested content. The intermediary device can encode the back-end server information onto an ETag of the entity, cache the entity with the encoded ETag and serve the entity with the encoded ETag to the client. In this way, when the client attempts to validate the entity by sending a request including the encoded ETag to the intermediary device, the intermediary device decodes the encoded ETag to extract the identity of the backend server and sends the request to validate the entity to the identified server that originally sent the entity that included the requested content. | 10-09-2014 |
20140304320 | SYSTEMS AND METHODS FOR DYNAMIC RECEIVE BUFFERING - The present disclosure relates to methods and systems for dynamically changing an advertised window for a transport layer connection. A device can receive data from a server destined for an application. The device identifies the size of the application buffer corresponding to the application and advertises the application buffer size as a window size to the server. The device stores the data in the device memory. The device then determines the memory usage by comparing the memory usage to one or more predetermined thresholds. If the device determines that the memory usage is below a first predetermined threshold, the device can implement an aggressive dynamic receive buffering policy in which the device increases the advertised window size by a first increment. If the device determines that the memory usage is above the first threshold and below a second threshold, the device executes a more conservative dynamic receive buffering policy. | 10-09-2014 |
20140304294 | SYSTEMS AND METHODS FOR CACHING OF SQL RESPONSES USING INTEGRATED CACHING - Systems and methods of the present disclosure provide for caching, by a device intermediary to a client and a database, a result of a structured query language (SQL) query request. In some embodiments, the device intermediary to a plurality of clients and a database receives a SQL response from the database to a first SQL query request of a client of the plurality of clients. The device may maintain a cache of SQL responses from the database. The device may identify that the first SQL query request matches a rule of a policy for caching SQL responses from the database. The policy may include a cache action to take when the rule is matched. The device may perform, responsive to the policy, on the SQL response the cache action identified by the policy. | 10-09-2014 |
20140304231 | SYSTEMS AND METHODS FOR APPLICATION-STATE DISTRIBUTED REPLICATION TABLE HUNTING - The present application is directed towards systems and methods of hunting for a hash table entry in a hash table distributed over a multi-node system. More specifically, when entries are created in an ASDR table, the owner node of the entry may replicate the entry onto a non-owner node. The replica can act as a backup of the ASDR table entry in the event the node leaves the multi-mode system. When the node returns to the multi-node system, the node may no longer have the most up to date ASDR table entries, and may hunt to find the existence of the value associated with the entry. Responsive to receiving a request for an entry that may be outdated on the node, the node sends a request down a replication chain for an updated copy of the ASDR table entry from one of the replicas. Responsive to receiving the replica copy of the entry, the node responds to the client's request for the entry. | 10-09-2014 |
20140303934 | SYSTEMS AND METHODS FOR EXPORTING CLIENT AND SERVER TIMING INFORMATION FOR WEBPAGE AND EMBEDDED OBJECT ACCESS - The present disclosure is directed towards systems and methods for application performance measurement. A device may receive a first document for transmission to a client, comprising instructions for the client to transmit a request for an embedded object. A flow monitor executed the device may generate a unique identification associated with the first document, the unique identification identifying a first access of the first document, and transmit the first document and unique identification to the client. The device may receive, from the client, a request for the embedded object comprising the unique identification, and transmit, to a server, the request for the embedded object at a transmit time. The device may receive, from the server, the embedded object at a receipt time, and may transmit a performance record comprising an identification of the object, the server, the transmit time, the receipt time, and the unique identification to a data collector. | 10-09-2014 |
20140301395 | SYSTEMS AND METHODS FOR SYNCHRONIZING MSS AND PMTU IN NCORE AND CLUSTER SYSTEMS - Systems and methods of propagating maximum segment size and path maximum transmission unit of network paths between an intermediary device of a cluster with a plurality of destinations are described. A first core of a node including multiple cores and intermediary to a client and a plurality of servers may receive a response to a packet transmitted to a destination indicating that the packet has a size greater than a MTU of a network path between the node and a destination. The first core identifies the MTU of the network path and determines that the identified MTU is different than an MTU used by the first core. The first core replaces the MTU stored in an entry corresponding to the destination in a PMTU table maintained with the identified MTU. The first core transmits, to other cores of the node, the identified MTU to update each core's PMTU table. | 10-09-2014 |
20140301388 | SYSTEMS AND METHODS TO CACHE PACKET STEERING DECISIONS FOR A CLUSTER OF LOAD BALANCERS - The present disclosure is directed towards methods and systems for caching packet steering sessions for steering data packets between intermediary devices of a cluster of intermediary devices intermediary to a client and a plurality of servers. A first intermediary device receives a first data packet and determines, from a hash of a tuple of the first packet, a second intermediary device to which to steer the first packet. The first device stores, to a session for storing packet steering information, the identity of the second device and the tuple. The first device receives a second packet having a corresponding tuple that matches the tuple of the first packet and determines, based on a lookup for the session using the tuple of the second packet, that the second device is the intermediary device to which to steer the second packet. The first device steers the second packet to the second device. | 10-09-2014 |
