-
公开(公告)号:US07984479B2
公开(公告)日:2011-07-19
申请号:US11405069
申请日:2006-04-17
CPC分类号: H04L63/0823 , G06F21/33 , H04L9/3265 , H04L63/0227 , H04L63/12 , H04L63/166 , H04L2209/80
摘要: Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.
摘要翻译: 策略过滤服务内置在执行环境的安全处理中,用于解决如何处理通信实体的数字安全证书,而不需要通过证书颁发机构(“CA”)链与实体关联的根证书的本地副本 。 可以使用指示证书筛选条件的一组规则(或其他策略格式)来指定策略。 在确定所需的根CA证书不可用时,优选地在握手期间调用该过滤。 在一种方法中,策略使用规则来规定允许证书的条件(即被视为已被验证)以及指定证书被阻止的条件的其他规则(即被视为无效)。 优选地,按照大多数特定到最小特定的顺序来评估和执行策略规则。
-
公开(公告)号:US08458768B2
公开(公告)日:2013-06-04
申请号:US13111907
申请日:2011-05-19
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , G06F21/33 , H04L9/3265 , H04L63/0227 , H04L63/12 , H04L63/166 , H04L2209/80
摘要: Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.
摘要翻译: 策略过滤服务内置在执行环境的安全处理中,用于解决如何处理通信实体的数字安全证书,而不需要通过证书颁发机构(“CA”)链与实体相关联的根证书的本地副本 。 可以使用指示证书筛选条件的一组规则(或其他策略格式)来指定策略。 在确定所需的根CA证书不可用时,优选地在握手期间调用该过滤。 在一种方法中,策略使用规则来规定允许证书的条件(即被视为已被验证)以及指定证书被阻止的条件的其他规则(即被视为无效)。 优选地,按照大多数特定到最小特定的顺序来评估和执行策略规则。
-
公开(公告)号:US20110219442A1
公开(公告)日:2011-09-08
申请号:US13111907
申请日:2011-05-19
CPC分类号: H04L63/0823 , G06F21/33 , H04L9/3265 , H04L63/0227 , H04L63/12 , H04L63/166 , H04L2209/80
摘要: Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.
摘要翻译: 策略过滤服务内置在执行环境的安全处理中,用于解决如何处理通信实体的数字安全证书,而不需要通过证书颁发机构(“CA”)链与实体关联的根证书的本地副本 。 可以使用指示证书筛选条件的一组规则(或其他策略格式)来指定策略。 在确定所需的根CA证书不可用时,优选地在握手期间调用该过滤。 在一种方法中,策略使用规则来规定允许证书的条件(即被视为已被验证)以及指定证书被阻止的条件的其他规则(即被视为无效)。 优选地,按照大多数特定到最小特定的顺序来评估和执行策略规则。
-
4.发明申请PROVIDING A SEAMLESS TRANSITION FOR RESIZING VIRTUAL MACHINES FROM A DEVELOPMENT ENVIRONMENT TO A PRODUCTION ENVIRONMENT 有权向开发环境提供无缝过渡以将虚拟机从发展环境转移到生产环境公开(公告)号:US20140068600A1
公开(公告)日:2014-03-06
申请号:US13597483
申请日:2012-08-29
申请人: Rohith K. Ashok , Roy F. Brabson , Hugh E. Hockett , Jose Ortiz
发明人: Rohith K. Ashok , Roy F. Brabson , Hugh E. Hockett , Jose Ortiz
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F9/5077 , G06F2009/45562 , G06F2009/4557 , G06F2209/509
摘要: A method, system and computer program product for providing a seamless transition for resizing virtual machines from a development environment to a production environment. An administrative server receives an instruction from a customer to resize a virtual machine running on a cloud computing node, where the resized virtual machine requires physical resources (e.g., twenty physical processor cores) to be utilized in the production environment. Instead of the administrative server utilizing the same number of physical resources in the development environment that need to be utilized in the production environment, the administrative server utilizes a fewer number of physical resources by also utilizing virtual resources (e.g., twenty virtual processor cores and only two physical processor cores) so as to provide a development environment with the same resource capacity as the production environment but with fewer physical resources thereby more efficiently utilizing the physical resources on the cloud computing node.
