公开(公告)号：US08745266B2

公开(公告)日：2014-06-03

申请号：US13173216

申请日：2011-06-30

申请人： Mugdha Agarwal ,  Josephine Suganthi ,  Saravana Annamalaisami ,  Jyotheesh Rao Kurma ,  Deepak Goel ,  Anil Shetty

发明人： Mugdha Agarwal ,  Josephine Suganthi ,  Saravana Annamalaisami ,  Jyotheesh Rao Kurma ,  Deepak Goel ,  Anil Shetty

IPC分类号： G06F15/173

CPC分类号： H04L45/306 ,  H04L29/08 ,  H04L45/74 ,  H04L61/103 ,  H04L61/1511 ,  H04L63/02 ,  H04L63/0815 ,  H04L67/2814

摘要： The present solution is directed to providing, transparently and seamlessly to any client or server, layer 2 redirection of client requests to any services of a device deployed in parallel to an intermediary device An intermediary device deployed between the client and the server may intercept a client request and check if the request is to be processed by a service provided by one of the devices deployed in parallel with the intermediary device. The service may be any type and form of service or feature for processing, checking or modifying the request, including a firewall, a cache server, a encryption/decryption engine, a security device, an authentication device, an authorization device or any other type and form of service or device described herein. The intermediary device may select the machine to process the request and use layer 2 redirection to the machine. The intermediary device may change a Media Access Control (MAC) address of a destination of the request to a MAC address of the selected machine. Once the selected machine processes the request, the intermediary device may receive from this machine a response to processing the request. The intermediary device may then continue processing the request of the client responsive to the response from the machine or in response to identifying that the response to the request is from that particular selected machine. The forwarding to and processing by the parallel deployed machine may be performed seamlessly and transparently to the server and/or client.

摘要翻译： 本解决方案旨在向任何客户端或服务器透明和无缝地提供客户端请求到与中间设备并行部署的设备的任何服务的重定向。部署在客户端和服务器之间的中间设备可以拦截客户端 请求并检查请求是否由与中间设备并行部署的设备之一提供的服务处理。 服务可以是用于处理，检查或修改请求的任何类型和形式的服务或特征，包括防火墙，缓存服务器，加密/解密引擎，安全设备，认证设备，授权设备或任何其他类型 以及本文描述的服务或设备的形式。 中间设备可以选择机器来处理请求，并使用第2层重定向到机器。 中间设备可以将请求的目的地的媒体访问控制（MAC）地址改变为所选择的机器的MAC地址。 一旦所选机器处理请求，中间设备可以从该机器接收对处理请求的响应。 响应于来自机器的响应或响应于识别对该请求的响应来自该特定的所选择的机器，中间设备可以继续处理客户端的请求。 并行部署的机器的转发和处理可以无缝地且透明地执行到服务器和/或客户端。

公开(公告)号：US20130007239A1

公开(公告)日：2013-01-03

申请号：US13173216

申请日：2011-06-30

申请人： Mugdha Agarwal ,  Josephine Suganthi ,  Saravana Annamalaisami ,  Jyotheesh Rao Kurma ,  Deepak Goel ,  Anil Shetty

发明人： Mugdha Agarwal ,  Josephine Suganthi ,  Saravana Annamalaisami ,  Jyotheesh Rao Kurma ,  Deepak Goel ,  Anil Shetty

IPC分类号： G06F15/173

CPC分类号： H04L45/306 ,  H04L29/08 ,  H04L45/74 ,  H04L61/103 ,  H04L61/1511 ,  H04L63/02 ,  H04L63/0815 ,  H04L67/2814

摘要： The present solution is directed to providing, transparently and seamlessly to any client or server, layer 2 redirection of client requests to any services of a device deployed in parallel to an intermediary device An intermediary device deployed between the client and the server may intercept a client request and check if the request is to be processed by a service provided by one of the devices deployed in parallel with the intermediary device. The service may be any type and form of service or feature for processing, checking or modifying the request, including a firewall, a cache server, a encryption/decryption engine, a security device, an authentication device, an authorization device or any other type and form of service or device described herein. The intermediary device may select the machine to process the request and use layer 2 redirection to the machine. The intermediary device may change a Media Access Control (MAC) address of a destination of the request to a MAC address of the selected machine. Once the selected machine processes the request, the intermediary device may receive from this machine a response to processing the request. The intermediary device may then continue processing the request of the client responsive to the response from the machine or in response to identifying that the response to the request is from that particular selected machine. The forwarding to and processing by the parallel deployed machine may be performed seamlessly and transparently to the server and/or client.