20140301213 | SYSTEMS AND METHODS FOR CAPTURING AND CONSOLIDATING PACKET TRACING IN A CLUSTER SYSTEM - The present solution relates to systems and methods for capturing and consolidating packet tracing in a cluster system. A multi-nodal cluster processing network traffic contains multiple nodes each handling some of the processing. A node may initially receive a flow and transfer processing of the flow to another node for processing. A flow may therefore pass from one node to another, from two nodes to many nodes. In some instances, it is helpful to generate a trace of a flow. For example, in debugging a network communication flow, a trace of the flow through the cluster can be helpful. Each node has a packet engine (“PE”) which processes data packets and can, when trace is enabled, generate a trace file for the packets processed at the respective node. A trace aggregator merges these distinct trace files into an aggregate trace for the cluster | 10-09-2014 |
20140298442 | PROVIDING A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies. | 10-02-2014 |
20140298405 | PROVIDING A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies. | 10-02-2014 |
20140298404 | PROVIDING A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies. | 10-02-2014 |
20140298403 | PROVIDING MOBILE DEVICE MANAGEMENT FUNCTIONALITIES - Methods, systems, computer-readable media, and apparatuses for providing mobile device management functionalities are presented. In various embodiments, a mobile device management agent may monitor state information associated with a mobile computing device. The monitored state information may be analyzed on the mobile computing device and/or by one or more policy management servers. In some instances, the one or more policy management servers may provide management information to the mobile computing device, and the management information may include one or more commands (which may, e.g., cause the mobile computing device to enforce one or more policies) and/or one or more policy updates. Subsequently, one or more policies may be enforced on the mobile computing device based on the monitored state information and/or based on the management information. | 10-02-2014 |
20140298402 | Data Management for an Application with Multiple Operation Modes - A method and system for managing an application with multiple modes are described. A device manager that manages a mobile device may monitor the mobile device. The device manager may detect that a first type of application that runs in a managed mode (or in multiple managed modes) and an unmanaged mode is installed on the mobile device. When the application is executed on the device, the application executes in accordance with the selected application mode, e.g., based on location, user, role, industry presence, or other predefined context. | 10-02-2014 |
20140298401 | PROVIDING AN ENTERPRISE APPLICATION STORE - Methods, systems, and computer-readable media for providing an application store are presented. In some embodiments, authentication credentials of an administrative user of an application store may be received at the application store. Based on validating the authentication credentials of the administrative user, a mobile service management interface may be provided via the application store. In addition, the mobile service management interface may include at least one control that is configured to allow the administrative user to define one or more policies to be applied to at least one application that is available in the application store. | 10-02-2014 |
20140298400 | PROVIDING AN ENTERPRISE APPLICATION STORE - Methods, systems, and computer-readable media for providing an application store are presented. In some embodiments, a request for a software application may be received at an application store. Subsequently, the software application may be configured, at the application store, based on a single sign-on credential. The configured software application then may be provided, by the application store, to at least one recipient device associated with the single sign-on credential. | 10-02-2014 |
20140298348 | PROVIDING A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies. | 10-02-2014 |
20140297862 | PROVIDING A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies. | 10-02-2014 |
20140297861 | PROVIDING A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies. | 10-02-2014 |
20140297860 | PROVIDING A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies. | 10-02-2014 |
20140297859 | PROVIDING MOBILE DEVICE MANAGEMENT FUNCTIONALITIES FOR A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing mobile device management functionalities are presented. In various embodiments, a mobile device management agent may monitor state information associated with a mobile computing device. The monitored state information may be analyzed on the mobile computing device and/or by one or more policy management servers. In some instances, the one or more policy management servers may provide management information to the mobile computing device, and the management information may include one or more commands (which may, e.g., cause the mobile computing device to enforce one or more policies) and/or one or more policy updates. Subsequently, one or more policies may be enforced on the mobile computing device based on the monitored state information and/or based on the management information. | 10-02-2014 |
20140297840 | PROVIDING MOBILE DEVICE MANAGEMENT FUNCTIONALITIES - Methods, systems, computer-readable media, and apparatuses for providing mobile device management functionalities are presented. In various embodiments, a mobile device management agent may monitor state information associated with a mobile computing device. The monitored state information may be analyzed on the mobile computing device and/or by one or more policy management servers. In some instances, the one or more policy management servers may provide management information to the mobile computing device, and the management information may include one or more commands (which may, e.g., cause the mobile computing device to enforce one or more policies) and/or one or more policy updates. Subsequently, one or more policies may be enforced on the mobile computing device based on the monitored state information and/or based on the management information. | 10-02-2014 |
20140297839 | PROVIDING MOBILE DEVICE MANAGEMENT FUNCTIONALITIES - Methods, systems, computer-readable media, and apparatuses for providing mobile device management functionalities are presented. In various embodiments, a mobile device management agent may monitor state information associated with a mobile computing device. The monitored state information may be analyzed on the mobile computing device and/or by one or more policy management servers. In some instances, the one or more policy management servers may provide management information to the mobile computing device, and the management information may include one or more commands (which may, e.g., cause the mobile computing device to enforce one or more policies) and/or one or more policy updates. Subsequently, one or more policies may be enforced on the mobile computing device based on the monitored state information and/or based on the management information. | 10-02-2014 |
