公开(公告)号：US10965741B2

公开(公告)日：2021-03-30

申请号：US16792381

申请日：2020-02-17

Applicant: Citrix Systems, Inc.

Inventor： Steven A. Keller ,  Thomas J. Hammond ,  Thomas Michael Kludy

IPC: G06F15/177 ,  H04L29/08 ,  H04L29/12 ,  H04L12/24 ,  H04L12/803

Abstract: Methods, systems, and non-transitory computer-readable media are described herein. In some embodiments, a computing platform may deploy a cloud application comprising a first instance of the cloud application. Further, the computing platform may direct a DNS to the first instance of the cloud application. Next, the computing platform may determine that a second instance of the cloud application should be deployed. Additionally, the computing platform may create a first global traffic manager configured with at least a first endpoint and a second endpoint, where the first endpoint is associated with the first instance and is enabled, and where the second endpoint is associated with the second instance, and is disabled. Subsequently, the computing platform may direct the DNS to the first global traffic manager. The computing platform may then direct the DNS to the first global traffic manager, enable the second endpoint. In addition, the computing device may direct, based on metadata associated with each of a plurality of users, each of the plurality of users to one of the first instance and the second instance, wherein one or more users are directed to each of the first instance and the second instance.

公开(公告)号：US20210049023A1

公开(公告)日：2021-02-18

申请号：US17085743

申请日：2020-10-30

Applicant: Citrix Systems, Inc.

Inventor： Steven A. Keller ,  Joel Kevin Lawrence Cardoza ,  Thomas Michael Kludy

IPC: G06F9/445 ,  H04L29/08 ,  G06F21/54

Abstract: Described embodiments provide systems and methods for stateless modification of operating system registry data across network boundaries. The system includes a processor coupled to memory and configured to execute instructions to receive, within a first network, a request to apply a modification to an operating system registry of a second device within a second network different from the first network. The processor queues data describing the requested modification, receives a polling request from the second device, and transmits, to the second device responsive to the polling request, the queued data describing the requested modification for the second device to apply to the operating system registry of the second device. For example, the requested modification may be to create a key, to create a value, to delete a key, or to delete a value.

公开(公告)号：US10824511B2

公开(公告)日：2020-11-03

申请号：US15595885

申请日：2017-05-15

Applicant: Citrix Systems, Inc.

Inventor： Thomas Michael Kludy ,  Michael Paul Wehniainen

IPC: G06F16/00 ,  G06F11/14 ,  G06F16/21 ,  G06F16/23 ,  G06F11/30

Abstract: Methods and systems for coordinating migration for a database of a service are described herein. Multiple releases of the service may be simultaneously implemented, and these multiple releases may access a shared database. As new releases of the service are activated, the database may be incrementally migrated to a new data schema version. The new data schema version may be compatible with each release of the service that is in use. After a migration has begun, instances of the service may be instructed to perform database operations using methods compatible with the new data schema version. Continuation tokens may be returned during the migration, which indicate portions of the shared database that have not yet been migrated. If an error occurs during the migration, the continuation tokens may be discarded, and the migration may be restarted.

公开(公告)号：US20200186597A1

公开(公告)日：2020-06-11

申请号：US16792381

申请日：2020-02-17

Applicant: Citrix Systems, Inc.

Inventor： Steven A. Keller ,  Thomas J. Hammond ,  Thomas Michael Kludy

IPC: H04L29/08 ,  H04L12/803 ,  H04L12/24 ,  H04L29/12

Abstract: Methods, systems, and non-transitory computer-readable media are described herein. In some embodiments, a computing platform may deploy a cloud application comprising a first instance of the cloud application. Further, the computing platform may direct a DNS to the first instance of the cloud application. Next, the computing platform may determine that a second instance of the cloud application should be deployed. Additionally, the computing platform may create a first global traffic manager configured with at least a first endpoint and a second endpoint, where the first endpoint is associated with the first instance and is enabled, and where the second endpoint is associated with the second instance, and is disabled. Subsequently, the computing platform may direct the DNS to the first global traffic manager. The computing platform may then direct the DNS to the first global traffic manager, enable the second endpoint. In addition, the computing device may direct, based on metadata associated with each of a plurality of users, each of the plurality of users to one of the first instance and the second instance, wherein one or more users are directed to each of the first instance and the second instance.