摘要翻译： 本解决方案旨在向任何客户端或服务器透明和无缝地提供客户端请求到与中间设备并行部署的设备的任何服务的重定向。部署在客户端和服务器之间的中间设备可以拦截客户端 请求并检查请求是否由与中间设备并行部署的设备之一提供的服务处理。 服务可以是用于处理，检查或修改请求的任何类型和形式的服务或特征，包括防火墙，缓存服务器，加密/解密引擎，安全设备，认证设备，授权设备或任何其他类型 以及本文描述的服务或设备的形式。 中间设备可以选择机器来处理请求，并使用第2层重定向到机器。 中间设备可以将请求的目的地的媒体访问控制（MAC）地址改变为所选择的机器的MAC地址。 一旦所选机器处理请求，中间设备可以从该机器接收对处理请求的响应。 响应于来自机器的响应或响应于识别对该请求的响应来自该特定的所选择的机器，中间设备可以继续处理客户端的请求。 并行部署的机器的转发和处理可以无缝地且透明地执行到服务器和/或客户端。

公开(公告)号：US09253252B2

公开(公告)日：2016-02-02

申请号：US13464818

申请日：2012-05-04

申请人： Puneet Agarwal ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

发明人： Puneet Agarwal ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

IPC分类号： H04L12/46 ,  H04L29/08 ,  H04L29/06

CPC分类号： H04L67/1002 ,  H04L12/4625 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/164

摘要： Embodiments of the present solution provide a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers.

摘要翻译： 本解决方案的实施例提供了一种云桥，以在数据中心和云服务提供商的不同网络之间带来网络透明度。 例如，设备可能部署在数据中心和云端。 这些设备可以被配置或设计和构造成彼此通信，并且识别和理解企业和云数据中心的内部部署数据中心的本地IP和/或公共IP网络信息。 这些设备可以以内部和云数据中心的单一网络的方式无缝和透明地管理内部部署和云数据中心之间的网络流量流。

公开(公告)号：US20120281706A1

公开(公告)日：2012-11-08

申请号：US13464818

申请日：2012-05-04

申请人： PUNEET AGARWAL ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

发明人： PUNEET AGARWAL ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L67/1002 ,  H04L12/4625 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/164

摘要： Embodiments of the present solution provide a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers.

摘要翻译： 本解决方案的实施例提供了一种云桥，以在数据中心和云服务提供商的不同网络之间带来网络透明度。 例如，设备可能部署在数据中心和云端。 这些设备可以被配置或设计和构造成彼此通信，并且识别和理解企业和云数据中心的内部部署数据中心的本地IP和/或公共IP网络信息。 这些设备可以以内部和云数据中心的单一网络的方式无缝和透明地管理内部部署和云数据中心之间的网络流量流。

公开(公告)号：US20110153721A1

公开(公告)日：2011-06-23

申请号：US12645796

申请日：2009-12-23

申请人： Mugdha Agarwal ,  Akshat Choudhary ,  Ajay Soni

发明人： Mugdha Agarwal ,  Akshat Choudhary ,  Ajay Soni

IPC分类号： G06F15/16

CPC分类号： H04L67/10 ,  H04L29/08 ,  H04L67/2814 ,  H04L67/2819 ,  H04L67/2842 ,  H04L67/42 ,  H04L69/04 ,  H04L69/16 ,  H04L69/161 ,  H04L69/22

摘要： The present disclosure presents systems and methods for policy based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in a first option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN optimization device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN optimization device, while maintaining the information from the first option field. The intermediary device receives the request including the information in the first option field identifying the first WAN optimization device to the second WAN optimization device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server.

