公开(公告)号：US20180062986A1

公开(公告)日：2018-03-01

申请号：US15252821

申请日：2016-08-31

Applicant: Citrix Systems, Inc.

Inventor： Marco Murgia ,  Praveen R. Dhanabalan

IPC: H04L12/715 ,  H04L12/26 ,  H04L12/721 ,  H04L29/08

CPC classification number: H04L45/64 ,  H04L43/08 ,  H04L45/124 ,  H04L47/12 ,  H04L67/1061

Abstract: Computer networking device obtains route information including route attributes specifying characteristics for each of a plurality of routes through a first network. A routing algorithm is applied to choose an optimal route to one of a plurality of peer computer networking devices comprising a second network which is an overlay upon the first network. The optimal route is chosen based on the type of data contained in the data packet and the plurality of route attributes associated with the routes. The routes traverse paths through the first computer network which include network nodes other than the peer networking devices.

公开(公告)号：US10757161B2

公开(公告)日：2020-08-25

申请号：US15401413

申请日：2017-01-09

Applicant: Citrix Systems, Inc.

Inventor： Marco Murgia ,  Praveen Raja Dhanabalan ,  Anup Lal Gupta

IPC: H04L29/06 ,  H04L12/851 ,  H04L12/833 ,  H04L12/857

Abstract: The systems and methods of the present disclosure are directed towards a dynamic system that is configured to identify and map networked traffic, such as that of video, voice, file transfer, and web based applications to predetermined Quality of Service (QoS) classes. The different QoS classes can be associated with different traffic priorities. The networked traffic can be encrypted, which can prevent an intermediate device from processing or otherwise reading the packet headers of the traffic. The systems and methods of the present disclosure can predict QoS classes for encrypted traffic based on traffic patterns and other characteristics of the encrypted traffic.

公开(公告)号：US10122627B2

公开(公告)日：2018-11-06

申请号：US15252821

申请日：2016-08-31

Applicant: Citrix Systems, Inc.

Inventor： Marco Murgia ,  Praveen R. Dhanabalan

IPC: H04L12/26 ,  H04L12/715 ,  H04L12/721 ,  H04L29/08 ,  H04L12/801

Abstract: Computer networking device obtains route information including route attributes specifying characteristics for each of a plurality of routes through a first network. A routing algorithm is applied to choose an optimal route to one of a plurality of peer computer networking devices comprising a second network which is an overlay upon the first network. The optimal route is chosen based on the type of data contained in the data packet and the plurality of route attributes associated with the routes. The routes traverse paths through the first computer network which include network nodes other than the peer networking devices.

公开(公告)号：US09923826B2

公开(公告)日：2018-03-20

申请号：US13648975

申请日：2012-10-10

Applicant: Citrix Systems, Inc.

Inventor： Marco Murgia

IPC: G06F15/16 ,  H04L12/803

CPC classification number: H04L47/125

Abstract: Systems and methods of the present solution provide a more optimal solution by dynamically and automatically reacting to changing network workload. A system that starts slowly, either by just examining traffic passively or by doing sub-optimal acceleration can learn over time, how many peer WAN optimizers are being serviced by an appliance, how much traffic is coming from each peer WAN optimizers, and the type of traffic being seen. Knowledge from this learning can serve to provide a better or improved baseline for the configuration of an appliance. In some embodiments, based on resources (e.g., CPU, Memory, Disk), the system from this knowledge may determine how many WAN optimization instances should be used and of what size, and how the load should be distributed across the instances of the WAN optimizer.

公开(公告)号：US20140373090A1

公开(公告)日：2014-12-18

申请号：US14467749

申请日：2014-08-25

Applicant: CITRIX SYSTEMS, INC.

Inventor： Marco Murgia ,  Larry Tomlin ,  Ivan Bojer ,  Jong Kann ,  Pierre Rafiq

IPC: H04L29/06 ,  G06F21/45

CPC classification number: H04L63/20 ,  G06F21/45 ,  H04L63/083 ,  H04L63/102

Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.

Abstract translation: 本发明涉及用于建立和应用策略组以控制用户对所识别的资源的访问的系统和方法。 可以经由策略管理器来建立代表用户访问一个或多个所识别的资源的一个或多个访问配置的集合的策略组。 策略组可以包括表示访问所识别的资源的入口点的登录点组件。 可以通过策略管理器配置登录点，以指定入口点的统一资源定位符。 可以为登录点组件选择一个或多个认证和授权方法。 设备可以接收访问统一资源定位符的请求。 设备可以启动用于评估的策略组。 设备可以与用户一起发起由登录点组件指定的一个或多个认证和授权方法。

公开(公告)号：US11582282B2

公开(公告)日：2023-02-14

申请号：US16992948

申请日：2020-08-13

Applicant: Citrix Systems, Inc.

