公开(公告)号：US09253252B2

公开(公告)日：2016-02-02

申请号：US13464818

申请日：2012-05-04

申请人： Puneet Agarwal ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

发明人： Puneet Agarwal ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

IPC分类号： H04L12/46 ,  H04L29/08 ,  H04L29/06

CPC分类号： H04L67/1002 ,  H04L12/4625 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/164

摘要： Embodiments of the present solution provide a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers.

摘要翻译： 本解决方案的实施例提供了一种云桥，以在数据中心和云服务提供商的不同网络之间带来网络透明度。 例如，设备可能部署在数据中心和云端。 这些设备可以被配置或设计和构造成彼此通信，并且识别和理解企业和云数据中心的内部部署数据中心的本地IP和/或公共IP网络信息。 这些设备可以以内部和云数据中心的单一网络的方式无缝和透明地管理内部部署和云数据中心之间的网络流量流。

公开(公告)号：US20120281706A1

公开(公告)日：2012-11-08

申请号：US13464818

申请日：2012-05-04

申请人： PUNEET AGARWAL ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

发明人： PUNEET AGARWAL ,  Deepak Goel ,  Mugdha Agarwal ,  Anil Kumar Gavini ,  Jyotheesh Rao Kurma ,  Arkesh Kumar ,  Shaleen Sharma

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L67/1002 ,  H04L12/4625 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/164

摘要： Embodiments of the present solution provide a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers.

摘要翻译： 本解决方案的实施例提供了一种云桥，以在数据中心和云服务提供商的不同网络之间带来网络透明度。 例如，设备可能部署在数据中心和云端。 这些设备可以被配置或设计和构造成彼此通信，并且识别和理解企业和云数据中心的内部部署数据中心的本地IP和/或公共IP网络信息。 这些设备可以以内部和云数据中心的单一网络的方式无缝和透明地管理内部部署和云数据中心之间的网络流量流。

公开(公告)号：US08484287B2

公开(公告)日：2013-07-09

申请号：US12851449

申请日：2010-08-05

申请人： Anil Kumar Gavini ,  Akshat Choudhary ,  Puneet Agarwal

发明人： Anil Kumar Gavini ,  Akshat Choudhary ,  Puneet Agarwal

IPC分类号： G06F15/16

CPC分类号： G06F9/5027 ,  G06F2209/5016 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819

摘要： The present solution is directed towards systems and methods for managing cookies by a multi-core device. The device is intermediary to a client and one or more servers. A first core of a multi-core device receives a response from a server to a request of the client through a user session. The response comprises a cookie. The first core removes the cookie from the response and stores the cookie in a corresponding storage for the session. The first core forwards the response without the cookie to the client. A second core then receives via a session, a second request from the client. The second core determines the identification of the first core as owner of the session from the second request. The second core then communicates to the first core a third request for cookie information for the session.

摘要翻译： 目前的解决方案涉及用于通过多核设备管理Cookie的系统和方法。 该设备是客户端和一个或多个服务器的中介。 多核设备的第一核心通过用户会话接收从服务器到客户端的请求的响应。 响应包括一个cookie。 第一个核心从响应中删除cookie，并将cookie存储在会话的相应存储中。 第一个核心将没有cookie的响应转发给客户端。 然后，第二核心经由会话接收来自客户端的第二请求。 第二核确定第一个核心作为第二个请求中的会话的所有者的标识。 然后，第二个核心向第一个核心传达第三个会话Cookie信息请求。

公开(公告)号：US20120036178A1

公开(公告)日：2012-02-09

申请号：US12851449

申请日：2010-08-05

申请人： Anil Kumar Gavini ,  Akshat Choudhary ,  Puneet Agarwal

发明人： Anil Kumar Gavini ,  Akshat Choudhary ,  Puneet Agarwal

IPC分类号： G06F15/16

CPC分类号： G06F9/5027 ,  G06F2209/5016 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819

摘要： The present solution is directed towards systems and methods for managing cookies by a multi-core device. The device is intermediary to a client and one or more servers. A first core of a multi-core device receives a response from a server to a request of the client through a user session. The response comprises a cookie. The first core removes the cookie from the response and stores the cookie in a corresponding storage for the session. The first core forwards the response without the cookie to the client. A second core then receives via a session, a second request from the client. The second core determines the identification of the first core as owner of the session from the second request. The second core then communicates to the first core a third request for cookie information for the session.

