公开(公告)号：US20110162062A1

公开(公告)日：2011-06-30

申请号：US12977725

申请日：2010-12-23

申请人： ARKESH KUMAR ,  Pratap Ramachandra

发明人： ARKESH KUMAR ,  Pratap Ramachandra

IPC分类号： G06F21/00

CPC分类号： H04L63/0272 ,  G06F21/10 ,  G06F21/105 ,  G06F21/604 ,  G06F2221/2141 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L67/141

摘要： The present invention is directed towards systems and methods for sharing licenses across resources via a multi-core intermediary device. A device intermediary to a plurality of clients and a server may grant a license for a virtual private network (VPN) session established by a first core of a plurality of cores of the device with a client. A second core of the plurality of cores may receive a first request from the client to establish an application connection between an application and a server via the VPN session. The second core may send a second request to the first core to share the license of the VPN session responsive to determining that the first core owns the VPN session. The second core may establish the application connection responsive to receiving from the first core a response accepting the second request to share the license of the VPN session.

摘要翻译： 本发明涉及通过多核中间设备跨资源共享许可的系统和方法。 多个客户机和服务器的设备中介可以向客户机授予由设备的多个核心的第一核心建立的虚拟专用网（VPN）会话的许可证。 多个核心的第二核心可以接收来自客户端的第一请求，以经由VPN会话在应用和服务器之间建立应用连接。 响应于确定第一核心拥有VPN会话，第二核心可以向第一核心发送第二请求以共享VPN会话的许可证。 第二核心可以响应于从第一核心接收到接受第二请求以共享VPN会话的许可的响应来建立应用连接。

公开(公告)号：US20110154443A1

公开(公告)日：2011-06-23

申请号：US12976688

申请日：2010-12-22

申请人： RAVINDRANATH THAKUR ,  Puneet Agarwal ,  Arkesh Kumar ,  Rui Li

发明人： RAVINDRANATH THAKUR ,  Puneet Agarwal ,  Arkesh Kumar ,  Rui Li

IPC分类号： G06F21/00

CPC分类号： G06F21/41

摘要： A method for propagating authentication session information to a plurality of cores of a multi-core device includes establishing, by an authentication virtual server executing on a first core of a device intermediary to at least one client and server, a session for a user, the authentication virtual server authenticating the session. A traffic management virtual server executes on a second core of device, and receives a request to access a server via the session. The traffic management virtual server may identify, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session. The second core may send to the first core a request for data for the session identified by the identifier. The second core may receive from the first core a response to the second request identifying whether the session is valid.

摘要翻译： 用于将认证会话信息传播到多核设备的多个核心的方法包括：通过在至少一个客户端和服务器的中间设备的第一核心上执行的认证虚拟服务器建立用户的会话， 验证虚拟服务器认证会话。 流量管理虚拟服务器在设备的第二核心上执行，并且经由会话接收到访问服务器的请求。 业务管理虚拟服务器可以响应于确定该会话未被第二核心存储的第一核心建立会话的会话标识符。 第二核心可以向第一核心发送由标识符标识的会话的数据请求。 第二核心可以从第一核心接收对第二请求的响应，以识别会话是否有效。

公开(公告)号：US20100242106A1

公开(公告)日：2010-09-23

申请号：US12409322

申请日：2009-03-23

申请人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary ,  Punit Gupta

发明人： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary ,  Punit Gupta

IPC分类号： G06F15/173 ,  G06F21/00

CPC分类号： H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

摘要： The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result.

摘要翻译： 本发明提供了一种基于终端审计结果来管理遍历中间人的流量的系统和方法。 中介的认证虚拟服务器可以确定客户端的终点分析扫描的结果。 响应确定，流量管理虚拟服务器可以从认证虚拟服务器获取结果。 此外，流量管理虚拟服务器可以将结果应用于一个或多个流量管理策略中，以管理遍历中间件的客户端的连接的网络流量。 在一些实施例中，认证虚拟服务器可以接收由客户端评估的一个或多个表达式。 一个或多个表达式标识客户端的一个或多个属性。 流量管理虚拟服务器还可以基于使用结果应用一个或多个流量管理策略来确定连接的压缩或加密的类型。

公开(公告)号：US20100241846A1

公开(公告)日：2010-09-23

申请号：US12794446

申请日：2010-06-04

申请人： Prabakar Sundarrajan ,  Junxiao He ,  Ajay Soni ,  Shashidhara Nanjundaswamy ,  Arkesh Kumar

发明人： Prabakar Sundarrajan ,  Junxiao He ,  Ajay Soni ,  Shashidhara Nanjundaswamy ,  Arkesh Kumar

IPC分类号： G06F9/00 ,  G06F15/16

CPC分类号： H04L63/0272 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/164 ,  H04L63/166 ,  H04L67/2814 ,  H04L67/289 ,  H04L67/34

摘要： A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a—Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.