20140297838 | PROVIDING MOBILE DEVICE MANAGEMENT FUNCTIONALITIES - Methods, systems, computer-readable media, and apparatuses for providing mobile device management functionalities are presented. In various embodiments, a mobile device management agent may monitor state information associated with a mobile computing device. The monitored state information may be analyzed on the mobile computing device and/or by one or more policy management servers. In some instances, the one or more policy management servers may provide management information to the mobile computing device, and the management information may include one or more commands (which may, e.g., cause the mobile computing device to enforce one or more policies) and/or one or more policy updates. Subsequently, one or more policies may be enforced on the mobile computing device based on the monitored state information and/or based on the management information. | 10-02-2014 |
20140297825 | DATA MANAGEMENT FOR AN APPLICATION WITH MULTIPLE OPERATION MODES - A method and system for managing an application with multiple modes are described. A device manager that manages a mobile device may monitor the mobile device. The device manager may detect that a first type of application that runs in a managed mode (or in multiple managed modes) and an unmanaged mode is installed on the mobile device. When the application is executed on the device, the application executes in accordance with the selected application mode, e.g., based on location, user, role, industry presence, or other predefined context. | 10-02-2014 |
20140297824 | PROVIDING AN ENTERPRISE APPLICATION STORE - Methods, systems, and computer-readable media for providing an application store are presented. In some embodiments, a request for updated policy information for at least one application may be received at an application store from a policy agent. Based on receiving the request, it may be determined, at the application store, whether one or more policies for the at least one application have been updated. Based on determining that the one or more policies for the at least one application have been updated, at least one policy update may be provided to the policy agent. | 10-02-2014 |
20140297819 | PROVIDING A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies. | 10-02-2014 |
20140297756 | PROVIDING A MANAGED BROWSER - Methods, systems, computer-readable media, and apparatuses for providing a managed browser are presented. In various embodiments, a computing device may load a managed browser. The managed browser may, for instance, be configured to provide a managed mode in which one or more policies are applied to the managed browser, and an unmanaged mode in which such policies might not be applied and/or in which the browser might not be managed by at least one device manager agent running on the computing device. Based on device state information and/or one or more policies, the managed browser may switch between the managed mode and the unmanaged mode, and the managed browser may provide various functionalities, which may include selectively providing access to enterprise resources, based on such state information and/or the one or more policies. | 10-02-2014 |
20140295821 | PROVIDING MOBILE DEVICE MANAGEMENT FUNCTIONALITIES - Methods, systems, computer-readable media, and apparatuses for providing mobile device management functionalities are presented. In various embodiments, a mobile device management agent may monitor state information associated with a mobile computing device. The monitored state information may be analyzed on the mobile computing device and/or by one or more policy management servers. In some instances, the one or more policy management servers may provide management information to the mobile computing device, and the management information may include one or more commands (which may, e.g., cause the mobile computing device to enforce one or more policies) and/or one or more policy updates. Subsequently, one or more policies may be enforced on the mobile computing device based on the monitored state information and/or based on the management information. | 10-02-2014 |
20140280625 | MONITORING USER ACTIVITY IN APPLICATIONS - Systems and methods that integrate social media applications having social media communities of like-minded users with other applications, such as enterprise applications, are described herein. A user may join one or more of the social media communities based on a variety of factors, including applications the user uses or plans to use, user type (e.g., end-user, administrator, etc.), the user's level of expertise, and/or the type of activities that the user plans to perform in one or more applications. A user's actions within or using one or more applications may be monitored. In response to detecting performance of a monitored action, a description of the user's action may be published to other users in the social media community, the user may be paired with one or more social media communities, and/or recommendations for resources related to the detected action may be provided to the user. Recommendations may also be provided based on posts made by the user in the social media community. | 09-18-2014 |
20140280551 | PAIRING USERS WITH SOCIAL MEDIA COMMUNITIES - Systems and methods that integrate social media applications having social media communities of like-minded users with other applications, such as enterprise applications, are described herein. A user may join one or more of the social media communities based on a variety of factors, including applications the user uses or plans to use, user type (e.g., end-user, administrator, etc.), the user's level of expertise, and/or the type of activities that the user plans to perform in one or more applications. A user's actions within or using one or more applications may be monitored. In response to detecting performance of a monitored action, a description of the user's action may be published to other users in the social media community, the user may be paired with one or more social media communities, and/or recommendations for resources related to the detected action may be provided to the user. Recommendations may also be provided based on posts made by the user in the social media community. | 09-18-2014 |