摘要翻译： 目前的解决方案涉及用于通过多核设备管理Cookie的系统和方法。 该设备是客户端和一个或多个服务器的中介。 多核设备的第一核心通过用户会话接收从服务器到客户端的请求的响应。 响应包括一个cookie。 第一个核心从响应中删除cookie，并将cookie存储在会话的相应存储中。 第一个核心将没有cookie的响应转发给客户端。 然后，第二核心经由会话接收来自客户端的第二请求。 第二核确定第一个核心作为第二个请求中的会话的所有者的标识。 然后，第二个核心向第一个核心传达第三个会话Cookie信息请求。

公开(公告)号：US20090193513A1

公开(公告)日：2009-07-30

申请号：US12359101

申请日：2009-01-23

申请人： Puneet Agarwal ,  Ravindra Nath Thakur ,  Anil Kumar Gavini

发明人： Puneet Agarwal ,  Ravindra Nath Thakur ,  Anil Kumar Gavini

IPC分类号： G06F21/00

CPC分类号： H04L63/0272 ,  H04L63/0227 ,  H04L63/105 ,  H04L63/1441 ,  H04L63/166

摘要： The present disclosure presents methods, systems and intermediaries which determine an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy. An intermediary may receive a response from a server comprising a URL. The response from the server may be directed to a client via a SSL VPN session and via the intermediary. The intermediary may determine, responsive to an encoding policy, one of a transparent, opaque or encrypted encoding scheme for encoding the URL. The intermediary may rewrite the URL for transmission to the client in accordance with the determined encoding scheme.

摘要翻译： 本公开提供了通过代理从无客户端安全套接字层虚拟专用网（SSL VPN）的多个编码方案中确定统一资源位置（URL）的编码方案的方法，系统和中介​​。 中介可以从包含URL的服务器接收响应。 来自服务器的响应可以经由SSL VPN会话并且经由中介向客户端发送。 中介可以响应于编码策略来确定用于对URL进行编码的透明，不透明或加密的编码方案之一。 中介可以根据所确定的编码方案重写用于传送给客户端的URL。

公开(公告)号：US20110154464A1

公开(公告)日：2011-06-23

申请号：US12976693

申请日：2010-12-22

申请人： PUNEET AGARWAL ,  Dileep Reddem ,  Anil Kumar Gavini

发明人： PUNEET AGARWAL ,  Dileep Reddem ,  Anil Kumar Gavini

IPC分类号： G06F15/16

CPC分类号： H04L63/0815 ,  H04L63/0281 ,  H04L63/0884

摘要： The present invention is directed towards systems and methods for form-based single sign-on by a user desiring access to one or more protected resources, e.g., protected web pages, protected web-served applications, etc. In various embodiments, a single sign-on (SSO) module is in operation on an intermediary device, which is disposed in a network to manage internet traffic between a plurality of clients and a plurality of servers. The intermediary device can identify an authentication response from a server and forward the authentication response to the SSO module. The SSO module can complete a login form in the authentication response with a client's authentication data, return the completed login form to the server and forward cookies associated with the authentication response to the client. In various embodiments, multiple login forms can be completed, transparently to the client, by the SSO module on a client's behalf and reduce time expended by a client in obtaining access to protected resources.

摘要翻译： 本发明涉及用于期望访问一个或多个受保护资源（例如受保护的网页，受保护的web服务应用程序等）的用户的基于表单的单一登录的系统和方法。在各种实施例中，单个符号 -on（SSO）模块在中间设备上运行，该中间设备被布置在网络中以管理多个客户端与多个服务器之间的互联网业务。 中间设备可以识别来自服务器的认证响应，并将认证响应转发给SSO模块。 SSO模块可以使用客户端的认证数据在认证响应中完成登录表单，将完成的登录表单返回到服务器，并将与认证响应相关联的cookie转发给客户端。 在各种实施例中，代表客户端的SSO模块可以透明地向客户端完成多个登录表单，并且减少客户端获得对受保护资源的访问所花费的时间。

公开(公告)号：US08646067B2

公开(公告)日：2014-02-04

申请号：US12359101

申请日：2009-01-23

申请人： Puneet Agarwal ,  Ravindra Nath Thakur ,  Anil Kumar Gavini

发明人： Puneet Agarwal ,  Ravindra Nath Thakur ,  Anil Kumar Gavini

IPC分类号： G06F9/00 ,  G06F15/16 ,  G06F17/00 ,  H04L29/06

CPC分类号： H04L63/0272 ,  H04L63/0227 ,  H04L63/105 ,  H04L63/1441 ,  H04L63/166

摘要： The present disclosure presents methods, systems and intermediaries which determine an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy. An intermediary may receive a response from a server comprising a URL. The response from the server may be directed to a client via a SSL VPN session and via the intermediary. The intermediary may determine, responsive to an encoding policy, one of a transparent, opaque or encrypted encoding scheme for encoding the URL. The intermediary may rewrite the URL for transmission to the client in accordance with the determined encoding scheme.

