公开(公告)号：US09692725B2

公开(公告)日：2017-06-27

申请号：US14448265

申请日：2014-07-31

Applicant: Citrix Systems, Inc.

Inventor： Charu Venkatraman ,  Junxiao He ,  Ajay Soni ,  Nicholas Stavrakos ,  Jeff Monks ,  Fred Koopmans ,  Chris Koopmans ,  Kapil Dakhane

IPC: H04L29/12 ,  H03M7/30 ,  H04L29/08 ,  H04W8/24

CPC classification number: H04L61/6009 ,  G06F17/30899 ,  H03M7/30 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2823 ,  H04L67/2852 ,  H04L67/289 ,  H04L69/321 ,  H04W8/245

Abstract: Systems and methods are described for using a client agent operating in a virtual private network environment to intercept HTTP communications. Methods include: intercepting at the network layer, by a client agent executing on a client, an HTTP request from an application executing on the client; modifying the HTTP request; and transmitting, via a transport layer connection, the modified HTTP request to a server. Additional methods may comprise adding, removing, or modifying at least one cookie in the HTTP request. Still other methods may comprise modifying at least one name-value pair contained in the HTTP request. Corresponding systems are also described.

公开(公告)号：US09407608B2

公开(公告)日：2016-08-02

申请号：US14448298

申请日：2014-07-31

Applicant: Citrix Systems, Inc.

Inventor： Amarnath Mullick ,  Charu Venkatraman ,  Shashi Nanjundaswamy ,  Junxiao He ,  Ajay Soni ,  Nicholas Stavrakos ,  Chris Koopmans

IPC: G06F17/00 ,  H04L29/06

CPC classification number: H04L63/0272 ,  G06F17/00 ,  H04L63/102 ,  H04L63/105 ,  H04L63/20

Abstract: An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause.

Abstract translation: 基于客户端属性来授权客户端访问虚拟专用网络连接的级别的设备和方法包括以下步骤：当设备在接收到建立客户端请求时建立与客户端的控制连接 与网络的虚拟专用网络连接。 该设备经由控制连接向客户端发送请求以评估安全字符串的至少一个子句，所述至少一个子句包括与客户端属性相关联的表达式。 客户端经由控制连接发送对设备的响应，包括由客户端评估至少一个子句的结果。 该设备基于至少一个子句的评估结果将客户端分配给授权组。

公开(公告)号：US09294439B2

公开(公告)日：2016-03-22

申请号：US13943662

申请日：2013-07-16

Applicant: Citrix Systems, Inc.

Inventor： Charu Venkatraman ,  Junxiao He ,  Amarnath Mullick ,  Shashi Nanjundaswamy ,  James Harris ,  Ajay Soni

IPC: H04L29/00 ,  H04L29/06

CPC classification number: H04L63/0227 ,  H04L63/0272 ,  H04L63/0876 ,  H04L63/102

Abstract: A method for intercepting, by an agent of a client, communications from the client to be transmitted via a virtual private network connection includes the step of intercepting communications based on identification of an application from which the communication originates. The agent receives information identifying a first application. The agent determines a network communication transmitted by the client originates from the first application and intercepts that communication. The agent transmits the intercepted communication via the virtual private network connection.

Abstract translation: 用于由客户的代理拦截要通过虚拟专用网络连接发送的通信的方法包括基于来自该通信的应用的识别来拦截通信的步骤。 代理接收标识第一应用的信息。 代理确定由客户端发送的网络通信源自第一应用，并拦截该通信。 该代理通过虚拟专用网络连接发送被拦截的通信。

公开(公告)号：US20150244781A1

公开(公告)日：2015-08-27

申请号：US14624300

申请日：2015-02-17

Applicant: Citrix Systems, Inc.

Inventor： Mugdha Agarwal ,  Akshat Choudhary ,  Ajay Soni

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/10 ,  H04L29/08 ,  H04L67/2814 ,  H04L67/2819 ,  H04L67/2842 ,  H04L67/42 ,  H04L69/04 ,  H04L69/16 ,  H04L69/161 ,  H04L69/22

Abstract: The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server.

Abstract translation: 本公开提供了通过中间设备将网络流量基于策略的重定向到水平部署的WAN设备的系统和方法。 中介接收客户端访问服务器的请求。 该请求先前被第一WAN设备修改为将信息包括在传输层的第一选项字段中。 中介可以响应于重定向策略来确定将请求发送到从中间件而不是服务器水平部署的第二WAN优化设备。 中间人将请求发送到第二WAN优化设备，同时保持来自第一选项字段的信息。 中间装置接收包括识别第一WAN优化装置的第一选项字段中的信息到第二WAN优化装置的请求。 中介从第二WAN设备接收修改后的请求，该修改请求由中介确定发送到目的地服务器。

公开(公告)号：US20150039674A1

公开(公告)日：2015-02-05

申请号：US13955797

申请日：2013-07-31

Applicant: Citrix Systems, Inc.