摘要翻译: 一种用于提供将虚拟机从开发环境调整到生产环境的无缝转换的方法,系统和计算机程序产品。 管理服务器接收来自客户的指令以调整在云计算节点上运行的虚拟机的大小,其中调整大小的虚拟机需要在生产环境中使用的物理资源(例如,20个物理处理器核)。 管理服务器利用在生产环境中需要利用的开发环境中使用相同数量的物理资源,而不是通过利用虚拟资源(例如,二十个虚拟处理器核心和仅使用虚拟资源)来利用较少数量的物理资源 两个物理处理器核心),以便提供与生产环境相同的资源容量的开发环境,但是具有较少的物理资源,从而更有效地利用云计算节点上的物理资源。
-
5.发明授权Providing non-proxy TLS/SSL support in a content-based load balancer 失效在基于内容的负载平衡器中提供非代理TLS / SSL支持公开(公告)号:US08086846B2
公开(公告)日:2011-12-27
申请号:US12108779
申请日:2008-04-24
申请人: Roy F. Brabson
发明人: Roy F. Brabson
IPC分类号: G06F15/16
CPC分类号: H04L63/166 , H04L63/0823 , H04L67/1002 , H04L67/1014
摘要: Methods and systems for providing non-proxy Secure Sockets Layer and Transport Layer Security (SSL/TLS) support in a content-based load balancer are described. A Transmission Control Protocol (TCP) connection is accepted from a client, and an SSL/TLS connection is established with the client such that random data used in key generation is created. A request is received from the client, and the request is decrypted. The request is processed, a target stack is selected, and the TCP connection, the SSL/TLS connection, and the random data are transferred to the selected target stack such that the client and selected target stack maintain an end-to-end TCP connection with a non-proxy SSL/TLS connection.
摘要翻译: 描述了在基于内容的负载平衡器中提供非代理安全套接层和传输层安全(SSL / TLS)支持的方法和系统。 从客户端接受传输控制协议(TCP)连接,并与客户端建立SSL / TLS连接,从而创建密钥生成中使用的随机数据。 从客户端接收到请求,并且请求被解密。 请求被处理,选择一个目标堆栈,并且TCP连接,SSL / TLS连接和随机数据被传送到所选择的目标栈,以便客户端和选定的目标栈保持一个端到端的TCP连接 使用非代理SSL / TLS连接。
-
6.发明申请公开(公告)号:US20090271521A1
公开(公告)日:2009-10-29
申请号:US12108682
申请日:2008-04-24
申请人: Roy F. Brabson
发明人: Roy F. Brabson
IPC分类号: G06F15/16
CPC分类号: H04L47/10 , H04L47/125 , H04L47/19 , H04L47/193 , H04L67/1002 , H04L67/1027 , H04L67/14 , H04L67/148 , H04L69/16 , H04L69/163
摘要: Methods and systems for providing end-to-end content-based load balancing are described. A Transmission Control Protocol (TCP) connection is accepted from a client and a request is received from the client. The request is processed, a target stack is selected, and the TCP connection is transferred to the selected target stack such that the client and selected target stack maintain an end-to-end TCP connection. In an exemplary embodiment, the request can be processed in a TCP kernel. In another preferred embodiment, the TCP connection can include TCP data packets and the request can include request data packets. The TCP connection transfer can be performed by replaying the TCP data packets and the request data packets to the selected target stack.
摘要翻译: 描述了用于提供基于端到端内容的负载平衡的方法和系统。 从客户端接受传输控制协议(TCP)连接,并从客户端接收请求。 处理该请求,选择一个目标栈,并将TCP连接传输到所选目标堆栈,以便客户端和选定的目标堆栈保持一个端到端的TCP连接。 在示例性实施例中,可以在TCP内核中处理该请求。 在另一个优选实施例中,TCP连接可以包括TCP数据分组,并且该请求可以包括请求数据分组。 可以通过将TCP数据分组和请求数据分组重放到所选择的目标栈来执行TCP连接传送。
-
公开(公告)号:US20090170490A1
公开(公告)日:2009-07-02
申请号:US11967154
申请日:2007-12-29
申请人: Roy F. Brabson
发明人: Roy F. Brabson
IPC分类号: H04M3/42
CPC分类号: H04L67/1034 , H04L67/1002 , H04L67/1038 , H04L67/28 , H04L67/2842 , H04M3/367 , H04M7/1205 , H04W80/04
摘要: Embodiments of the present invention provide a method, system and computer program product for Mobile IPv6 binding cache support for a load balanced sysplex. In one embodiment of the invention, a load balancing sysplex can be configured for mobile device binding cache support. The sysplex can include a distributor coupled to different targets in a load balancing arrangement, where each of the targets can support a correspondent node enabled to communicate with a mobile device. A master binding cache can be coupled to the distributor and a binding cache manager can be coupled to the distributor. Notably, the binding cache manager can perform return routability with the mobile device and can provide a corresponding entry in the master binding cache for use by a target supporting a correspondent node for the mobile device. In one aspect of the embodiment, a replica of the master binding cache can be provided in each of the targets for use by supported correspondent nodes in communicating with different mobile devices associated with binding cache entries in the replica.
