SYSTEMS AND METHODS FOR POLICY BASED INTEGRATION TO HORIZONTALLY DEPLOYED WAN OPTIMIZATION APPLIANCES
    1.
    发明申请
    SYSTEMS AND METHODS FOR POLICY BASED INTEGRATION TO HORIZONTALLY DEPLOYED WAN OPTIMIZATION APPLIANCES 有权
    用于基于政策的集成到水平广域网优化设备的系统和方法

    公开(公告)号:US20110153721A1

    公开(公告)日:2011-06-23

    申请号:US12645796

    申请日:2009-12-23

    IPC分类号: G06F15/16

    摘要: The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server.

    摘要翻译: 本公开提供了通过中间设备将网络流量基于策略的重定向到水平部署的WAN设备的系统和方法。 中介接收客户端访问服务器的请求。 该请求先前被第一WAN设备修改为将信息包括在传输层的第一选项字段中。 中介可以响应于重定向策略来确定将请求发送到从中间件而不是服务器水平部署的第二WAN优化设备。 中间人将请求发送到第二WAN优化设备,同时保持来自第一选项字段的信息。 中间装置接收包括识别第一WAN优化装置的第一选项字段中的信息到第二WAN优化装置的请求。 中介从第二WAN设备接收修改后的请求,该修改请求由中介确定发送到目的地服务器。

    Systems and Methods for Providing Single Sign On Access to Enterprise SAAS and Cloud Hosted Applications
    2.
    发明申请
    Systems and Methods for Providing Single Sign On Access to Enterprise SAAS and Cloud Hosted Applications 有权
    提供单一登录访问企业SAAS和云托管应用程序的系统和方法

    公开(公告)号:US20110277026A1

    公开(公告)日:2011-11-10

    申请号:US13102902

    申请日:2011-05-06

    IPC分类号: H04L9/32 G06F21/00

    摘要: The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution

    摘要翻译: 本应用程序的解决方案通过在SaaS和云托管应用程序以及传统的企业托管应用程序之间提供单个身份验证域来解决跨不同托管系统的身份验证问题。 多个客户端的应用交付控制器中介,以及提供单一登录管理,集成和控制的不同托管的应用。 用户可以通过由ADC提供,控制或管理的接口登录,该接口根据策略和应用的主机向用户认证用户。 因此,用户可以登录一次以访问多个不同的托管的应用。 从用户的角度来看,用户通过本解决方案系统提供的远程访问,无缝透明地访问具有不同密码和身份验证的不同托管系统

    Systems and methods for providing single sign on access to enterprise SAAS and cloud hosted applications
    3.
    发明授权
    Systems and methods for providing single sign on access to enterprise SAAS and cloud hosted applications 有权
    提供单一登录访问企业SAAS和云托管应用程序的系统和方法

    公开(公告)号:US09282097B2

    公开(公告)日:2016-03-08

    申请号:US13102902

    申请日:2011-05-06

    摘要: The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution.

    摘要翻译: 本应用程序的解决方案通过在SaaS和云托管应用程序以及传统的企业托管应用程序之间提供单个身份验证域来解决跨不同托管系统的身份验证问题。 多个客户端的应用交付控制器中介,以及提供单一登录管理,集成和控制的不同托管的应用。 用户可以通过由ADC提供,控制或管理的接口登录,该接口根据策略和应用的主机向用户认证用户。 因此,用户可以登录一次以访问多个不同的托管的应用。 从用户的角度来看,用户通过本解决方案的系统提供的远程访问,无缝和透明地访问具有不同密码和身份验证的不同托管系统。

    Systems and methods for policy based integration to horizontally deployed WAN optimization appliances
    4.
    发明授权
    Systems and methods for policy based integration to horizontally deployed WAN optimization appliances 有权
    用于基于策略的集成到水平部署的WAN优化设备的系统和方法

    公开(公告)号:US08965955B2

    公开(公告)日:2015-02-24

    申请号:US12645796

    申请日:2009-12-23

    IPC分类号: G06F15/16 H04L29/08 H04L29/06

    摘要: The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server.

