公开(公告)号：US10936465B2

公开(公告)日：2021-03-02

申请号：US16502741

申请日：2019-07-03

Applicant: Citrix Systems, Inc.

Inventor： Santiago Acosta ,  Ashish Gujarathi

IPC: G06F11/34 ,  G06Q10/06 ,  G06F8/71 ,  G06F8/658 ,  G06F8/65

Abstract: Described embodiments may provide deployment of updates to multiple entities. A canary deployment manager may receive a request to deploy an update in canary deployments. The canary deployment manager may determine, for each entity of a plurality of entities, a support score based on support issues experienced by each entity. The canary deployment manager may determine, for each entity, a monitoring score based on at least one performance or availability issue experienced by each entity. The canary deployment manager may generate, for each entity, based on the support score of each entity and the monitoring score of each entity, a canary score used to identify a canary deployment to which to assign each entity. The canary deployment manager may select a subset of the plurality of entities to assign to a first canary wave of the canary deployments based on the respective canary scores of each of the subset.

公开(公告)号：US10826905B2

公开(公告)日：2020-11-03

申请号：US15368876

申请日：2016-12-05

Applicant: Citrix Systems, Inc.

Inventor： Ashish Gujarathi

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/00 ,  H04L29/12

Abstract: Methods, systems, and computer-readable media for using a multi-tenant web relay service to provide secure access to on-premises web services from a tenant-specific cloud service are described herein. In one or more embodiments, a multi-tenant web relay service may receive from a tenant-specific cloud service a connection request to an on-premises web service hosted within a tenant datacenter. The connection request may comprise data indicating a display-friendly name of the web service and the tenant datacenter. Responsive to receiving the request, the web relay service may forward the connection request to the on-premises web service via a rendezvous support service and a web relay agent. Responsive to receiving the connection request, the on-premises web service may generate a response which may be relayed back to the tenant-specific cloud service by the multi-tenant web relay service.

公开(公告)号：US20190034315A1

公开(公告)日：2019-01-31

申请号：US15659285

申请日：2017-07-25

Applicant: Citrix Systems, Inc.

Inventor： Santiago Acosta ,  Ashish Gujarathi

IPC: G06F11/34 ,  G06Q10/06 ,  G06F9/44

CPC classification number: G06F11/3466 ,  G06F8/65 ,  G06F8/658 ,  G06F8/71 ,  G06Q10/06393

Abstract: Described embodiments may provide deployment of updates to multiple entities. A canary deployment manager may receive a request to deploy an update in canary deployments. The canary deployment manager may determine, for each entity of a plurality of entities, a support score based on support issues experienced by each entity. The canary deployment manager may determine, for each entity, a monitoring score based on at least one performance or availability issue experienced by each entity. The canary deployment manager may generate, for each entity, based on the support score of each entity and the monitoring score of each entity, a canary score used to identify a canary deployment to which to assign each entity. The canary deployment manager may select a subset of the plurality of entities to assign to a first canary wave of the canary deployments based on the respective canary scores of each of the subset.

公开(公告)号：US20230014970A1

公开(公告)日：2023-01-19

申请号：US17376512

申请日：2021-07-15

Applicant: Citrix Systems, Inc.

Inventor： Ashish Gujarathi ,  Santosh Sampath Gummunur Chiranjeevi ,  Krishna Kumar ,  Deepak Sharma

IPC: G06F21/41

Abstract: Described embodiments provide systems, methods, non-transitory computer-readable medium for using a single sign-on (SSO) to access an application. A client application on a client device in communication with an identity provider and an application on a remote computing device. The client application can authenticate a user via an identity provider to establish an authentication session. The client application can identify a request to access a uniform resource locator (URL) of the application hosted on the remote computing device. The client application can determine that a configuration of the client application identifies a remapped URL for the URL is available. The client application can access the remapped URL instead of the URL to cause the user to use the authentication session of the identity provider and be redirected from the identity provider to a link of the application on the remote computing device.

公开(公告)号：US11431502B2

公开(公告)日：2022-08-30

申请号：US17025199

申请日：2020-09-18

Applicant: Citrix Systems, Inc.

Inventor： Thierry Duchastel ,  Harold Teramoto ,  Vikas Nambiar ,  Ashish Gujarathi

IPC: H04L29/06 ,  H04L9/32 ,  G06F16/955 ,  H04L9/08

Abstract: Methods and systems for token transfer are described herein. A remote computing device may receive, from a mobile computing device, a public key of a public-private key pair. The public key may be associated with a first application of the mobile computing device. The first application may be configured to send credentials to a second application of the mobile computing device. The second application may be isolated from other applications executable on the mobile computing device. The remote computing device may receive, from the first application, a token. The token may have been previously issued to the first application and may have been encrypted, using the public key, by the first application. The remote computing device may send, to the second application, the token to enable the second application to authenticate with a plurality of services that interact with the second application.

