公开(公告)号：US20140258390A1

公开(公告)日：2014-09-11

申请号：US14286296

申请日：2014-05-23

Applicant: Citrix Systems, Inc.

Inventor： Saravanakumar Annamalaisami ,  Anil Shetty ,  Josephine Suganthi ,  Akshat Choudhary

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L67/42 ,  G06Q10/10 ,  H04L61/2007 ,  H04L67/2814 ,  H04L67/2842 ,  H04L69/16 ,  H04L69/324

Abstract: The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection. The intermediary transmits to the server the request identifying the client IP address as the source IP address and the server IP address as the destination IP address.

Abstract translation: 本公开提供了用于在执行中间缓存重定向的同时维护请求的原始源和目的地IP地址的系统和方法。 中介接收来自发往服务器的客户端的请求，该服务器标识客户端IP地址作为源IP地址，服务器IP地址作为目的地IP地址。 中介将请求发送到缓存服务器，请求维护原始IP地址，并将缓存服务器的MAC地址识别为目的MAC地址。 中继器响应于高速缓存未命中从缓存服务器接收请求，所接收的请求保持原始源和目的地IP地址。 识别第三请求的中介通过第三传输层连接的一个或多个数据链路层属性从缓存服务器发出。 中介向服务器发送将客户端IP地址标识为源IP地址和服务器IP地址作为目标IP地址的请求。

公开(公告)号：US20140143394A1

公开(公告)日：2014-05-22

申请号：US14081483

申请日：2013-11-15

Applicant: Citrix Systems, Inc.

Inventor： Pratap Ramachandra ,  Akshat Choudhary ,  Mugdah Agarwal ,  Arkesh Kumar

IPC: H04L12/24

CPC classification number: H04L41/0806 ,  H04L29/12207 ,  H04L61/20 ,  H04L63/166

Abstract: In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management.

Abstract translation: 在多核系统中，跨相应内核的多个数据包引擎可能同时处理来自SSL VPN会话数据流的数据包。 例如，第一个核心可以与客户端建立SSL VPN会话。 诸如第二核心的其他核心中的任何一个可以接收与由第一核心拥有的会话相关的分组。 下面描述的系统和方法的实施例提供了用于提供SSL VPN服务的多核/多分组引擎方法的IIP地址的管理。 在一些实施例中，管理IIP地址的方法是使核上的一个分组引擎作为剩余分组引擎和核心的IIP的主机或控制器。 分组引擎/内核使用关于IIP管理的通信协议。

公开(公告)号：US09264429B2

公开(公告)日：2016-02-16

申请号：US14462204

申请日：2014-08-18

Applicant: Citrix Systems, Inc.

Inventor： James Harris ,  Rui Li ,  Arkesh Kumar ,  Ravindranath Thakur ,  Puneet Agarwal ,  Akshat Choudhary ,  Punit Gupta

IPC: H04L29/06 ,  G06F21/31 ,  G06F21/53 ,  G06F9/455 ,  H04L29/08

CPC classification number: H04L63/0876 ,  G06F21/31 ,  G06F21/53 ,  G06F2009/4557 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/2814

Abstract: The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result.

Abstract translation: 本发明提供了一种基于终端审计结果来管理遍历中间人的流量的系统和方法。 中介的认证虚拟服务器可以确定客户端的终点分析扫描的结果。 响应确定，流量管理虚拟服务器可以从认证虚拟服务器获取结果。 此外，流量管理虚拟服务器可以将结果应用于一个或多个流量管理策略中，以管理遍历中间件的客户端的连接的网络流量。 在一些实施例中，认证虚拟服务器可以接收由客户端评估的一个或多个表达式。 一个或多个表达式标识客户端的一个或多个属性。 流量管理虚拟服务器还可以基于使用结果应用一个或多个流量管理策略来确定连接的压缩或加密的类型。

公开(公告)号：US20150074751A1

公开(公告)日：2015-03-12

申请号：US14539681

申请日：2014-11-12

Applicant: Citrix Systems, Inc.

Inventor： Puneet Agarwal ,  Srinivasan Thirunarayanan ,  Saibal Kumar Adhya ,  Akshat Choudhary

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0272 ,  H04L29/08846 ,  H04L63/0281 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/02 ,  H04L67/14 ,  H04L67/2814

Abstract: The present disclosure provides solutions that may enable an enterprise providing services to a number of clients to determine whether to establish a client based SSL VPN session or a clientless SSL VPN session with a client based on an information associated with the client. An intermediary establishing SSL VPN sessions between clients and servers may receive a request from a client to access a server. The intermediary may identify a session policy based on the request. The session policy may indicate whether to establish a client based SSL VPN session or clientless SSL VPN session with the server. The intermediary may determine, responsive to the policy, to establish a clientless or client based SSL VPN session between the client and the server.

公开(公告)号：US08856369B2

公开(公告)日：2014-10-07

申请号：US14081483

申请日：2013-11-15

Applicant: Citrix Systems, Inc.

Inventor： Pratap Ramachandra ,  Akshat Choudhary ,  Mugdah Agarwal ,  Arkesh Kumar

IPC: G06F15/16 ,  H04L29/12 ,  H04L12/24 ,  H04L29/06

CPC classification number: H04L41/0806 ,  H04L29/12207 ,  H04L61/20 ,  H04L63/166

Abstract: In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management.