    摘要翻译: 本公开提供了通过中间设备将网络流量基于策略的重定向到水平部署的WAN设备的系统和方法。 中介接收客户端访问服务器的请求。 该请求先前被第一WAN设备修改为将信息包括在传输层的第一选项字段中。 中介可以响应于重定向策略来确定将请求发送到从中间件而不是服务器水平部署的第二WAN优化设备。 中间人将请求发送到第二WAN优化设备,同时保持来自第一选项字段的信息。 中间装置接收包括识别第一WAN优化装置的第一选项字段中的信息到第二WAN优化装置的请求。 中介从第二WAN设备接收修改后的请求,该修改请求由中介确定发送到目的地服务器。

    Systems and Methods for Policy Based Integration to Horizontally Deployed WAN Optimization Appliances
    5.
    发明申请
    Systems and Methods for Policy Based Integration to Horizontally Deployed WAN Optimization Appliances 有权
    用于基于策略的集成到水平部署的WAN优化设备的系统和方法

    公开(公告)号:US20120173759A1

    公开(公告)日:2012-07-05

    申请号:US13337712

    申请日:2011-12-27

    IPC分类号: G06F15/173

    摘要: The present disclosure presents systems and methods for policy-based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in an option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN device, while maintaining the information from the option field. The intermediary device receives the request including the information identifying the first WAN optimization device to the second WAN device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server.

    摘要翻译: 本公开提供了用于由中间设备将网络流量基于策略的重定向到水平部署的WAN设备的系统和方法。 中介接收客户端访问服务器的请求。 该请求先前被第一WAN设备修改为将信息包括在传输层的选项字段中。 中介可以响应于重定向策略来确定将请求发送到从中间件而不是服务器水平部署的第二WAN设备。 中继机将请求发送到第二WAN设备,同时保持来自选项字段的信息。 中间装置接收包括识别第一WAN优化装置的信息到第二WAN装置的请求。 中介从第二WAN设备接收修改后的请求,该修改请求由中介确定发送到目的地服务器。

    SYSTEMS AND METHODS FOR IIP ADDRESS SHARING ACROSS CORES IN A MULTI-CORE SYSTEM
    6.
    发明申请
    SYSTEMS AND METHODS FOR IIP ADDRESS SHARING ACROSS CORES IN A MULTI-CORE SYSTEM 有权
    用于在多核系统中通过CORS进行IP地址共享的系统和方法

    公开(公告)号:US20120036244A1

    公开(公告)日:2012-02-09

    申请号:US12851438

    申请日:2010-08-05

    IPC分类号: G06F15/173

    摘要: In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management.

    摘要翻译: 在多核系统中,跨相应内核的多个数据包引擎可能同时处理来自SSL VPN会话数据流的数据包。 例如,第一个核心可以与客户端建立SSL VPN会话。 诸如第二核心的其他核心中的任何一个可以接收与由第一核心拥有的会话相关的分组。 下面描述的系统和方法的实施例提供了用于提供SSL VPN服务的多核/多分组引擎方法的IIP地址的管理。 在一些实施例中,管理IIP地址的方法是使核上的一个分组引擎作为剩余分组引擎和核心的IIP的主机或控制器。 分组引擎/内核使用关于IIP管理的通信协议。

    Systems and methods for policy based integration to horizontally deployed WAN optimization appliances
    7.
    发明授权
    Systems and methods for policy based integration to horizontally deployed WAN optimization appliances 有权
    用于基于策略的集成到水平部署的WAN优化设备的系统和方法

    公开(公告)号:US09065866B2

    公开(公告)日:2015-06-23

    申请号:US13337712

    申请日:2011-12-27

    IPC分类号: G06F15/16 H04L29/08 H04L29/06

    摘要: The present disclosure presents systems and methods for policy-based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in an option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN device, while maintaining the information from the option field. The intermediary device receives the request including the information identifying the first WAN optimization device to the second WAN device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server.