20140280436 | MIGRATION TOOL FOR IMPLEMENTING DESKTOP VIRTUALIZATION - At least a method and a system for migrating a plurality of endpoint computing devices of an organization are described herein. User applications, data, and settings are migrated from a plurality of endpoint computing devices of the organization into a client server operating environment employing a thin client implementation. A server may execute software for deploying the thin client implementation. By way of creating a personalized virtualization disk for each endpoint computing device, migration to a thin client virtualized desktop implementation may be easily performed by the organization without modification, change, or loss of user installed applications, personalized settings, and user data. | 09-18-2014 |
20140258914 | METHODS AND SYSTEMS FOR GENERATING A COMBINED DISPLAY OF TASKBAR BUTTON GROUP ENTRIES GENERATED ON A LOCAL MACHINE AND ON A REMOTE MACHINE - The present disclosure features methods and systems for updating a taskbar, generated and displayed by a local computer, with a user interface element representative of a remote application executing on a remote computer and application output generated by the remote application. These methods and system include a local client receiving application output generated by a remote application and remote window configuration information, generating an application output window comprising local taskbar grouping configuration information, and updating a taskbar responsive to the local taskbar grouping configuration information. | 09-11-2014 |
20140258446 | DYNAMIC CONFIGURATION IN CLOUD COMPUTING ENVIRONMENTS - Virtual machines, virtualization servers, and other physical resources in a cloud computing environment may be dynamically configured based on the resource usage data for the virtual machines and resource capacity data for the physical resources in the cloud system. Based on an analysis of the virtual machine resource usage data and the resource capacity data of the virtualization servers and other physical resources in the cloud computing environment, each virtual machine may be matched to one of a plurality of virtualization servers, and the resources of the virtualization servers and other physical resources in the cloud may be reallocated and reconfigured to provide additional usage capacity to the virtual machines. | 09-11-2014 |
20140258390 | SYSTEMS AND METHODS FOR MAINTAINING TRANSPARENT END TO END CACHE REDIRECTION - The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address. | 09-11-2014 |
20140254376 | Methods and Apparatus for Using a Layered Gear to Analyze and Manage Real-Time Network Quality of Service Transmission for Mobile Devices on Public Networks - Methods for providing layered gear mechanism to enable optimal transmission of data packets includes identifying types of data that are scheduled for transmission over a network. Data packets are generated at different depths for a particular type of data identified for transmission, wherein the data packets are generated at a source. The data packets of different depths are transmitted in different layers over a network, to a destination, wherein each layer of data packets corresponds to a specific depth. Response for the data packets transmitted in each layer is collected from the network as the data packets progress along the network. The response is analyzed to identify network transmission characteristics for each layer. A depth is selected for transmitting subsequent data packets for the particular data type based on the network transmission characteristics obtained through the analysis. | 09-11-2014 |
20140250068 | SYSTEM FOR AN OPEN ARCHITECTURE DEPLOYMENT WITH CENTRALIZED SYNCHRONIZATION - One aspect of the preferred embodiment relates to an application framework for managing mobile clients and application programs. By utilizing the preferred embodiment, a system administrator may be provided the capability to manage and control multiple devices, directly and indirectly, using push (server-initiated) and/or pull (client-initiated) techniques from a single location. Additionally, the preferred embodiment may be utilized to back up and securely store information on the mobile clients, identify device usage and to deliver files and databases to the mobile clients. | 09-04-2014 |
20140247737 | SYSTEMS AND METHODS FOR LEARNING MSS OF SERVICES - The virtual Server (vServer) of an intermediary device deployed between a plurality of clients and services supports parameters for setting maximum segment size (MSS) on a per vServer/service basis and for automatically learning the MSS among the back-end services. In case of vServer/service setting, all vServers will use the MSS value set through the parameter for the MSS value set in TCP SYN+ACK to clients. In the case of learning mode, the backend service MSS will be learnt through monitor probing. The vServer will monitor and learn the MSS that is being frequently used by the services. When the learning is active, the intermediary device may keep statistics of the MSS of backend services picked up during load balancing decisions and once an interval timer expires, the MSS value may be picked by a majority and set on the vServer. If there is no majority, then the highest MSS is picked up to be set on the vServer. | 09-04-2014 |
20140247319 | CONTROLLING AN ELECTRONIC CONFERENCE BASED ON DETECTION OF INTENDED VERSUS UNINTENDED SOUND - A technique manages an electronic conference. The technique involves receiving a set of audio signals from a set of participants of the electronic conference, each audio signal being received from a respective participant. The technique further involves categorizing the set of audio signals received from the set of participants, each audio signal being individually categorized as currently representing (i) intentional participant sound or (ii) unintentional participant sound. The technique further involves controlling operation of the electronic conference based on the categorized set of audio signals. | 09-04-2014 |
20140241360 | SYSTEMS AND METHODS FOR MULTI-LEVEL QUALITY OF SERVICE CLASSIFICATION IN AN INTERMEDIARY DEVICE - The present invention is directed towards systems and methods for providing multi-level classification of a network packet. In some embodiments, network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information. In addition to source and destination IP addresses and port numbers, packet- or data-specific information can include direction of traffic (client to host or server; server or host to client; or both), Virtual LAN (VLAN) ID, source or destination application or associated application, service class, ICA priority, type of service, differentiated service code point (DSCP), or other information. Some or all of this information may be used to classify the network packet at a plurality of layers of a network stack, allowing for deep inspection of the packet and multiple levels of granularity of classification. | 08-28-2014 |