Inventor： Marco Murgia ,  Praveen Raja Dhanabalan ,  Anup Lal Gupta

IPC: H04L65/80 ,  H04L47/2425 ,  H04L47/2441 ,  H04L47/24 ,  H04L47/2491 ,  H04L47/2483 ,  H04L65/61

Abstract: The systems and methods of the present disclosure are directed towards a dynamic system that is configured to identify and map networked traffic, such as that of video, voice, file transfer, and web based applications to predetermined Quality of Service (QoS) classes. The different QoS classes can be associated with different traffic priorities. The networked traffic can be encrypted, which can prevent an intermediate device from processing or otherwise reading the packet headers of the traffic. The systems and methods of the present disclosure can predict QoS classes for encrypted traffic based on traffic patterns and other characteristics of the encrypted traffic.

公开(公告)号：US11349751B2

公开(公告)日：2022-05-31

申请号：US16696014

申请日：2019-11-26

Applicant: Citrix Systems, Inc.

Inventor： Marco Murgia ,  Praveen Raja Dhanabalan

IPC: H04L45/302 ,  H04L45/00 ,  H04L49/20 ,  H04L45/121 ,  H04L45/125 ,  H04L45/12 ,  H04L47/24 ,  H04L47/283 ,  H04L47/125

Abstract: The systems and methods discussed herein provide for faster communications, particularly for high priority traffic, across a distributed network with multiple exit points to a Wide Area Network. Rather than simply routing traffic based on internal or external destination, an intelligent router may measure latency to an endpoint destination via multiple paths, both external and internal, and direct traffic accordingly. Steering high priority traffic via the internal connection to an exit point near the destination server, and then to the server via the external network, may be faster than simply forwarding the connection via the external network from the exit point closest to the source device. Additionally, to reduce bandwidth requirements of the nearby exit point and provide capability for higher priority traffic, low priority traffic may be redirected back via the internal connection and transmitted via a distant exit point.

公开(公告)号：US20180198838A1

公开(公告)日：2018-07-12

申请号：US15401413

申请日：2017-01-09

Applicant: Citrix Systems, Inc.

Inventor： Marco Murgia ,  Praveen Raja Dhanabalan ,  Anup Lal Gupta

IPC: H04L29/06 ,  H04L12/851

Abstract: The systems and methods of the present disclosure are directed towards a dynamic system that is configured to identify and map networked traffic, such as that of video, voice, file transfer, and web based applications to predetermined Quality of Service (QoS) classes. The different QoS classes can be associated with different traffic priorities. The networked traffic can be encrypted, which can prevent an intermediate device from processing or otherwise reading the packet headers of the traffic. The systems and methods of the present disclosure can predict QoS classes for encrypted traffic based on traffic patterns and other characteristics of the encrypted traffic.

公开(公告)号：US09363292B2

公开(公告)日：2016-06-07

申请号：US14467749

申请日：2014-08-25

Applicant: Citrix Systems, Inc.

Inventor： Marco Murgia ,  Larry Tomlin ,  Ivan Bojer ,  Jong Kann ,  Pierre Rafiq

IPC: H04L29/06 ,  G06F21/45

CPC classification number: H04L63/20 ,  G06F21/45 ,  H04L63/083 ,  H04L63/102

Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.

Abstract translation: 本发明涉及用于建立和应用策略组以控制用户对所识别的资源的访问的系统和方法。 可以经由策略管理器来建立代表用户访问一个或多个所识别的资源的一个或多个访问配置的集合的策略组。 策略组可以包括表示访问所识别的资源的入口点的登录点组件。 可以通过策略管理器配置登录点，以指定入口点的统一资源定位符。 可以为登录点组件选择一个或多个认证和授权方法。 设备可以接收访问统一资源定位符的请求。 设备可以启动用于评估的策略组。 设备可以与用户一起发起由登录点组件指定的一个或多个认证和授权方法。

公开(公告)号：US10924372B2

公开(公告)日：2021-02-16

申请号：US16007043

申请日：2018-06-13

Applicant: CITRIX SYSTEMS, INC.

Inventor： Karthick Srivatsan ,  Marco Murgia ,  Chaitra Maraliga Ramaiah

IPC: H04L12/26 ,  H04L29/08 ,  H04L29/06

Abstract: A computing system may include point of presence (PoP) servers coupled to a wide area network (WAN) and configured to receive client requests for a Software as a service (SaaS) application(s) from different network branches coupled to the WAN, and connect the network branches with a given SaaS host server from among different SaaS host servers coupled to the WAN and providing the SaaS application(s). The system may also include a PoP selection controller (PSC) coupled to the WAN and cooperating with the PoP servers to determine first network health metrics for connections between the PoP servers and the network branches, determine second network health metrics for connections between the PoP servers and the SaaS host servers, and select a respective PoP server for each network branch to be connected with for providing the SaaS application(s) based upon the first and second network health metrics.