公开(公告)号：US20230344921A1

公开(公告)日：2023-10-26

申请号：US17723784

申请日：2022-04-19

Applicant: Citrix Systems, Inc.

Inventor： Pary Duraisamy ,  Pradeep Gaikwad ,  Kirankumar Alluvada ,  Jong Kann ,  Kenneth Bell

IPC: H04L12/46 ,  H04L45/74 ,  H04L9/40 ,  H04L69/16

CPC classification number: H04L69/161 ,  H04L12/4641 ,  H04L45/74 ,  H04L63/0272 ,  H04L63/166 ,  H04L2212/00

Abstract: The present solution provides systems and methods for supporting network communication, including UDP network communication, between clients and servers at data centers, over a cloud VPN. An agent can receive a user datagram protocol (UDP) packet. The agent can generate a header for the UDP packet identifying a destination server at a data center of a plurality of data centers. The agent can establish a channel to a virtual private network (VPN) server of a cloud-based VPN as a service. The agent can encapsulate the UDP packet using the header and transmit, via the channel, the encapsulated UDP packet to the VPN server, the encapsulated UDP packet configured to identify the data center according to a table of the VPN server and content of the header.

公开(公告)号：US20210234924A1

公开(公告)日：2021-07-29

申请号：US17229843

申请日：2021-04-13

Applicant: CITRIX SYSTEMS, INC.

Inventor： Jong Kann ,  Kenneth Bell

IPC: H04L29/08 ,  H04L29/06

Abstract: A method may include generating a proxy auto-configuration file including a function and a hash value associated with a resource. The hash value may be determined based on an identifier of the resource. The proxy auto-configuration file may include the hash value instead of a plaintext value of the identifier to obscure the plaintext value of the identifier. The proxy auto-configuration file including the function and the hash value may be sent to at least enable the function to be invoked by a web browser at one or more clients. The function may be configured to respond to being invoked by the web browser by determining, based on the hash value, whether to bypass a proxy server when accessing the resource. Related systems and computer program products are also provided.

公开(公告)号：US20210029197A1

公开(公告)日：2021-01-28

申请号：US16522244

申请日：2019-07-25

Applicant: CITRIX SYSTEMS, INC.

Inventor： Jong Kann ,  Kenneth Bell

IPC: H04L29/08 ,  H04L29/06

Abstract: A method may include generating a proxy auto-configuration file including a function and a hash value associated with a resource. The hash value may be determined based on an identifier of the resource. The proxy auto-configuration file may include the hash value instead of a plaintext value of the identifier to obscure the plaintext value of the identifier. The proxy auto-configuration file including the function and the hash value may be sent to at least enable the function to be invoked by a web browser at one or more clients. The function may be configured to respond to being invoked by the web browser by determining, based on the hash value, whether to bypass a proxy server when accessing the resource. Related systems and computer program products are also provided.

公开(公告)号：US20190260801A1

公开(公告)日：2019-08-22

申请号：US16401860

申请日：2019-05-02

Applicant: Citrix Systems, Inc.

Inventor： Anoop Reddy ,  Kenneth Bell ,  Georgios Oikonomou ,  Kurt Roemer

IPC: H04L29/06

Abstract: The present disclosure is directed towards systems and methods for evaluating or mitigating a network attack. A device determines one or more client internet protocol addresses associated with the attack on the service. The device assigns a severity score to the attack based on a type of the attack. The device identifies a probability of a user account accessing the service during an attack window based on the type of attack. The device generates an impact score for the user account based on the severity score and the probability of the user account accessing the service during the attack window. The device selects a mitigation policy for the user account based on the impact score.

公开(公告)号：US20190058768A1

公开(公告)日：2019-02-21

申请号：US15875730

申请日：2018-01-19

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Kenneth Bell ,  Mark Howell ,  Manbir Chauhan

IPC: H04L29/08 ,  H04L12/46 ,  H04L29/06

CPC classification number: H04L67/16 ,  H04L12/4633 ,  H04L67/1002 ,  H04L67/2814 ,  H04L69/04

Abstract: Technology for providing communication connectivity between network entities located in different isolated communication networks through a centralized cloud service. A cloud service connector in a source communication network receives an initial connection request from a source end point device in the source communication network, and determines a customer name and requested service associated with the port number indicated in the request. Mappings are established between the source end point device and a destination end point device that provides the requested service from within a destination communication network that is associated with the customer name. Network traffic is conveyed between the source end point device and the destination end point device through the cloud service by tunneling packets over connections between the cloud service connector in the source communication network and the cloud service and between a cloud service connector in the destination communication network and the cloud service.

公开(公告)号：US11726858B2

公开(公告)日：2023-08-15

申请号：US17580113

申请日：2022-01-20

Applicant: Citrix Systems, Inc.

