公开(公告)号：US10476969B2

公开(公告)日：2019-11-12

申请号：US16201661

申请日：2018-11-27

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal

IPC: H04L29/08 ,  H04L29/06

Abstract: The present disclosure is directed to systems and methods for controlling delivery of a resource. An intermediary device may establish a connection to deliver a resource hosted on at least one server to a client using a remoting protocol. The remoting protocol may define one or more channels in the connection for delivering or enabling one or more features of the resource to the client. The device may identify the one or more channels, and may identify the one or more features of the resource. The device may determine a policy for controlling access of the client to at least a first feature of the resource. The device may control access of the client to the first feature by modifying a first channel of the one or more channels according to the determined policy.

公开(公告)号：US20170006113A1

公开(公告)日：2017-01-05

申请号：US15191900

申请日：2016-06-24

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/141 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/02 ,  H04L67/025 ,  H04L67/04 ,  H04L67/18 ,  H04L67/28 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22

Abstract: The present disclosure is directed to systems and methods for controlling delivery of a resource. An intermediary device may establish a connection to deliver a resource hosted on at least one server to a client using a remoting protocol. The remoting protocol may define one or more channels in the connection for delivering or enabling one or more features of the resource to the client. The device may identify the one or more channels, and may identify the one or more features of the resource. The device may determine a policy for controlling access of the client to at least a first feature of the resource. The device may control access of the client to the first feature by modifying a first channel of the one or more channels according to the determined policy.

Abstract translation: 本公开涉及用于控制资源的传递的系统和方法。 中间设备可以建立连接，以使用远程协议将至少一个服务器上托管的资源传递给客户端。 远程协议可以定义连接中的一个或多个信道，以向客户端传递或启用资源的一个或多个特征。 设备可以识别一个或多个信道，并且可以标识资源的一个或多个特征。 设备可以确定用于控制客户端至少资源的第一特征的访问的策略。 设备可以通过根据确定的策略修改一个或多个信道的第一信道来控制客户端对第一特征的接入。

公开(公告)号：US10333846B2

公开(公告)日：2019-06-25

申请号：US15048469

申请日：2016-02-19

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal ,  Daisy Caroline Francis ,  Hrushikesh Shrinivas Paralikar

IPC: G06F15/173 ,  H04L12/743 ,  H04L29/12

Abstract: The present disclosure is directed towards systems and methods routing network packets between multi-core intermediaries. A processor of a plurality of processors on a client-side intermediary device may receive a packet from a client device. The processor may be identified by a core identifier. The processor may calculate a first set of source port addresses based on a first key and the core identifier. The processor may identify a target server-side intermediary device and a target processor based on data received with the packet or metadata received from the target server-side intermediary device. The processor may calculate a second set of port addresses based on a second key and the target core identifier. The processor may identify a port address common to both the first set and second set of port addresses. The processor may replace the original source port address in the packet with the identified port address.

公开(公告)号：US10021018B2

公开(公告)日：2018-07-10

申请号：US14846946

申请日：2015-09-07

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal ,  Meghashree Vasista ,  Charumathy Venkatraman ,  Anil Kumar Gavini

IPC: H04L12/733 ,  H04L12/715 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L45/20 ,  H04L45/64 ,  H04L67/02 ,  H04L67/14 ,  H04L67/22 ,  H04L67/2814 ,  H04L67/42 ,  H04L69/16 ,  H04L69/22

Abstract: The present disclosure is directed towards systems and methods for associating multiple transport layer hops between a client and a server. A first intermediary device may receive a request for a transport layer connection between the client and the server. The first intermediary device may generate a unique identifier to identify a connection chain between the client and the server across a plurality of transport layer connections via the plurality of devices. The first intermediary device may set a hop count to a number of hops that the first device is between the client and the server. The first intermediary device may forward information about the unique identifier and the hop count to a next device of the plurality of devices.

公开(公告)号：US20160380860A1

公开(公告)日：2016-12-29

申请号：US15195112

申请日：2016-06-28

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal

IPC: H04L12/26 ,  H04L29/08 ,  H04L29/06

Abstract: The present disclosure is directed towards systems and methods for measuring round trip time (RTT) in network devices between the device and an endpoint. A network device may be deployed as an intermediary to provide many security and visibility functions. For measuring the server side RTT between the network device and host, the intermediary device identifies the packet that has been sent by the client when it initiated the RTT measurement. The network device remembers the moment T1 when it sees this packet. The host (e.g., the server) will respond to this with a packet that contains the response. The intermediary device remembers the moment T2 when it sees this response. Server side RTT is calculated by the network device as T2−T1. For measuring the client side RTT the network device and client, the intermediary device identifies the packet that the host sends to initiate measurement of RTT. As per the HDX protocol, the client will respond immediately with a new packet or with a bit set in any packet being sent to the host. Just as for server side RTT, the intermediary device can identify these packets and measure the times to calculate the client side RTT.