公开(公告)号：US20180295135A1

公开(公告)日：2018-10-11

申请号：US15482904

申请日：2017-04-10

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Michael Kludy

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L63/0414 ,  H04L63/083 ,  H04L63/102 ,  H04L63/105

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

公开(公告)号：US11271866B2

公开(公告)日：2022-03-08

申请号：US17008739

申请日：2020-09-01

Applicant: Citrix Systems, Inc.

Inventor： Thomas Michael Kludy ,  Alejandro Carrasquilla ,  Michael Paul Wehniainen ,  Ayush Jain

IPC: H04L12/911 ,  G06F9/54 ,  H04L12/26 ,  G06F16/27 ,  H04L12/28 ,  G06F16/25 ,  H04L29/08 ,  H04L47/70 ,  H04L43/08 ,  H04L67/141

Abstract: Methods and systems for sharing data among multiple services are described herein. Multiple services may access data from a shared data source. The services may subscribe to data sharing events. A data sharing service may iterate through the shared data source and transmit data retrieved from the shared data source in data sharing events. When the data sharing service reaches the end of the shared data source, the data sharing service may begin iterating through the shared data source again from the beginning. The data sharing events may be transmitted at a predetermined frequency. The services may subscribe to or unsubscribe from the data sharing events.

公开(公告)号：US20210400002A1

公开(公告)日：2021-12-23

申请号：US17465275

申请日：2021-09-02

Applicant: Citrix Systems, Inc.

Inventor： Jose Reyes ,  Thomas Michael Kludy

IPC: H04L12/58

Abstract: A technique increases capacity in a topic-subscription messaging system. The technique involves, during a first time period, operating a first topic structure of the system. The first topic structure includes a first topic and a plurality of first subscriptions coupled with the first topic. The technique further involves, during a second time period, providing a second topic structure which includes a second topic and a plurality of second subscriptions coupled with the second topic. The technique further involves, during a third time period, providing a link from the second topic structure to the first topic structure making (i) the second topic structure a parent to the first topic structure and (ii) the first topic structure a child to the second topic structure, the link conveying messages from a particular second subscription of the second topic structure to the first topic of the first topic structure.

公开(公告)号：US11128625B2

公开(公告)日：2021-09-21

申请号：US16550656

申请日：2019-08-26

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Michael Kludy

IPC: G06F21/00 ,  H04L29/06

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

公开(公告)号：US11062041B2

公开(公告)日：2021-07-13

申请号：US15661740

申请日：2017-07-27

Applicant: Citrix Systems, Inc.

Inventor： Thomas Michael Kludy

IPC: G06F21/62

Abstract: Methods and systems for scrubbing log files using scrubbing engines are described herein. For example, a local scrubbing server may receive a plurality of log messages from an application executing on a cloud server. Then, the local scrubbing server may store the plurality of log messages in an in-memory queue of the cloud server. After, the local scrubbing server may scrub a log message from the in-memory queue based on determining whether the log message satisfies criteria information. Further, the local scrubbing server may transmit, to a central service computing platform, the log message. Subsequently, the central service computing platform may receive, from the local scrubbing server, the log message. Additionally, the central service computing platform may perform a second review of the log message. Then, the central service computing platform may transmit, to a third party logging service, the log message.

公开(公告)号：US10587625B2

公开(公告)日：2020-03-10

申请号：US15470359

申请日：2017-03-27

Applicant: Citrix Systems, Inc.

Inventor： Thomas Michael Kludy

IPC: H04L29/06 ,  G06F21/10 ,  G06F21/62 ,  H04L29/08 ,  H04L9/32 ,  G06F8/61

Abstract: A method of performing operations involving accessing a set of protected computing resources of a computing device includes (a) receiving, by a frontend service, an instruction via a network connection, the instruction directing the computing device to perform an operation involving accessing the set of protected resources, the set of protected computing resources being configured to refuse access to the frontend service, (b) in response to receiving the instruction, sending a request from the frontend service to a backend service, the request instructing the backend service to access the set of protected resources, the backend service being configured to not communicate via the network connection, the set of protected computing resources being configured to permit access to the backend service, and (c) in response to the backend service receiving the request from the frontend service, the backend service accessing the set of protected resources in fulfillment of the operation.