摘要翻译： 一种用于在客户机和专用数据通信网络之间建立虚拟专用网络（VPN）的系统和方法。 通过公共数据通信网络在网关和客户端之间建立诸如安全套接层（SSL）数据通信会话之类的加密数据通信会话。 网关然后将编程组件发送到客户端，以便在其上进行自动安装和执行。 编程组件用于截取来自专用于专用数据通信网络上的资源的客户端应用程序的通信，并通过加密的数据通信会话而不是私有数据通信网络上的资源将拦截的通信发送到网关。

公开(公告)号：US20080046371A1

公开(公告)日：2008-02-21

申请号：US11465948

申请日：2006-08-21

申请人： Junxiao He ,  Charu Venkatraman ,  Arkesh Kumar ,  Ajay Soni

发明人： Junxiao He ,  Charu Venkatraman ,  Arkesh Kumar ,  Ajay Soni

IPC分类号： H04L9/00

CPC分类号： H04L67/34 ,  G06F8/65 ,  H04L63/0272 ,  H04L63/104 ,  H04L63/166

摘要： A method for automatically changing a version of a client agent for a non-administrative user account without rebooting the user's machine uses a service having installation privileges. The service executes on the client and installs a client agent. The client agent communicates with a network appliance. The client agent detects a difference between its version and a version of the client agent identified by the network appliance. The agent signals the service that it has detected the difference and, in response, the service executes an installation program that installs, without rebooting the client, the version of the client agent identified by the appliance. A corresponding system is also described.

摘要翻译： 用于自动更改非管理用户帐户的客户端代理的版本而不重新启动用户的计算机的方法将使用具有安装权限的服务。 服务在客户端上执行并安装客户端代理。 客户端代理与网络设备进行通信。 客户端代理检测其版本与由网络设备识别的客户端代理的版本之间的差异。 该代理向该服务发出信号，它检测到该差异，作为响应，该服务执行安装程序，而不重新启动客户机，该设备将由该设备识别的客户端代理的版本。 还描述了相应的系统。

公开(公告)号：US09009327B2

公开(公告)日：2015-04-14

申请号：US11833581

申请日：2007-08-03

申请人： Saibal Adhya ,  Akshat Choudhary ,  Shashi Nanjundaswamy ,  Sergey Verzunov ,  Arkesh Kumar ,  Amarnath Mullick

发明人： Saibal Adhya ,  Akshat Choudhary ,  Shashi Nanjundaswamy ,  Sergey Verzunov ,  Arkesh Kumar ,  Amarnath Mullick

IPC分类号： G06F15/16 ,  H04L12/46 ,  H04L29/12 ,  H04L29/08 ,  H04L29/14 ,  G06F15/173 ,  H04W4/00 ,  H04L29/06

CPC分类号： H04L12/4641 ,  H04L29/12216 ,  H04L61/2007 ,  H04L63/0272 ,  H04L63/166 ,  H04L67/14 ,  H04L69/40

摘要： The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session.

摘要翻译： 本文描述的设备和/或客户端代理的SSL VPN会话故障切换解决方案提供了一种在故障转移时处理IP地址分配和终点重新授权的环境。 可以部署设备以提供会话故障转移环境，其中当检测到故障转移条件时，第二设备是第一设备的备份，诸如第一设备的操作失败。 备份设备负责第一个设备提供的SSL VPN会话。 在故障切换环境中，第一个设备将SSL VPN会话信息（包括用户IP地址分配和终点授权信息）传播到备份设备。 备份设备维护此信息。 在检测到第一个设备的故障切换后，备份设备会激活传输的SSL VPN会话并维护用户分配的IP地址。 备份设备还可以重新授权客户端传输的SSL VPN会话。

公开(公告)号：US08572721B2

公开(公告)日：2013-10-29

申请号：US11462174

申请日：2006-08-03

申请人： Arkesh Kumar ,  James Harris ,  Ajay Soni

发明人： Arkesh Kumar ,  James Harris ,  Ajay Soni

IPC分类号： H04L29/06

CPC分类号： H04L63/0272 ,  H04L12/4641 ,  H04L63/166

摘要： In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type.