20140237049 | METHODS AND SYSTEMS FOR PROVIDING A CONSISTENT PROFILE TO OVERLAPPING USER SESSIONS - Just in time delivery of a consistent user profile to overlapping user sessions, where a first user session issues a request for a first file of a user profile to a server agent. Upon receiving the request, the server agent retrieves the first file from a base user profile, and just in time delivers the retrieved first file to the first user session. The user, via a second user session executing simultaneously with the first user session, issues a request to the server agent for the first file and a second file of the user profile. Upon receiving the request, the server agent identifies a modified version of the first file in a provisional user profile, retrieves the modified first file from the provisional user profile and the second file from the base user profile, and just in time delivers both files to the second user session. | 08-21-2014 |
20140223314 | INTERPRETING A GESTURE-BASED INSTRUCTION TO SELECTIVELY DISPLAY A FRAME OF AN APPLICATION USER INTERFACE ON A MOBILE COMPUTING DEVICE - In general overview, the present disclosure is directed to a system and method for selectively displaying a frame of an application user interface on a mobile computing device. A user interface analyzer on a mobile computing device analyzes a user interface for an application executing on a remote server. The user interface analyzer identifies frames in the user interface, the positions of the frames, relationships between frames, and horizontal and vertical panning offsets to move between adjacent frames. The mobile computing device receives a user input requesting the display of an adjacent frame. Based on the information the user interface analyzer obtained, the mobile computing device displays an adjacent frame of the user interface. | 08-07-2014 |
20140215555 | Conjuring and Providing Profiles that Manage Execution of Mobile Applications - Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein. | 07-31-2014 |
20140201679 | PROVIDING USER INTERFACES AND WINDOW PREVIEWS FOR HOSTED APPLICATIONS - A local computing device may use a remote computing device to host various resources on behalf of the local computing device. The local computing device may receive data related to a graphical window of the remotely hosted resource and generate a graphical window on the local desktop environment for the remotely hosted resource. The local computing device may also update a taskbar to include the remote hosted resource. Window previews may also be generated by the local computing device and the window previews may include snapshots or dynamic images of the graphical window for the remotely hosted resource. In some instances, the snapshots may be provided to the local computing device from the remote computing device. | 07-17-2014 |
20140189138 | Virtual Desktop Access Using Wireless Devices - Aspects herein describe at least a method, system, and computer readable storage media for transmitting data from a first computing device to a second computing device. The first computing device comprises a host while the second computing device comprises a thin client for receiving a virtual desktop session. In one embodiment, the method comprises generating one or more Bluetooth packets associated with a Bluetooth application. The Bluetooth application is executed by a processor of the first computing device. The method further comprises transmitting the generated Bluetooth packets using an ICA (independent computing architecture) protocol from the first computing device to the second computing device. The Bluetooth packets are translated into USB packets at the second computing device and transmitted to a Bluetooth device that is communicatively coupled to the second computing device. | 07-03-2014 |
20140189132 | SYSTEMS AND METHODS FOR GSLB BASED ON SSL VPN USERS - The present invention provides a system and a method for global server load balancing of a plurality of sites based on a number of Secure Socket Layer Virtual Private Network (SSL VPN) users. The SSL VPN users may access servers at each of the plurality of sites. A global server load balancing virtual server (GSLB) may receive a request to access a server. The GSLB virtual server may load balance a plurality of sites wherein each of the plurality of sites may further comprising a load balancing virtual server load balancing users accessing the server accessing servers via an SSL VPN session. GSLB may receive from a first load balancing virtual server at a first site, a first number of current SSL VPN users accessing servers from the first site via SSL VPN sessions. The GSLB may also receive from a second load balancing virtual server at a second site, a second number of current SSL VPN users of the users accessing servers from the second site via SSL VPN sessions. GSLB may determine to forward the request to one of the first load balancing virtual server of the first site or the second load balancing virtual server of the second site by load balancing SSL VPN users across the plurality of sites based on the first number of current SSL VPN users and the second number of current SSL VPN users. | 07-03-2014 |
20140188976 | SYSTEMS AND METHODS OF USING THE REFRESH BUTTON TO DETERMINE FRESHNESS POLICY - The present solution provides a variety of techniques for accelerating and optimizing network traffic, such as HTTP based network traffic. The solution described herein provides techniques in the areas of proxy caching, protocol acceleration, domain name resolution acceleration as well as compression improvements. In some cases, the present solution provides various prefetching and/or prefreshening techniques to improve intermediary or proxy caching, such as HTTP proxy caching. In other cases, the present solution provides techniques for accelerating a protocol by improving the efficiency of obtaining and servicing data from an originating server to server to clients. In another cases, the present solution accelerates domain name resolution more quickly. As every HTTP access starts with a URL that includes a hostname that must be resolved via domain name resolution into an IP address, the present solution helps accelerate HTTP access. In some cases, the present solution improves compression techniques by prefetching non-cacheable and cacheable content to use for compressing network traffic, such as HTTP. The acceleration and optimization techniques described herein may be deployed on the client as a client agent or as part of a browser, as well as on any type and form of intermediary device, such as an appliance, proxying device or any type of interception caching and/or proxying device. | 07-03-2014 |
