公开(公告)号：US11616772B2

公开(公告)日：2023-03-28

申请号：US17127393

申请日：2020-12-18

Applicant: Citrix Systems, Inc.

Inventor： Viswanath Yarangatta Suresh ,  Arkesh Kumar ,  Dileep Reddem ,  Anil Kumar Gavini

IPC: H04L9/40 ,  H04L67/08 ,  H04L67/131

Abstract: Described embodiments provide systems and methods for launching a connection to a resource link from a client device. A device can authenticate the client device for access to a plurality of resource links accessible via one or more servers. The device can provide a list of the plurality of resource links responsive to the authentication, and receive a request from the client device, identifying a first resource link to access. The device can cause first authenticated credentials for the first resource link to be stored on the client device responsive to the request. The first authenticated credentials can correspond to the client device and provide access the first resource link. The client device can be configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.

公开(公告)号：US20230012224A1

公开(公告)日：2023-01-12

申请号：US17370225

申请日：2021-07-08

Applicant: Citrix Systems, Inc.

Inventor： Krishna Kumar ,  Anil Kumar Gavini ,  Arkesh Kumar ,  Kiran Kumar Srinivasa ,  Srinivasa Maddipati

IPC: H04L29/06 ,  H04L29/12

Abstract: Described embodiments provide systems and methods for accessing a web application hosted in an intranet from outside said intranet. A server hosting a domain name service configured for the intranet can receive a request from a client that is outside the intranet to access the web application. The request may include a fully qualified domain name (FQDN) of the web application in the intranet. Responsive to the FQDN of the web application in the intranet, the server may send a notification to an access service, to cause the access service to pre-establish a connection to the intranet. Responsive to the FQDN of the web application in the intranet, the server may direct the client to send a handshake message to the access service to request access to the web application.

公开(公告)号：US20200274867A1

公开(公告)日：2020-08-27

申请号：US16871192

申请日：2020-05-11

Applicant: Citrix Systems, Inc.

Inventor： Jaydeep Khandelwal ,  Punit Gupta ,  Arkesh Kumar

IPC: H04L29/06

Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.

公开(公告)号：US20200036759A1

公开(公告)日：2020-01-30

申请号：US16591810

申请日：2019-10-03

Applicant: Citrix Systems, Inc.

Inventor： Dileep Reddem ,  Pratap Ranjan Tiwary ,  Arkesh Kumar ,  Naresh Babu Jampani

IPC: H04L29/06 ,  G06F21/31

Abstract: The present disclosure is directed towards systems and methods of authenticating a client. A device intermediary to clients servers that provide one or more resources can receive a request from a client to access a resource of the one or more resources. The device can select a login schema associated with the request that includes a definition of a login form. The login schema may correspond to an authentication protocol. The device can generate the login form responsive to the request. The login form can be constructed according to the definition provided by the selected login schema. The device can provide the login form for display via the client. The device can receive information inputted into the login form via the client. The device can establish access to the resource responsive to authentication of the client based on the information and the authentication protocol.

公开(公告)号：US20160381080A1

公开(公告)日：2016-12-29

申请号：US14753636

申请日：2015-06-29

Applicant: Citrix Systems, Inc.

Inventor： Dileep Reddem ,  Pratap Ranjan Tiwary ,  Arkesh Kumar ,  Naresh Babu Jampani

IPC: H04L29/06

CPC classification number: H04L63/205 ,  G06F21/31 ,  G06F2221/2133 ,  H04L63/08 ,  H04L63/0884

Abstract: The present disclosure is directed towards systems and methods of authenticating a client. A device intermediary to clients servers that provide one or more resources can receive a request from a client to access a resource of the one or more resources. The device can select a login schema associated with the request that includes a definition of a login form. The login schema may correspond to an authentication protocol. The device can generate the login form responsive to the request. The login form can be constructed according to the definition provided by the selected login schema. The device can provide the login form for display via the client. The device can receive information inputted into the login form via the client. The device can establish access to the resource responsive to authentication of the client based on the information and the authentication protocol.

Abstract translation: 本公开针对认证客户端的系统和方法。 提供一个或多个资源的客户端服务器的设备中介可以从客户端接收访问一个或多个资源的资源的请求。 该设备可以选择与请求相关联的登录模式，其中包括登录表单的定义。 登录模式可以对应于认证协议。 设备可以根据请求生成登录表单。 可以根据所选登录模式提供的定义构建登录表单。 该设备可以通过客户端提供登录表单进行显示。 设备可以通过客户端接收输入登录表单的信息。 基于信息和认证协议，设备可以响应客户端的认证来建立对资源的访问。

公开(公告)号：US20140143394A1

公开(公告)日：2014-05-22

申请号：US14081483

申请日：2013-11-15

Applicant: Citrix Systems, Inc.

