公开(公告)号：US20140068600A1

公开(公告)日：2014-03-06

申请号：US13597483

申请日：2012-08-29

申请人： Rohith K. Ashok ,  Roy F. Brabson ,  Hugh E. Hockett ,  Jose Ortiz

发明人： Rohith K. Ashok ,  Roy F. Brabson ,  Hugh E. Hockett ,  Jose Ortiz

IPC分类号： G06F9/455

CPC分类号： G06F9/45558 ,  G06F9/5077 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2209/509

摘要： A method, system and computer program product for providing a seamless transition for resizing virtual machines from a development environment to a production environment. An administrative server receives an instruction from a customer to resize a virtual machine running on a cloud computing node, where the resized virtual machine requires physical resources (e.g., twenty physical processor cores) to be utilized in the production environment. Instead of the administrative server utilizing the same number of physical resources in the development environment that need to be utilized in the production environment, the administrative server utilizes a fewer number of physical resources by also utilizing virtual resources (e.g., twenty virtual processor cores and only two physical processor cores) so as to provide a development environment with the same resource capacity as the production environment but with fewer physical resources thereby more efficiently utilizing the physical resources on the cloud computing node.

摘要翻译： 一种用于提供将虚拟机从开发环境调整到生产环境的无缝转换的方法，系统和计算机程序产品。 管理服务器接收来自客户的指令以调整在云计算节点上运行的虚拟机的大小，其中调整大小的虚拟机需要在生产环境中使用的物理资源（例如，20个物理处理器核）。 管理服务器利用在生产环境中需要利用的开发环境中使用相同数量的物理资源，而不是通过利用虚拟资源（例如，二十个虚拟处理器核心和仅使用虚拟资源）来利用较少数量的物理资源 两个物理处理器核心），以便提供与生产环境相同的资源容量的开发环境，但是具有较少的物理资源，从而更有效地利用云计算节点上的物理资源。

公开(公告)号：US08086846B2

公开(公告)日：2011-12-27

申请号：US12108779

申请日：2008-04-24

申请人： Roy F. Brabson

发明人： Roy F. Brabson

IPC分类号： G06F15/16

CPC分类号： H04L63/166 ,  H04L63/0823 ,  H04L67/1002 ,  H04L67/1014

摘要： Methods and systems for providing non-proxy Secure Sockets Layer and Transport Layer Security (SSL/TLS) support in a content-based load balancer are described. A Transmission Control Protocol (TCP) connection is accepted from a client, and an SSL/TLS connection is established with the client such that random data used in key generation is created. A request is received from the client, and the request is decrypted. The request is processed, a target stack is selected, and the TCP connection, the SSL/TLS connection, and the random data are transferred to the selected target stack such that the client and selected target stack maintain an end-to-end TCP connection with a non-proxy SSL/TLS connection.

摘要翻译： 描述了在基于内容的负载平衡器中提供非代理安全套接层和传输层安全（SSL / TLS）支持的方法和系统。 从客户端接受传输控制协议（TCP）连接，并与客户端建立SSL / TLS连接，从而创建密钥生成中使用的随机数据。 从客户端接收到请求，并且请求被解密。 请求被处理，选择一个目标堆栈，并且TCP连接，SSL / TLS连接和随机数据被传送到所选择的目标栈，以便客户端和选定的目标栈保持一个端到端的TCP连接 使用非代理SSL / TLS连接。

公开(公告)号：US07984479B2

公开(公告)日：2011-07-19

申请号：US11405069

申请日：2006-04-17

申请人： Roy F. Brabson ,  Barry Mosakowski ,  Linwood H. Overby, Jr.

发明人： Roy F. Brabson ,  Barry Mosakowski ,  Linwood H. Overby, Jr.

IPC分类号： G06F17/00 ,  H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0823 ,  G06F21/33 ,  H04L9/3265 ,  H04L63/0227 ,  H04L63/12 ,  H04L63/166 ,  H04L2209/80

摘要： Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.