摘要翻译： 本公开提供了通过代理从无客户端安全套接字层虚拟专用网（SSL VPN）的多个编码方案中确定统一资源位置（URL）的编码方案的方法，系统和中介​​。 中介可以从包含URL的服务器接收响应。 来自服务器的响应可以经由SSL VPN会话并且经由中介向客户端发送。 中介可以响应于编码策略来确定用于对URL进行编码的透明，不透明或加密的编码方案之一。 中介可以根据所确定的编码方案重写用于传送给客户端的URL。

公开(公告)号：US08453225B2

公开(公告)日：2013-05-28

申请号：US12976693

申请日：2010-12-22

申请人： Puneet Agarwal ,  Dileep Reddem ,  Anil Kumar Gavini

发明人： Puneet Agarwal ,  Dileep Reddem ,  Anil Kumar Gavini

IPC分类号： H04L29/06

CPC分类号： H04L63/0815 ,  H04L63/0281 ,  H04L63/0884

摘要： The present invention is directed towards systems and methods for form-based single sign-on by a user desiring access to one or more protected resources, e.g., protected web pages, protected web-served applications, etc. In various embodiments, a single sign-on (SSO) module is in operation on an intermediary device, which is disposed in a network to manage internet traffic between a plurality of clients and a plurality of servers. The intermediary device can identify an authentication response from a server and forward the authentication response to the SSO module. The SSO module can complete a login form in the authentication response with a client's authentication data, return the completed login form to the server and forward cookies associated with the authentication response to the client. In various embodiments, multiple login forms can be completed, transparently to the client, by the SSO module on a client's behalf and reduce time expended by a client in obtaining access to protected resources.

公开(公告)号：US08996614B2

公开(公告)日：2015-03-31

申请号：US13369151

申请日：2012-02-08

申请人： Akshat Choudhary ,  Anil Kumar Gavini ,  Anil Shetty

发明人： Akshat Choudhary ,  Anil Kumar Gavini ,  Anil Shetty

IPC分类号： G06F15/16 ,  H04L29/06

CPC分类号： H04L65/4076

摘要： The present disclosure describes systems and methods for load balancing multiple application delivery controllers (ADCs) in multiple tiers. An upper layer of the tier comprises ADCs that load balance the plurality of ADCs of a lower layer of the tier. In order to appropriately share and maintain client IPs for transparent cache redirection scenarios, the transport layer (Transport Control Protocol (TCP)) port range is split among the ADCs of the lower tier. The lower tier ADCs would then create a connection only using a source port assigned to them. The response from the origin will then be sent to the upper level ADC which looks at the destination port and forward the packet to the correct lower tier ADC. Hence, the ADCs at two levels will work in conjunction to provide transparent cache direction.

摘要翻译： 本公开描述了用于在多层中负载平衡多个应用传递控制器（ADC）的系统和方法。 层的上层包括负载平衡层的较低层的多个ADC的ADC。 为了适当地共享和维护用于透明缓存重定向方案的客户端IP，传输层（传输控制协议（TCP））端口范围在下层的ADC之间分配。 然后，较低层的ADC将仅使用分配给它们的源端口创建连接。 来自原点的响应将被发送到上层ADC，其查看目标端口并将数据包转发到正确的下层ADC。 因此，两级ADC将协同工作，提供透明缓存方向。

公开(公告)号：US20120203825A1

公开(公告)日：2012-08-09

申请号：US13369151

申请日：2012-02-08

申请人： Akshat Choudhary ,  Anil Kumar Gavini ,  Anil Shetty

发明人： Akshat Choudhary ,  Anil Kumar Gavini ,  Anil Shetty

IPC分类号： G06F15/16

CPC分类号： H04L65/4076

摘要： The present disclosure describes systems and methods for load balancing multiple application delivery controllers (ADCs) in multiple tiers. An upper layer of the tier comprises ADCs that load balance the plurality of ADCs of a lower layer of the tier. In order to appropriately share and maintain client IPs for transparent cache redirection scenarios, the transport layer (Transport Control Protocol (TCP)) port range is split among the ADCs of the lower tier. The lower tier ADCs would then create a connection only using a source port assigned to them. The response from the origin will then be sent to the upper level ADC which looks at the destination port and forward the packet to the correct lower tier ADC. Hence, the ADCs at two levels will work in conjunction to provide transparent cache direction.

摘要翻译： 本公开描述了用于在多层中负载平衡多个应用传递控制器（ADC）的系统和方法。 层的上层包括负载平衡层的较低层的多个ADC的ADC。 为了适当地共享和维护用于透明缓存重定向方案的客户端IP，传输层（传输控制协议（TCP））端口范围在下层的ADC之间分配。 然后，较低层的ADC将仅使用分配给它们的源端口创建连接。 来自原点的响应将被发送到上层ADC，其查看目标端口并将数据包转发到正确的下层ADC。 因此，两级ADC将协同工作，提供透明缓存方向。