    摘要翻译: 本公开提供了用于由中间设备将网络流量基于策略的重定向到水平部署的WAN设备的系统和方法。 中介接收客户端访问服务器的请求。 该请求先前被第一WAN设备修改为将信息包括在传输层的选项字段中。 中介可以响应于重定向策略来确定将请求发送到从中间件而不是服务器水平部署的第二WAN设备。 中继机将请求发送到第二WAN设备,同时保持来自选项字段的信息。 中间装置接收包括识别第一WAN优化装置的信息到第二WAN装置的请求。 中介从第二WAN设备接收修改后的请求,该修改请求由中介确定发送到目的地服务器。

    Systems and methods for IIP address sharing across cores in a multi-core system
    8.
    发明授权
    Systems and methods for IIP address sharing across cores in a multi-core system 有权
    在多核系统中跨IP地址共享的系统和方法

    公开(公告)号:US08589575B2

    公开(公告)日:2013-11-19

    申请号:US12851438

    申请日:2010-08-05

    IPC分类号: G06F15/16

    摘要: In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management.

    摘要翻译: 在多核系统中,跨相应内核的多个数据包引擎可能同时处理来自SSL VPN会话数据流的数据包。 例如,第一个核心可以与客户端建立SSL VPN会话。 诸如第二核心的其他核心中的任何一个可以接收与由第一核心拥有的会话相关的分组。 下面描述的系统和方法的实施例提供了用于提供SSL VPN服务的多核/多分组引擎方法的IIP地址的管理。 在一些实施例中,管理IIP地址的方法是使核上的一个分组引擎作为剩余分组引擎和核心的IIP的主机或控制器。 分组引擎/内核使用关于IIP管理的通信协议。

    Transparent layer 2 redirection of request to single sign in service based on applying policy to content of request
    9.
    发明授权
    Transparent layer 2 redirection of request to single sign in service based on applying policy to content of request 有权
    透明层2根据对请求的内容应用策略,将请求重定向到单一登录服务

    公开(公告)号:US08745266B2

    公开(公告)日:2014-06-03

    申请号:US13173216

    申请日:2011-06-30

    IPC分类号: G06F15/173

    摘要: The present solution is directed to providing, transparently and seamlessly to any client or server, layer 2 redirection of client requests to any services of a device deployed in parallel to an intermediary device An intermediary device deployed between the client and the server may intercept a client request and check if the request is to be processed by a service provided by one of the devices deployed in parallel with the intermediary device. The service may be any type and form of service or feature for processing, checking or modifying the request, including a firewall, a cache server, a encryption/decryption engine, a security device, an authentication device, an authorization device or any other type and form of service or device described herein. The intermediary device may select the machine to process the request and use layer 2 redirection to the machine. The intermediary device may change a Media Access Control (MAC) address of a destination of the request to a MAC address of the selected machine. Once the selected machine processes the request, the intermediary device may receive from this machine a response to processing the request. The intermediary device may then continue processing the request of the client responsive to the response from the machine or in response to identifying that the response to the request is from that particular selected machine. The forwarding to and processing by the parallel deployed machine may be performed seamlessly and transparently to the server and/or client.

    摘要翻译: 本解决方案旨在向任何客户端或服务器透明和无缝地提供客户端请求到与中间设备并行部署的设备的任何服务的重定向。部署在客户端和服务器之间的中间设备可以拦截客户端 请求并检查请求是否由与中间设备并行部署的设备之一提供的服务处理。 服务可以是用于处理,检查或修改请求的任何类型和形式的服务或特征,包括防火墙,缓存服务器,加密/解密引擎,安全设备,认证设备,授权设备或任何其他类型 以及本文描述的服务或设备的形式。 中间设备可以选择机器来处理请求,并使用第2层重定向到机器。 中间设备可以将请求的目的地的媒体访问控制(MAC)地址改变为所选择的机器的MAC地址。 一旦所选机器处理请求,中间设备可以从该机器接收对处理请求的响应。 响应于来自机器的响应或响应于识别对该请求的响应来自该特定的所选择的机器,中间设备可以继续处理客户端的请求。 并行部署的机器的转发和处理可以无缝地且透明地执行到服务器和/或客户端。