摘要翻译： 在用于在客户端之间路由分组的方法和系统中，从连接到安全套接层层虚拟专用网（SSL / VPN）网络设备的第一客户端接收分组。 响应于所接收的分组的检查，进行识别i）将接收的分组传输到由接收分组识别的目的地地址所需的连接类型，以及ii）经由SSL / VPN连接连接的第二客户端 到SSL / VPN网络设备并与所识别的目的地址相关联。 请求由第二客户端建立SSL / VPN连接中识别类型的连接。 所接收的分组经由所识别类型的建立的连接被发送到第二客户端。

公开(公告)号：US08261057B2

公开(公告)日：2012-09-04

申请号：US12794446

申请日：2010-06-04

申请人： Prabakar Sundarrajan ,  Junxiao He ,  Ajay Soni ,  Shashidhara Nanjundaswamy ,  Arkesh Kumar

发明人： Prabakar Sundarrajan ,  Junxiao He ,  Ajay Soni ,  Shashidhara Nanjundaswamy ,  Arkesh Kumar

IPC分类号： G06F9/00

CPC分类号： H04L63/0272 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/164 ,  H04L63/166 ,  H04L67/2814 ,  H04L67/289 ,  H04L67/34

摘要： A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a—Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network.

摘要翻译： 一种用于在客户机和专用数据通信网络之间建立虚拟专用网络（VPN）的系统和方法。 通过公共数据通信网络在网关和客户端之间建立诸如安全套接层（SSL）数据通信会话之类的加密数据通信会话。 网关然后将编程组件发送到客户端，以便在其上进行自动安装和执行。 编程组件用于截取来自专用于专用数据通信网络上的资源的客户端应用程序的通信，并通过加密的数据通信会话而不是私有数据通信网络上的资源将拦截的通信发送到网关。

公开(公告)号：US08213393B2

公开(公告)日：2012-07-03

申请号：US11465958

申请日：2006-08-21

申请人： Josephine Suganthi ,  Shashi Nanjundaswamy ,  Manjunath Rajashekhar ,  Arkesh Kumar

发明人： Josephine Suganthi ,  Shashi Nanjundaswamy ,  Manjunath Rajashekhar ,  Arkesh Kumar

IPC分类号： H04W4/00 ,  H04L12/66 ,  H04L12/28 ,  G06F9/00

CPC分类号： H04L12/4641 ,  H04L29/12207 ,  H04L61/20

摘要： The intranet IP address management solution of the appliance and/or client described herein provides an environment for efficiently assigning, managing and querying virtual private network addresses, referred to as intranet IP (IIP) addresses of virtual private network users, such as a multitude of SSL VPN users on an enterprise network. The appliance provides techniques and policies for assigning previously assigned virtual private network addresses of a user to subsequent sessions of the user as the user logs in multiple times or roams between access points. This technique is referred to IIP stickiness as the appliance attempts to provide the same IIP address to a roaming VPN user. The appliance also provides a configurable user domain naming policy so that one can ping or query the virtual private network address of a user by an easily referenceable host name identifying the user. The appliance and/or client agent also provide techniques to allow applications to seamlessly and transparently communicate on the virtual private network using the virtual private network address of the user or client on the private network.

摘要翻译： 本文描述的设备和/或客户端的Intranet IP地址管理解决方案提供了一种用于有效地分配，管理和查询虚拟专用网地址的环境，被称为虚拟专用网络用户的内部网IP（IIP）地址，诸如大量 企业网络上的SSL VPN用户。 该设备提供用于在用户多次登录或者在接入点之间漫游时将用户先前分配的虚拟专用网地址分配给用户的后续会话的技术和策略。 该技术被称为IIP粘性，因为设备试图向漫游VPN用户提供相同的IIP地址。 该设备还提供可配置的用户域命名策略，以便可以通过标识用户的易于引用的主机名来ping或查询用户的虚拟专用网络地址。 设备和/或客户端代理还提供技术，以允许应用程序使用专用网络上的用户或客户端的虚拟专用网地址在虚拟专用网络上无缝和透明地通信。

公开(公告)号：US20120036244A1

公开(公告)日：2012-02-09

申请号：US12851438

申请日：2010-08-05

申请人： Pratap Ramachandra ,  Akshat Choudhary ,  Mugdha Agarwal ,  Arkesh Kumar

发明人： Pratap Ramachandra ,  Akshat Choudhary ,  Mugdha Agarwal ,  Arkesh Kumar

IPC分类号： G06F15/173

CPC分类号： H04L41/0806 ,  H04L29/12207 ,  H04L61/20 ,  H04L63/166

摘要： In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management.

摘要翻译： 在多核系统中，跨相应内核的多个数据包引擎可能同时处理来自SSL VPN会话数据流的数据包。 例如，第一个核心可以与客户端建立SSL VPN会话。 诸如第二核心的其他核心中的任何一个可以接收与由第一核心拥有的会话相关的分组。 下面描述的系统和方法的实施例提供了用于提供SSL VPN服务的多核/多分组引擎方法的IIP地址的管理。 在一些实施例中，管理IIP地址的方法是使核上的一个分组引擎作为剩余分组引擎和核心的IIP的主机或控制器。 分组引擎/内核使用关于IIP管理的通信协议。