Inventor： Mugdha Agarwal ,  Rama Praveen ,  Ajay Soni

IPC: H04L29/08

CPC classification number: H04L67/2842 ,  H04L67/02 ,  H04L67/2814

Abstract: The present disclosure relates to methods and systems for performing response based cache redirection to a cache proxy. A device intermediary to a plurality of clients and a plurality of servers and in communication with a plurality of cache proxies, receives a request for content from a client. The request is for content from a server of the plurality of servers. The device forwards the request to the server. The device identifies a cache redirection policy that specifies an amount of bytes of a response to buffer to calculate a signature of the content of the response. The device computes the signature of the content of the response based on the amount of bytes of the response received from the server and buffered by the device. The device selects a cache proxy based on the computed signature and forwards the request of the client to the selected cache proxy.

Abstract translation: 本公开涉及用于执行基于响应的高速缓存重定向到高速缓存代理的方法和系统。 多个客户机和多个服务器的设备中介，并与多个高速缓存代理进行通信，从客户端接收对内容的请求。 该请求是针对来自多个服务器的服务器的内容。 设备将请求转发到服务器。 该设备标识缓存重定向策略，其指定对缓冲器的响应的字节量以计算响应的内容的签名。 该设备基于从服务器接收并由设备缓冲的响应的字节数来计算响应的内容的签名。 该设备基于所计算的签名来选择缓存代理，并将客户端的请求转发到所选择的高速缓存代理。

公开(公告)号：US08788581B2

公开(公告)日：2014-07-22

申请号：US13744614

申请日：2013-01-18

Applicant: Citrix Systems, Inc.

Inventor： Prabakar Sundarrajan ,  Prakash Khemani ,  Kailash Kailash ,  Ajay Soni ,  Rajiv Sinha ,  Saravana Annamalaisami ,  Bharath Bhushan K. R. ,  Anil Kumar

IPC: G06F12/00

CPC classification number: H04L67/42 ,  G06F17/30902

Abstract: A method for maintaining a cache of dynamically generated objects. The method includes storing in the cache dynamically generated objects previously served from an originating server to a client. A communication between the client and server is intercepted by the cache. The cache parses the communication to identify an object determinant and to determine whether the object determinant indicates whether a change has occurred or will occur in an object at the originating server. The cache marks the object stored in the cache as invalid if the object determinant so indicates. If the object has been marked as invalid, the cache retrieves the object from the originating server.

Abstract translation: 一种用于维护动态生成的对象的缓存的方法。 该方法包括将先前从始发服务器提供的动态生成的对象存储到缓存器中。 客户端和服务器之间的通信被缓存拦截。 高速缓存解析通信以识别对象行列式，并且确定对象行列式是否指示发生服务器上的对象是否已发生或将发生更改。 如果对象行列式指示，高速缓存将存储在缓存中的对象标记为无效。 如果对象被标记为无效，缓存将从始发服务器检索该对象。

公开(公告)号：US20130304881A1

公开(公告)日：2013-11-14

申请号：US13943662

申请日：2013-07-16

Applicant: Citrix Systems, Inc.

Inventor： Charu Venkatraman ,  Junxiao He ,  Amarnath Mullick ,  Shashi Nanjundaswamy ,  James Harris ,  Ajay Soni

IPC: H04L29/06

CPC classification number: H04L63/0227 ,  H04L63/0272 ,  H04L63/0876 ,  H04L63/102

Abstract: A method for intercepting, by an agent of a client, communications from the client to be transmitted via a virtual private network connection includes the step of intercepting communications based on identification of an application from which the communication originates. The agent receives information identifying a first application. The agent determines a network communication transmitted by the client originates from the first application and intercepts that communication. The agent transmits the intercepted communication via the virtual private network connection.

Abstract translation: 用于由客户的代理拦截要通过虚拟专用网络连接发送的通信的方法包括基于来自该通信的应用的识别来拦截通信的步骤。 代理接收标识第一应用的信息。 代理确定由客户端发送的网络通信源自第一应用，并拦截该通信。 该代理通过虚拟专用网络连接发送被拦截的通信。

公开(公告)号：US20130212667A1

公开(公告)日：2013-08-15

申请号：US13850848

申请日：2013-03-26

Applicant: Citrix Systems, Inc.

Inventor： Amarnath Mullick ,  Shashi Nanjundaswamy ,  Ajay Soni

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/0272 ,  H04L63/10 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1012 ,  H04L67/1029

Abstract: In a method and appliance for authenticating, by an appliance, a client to access a virtual network connection, based on an attribute of a client-side certificate, a client authentication certificate is requested from a client. A value of at least one field in the client authentication certificate received from the client is identified. One of a plurality of types of access is assigned responsive to an application of a policy to the identified value of the at least one field, each of the plurality of access types associated with at least one connection characteristic.

Abstract translation: 在用于通过设备认证客户端以访问虚拟网络连接的方法和设备中，基于客户端证书的属性，从客户端请求客户端认证证书。 识别从客户端接收的客户端认证证书中至少一个字段的值。 响应于对至少一个字段的标识值的策略的应用来分配多种类型的访问中的一种，所述多个访问类型中的每一个与至少一个连接特征相关联。