Abstract translation: 在多核系统中，跨相应内核的多个数据包引擎可能同时处理来自SSL VPN会话数据流的数据包。 例如，第一个核心可以与客户端建立SSL VPN会话。 诸如第二核心的其他核心中的任何一个可以接收与由第一核心拥有的会话相关的分组。 下面描述的系统和方法的实施例提供了用于提供SSL VPN服务的多核/多分组引擎方法的IIP地址的管理。 在一些实施例中，管理IIP地址的方法是使核上的一个分组引擎作为剩余分组引擎和核心的IIP的主机或控制器。 分组引擎/内核使用关于IIP管理的通信协议。

公开(公告)号：US10726029B2

公开(公告)日：2020-07-28

申请号：US15427775

申请日：2017-02-08

Applicant: Citrix Systems, Inc.

Inventor： Akshat Choudhary ,  Pratap Ramachandra

IPC: H04L29/08 ,  G06F16/2458 ,  G06F16/25

Abstract: The present application is directed towards systems and methods for selecting a database from a plurality of databases to forward a SQL query request based on a property of the SQL request. A device intermediary to a plurality of clients and databases may establish a plurality of connections to the plurality of databases. The device may receive, from a client of the plurality of clients, a request to execute a SQL query. The device may evaluate one or more properties of the request to execute the SQL query responsive to a policy. The device may select a database from the plurality of databases based on a result of evaluation of the one or more properties of the request to execute the SQL query. The device may forward the request to execute the SQL query to the selected database via a connection of the plurality of connections.

公开(公告)号：US20150244781A1

公开(公告)日：2015-08-27

申请号：US14624300

申请日：2015-02-17

Applicant: Citrix Systems, Inc.

Inventor： Mugdha Agarwal ,  Akshat Choudhary ,  Ajay Soni

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/10 ,  H04L29/08 ,  H04L67/2814 ,  H04L67/2819 ,  H04L67/2842 ,  H04L67/42 ,  H04L69/04 ,  H04L69/16 ,  H04L69/161 ,  H04L69/22

Abstract: The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server.

Abstract translation: 本公开提供了通过中间设备将网络流量基于策略的重定向到水平部署的WAN设备的系统和方法。 中介接收客户端访问服务器的请求。 该请求先前被第一WAN设备修改为将信息包括在传输层的第一选项字段中。 中介可以响应于重定向策略来确定将请求发送到从中间件而不是服务器水平部署的第二WAN优化设备。 中间人将请求发送到第二WAN优化设备，同时保持来自第一选项字段的信息。 中间装置接收包括识别第一WAN优化装置的第一选项字段中的信息到第二WAN优化装置的请求。 中介从第二WAN设备接收修改后的请求，该修改请求由中介确定发送到目的地服务器。

公开(公告)号：US09871853B2

公开(公告)日：2018-01-16

申请号：US14624300

申请日：2015-02-17

Applicant: Citrix Systems, Inc.

Inventor： Mugdha Agarwal ,  Akshat Choudhary ,  Ajay Soni

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L67/10 ,  H04L29/08 ,  H04L67/2814 ,  H04L67/2819 ,  H04L67/2842 ,  H04L67/42 ,  H04L69/04 ,  H04L69/16 ,  H04L69/161 ,  H04L69/22

Abstract: The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server.

公开(公告)号：US20170147656A1

公开(公告)日：2017-05-25

申请号：US15427775

申请日：2017-02-08

Applicant: Citrix Systems, Inc.

Inventor： Akshat Choudhary ,  Pratap Ramachandra

IPC: G06F17/30 ,  H04L29/08

CPC classification number: G06F16/2471 ,  G06F16/256 ,  H04L67/2814

Abstract: The present application is directed towards systems and methods for selecting a database from a plurality of databases to forward a SQL query request based on a property of the SQL request. A device intermediary to a plurality of clients and databases may establish a plurality of connections to the plurality of databases. The device may receive, from a client of the plurality of clients, a request to execute a SQL query. The device may evaluate one or more properties of the request to execute the SQL query responsive to a policy. The device may select a database from the plurality of databases based on a result of evaluation of the one or more properties of the request to execute the SQL query. The device may forward the request to execute the SQL query to the selected database via a connection of the plurality of connections.

公开(公告)号：US09571456B2

公开(公告)日：2017-02-14

申请号：US14539681

申请日：2014-11-12

Applicant: Citrix Systems, Inc.

Inventor： Puneet Agarwal ,  Srinivasan Thirunarayanan ,  Saibal Kumar Adhya ,  Akshat Choudhary

IPC: H04L29/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0272 ,  H04L29/08846 ,  H04L63/0281 ,  H04L63/105 ,  H04L63/166 ,  H04L63/20 ,  H04L67/02 ,  H04L67/14 ,  H04L67/2814

Abstract: The present disclosure provides solutions that may enable an enterprise providing services to a number of clients to determine whether to establish a client based SSL VPN session or a clientless SSL VPN session with a client based on an information associated with the client. An intermediary establishing SSL VPN sessions between clients and servers may receive a request from a client to access a server. The intermediary may identify a session policy based on the request. The session policy may indicate whether to establish a client based SSL VPN session or clientless SSL VPN session with the server. The intermediary may determine, responsive to the policy, to establish a clientless or client based SSL VPN session between the client and the server.

Abstract translation: 本公开提供了可以使得能够向多个客户端提供服务的企业基于与客户端相关联的信息来确定是否建立与客户端的基于客户端的SSL VPN会话或客户端SSL VPN会话的解决方案。 在客户端和服务器之间建立SSL VPN会话的中间件可以接收客户端访问服务器的请求。 中介可以根据请求识别会话策略。 会话策略可以指示是否与服务器建立基于客户端的SSL VPN会话或客户端SSL VPN会话。 中介可以根据策略确定在客户端和服务器之间建立基于客户端或客户端的SSL VPN会话。