20140185482 | SYSTEMS AND METHODS FOR QUALITY OF SERVICE OF ENCRYPTED NETWORK TRAFFIC - The present invention is directed towards systems and methods for providing classification of an encrypted network packet for performing QoS and acceleration techniques. Encrypted packets may be classified by a first classifier at a first portion of a network stack of a device as corresponding to a first predetermined application, and an application identifier may be included with the packet. In some embodiments, the packets may be decrypted in an order dependent on a first classification of the encrypted network packet. After decryption, packets may be reclassified as corresponding to a second predetermined application by a second classifier operating at a second portion of a network stack of the device above the first portion. Thus, network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information corresponding to the application, while avoiding inefficiencies due to a lack of prioritization of decryption. | 07-03-2014 |
20140181531 | SYSTEMS AND METHODS FOR QUEUE LEVEL SSL CARD MAPPING TO MULTI-CORE PACKET ENGINE - The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be configured with a plurality of hardware or software queues. The plurality of queues can be assigned to plural packet processing engines so that the plural packet processing engines share cryptographic services of a cryptographic card having multiple queues. In some embodiments, all cryptographic cards are configured with multiple queues which are assigned to the plurality of packet processing engines configured for encryption operation. | 06-26-2014 |
20140173127 | SYSTEMS AND METHODS FOR REAL-TIME ENDPOINT APPLICATION FLOW CONTROL WITH NETWORK STRUCTURE COMPONENT - The present solution is directed towards systems and methods to more efficiently control a flow of a data stream traversing at least one intermediary on a network between a client and a server. A sender transmits a first message, comprising a first value of a bandwidth between the first intermediary and a second intermediary determined by the sender, to a first intermediary. The first intermediary establishes a next value of the bandwidth between the first intermediary and the second intermediary. The sender receives from the first intermediary responsive to the first message a second message comprising the established next value of the bandwidth between the first intermediary and the second intermediary. A data transfer manager of the sender, responsive to the second message determines a size of a portion of data queued for transmission to transmit to the first intermediary and a time for transmitting the portion of data queued. | 06-19-2014 |
20140164792 | Securing Encrypted Virtual Hard Disks - Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key. | 06-12-2014 |
20140164774 | Encryption-Based Data Access Management - Encryption-based data access management may include a variety of processes. In one example, a device may transmit a user authentication request for decrypting encrypted data to a data storage server storing the encrypted data. The computing device may then receive a validation token associated with the user's authentication request, the validation token indicating that the user is authenticated to a domain. Subsequently, the computing device may transmit the validation token to a first key server different from the data storage server. Then, in response to transmitting the validation token the computing device may receive, from the first key server, a key required for decrypting the encrypted data. The device may then decrypt at least a portion of the encrypted data using the key. | 06-12-2014 |
20140157361 | SYSTEMS AND METHODS FOR CONFIGURATION DRIVEN REWRITE OF SSL VPN CLIENTLESS SESSIONS - The present disclosure provides solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client's requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client. | 06-05-2014 |
20140157358 | Policy Driven Fine Grain URL Encoding Mechanism for SSL VPN Clientless Access - The present disclosure presents methods, systems and intermediaries which determine an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy. An intermediary may receive a response from a server comprising a URL. The response from the server may be directed to a client via a SSL VPN session and via the intermediary. The intermediary may determine, responsive to an encoding policy, one of a transparent, opaque or encrypted encoding scheme for encoding the URL. The intermediary may rewrite the URL for transmission to the client in accordance with the determined encoding scheme. | 06-05-2014 |
20140156807 | METHODS AND APPARATUS FOR GENERATING GRAPHICAL AND MEDIA DISPLAYS AT A CLIENT - The invention generally relates to generating a display having graphical and/or media components at a client. In one aspect, a method for generating a graphical display at a client includes transmitting output from an application program executing on a server to the client, identifying a non-textual element within the application output, retrieving a compressed data format associated with the non-textual element, and transmitting to the client the compressed data format in place of the non-textual element. In another aspect, a method for generating a media presentation at a client includes transmitting output from an application program executing on a server to the client, identifying a media stream within the application output, intercepting an original compressed data set representing at least a portion of the media stream before processing by the application program, and transmitting the original compressed data set to the client. | 06-05-2014 |
20140149980 | DIAGNOSTIC VIRTUAL MACHINE - A diagnostic virtual machine having access to resources of an infrastructure as a service cloud may be created. A user device may be provided access to the diagnostic virtual machine. In some embodiments, the diagnostic virtual machine may be configured to monitor a cluster of hypervisors, and the resources of the infrastructure as a service cloud which the diagnostic virtual machine has access to may include physical resources of the infrastructure as a service cloud that are associated with the cluster of hypervisors. | 05-29-2014 |
20140149505 | SYSTEMS AND METHODS FOR AUTOMATICALLY IDENTIFYING AND SHARING A FILE PRESENTED DURING A MEETING - Systems and method for sharing a file presented during a meeting are described. In some aspects, an operating system of a first client computing device of a presenter in an online meeting is monitored during the online meeting. The first client computing device of the presenter is engaged in screen sharing with a second client computing device of at least one other participant in the online meeting. That one or more files accessible via the operating system are being presented in the online meeting is determined based on the monitoring. The one or more files are provided to a set of users in response to determining that the one or more files are being presented in the online meeting. | 05-29-2014 |