Abstract translation: 本公开涉及用于测量设备和端点之间的网络设备中的往返时间（RTT）的系统和方法。 可以将网络设备部署为中间件，以提供许多安全性和可见性功能。 为了测量网络设备和主机之间的服务器端RTT，中间设备在启动RTT测量时识别客户端发送的数据包。 网络设备在看到此数据包时会记住T1的时刻。 主机（例如，服务器）将用包含响应的数据包对此进行响应。 中间设备在看到此响应时会记住T2的时刻。 服务器端RTT由网络设备计算为T2-T1。 为了测量客户端RTT网络设备和客户端，中间设备识别主机发送的数据包以启动RTT测量。 根据HDX协议，客户端将立即对新数据包进行响应，或者将任何数据包中的位设置为主机。 就像服务器端RTT一样，中间设备可以识别这些数据包并测量时间来计算客户端RTT。

公开(公告)号：US11388243B2

公开(公告)日：2022-07-12

申请号：US16998467

申请日：2020-08-20

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal

IPC: G06F15/16 ,  H04L67/142 ,  H04L67/145 ,  H04L67/01

Abstract: The present disclosure is directed towards systems and methods of maintaining a session via an intermediary device. A first device intermediary to a client and a plurality of servers receives a packet of a session. The packet of the session includes application protocol data and application session metadata used to maintain a state of an application accessed via the session. The first device marks a session state of the session to an update state. The first device determines that a second device intermediary to the client and the plurality of servers is in a ready state and the session state of the session is in the update state. The first device forwards the application protocol data and the application session metadata of the packet to the second device to maintain, on the second device, the same state of the application accessed via the session provided by the first device.

公开(公告)号：US20200382609A1

公开(公告)日：2020-12-03

申请号：US16998467

申请日：2020-08-20

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal

IPC: H04L29/08 ,  H04L29/06

Abstract: The present disclosure is directed towards systems and methods of maintaining a session via an intermediary device. A first device intermediary to a client and a plurality of servers receives a packet of a session. The packet of the session includes application protocol data and application session metadata used to maintain a state of an application accessed via the session. The first device marks a session state of the session to an update state. The first device determines that a second device intermediary to the client and the plurality of servers is in a ready state and the session state of the session is in the update state. The first device forwards the application protocol data and the application session metadata of the packet to the second device to maintain, on the second device, the same state of the application accessed via the session provided by the first device.

公开(公告)号：US10666534B2

公开(公告)日：2020-05-26

申请号：US15195112

申请日：2016-06-28

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal

IPC: G06F15/173 ,  H04L12/26 ,  H04L29/06 ,  H04L29/08

Abstract: The present disclosure is directed towards systems and methods for measuring round trip time (RTT) in network devices between the device and an endpoint. A network device may be deployed as an intermediary to provide many security and visibility functions. For measuring the server side RTT between the network device and host, the intermediary device identifies the packet that has been sent by the client when it initiated the RTT measurement. The network device remembers the moment T1 when it sees this packet. The host (e.g., the server) will respond to this with a packet that contains the response. The intermediary device remembers the moment T2 when it sees this response. Server side RTT is calculated by the network device as T2−T1. For measuring the client side RTT the network device and client, the intermediary device identifies the packet that the host sends to initiate measurement of RTT. As per the HDX protocol, the client will respond immediately with a new packet or with a bit set in any packet being sent to the host. Just as for server side RTT, the intermediary device can identify these packets and measure the times to calculate the client side RTT.

公开(公告)号：US20170244637A1

公开(公告)日：2017-08-24

申请号：US15048469

申请日：2016-02-19

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal ,  Daisy Caroline Francis ,  Hrushikesh Shrinivas Paralikar

IPC: H04L12/743 ,  H04L29/12

CPC classification number: H04L45/7453 ,  H04L61/2514

Abstract: The present disclosure is directed towards systems and methods routing network packets between multi-core intermediaries. A processor of a plurality of processors on a client-side intermediary device may receive a packet from a client device. The processor may be identified by a core identifier. The processor may calculate a first set of source port addresses based on a first key and the core identifier. The processor may identify a target server-side intermediary device and a target processor based on data received with the packet or metadata received from the target server-side intermediary device. The processor may calculate a second set of port addresses based on a second key and the target core identifier. The processor may identify a port address common to both the first set and second set of port addresses. The processor may replace the original source port address in the packet with the identified port address.

公开(公告)号：US10785315B2

公开(公告)日：2020-09-22

申请号：US14927600

申请日：2015-10-30

Applicant: Citrix Systems, Inc.

Inventor： Pravin Singhal

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06

Abstract: The present disclosure is directed towards systems and methods of maintaining a session via an intermediary device. A first device intermediary to a client and a plurality of servers receives a packet of a session. The packet of the session includes application protocol data and application session metadata used to maintain a state of an application accessed via the session. The first device marks a session state of the session to an update state. The first device determines that a second device intermediary to the client and the plurality of servers is in a ready state and the session state of the session is in the update state. The first device forwards the application protocol data and the application session metadata of the packet to the second device to maintain, on the second device, the same state of the application accessed via the session provided by the first device.