Inventor： Himanshu Agarwal ,  Vikramjeet Singh Sandhu ,  Mukesh Garg ,  Kenneth Bell ,  Leo C. Singleton, IV ,  Balasubramanian Swaminathan ,  Vivek Koni Raghuveer ,  Aditya Ranjan

IPC: G06F11/07 ,  H04L9/40 ,  H04L41/06 ,  H04L41/0631

CPC classification number: G06F11/079 ,  G06F11/0751 ,  G06F11/0793 ,  H04L41/06 ,  H04L41/0631 ,  H04L63/0846

Abstract: A computer system configured to identify errors in a session launch initiated by a client application is provided. The computer system includes a memory and at least one processor coupled to the memory. The at least one processor is configured to receive one or more events from one or more applications or devices involved in the session launch, wherein an event of the one or more events comprises information from an application or device call (e.g., an application programming interface (API) call) communicated during the session launch, the information comprising destination information; build a primary Directed Acyclic Graph (DAG) based on the information from the API call; determine an error identifier based on the primary DAG; retrieve a troubleshooting recommendation from a library based on the error identifier; and send the troubleshooting recommendation to the client application.

公开(公告)号：US11652873B2

公开(公告)日：2023-05-16

申请号：US17229843

申请日：2021-04-13

Applicant: CITRIX SYSTEMS, INC.

Inventor： Jong Kann ,  Kenneth Bell

IPC: H04L67/1023 ,  H04L9/40 ,  H04L67/02 ,  H04L67/1061

CPC classification number: H04L67/1023 ,  H04L63/0281 ,  H04L67/02 ,  H04L67/1065

Abstract: A method may include generating a proxy auto-configuration file including a function and a hash value associated with a resource. The hash value may be determined based on an identifier of the resource. The proxy auto-configuration file may include the hash value instead of a plaintext value of the identifier to obscure the plaintext value of the identifier. The proxy auto-configuration file including the function and the hash value may be sent to at least enable the function to be invoked by a web browser at one or more clients. The function may be configured to respond to being invoked by the web browser by determining, based on the hash value, whether to bypass a proxy server when accessing the resource. Related systems and computer program products are also provided.

公开(公告)号：US11159552B2

公开(公告)日：2021-10-26

申请号：US16402819

申请日：2019-05-03

Applicant: Citrix Systems, Inc.

Inventor： Christopher Fleck ,  Kenneth Bell

IPC: H04L29/06 ,  H04L29/08

Abstract: The present disclosure is related to systems and methods of monitoring data of a network application. An embedded browser of a client application on a client device may initiate a request to access a network application hosted on a server. The client application may, responsive to the request, establish a secure session to communicate data of the network application to the client application for rendering in a display region of the embedded browser. The client application may decrypt the data communicated via the established secure session to monitor the network application.

公开(公告)号：US20210234919A1

公开(公告)日：2021-07-29

申请号：US16750727

申请日：2020-01-23

Applicant: Citrix Systems, Inc.

Inventor： Hrushikesh Shrinivas Paralikar ,  Kenneth Bell ,  Arkesh Kumar ,  Anil Kumar Gavini

IPC: H04L29/08 ,  H04L12/26

Abstract: Described implementations provide systems and methods generating and using live performance maps of a network environment for selecting combinations of proxies and servers for fulfilling client device requests. Proxy devices or connectors may gather network telemetry data from actual network flows between client devices and application servers or other resources traversing the proxy devices or connectors, when available, or by generating synthetic transactions to measure network telemetry data when actual flows are unavailable. The telemetry data may be provided to a management service, which may generate a performance map. The performance map may be provided to the proxy devices and/or a cloud proxy service for selection of optimal combinations of connectors and resources for client requests. Incoming client requests may be steered or redirected to the selected optimal combination. The performance map may be dynamically regenerated as network conditions change and/or as servers are deployed or undeployed.

公开(公告)号：US10862975B1

公开(公告)日：2020-12-08

申请号：US16430726

申请日：2019-06-04

Applicant: CITRIX SYSTEMS, INC.

Inventor： Leo C. Singleton, IV ,  Kenneth Bell ,  Jitendra Deshpande

IPC: H04L29/08 ,  H04L12/46 ,  H04L29/06

Abstract: A method may include establishing a first direct route to a gateway appliance from session clients each associated with a respective Desktop as a Service (DaaS) session run by a virtual session controller within a computing network, and establishing a second direct route from the gateway appliance to a virtual session connector within at least one private enterprise computing network. The method may also include relaying private enterprise network data between the session clients and the virtual session connector through the gateway appliance via the first direct route to each session client and the second direct route to the virtual session connector.