摘要翻译： 本公开提供了通过中间设备将网络流量基于策略的重定向到水平部署的WAN设备的系统和方法。 中介接收客户端访问服务器的请求。 该请求先前被第一WAN设备修改为将信息包括在传输层的第一选项字段中。 中介可以响应于重定向策略来确定将请求发送到从中间件而不是服务器水平部署的第二WAN优化设备。 中间人将请求发送到第二WAN优化设备，同时保持来自第一选项字段的信息。 中间装置接收包括识别第一WAN优化装置的第一选项字段中的信息到第二WAN优化装置的请求。 中介从第二WAN设备接收修改后的请求，该修改请求由中介确定发送到目的地服务器。

公开(公告)号：US20120173759A1

公开(公告)日：2012-07-05

申请号：US13337712

申请日：2011-12-27

申请人： Mugdha Agarwal ,  Akshat Choudhary

发明人： Mugdha Agarwal ,  Akshat Choudhary

IPC分类号： G06F15/173

CPC分类号： H04L67/2814 ,  H04L67/2819 ,  H04L67/2876 ,  H04L69/161 ,  H04L69/22

摘要： The present disclosure presents systems and methods for policy-based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in an option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN device, while maintaining the information from the option field. The intermediary device receives the request including the information identifying the first WAN optimization device to the second WAN device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server.

摘要翻译： 本公开提供了用于由中间设备将网络流量基于策略的重定向到水平部署的WAN设备的系统和方法。 中介接收客户端访问服务器的请求。 该请求先前被第一WAN设备修改为将信息包括在传输层的选项字段中。 中介可以响应于重定向策略来确定将请求发送到从中间件而不是服务器水平部署的第二WAN设备。 中继机将请求发送到第二WAN设备，同时保持来自选项字段的信息。 中间装置接收包括识别第一WAN优化装置的信息到第二WAN装置的请求。 中介从第二WAN设备接收修改后的请求，该修改请求由中介确定发送到目的地服务器。

公开(公告)号：US20110277026A1

公开(公告)日：2011-11-10

申请号：US13102902

申请日：2011-05-06

申请人： Mugdha Agarwal ,  Akshat Choudhary ,  Puneet Agarwal ,  Arkesh Kumar ,  Nirdosh Shah ,  Ajay Soni

发明人： Mugdha Agarwal ,  Akshat Choudhary ,  Puneet Agarwal ,  Arkesh Kumar ,  Nirdosh Shah ,  Ajay Soni

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L63/0884 ,  G06F21/31 ,  G06F21/41 ,  G06F21/554 ,  H04L63/0815

摘要： The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution

摘要翻译： 本应用程序的解决方案通过在SaaS和云托管应用程序以及传统的企业托管应用程序之间提供单个身份验证域来解决跨不同托管系统的身份验证问题。 多个客户端的应用交付控制器中介，以及提供单一登录管理，集成和控制的不同托管的应用。 用户可以通过由ADC提供，控制或管理的接口登录，该接口根据策略和应用的主机向用户认证用户。 因此，用户可以登录一次以访问多个不同的托管的应用。 从用户的角度来看，用户通过本解决方案系统提供的远程访问，无缝透明地访问具有不同密码和身份验证的不同托管系统

公开(公告)号：US20120036244A1

公开(公告)日：2012-02-09

申请号：US12851438

申请日：2010-08-05

申请人： Pratap Ramachandra ,  Akshat Choudhary ,  Mugdha Agarwal ,  Arkesh Kumar

发明人： Pratap Ramachandra ,  Akshat Choudhary ,  Mugdha Agarwal ,  Arkesh Kumar

IPC分类号： G06F15/173

CPC分类号： H04L41/0806 ,  H04L29/12207 ,  H04L61/20 ,  H04L63/166

摘要： In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management.