摘要翻译: 本发明的实施例提供了一种用于负载均衡系统的移动IPv6绑定缓存支持的方法,系统和计算机程序产品。 在本发明的一个实施例中,可以为移动设备绑定缓存支持配置负载均衡系统。 系统综合器可以包括耦合到负载平衡装置中的不同目标的分配器,其中每个目标可以支持能够与移动设备通信的通信节点。 主绑定缓存可以耦合到分发器,并且绑定高速缓存管理器可以耦合到分发者。 值得注意的是,绑定缓存管理器可以执行与移动设备的返回可路由性,并且可以在主绑定高速缓存中提供相应的条目,以供支持移动设备的通信节点的目标使用。 在该实施例的一个方面,可以在每个目标中提供主绑定高速缓存的副本,以供受支持的通信节点在与复制副本中绑定高速缓存条目相关联的不同移动设备进行通信时使用。
-
8.发明授权公开(公告)号:US08972990B2
公开(公告)日:2015-03-03
申请号:US13597483
申请日:2012-08-29
申请人: Rohith K. Ashok , Roy F. Brabson , Hugh E. Hockett , Jose Ortiz
发明人: Rohith K. Ashok , Roy F. Brabson , Hugh E. Hockett , Jose Ortiz
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F9/5077 , G06F2009/45562 , G06F2009/4557 , G06F2209/509
摘要: A method, system and computer program product for providing a seamless transition for resizing virtual machines from a development environment to a production environment. An administrative server receives an instruction from a customer to resize a virtual machine running on a cloud computing node, where the resized virtual machine requires physical resources (e.g., twenty physical processor cores) to be utilized in the production environment. Instead of the administrative server utilizing the same number of physical resources in the development environment that need to be utilized in the production environment, the administrative server utilizes a fewer number of physical resources by also utilizing virtual resources (e.g., twenty virtual processor cores and only two physical processor cores) so as to provide a development environment with the same resource capacity as the production environment but with fewer physical resources thereby more efficiently utilizing the physical resources on the cloud computing node.
摘要翻译: 一种用于提供将虚拟机从开发环境调整到生产环境的无缝转换的方法,系统和计算机程序产品。 管理服务器接收来自客户的指令以调整在云计算节点上运行的虚拟机的大小,其中调整大小的虚拟机需要在生产环境中使用的物理资源(例如,20个物理处理器核)。 管理服务器利用在生产环境中需要利用的开发环境中使用相同数量的物理资源,而不是通过利用虚拟资源(例如,二十个虚拟处理器核心和仅使用虚拟资源)来利用较少数量的物理资源 两个物理处理器核心),以便提供与生产环境相同的资源容量的开发环境,但是具有较少的物理资源,从而更有效地利用云计算节点上的物理资源。
-
公开(公告)号:US07886076B2
公开(公告)日:2011-02-08
申请号:US11033947
申请日:2005-01-12
申请人: Roy F. Brabson
发明人: Roy F. Brabson
IPC分类号: G06F15/173
CPC分类号: H04L45/22 , H04L45/00 , H04L67/1002 , H04L67/1038 , H04L67/2814 , H04L69/16 , H04W8/082 , H04W80/04
摘要: Methods, systems and computer program products for load balancing using Mobile Internet Protocol (IP) Version 6 are provided. A request for a connection is received from a client at a routing stack. A Mobile IP Version 6 Binding Update message is transmitted from the routing stack to the client responsive to the received request. The Binding Update message identifies a selected target stack so as to allow the client to communicate directly with the target stack bypassing the routing stack.
摘要翻译: 提供了使用移动互联网协议(IP)版本6进行负载平衡的方法,系统和计算机程序产品。 从路由堆栈的客户端接收到连接的请求。 响应于接收到的请求,将移动IP版本6绑定更新消息从路由栈发送到客户端。 绑定更新消息标识所选择的目标堆栈,以便允许客户端直接与绕过路由堆栈的目标堆栈进行通信。
-
公开(公告)号:US07246233B2
公开(公告)日:2007-07-17
申请号:US10007446
申请日:2001-12-05
IPC分类号: H04L29/00
CPC分类号: H04L63/04 , H04L63/08 , H04L63/166
摘要: Improvements in security processing are disclosed which enable security processing to be transparent to the application. Security processing (such as Secure Sockets Layer, or “SSL”, or Transport Layer Security, or “TLS”) is performed in (or controlled by) the stack. A decision to enable security processing on a connection can be based on configuration data or security policy, and can also be controlled using explicit enablement directives. Directives may also be provided for allowing applications to communicate with the security processing in the stack for other purposes. Functions within the protocol stack that need access to clear text can now be supported without loss of security processing capability. No modifications to application code, or in some cases only minor modifications (such as inclusion of code to invoke directives), are required to provide this security processing. Improved offloading of security processing is also disclosed, which provides processing efficiencies over prior art offloading techniques.
摘要翻译: 公开了安全处理的改进,使得安全处理能够对应用程序透明化。 安全处理(例如安全套接字层或“SSL”或传输层安全性或“TLS”)在堆栈中执行(或控制)。 在连接上启用安全处理的决定可以基于配置数据或安全策略,并且还可以使用显式启用指令进行控制。 还可以提供伪指令以允许应用与栈中的安全处理通信以用于其他目的。 现在可以支持需要访问明文的协议栈内的功能,而不会丢失安全处理能力。 不需要对应用程序代码进行修改,或者在某些情况下,仅需要进行微小的修改(例如包含调用指令的代码),才能提供此安全性处理。 还公开了改进的安全处理的卸载,其提供了超过现有技术卸载技术的处理效率。
-
-
-
-
-
-
-
-
-
搜索结果
26 条记录 (耗时 0.022 秒)