摘要翻译： 策略过滤服务内置在执行环境的安全处理中，用于解决如何处理通信实体的数字安全证书，而不需要通过证书颁发机构（“CA”）链与实体关联的根证书的本地副本 。 可以使用指示证书筛选条件的一组规则（或其他策略格式）来指定策略。 在确定所需的根CA证书不可用时，优选地在握手期间调用该过滤。 在一种方法中，策略使用规则来规定允许证书的条件（即被视为已被验证）以及指定证书被阻止的条件的其他规则（即被视为无效）。 优选地，按照大多数特定到最小特定的顺序来评估和执行策略规则。

公开(公告)号：US20090271521A1

公开(公告)日：2009-10-29

申请号：US12108682

申请日：2008-04-24

申请人： Roy F. Brabson

发明人： Roy F. Brabson

IPC分类号： G06F15/16

CPC分类号： H04L47/10 ,  H04L47/125 ,  H04L47/19 ,  H04L47/193 ,  H04L67/1002 ,  H04L67/1027 ,  H04L67/14 ,  H04L67/148 ,  H04L69/16 ,  H04L69/163

摘要： Methods and systems for providing end-to-end content-based load balancing are described. A Transmission Control Protocol (TCP) connection is accepted from a client and a request is received from the client. The request is processed, a target stack is selected, and the TCP connection is transferred to the selected target stack such that the client and selected target stack maintain an end-to-end TCP connection. In an exemplary embodiment, the request can be processed in a TCP kernel. In another preferred embodiment, the TCP connection can include TCP data packets and the request can include request data packets. The TCP connection transfer can be performed by replaying the TCP data packets and the request data packets to the selected target stack.

摘要翻译： 描述了用于提供基于端到端内容的负载平衡的方法和系统。 从客户端接受传输控制协议（TCP）连接，并从客户端接收请求。 处理该请求，选择一个目标栈，并将TCP连接传输到所选目标堆栈，以便客户端和选定的目标堆栈保持一个端到端的TCP连接。 在示例性实施例中，可以在TCP内核中处理该请求。 在另一个优选实施例中，TCP连接可以包括TCP数据分组，并且该请求可以包括请求数据分组。 可以通过将TCP数据分组和请求数据分组重放到所选择的目标栈来执行TCP连接传送。

公开(公告)号：US20090170490A1

公开(公告)日：2009-07-02

申请号：US11967154

申请日：2007-12-29

申请人： Roy F. Brabson

发明人： Roy F. Brabson

IPC分类号： H04M3/42

CPC分类号： H04L67/1034 ,  H04L67/1002 ,  H04L67/1038 ,  H04L67/28 ,  H04L67/2842 ,  H04M3/367 ,  H04M7/1205 ,  H04W80/04

摘要： Embodiments of the present invention provide a method, system and computer program product for Mobile IPv6 binding cache support for a load balanced sysplex. In one embodiment of the invention, a load balancing sysplex can be configured for mobile device binding cache support. The sysplex can include a distributor coupled to different targets in a load balancing arrangement, where each of the targets can support a correspondent node enabled to communicate with a mobile device. A master binding cache can be coupled to the distributor and a binding cache manager can be coupled to the distributor. Notably, the binding cache manager can perform return routability with the mobile device and can provide a corresponding entry in the master binding cache for use by a target supporting a correspondent node for the mobile device. In one aspect of the embodiment, a replica of the master binding cache can be provided in each of the targets for use by supported correspondent nodes in communicating with different mobile devices associated with binding cache entries in the replica.

摘要翻译： 本发明的实施例提供了一种用于负载均衡系统的移动IPv6绑定缓存支持的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以为移动设备绑定缓存支持配置负载均衡系统。 系统综合器可以包括耦合到负载平衡装置中的不同目标的分配器，其中每个目标可以支持能够与移动设备通信的通信节点。 主绑定缓存可以耦合到分发器，并且绑定高速缓存管理器可以耦合到分发者。 值得注意的是，绑定缓存管理器可以执行与移动设备的返回可路由性，并且可以在主绑定高速缓存中提供相应的条目，以供支持移动设备的通信节点的目标使用。 在该实施例的一个方面，可以在每个目标中提供主绑定高速缓存的副本，以供受支持的通信节点在与复制副本中绑定高速缓存条目相关联的不同移动设备进行通信时使用。