公开(公告)号：US11245683B2

公开(公告)日：2022-02-08

申请号：US16028515

申请日：2018-07-06

Applicant: CITRIX SYSTEMS, INC.

Inventor： Ashish Gujarathi

IPC: H04L29/06 ,  H04W12/06

Abstract: A mobile computing device is configured to allow a user to launch native SaaS applications from different vendors using a single-sign-on without having to modify or hook the native SaaS applications. A VPN application operates as man-in-the-middle (MITM) for identity provider requests from SaaS services. The VPN application is initially authenticated with the identity provider, and receives an IDP authentication token which is stored. The IDP authentication token is used for authentication requests from SaaS services.

公开(公告)号：US20210336966A1

公开(公告)日：2021-10-28

申请号：US16857987

申请日：2020-04-24

Applicant: Citrix Systems, Inc.

Inventor： Ashish Gujarathi ,  Ricardo Fernando Feijoo

IPC: H04L29/06 ,  H04L9/32

Abstract: Described embodiments provide systems, methods, computer readable media for accessing services via identity providers. A computing device may transmit, responsive to a request from a client to access a service, a value to the client. The client may be configured to access the service using an access token. The computing device may receive, from the client, a signature, the signature generated using the value, a device identifier, and a first encryption key. The computing device may determine, using the value and a second encryption key, the device identifier from the signature. The computing device may identify a status of the client according to the device identifier. The computing device may provide, responsive to the status, a new access token to permit access to the access and a refresh token to obtain subsequent access tokens.

公开(公告)号：US20210334091A1

公开(公告)日：2021-10-28

申请号：US17351715

申请日：2021-06-18

Applicant: Citrix Systems, Inc.

Inventor： Ashish Gujarathi

IPC: G06F8/71 ,  H04L29/08 ,  G06F16/955

Abstract: Described embodiments provide systems and methods for selecting a version of an application to launch for a client device according to a context of the client device. A computing device can receive a request from a client device to launch an application. The request can include an identifier that indicates multiple versions of the application are accessible in which to launch the application. The computing device can select, using the identifier, a version of the application according to a context of the client device. The computing device can provide the client device with access to the selected version of the application, so as to enable the client device to launch a version of the application compatible with the context of the client device.

公开(公告)号：US10595202B2

公开(公告)日：2020-03-17

申请号：US15472685

申请日：2017-03-29

Applicant: Citrix Systems, Inc.

Inventor： Georgy Momchilov ,  Ashish Gujarathi

IPC: H04L29/06 ,  H04W12/08 ,  G06F9/451 ,  G06F9/455 ,  H04W12/00 ,  H04W4/50 ,  G06F21/60 ,  G06F21/62 ,  H04L29/08

Abstract: Methods, systems, and computer-readable media for providing an enrolled device with smart access to hosted applications are presented. In some embodiments, a computing platform having at least one processor, a memory, and a communication interface may receive, via the communication interface, end point analysis information associated with an enrolled device. Subsequently, the computing platform may analyze the end point analysis information associated with the enrolled device to determine whether to selectively enable or disable hosted application functionality based on one or more smart access policies. Then, the computing platform may provide, via the communication interface, to the enrolled device, a hosted application experience based on analyzing the end point analysis information associated with the enrolled device and determining whether to selectively enable or disable the hosted application functionality based on the one or more smart access policies.

公开(公告)号：US20180314746A1

公开(公告)日：2018-11-01

申请号：US15963841

申请日：2018-04-26

Applicant: Citrix Systems, Inc.

Inventor： Ashish Gujarathi

IPC: G06F17/30 ,  G06F9/54 ,  H04L29/08

CPC classification number: G06F17/30017 ,  G06F17/30943

Abstract: Systems and methods for accessing single-tenant databases comprising a multi-tenant aware cluster manager in communication with instances of single-tenant databases are described. The cluster manager can establish a uniform resource locator (URL) unique for each tenant to access the cluster manager. Each of the instances of single-tenant databases can include data for a corresponding tenant. The cluster manager can receive a request from a client to access a database corresponding to the first tenant. The request can include the URL established for the first tenant. The cluster manager can identify the first tenant based on the URL of the request. The cluster manager can obtain, responsive to identification of the first tenant, a tenant context of the first tenant from a storage. The cluster manager can access, using the first tenant context and responsive to the request, a first instance of the single-tenant databases corresponding to the first tenant.