摘要翻译： 在多核系统中，跨相应内核的多个数据包引擎可能同时处理来自SSL VPN会话数据流的数据包。 例如，第一个核心可以与客户端建立SSL VPN会话。 诸如第二核心的其他核心中的任何一个可以接收与由第一核心拥有的会话相关的分组。 下面描述的系统和方法的实施例提供了用于提供SSL VPN服务的多核/多分组引擎方法的IIP地址的管理。 在一些实施例中，管理IIP地址的方法是使核上的一个分组引擎作为剩余分组引擎和核心的IIP的主机或控制器。 分组引擎/内核使用关于IIP管理的通信协议。

公开(公告)号：US09065866B2

公开(公告)日：2015-06-23

申请号：US13337712

申请日：2011-12-27

申请人： Mugdha Agarwal ,  Akshat Choudhary

发明人： Mugdha Agarwal ,  Akshat Choudhary

IPC分类号： G06F15/16 ,  H04L29/08 ,  H04L29/06

CPC分类号： H04L67/2814 ,  H04L67/2819 ,  H04L67/2876 ,  H04L69/161 ,  H04L69/22

摘要： The present disclosure presents systems and methods for policy-based redirection of network traffic, by an intermediary device, to a horizontally deployed WAN device. An intermediary receives a request from a client to access a server. The request was previously modified by a first WAN device to include information in an option field of a transport layer. The intermediary may determine, responsive to a redirection policy, to send the request to a second WAN device deployed horizontally from the intermediary, instead of the server. The intermediary transmits the request to the second WAN device, while maintaining the information from the option field. The intermediary device receives the request including the information identifying the first WAN optimization device to the second WAN device. The intermediary receives a modified request from the second WAN device, the modified request determined by the intermediary to be sent to the destination server.

摘要翻译： 本公开提供了用于由中间设备将网络流量基于策略的重定向到水平部署的WAN设备的系统和方法。 中介接收客户端访问服务器的请求。 该请求先前被第一WAN设备修改为将信息包括在传输层的选项字段中。 中介可以响应于重定向策略来确定将请求发送到从中间件而不是服务器水平部署的第二WAN设备。 中继机将请求发送到第二WAN设备，同时保持来自选项字段的信息。 中间装置接收包括识别第一WAN优化装置的信息到第二WAN装置的请求。 中介从第二WAN设备接收修改后的请求，该修改请求由中介确定发送到目的地服务器。

公开(公告)号：US08589575B2

公开(公告)日：2013-11-19

申请号：US12851438

申请日：2010-08-05

申请人： Pratap Ramachandra ,  Akshat Choudhary ,  Mugdha Agarwal ,  Arkesh Kumar

发明人： Pratap Ramachandra ,  Akshat Choudhary ,  Mugdha Agarwal ,  Arkesh Kumar

IPC分类号： G06F15/16

CPC分类号： H04L41/0806 ,  H04L29/12207 ,  H04L61/20 ,  H04L63/166

摘要： In a multi-core system, multiple packet engines across corresponding cores may be working concurrently processing data packets from data flows of SSL VPN sessions. For example, a first core may establish a SSL VPN session with a client. Any one of the other cores, such as a second core, may received packets related to the session owned by the first core. Embodiments of the systems and method described below provide management of IIP addresses for the multi-core/multi-packet engine approach to providing SSL VPN service. In some embodiments, the approach to managing IIP addresses is to have one packet engine on a core act as a master or controller of the IIPs for the remaining packet engines and cores. The packet engines/cores use a protocol for communications regarding IIP management.

摘要翻译： 在多核系统中，跨相应内核的多个数据包引擎可能同时处理来自SSL VPN会话数据流的数据包。 例如，第一个核心可以与客户端建立SSL VPN会话。 诸如第二核心的其他核心中的任何一个可以接收与由第一核心拥有的会话相关的分组。 下面描述的系统和方法的实施例提供了用于提供SSL VPN服务的多核/多分组引擎方法的IIP地址的管理。 在一些实施例中，管理IIP地址的方法是使核上的一个分组引擎作为剩余分组引擎和核心的IIP的主机或控制器。 分组引擎/内核使用关于IIP管理的通信协议。