公开(公告)号：US07886076B2

公开(公告)日：2011-02-08

申请号：US11033947

申请日：2005-01-12

申请人： Roy F. Brabson

发明人： Roy F. Brabson

IPC分类号： G06F15/173

CPC分类号： H04L45/22 ,  H04L45/00 ,  H04L67/1002 ,  H04L67/1038 ,  H04L67/2814 ,  H04L69/16 ,  H04W8/082 ,  H04W80/04

摘要： Methods, systems and computer program products for load balancing using Mobile Internet Protocol (IP) Version 6 are provided. A request for a connection is received from a client at a routing stack. A Mobile IP Version 6 Binding Update message is transmitted from the routing stack to the client responsive to the received request. The Binding Update message identifies a selected target stack so as to allow the client to communicate directly with the target stack bypassing the routing stack.

摘要翻译： 提供了使用移动互联网协议（IP）版本6进行负载平衡的方法，系统和计算机程序产品。 从路由堆栈的客户端接收到连接的请求。 响应于接收到的请求，将移动IP版本6绑定更新消息从路由栈发送到客户端。 绑定更新消息标识所选择的目标堆栈，以便允许客户端直接与绕过路由堆栈的目标堆栈进行通信。

公开(公告)号：US07246233B2

公开(公告)日：2007-07-17

申请号：US10007446

申请日：2001-12-05

申请人： Roy F. Brabson ,  Linwood Hugh Overby, Jr.

发明人： Roy F. Brabson ,  Linwood Hugh Overby, Jr.

IPC分类号： H04L29/00

CPC分类号： H04L63/04 ,  H04L63/08 ,  H04L63/166

摘要： Improvements in security processing are disclosed which enable security processing to be transparent to the application. Security processing (such as Secure Sockets Layer, or “SSL”, or Transport Layer Security, or “TLS”) is performed in (or controlled by) the stack. A decision to enable security processing on a connection can be based on configuration data or security policy, and can also be controlled using explicit enablement directives. Directives may also be provided for allowing applications to communicate with the security processing in the stack for other purposes. Functions within the protocol stack that need access to clear text can now be supported without loss of security processing capability. No modifications to application code, or in some cases only minor modifications (such as inclusion of code to invoke directives), are required to provide this security processing. Improved offloading of security processing is also disclosed, which provides processing efficiencies over prior art offloading techniques.

摘要翻译： 公开了安全处理的改进，使得安全处理能够对应用程序透明化。 安全处理（例如安全套接字层或“SSL”或传输层安全性或“TLS”）在堆栈中执行（或控制）。 在连接上启用安全处理的决定可以基于配置数据或安全策略，并且还可以使用显式启用指令进行控制。 还可以提供伪指令以允许应用与栈中的安全处理通信以用于其他目的。 现在可以支持需要访问明文的协议栈内的功能，而不会丢失安全处理能力。 不需要对应用程序代码进行修改，或者在某些情况下，仅需要进行微小的修改（例如包含调用指令的代码），才能提供此安全性处理。 还公开了改进的安全处理的卸载，其提供了超过现有技术卸载技术的处理效率。

公开(公告)号：US06185618B2

公开(公告)日：2001-02-06

申请号：US09183122

申请日：1998-10-30

申请人： Roy F. Brabson

发明人： Roy F. Brabson

IPC分类号： G06F1516

CPC分类号： H04L29/06 ,  H04L69/26 ,  H04L69/329

摘要： In an APPN network having a dependent LU server (DLUS) and a dependent LU requester (DLUR), a method and apparatus that allows the DLUR to reside in an end node served by a branch extender node. The DLUS is forced to view the DLUR as residing in a different network, even though this is not the reality. This forces the DLUS to initiate a resource Locate search request to determine routes to the DLUR, rather than relying on registered DLUR trunk group vectors, which are erroneous when the DLUR is located downstream of a branch extender. In addition, the branch extender examines resource Locate request and resource Locate replies to determine if the resource being sought is a DLU. If it is, then the branch extender does not substitute itself as the owner of the DLU in the Locate requests and replies. This prevents the occurrence of both the branch extender and the DLUR reporting ownership of a DLU.