Inventor： Pratap Ramachandra ,  Akshat Choudhary ,  Mugdah Agarwal ,  Arkesh Kumar

IPC: H04L12/24

CPC classification number: H04L41/0806 ,  H04L29/12207 ,  H04L61/20 ,  H04L63/166

Abstract: In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management.

Abstract translation: 在多核系统中，跨相应内核的多个数据包引擎可能同时处理来自SSL VPN会话数据流的数据包。 例如，第一个核心可以与客户端建立SSL VPN会话。 诸如第二核心的其他核心中的任何一个可以接收与由第一核心拥有的会话相关的分组。 下面描述的系统和方法的实施例提供了用于提供SSL VPN服务的多核/多分组引擎方法的IIP地址的管理。 在一些实施例中，管理IIP地址的方法是使核上的一个分组引擎作为剩余分组引擎和核心的IIP的主机或控制器。 分组引擎/内核使用关于IIP管理的通信协议。

公开(公告)号：US20210234919A1

公开(公告)日：2021-07-29

申请号：US16750727

申请日：2020-01-23

Applicant: Citrix Systems, Inc.

Inventor： Hrushikesh Shrinivas Paralikar ,  Kenneth Bell ,  Arkesh Kumar ,  Anil Kumar Gavini

IPC: H04L29/08 ,  H04L12/26

Abstract: Described implementations provide systems and methods generating and using live performance maps of a network environment for selecting combinations of proxies and servers for fulfilling client device requests. Proxy devices or connectors may gather network telemetry data from actual network flows between client devices and application servers or other resources traversing the proxy devices or connectors, when available, or by generating synthetic transactions to measure network telemetry data when actual flows are unavailable. The telemetry data may be provided to a management service, which may generate a performance map. The performance map may be provided to the proxy devices and/or a cloud proxy service for selection of optimal combinations of connectors and resources for client requests. Incoming client requests may be steered or redirected to the selected optimal combination. The performance map may be dynamically regenerated as network conditions change and/or as servers are deployed or undeployed.

公开(公告)号：US20210136055A1

公开(公告)日：2021-05-06

申请号：US17127393

申请日：2020-12-18

Applicant: Citrix Systems, Inc.

Inventor： Viswanath Yarangatta Suresh ,  Arkesh Kumar ,  Dileep Reddem ,  Anil Kumar Gavini

IPC: H04L29/06

Abstract: Described embodiments provide systems and methods for launching a connection to a resource link from a client device. A device can authenticate the client device for access to a plurality of resource links accessible via one or more servers. The device can provide a list of the plurality of resource links responsive to the authentication, and receive a request from the client device, identifying a first resource link to access. The device can cause first authenticated credentials for the first resource link to be stored on the client device responsive to the request. The first authenticated credentials can correspond to the client device and provide access the first resource link. The client device can be configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.

公开(公告)号：US20180212953A1

公开(公告)日：2018-07-26

申请号：US15923977

申请日：2018-03-16

Applicant: Citrix Systems, Inc.

Inventor： Jaydeep Khandelwal ,  Punit Gupta ,  Arkesh Kumar

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L63/0272

Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.

公开(公告)号：US20150271141A1

公开(公告)日：2015-09-24

申请号：US14733280

申请日：2015-06-08

Applicant: Citrix Systems, Inc.

Inventor： Arkesh Kumar ,  Pratap Ramachandra

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/10

CPC classification number: H04L63/0272 ,  G06F21/10 ,  G06F21/105 ,  G06F21/604 ,  G06F2221/2141 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/105 ,  H04L63/166 ,  H04L67/141

Abstract: The present invention is directed towards systems and methods for sharing licenses across resources via a multi-core intermediary device. A device intermediary to a plurality of clients and a server may grant a license for a virtual private network (VPN) session established by a first core of a plurality of cores of the device with a client. A second core of the plurality of cores may receive a first request from the client to establish an application connection between an application and a server via the VPN session. The second core may send a second request to the first core to share the license of the VPN session responsive to determining that the first core owns the VPN session. The second core may establish the application connection responsive to receiving from the first core a response accepting the second request to share the license of the VPN session.

Abstract translation: 本发明涉及通过多核中间设备跨资源共享许可的系统和方法。 多个客户机和服务器的设备中介可以向客户机授予由设备的多个核心的第一核心建立的虚拟专用网（VPN）会话的许可证。 多个核心的第二核心可以接收来自客户端的第一请求，以经由VPN会话在应用和服务器之间建立应用连接。 响应于确定第一核心拥有VPN会话，第二核心可以向第一核心发送第二请求以共享VPN会话的许可证。 第二核心可以响应于从第一核心接收到接受第二请求以共享VPN会话的许可的响应来建立应用连接。