20140149453 | SYSTEMS AND METHODS FOR AUTOMATICALLY ASSOCIATING COMMUNICATION STREAMS WITH A FILE PRESENTED DURING A MEETING - Systems and method for sharing a file presented during a meeting are described. In some aspects, an operating system of a first client computing device of a presenter in an online meeting is monitored during the online meeting. The first client computing device of the presenter is engaged in screen sharing with a second client computing device of at least one other participant in the online meeting. That one or more files accessible via the operating system are being presented in the online meeting is determined based on the monitoring. The one or more files are provided to a set of users in response to determining that the one or more files are being presented in the online meeting. | 05-29-2014 |
20140143394 | SYSTEMS AND METHODS FOR IIP ADDRESS SHARING ACROSS CORES IN A MULTI-CORE SYSTEM - In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management. | 05-22-2014 |
20140136680 | SYSTEMS AND METHODS FOR APPFLOW FOR DATASTREAM - The present disclosure is directed towards systems and methods for monitoring application level flow for database applications served by a cluster of servers. An application flow monitor may receive and distribute write requests of a client to at least one master server and read requests of the client to one or more slave servers, based on load balancing or similar policies. The application flow monitor may receive responses from the recipient server and may aggregate the requests and responses into Internet Protocol Flow Information Export (IPFIX) messages that may describe the entire communication flow for the application. Accordingly, application flow statistics may be monitored, regardless of which server was involved in any particular request/response exchange, allowing scalability without impairment of administrative processes. | 05-15-2014 |
20140133315 | SYSTEMS AND METHODS FOR LISTENING POLICIES FOR VIRTUAL SERVERS OF APPLIANCE - The present invention is directed towards a method for using a listening policy for a virtual server on an intermediary device. An intermediary device establishes for a first virtual server a first listening policy with an expression for evaluating packets received by the intermediary device to determine whether the packet may access the first virtual server. The intermediary device listens for packets at a first internet protocol (IP) address and a first port specified for the first virtual server. Then, the intermediary device evaluates the expression of the first listening policy to a first packet received at the first IP address and first port and determines whether to provide the first packet to the first virtual server based on a result of the evaluation. | 05-15-2014 |
20140123265 | Single Sign-On Access in an Orchestration Framework for Connected Devices - Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store. | 05-01-2014 |
20140123135 | NETWORK OFFERING IN CLOUD COMPUTING ENVIRONMENT - A cloud system may create and support multiple network offerings for virtual machines in a cloud zone. Physical networks comprising sets of network elements, such as routers, gateways, firewalls, load balancers, and other network hardware, may be created and updated within a zone. Network offerings may be defined and associated, using tags or other techniques, with virtual machine networks, physical networks and/or network elements. Cloud end users may request specific network offerings when creating virtual machines, or may request to move existing virtual machines from one network offering to another. The cloud system may use the requested network offering to identify the virtual machine network, physical network, and/or network elements corresponding to the requested network offering. The cloud system may allocate a new virtual machine network and configure the network elements within the associated physical network to provide network services to the virtual machine. | 05-01-2014 |
20140122865 | SYSTEMS AND METHODS FOR SPLIT PROXYING OF SSL VIA WAN APPLIANCES - The present invention is directed towards systems and methods for split proxying Secure Socket Layer (SSL) communications via intermediaries deployed between a client and a server. The method includes establishing, by a server-side intermediary, a SSL session with a server. A client-side intermediary may establish a second SSL session with a client using SSL configuration information received from the server-side intermediary. Both intermediaries may communicate via a third SSL session. The server-side intermediary may decrypt data received from the server using the first SSL session's session key. The server-side intermediary may transmit to the client-side intermediary, via the third SSL session, data encrypted using the third SSL session's session key. The client-side intermediary may decrypt the encrypted data using the third SSL session's session key. The client-side intermediary may transmit to the client the data encrypted using the second SSL session's session key. | 05-01-2014 |
20140119518 | SYSTEMS AND METHODS OF MONITORING PERFORMANCE OF ACOUSTIC ECHO CANCELLATION - Methods and systems monitoring performance of acoustic echo cancellation are described. An audio output is generated by applying a first acoustic echo cancellation algorithm to an audio input. One or more performance metrics for the first acoustic echo cancellation algorithm based on the audio output are determined via a second acoustic echo cancellation algorithm. The first acoustic echo cancellation algorithm is different from the second acoustic echo cancellation algorithm. The one or more performance metrics are provided for storage in a memory. | 05-01-2014 |
20140118489 | ADAPTIVE STEREOSCOPIC 3D STREAMING - Aspects herein describe at least a new method, system, and computer readable storage media for processing two-dimensional (2D) video into three-dimensional (3D) video and transmitting the 3D video from a host computing device to a client computing device. In one embodiment, the method comprises spatially scaling a segment of video when a structural similarity index is greater than a first threshold value and temporally scaling the segment of video when a rate of change of successive frames of the segment falls below a second threshold value. The method generates one of the segment, a spatially scaled segment, a temporally scaled segment, and a temporally and spatially scaled segment. The method further comprises multiplexing one of the segment, the spatially scaled segment, a temporally scaled segment, and a temporally/spatially scaled segment of the video in a second channel with the segment of the video in a first channel. | 05-01-2014 |