摘要翻译： 在具有从属LU服务器（DLUS）和从属LU请求器（DLUR）的APPN网络中，允许DLUR驻留在由分支扩展器节点服务的终端节点中的方法和装置。 DLUS被迫将DLUR视为驻留在不同网络中，即使这不是现实。 这迫使DLUS启动资源找到搜索请求以确定到DLUR的路由，而不是依赖于注册的DLUR中继线组向量，这在DLUR位于分支扩展器下游时是错误的。 此外，分支扩展器检查资源查找请求和资源查找回复以确定正在寻找的资源是否为DLU。 如果是，则分支扩展器在Locate请求和回复中不会将其替换为DLU的所有者。 这样可以防止DLU的分支扩展器和DLUR报告所有权的发生。

公开(公告)号：US6108710A

公开(公告)日：2000-08-22

申请号：US978828

申请日：1997-11-26

申请人： Roy F. Brabson ,  John L. Klonowski

发明人： Roy F. Brabson ,  John L. Klonowski

IPC分类号： H04L12/56 ,  G06F15/173

CPC分类号： H04L45/00

摘要： The route calculated by the routing portion of a connection-oriented protocol between source and destination nodes is further optimized after it is initially calculated. A node X that is part of the calculated route receives or generates a connection setup request which contains the calculated route. In response to the setup request, node X examines the nodes in the calculated route to determine if node X knows of a direct link between itself and another node Y in the calculated route that is not adjacent to node X. If such a direct link is known by node X to node Y, then node X replaces that portion of the calculated route from node X to node Y with the known direct link in the connection setup request, and then forwards the connection setup request to the next node in the present calculated route, where the optimization algorithm may be performed again.

摘要翻译： 在源节点和目的节点之间由面向连接的协议的路由部分计算的路由在最初计算之后被进一步优化。 作为计算出的路线的一部分的节点X接收或生成包含计算出的路线的连接建立请求。 响应于设置请求，节点X检查所计算的路由中的节点，以确定节点X是否知道在与节点X不相邻的计算的路由中本身与另一个节点Y之间的直接链路。如果这样的直接链路是 由节点X称为节点Y，则节点X用连接建立请求中的已知直接链路将计算出的路由从节点X替换到节点Y，然后将连接建立请求转发到当前计算出的连接建立请求中的下一个节点 路由，其中​​可以再次执行优化算法。

公开(公告)号：US5943317A

公开(公告)日：1999-08-24

申请号：US173029

申请日：1998-10-15

申请人： Roy F. Brabson ,  John L. Klonowski

发明人： Roy F. Brabson ,  John L. Klonowski

IPC分类号： H04L12/56

CPC分类号： H04L45/02

摘要： Multiple virtual routing networks having the same identifier are defined on a shared access transport facility network. Virtual connections are defined from some or all of the network nodes to at least one of the virtual routing networks. A virtual connection contains a medium address for the node to which it is connected. When a route is calculated between a source node and a destination node, the identical identifier representing different virtual routing networks may appear in the calculated route. If it does, all portions of the route after the first occurrence up to and including the last occurrence of the identifier in the calculated route is deleted to achieve the optimal route. A destination node address is obtained from storage that is associated with the virtual connection to the destination node and information can then be directly routed to the destination node address via the calculated route in an efficient manner.

摘要翻译： 具有相同标识符的多个虚拟路由网络被定义在共享接入传输设备网络上。 将虚拟连接从一些或所有网络节点定义到至少一个虚拟路由网络。 虚拟连接包含与其连接的节点的介质地址。 当在源节点和目的地节点之间计算路由时，表示不同虚拟路由网络的相同标识符可能出现在计算的路由中。 如果是，则删除在首次发生之后到包括计算出的路由中的最后一次出现的标识符的路由的所有部分以实现最佳路由。 从与目的地节点的虚拟连接相关联的存储器获得目的地节点地址，然后可以通过所计算的路由以有效的方式将信息直接路由到目的地节点地址。