20140115660 | METHODS AND SYSTEMS FOR FORCING AN APPLICATION TO STORE DATA IN A SECURE STORAGE LOCATION - The present application is directed to methods and systems for redirecting write requests issued by trusted applications to a secure storage. Upon redirecting the write requests, the data included in those requests can be stored in the secure storage area of a client computer. In some embodiments, the methods and systems can include determining whether an application issuing the request is a trusted application that requires data to be stored in a secure storage repository. Upon making this determination, a filter driver can identify a secure storage area on a client computer and can redirect the write request to this secure storage. In other embodiments, the filter driver may deny requests of trusted applications to write to unsecure storage areas. | 04-24-2014 |
20140115122 | SYSTEMS AND METHODS FOR MANAGING PORTS FOR RTSP ACROSS CORES IN A MULTI-CORE SYSTEM - The present application is directed towards systems and methods for systems and methods for handling real-time streaming protocol sessions by an intermediary multi-core system. When a multi-core intermediary receives a setup request for a real-time streaming protocol session, the intermediary processes and forwards the request to a server providing the streaming media. The server sets up an RTSP session and transmits a session identification to the multi-core intermediary. A core of the intermediary receives the transmitted session identification and determines an owner core of the session, based on a hash of the session identification. The core transmits the session information to the determined owner core, which selects two consecutive ports on which to establish listening services. The owner core then notifies all other cores to establish listening services on the same consecutive ports, such that any core that receives an RTSP control message from a client can handle it properly. | 04-24-2014 |
20140109210 | Automated Meeting Room - Methods and systems for automatic setup and initiation of meeting resources are described herein. A meeting room, area, or resource may be equipped with a camera or other proximity based sensor to determine when a user enters the meeting area. The camera may perform initial recognition of a user, e.g., based on facial or body recognition. The system may then authenticate the user as the meeting organizer using a second recognition technique, e.g., voice recognition. Based on the user authentication, the system may query the meeting organizer's calendar (or other resource) for meeting information, download an associated meeting presentation from cloud storage, initiate meeting (e.g., screen sharing) software, notify any missing attendees that the meeting has begun, and launch the presentation on a shared screen. The meeting organizer may then control the presentation using video and/or voice. All may be completed without the meeting organizer being required to touch anything. | 04-17-2014 |
20140109202 | SYSTEMS AND METHODS FOR USING A CLIENT AGENT TO MANAGE HTTP AUTHENTICATION COOKIES - Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request. A second method includes intercepting, by a client agent executing on a client, an HTTP communication comprising a cookie from an appliance on a virtual private network to the client; removing, by the client agent, the cookie from the HTTP communication; storing, by the client agent, the received cookie; transmitting, by the client agent, the modified HTTP communication to an application executing on the client; intercepting, by the client agent, an HTTP request from the client; inserting, by the client agent in the HTTP request, the received cookie; and transmitting the modified HTTP request to the appliance. Corresponding systems are also described. | 04-17-2014 |
20140109180 | METHODS AND SYSTEMS FOR PREVENTING ACCESS TO DISPLAY GRAPHICS GENERATED BY A TRUSTED VIRTUAL MACHINE - The methods and systems described herein provide for preventing a non-trusted virtual machine from reading the graphical output of a trusted virtual machine. A graphics manager receives a request from a trusted virtual machine to render graphical data using a graphics processing unit. The graphics manager assigns, to the trusted virtual machine, a secure section of a memory of the graphics processing unit. The graphics manager renders graphics from the trusted virtual machine graphical data to the secure section of the graphics processing unit memory. The graphics manager receives a request from a non-trusted virtual machine to read graphics rendered from the trusted virtual machine graphical data and stored in the secure section of the graphics processing unit memory, and prevents the non-trusted virtual machine from reading the trusted virtual machine rendered graphics stored in the secure section of the graphics processing unit memory. | 04-17-2014 |
20140109178 | CONFIGURING AND PROVIDING PROFILES THAT MANAGE EXECUTION OF MOBILE APPLICATIONS - Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein. | 04-17-2014 |
20140109177 | CONFIGURING AND PROVIDING PROFILES THAT MANAGE EXECUTION OF MOBILE APPLICATIONS - Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein. | 04-17-2014 |
20140109176 | CONFIGURING AND PROVIDING PROFILES THAT MANAGE EXECUTION OF MOBILE APPLICATIONS - Various aspects of the disclosure relate to configuring and providing policies that manage execution of mobile applications. In some embodiments, a user interface may be generated that allows an IT administrator or other operator to set, change and/or add to policy settings. The policy settings can be formatted into a policy file and be made available for download to a mobile device, such as via an application store or to be pushed to the mobile device as part of a data push service. The mobile device, based on the various settings included in the policy file, may perform various actions to enforce the security constraints that are represented by the policy. The various settings that can be included in a policy are numerous and some examples and variations thereof are described in connection with the example embodiments discussed herein. | 04-17-2014 |
20140109175 | Providing Virtualized Private Network Tunnels - Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects. | 04-17-2014 |
20140109174 | Providing Virtualized Private Network Tunnels - Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects. | 04-17-2014 |