-
1.发明授权公开(公告)号:US08316226B1
公开(公告)日:2012-11-20
申请号:US11226501
申请日:2005-09-14
申请人: Shekhar Kshirsagar , James Wood , David W. Young , Vamsi K. Anne , Vadim Egorov , Christopher N. Thomas
发明人: Shekhar Kshirsagar , James Wood , David W. Young , Vamsi K. Anne , Vadim Egorov , Christopher N. Thomas
CPC分类号: H04L63/0272 , H04L63/08 , H04L63/164 , H04L63/166
摘要: Adaptive failover occurs between a Layer Three (L3) based network tunnel and a Layer Four (L4) based network tunnel. An example of a L4 based network tunnel is a Secure Sockets Layer (SSL) tunnel and an example of a L3 based network tunnel is an Internet Protocol Security (IPSec) tunnel. SSL tunnels work through most firewalls and proxies, but may introduce latency and other performance problems. IPSec tunnels provide a more efficient performance, but may not work through some firewalls and proxies. The techniques include dynamically selecting a tunneling protocol in order to achieve a more efficient network tunnel performance when possible while maintaining consistent L3 connectivity from a variety of remote network environments.
摘要翻译: 自适应故障切换发生在基于第三层(L3)的网络隧道和基于第四层(L4)的网络隧道之间。 基于L4的网络隧道的示例是安全套接字层(SSL)隧道,并且基于L3的网络隧道的示例是互联网协议安全(IPSec)隧道。 SSL隧道通过大多数防火墙和代理工作,但可能会引入延迟和其他性能问题。 IPSec隧道提供更高效的性能,但可能无法通过一些防火墙和代理。 这些技术包括动态选择隧道协议,以便在可能的情况下实现更有效的网络隧道性能,同时保持来自各种远程网络环境的一致的L3连接。
-
公开(公告)号:US08095786B1
公开(公告)日:2012-01-10
申请号:US11558293
申请日:2006-11-09
CPC分类号: H04L63/0272 , H04L63/164
摘要: Techniques are described for providing secure communication of network traffic from specific applications operating on a client device to a server device using a network-layer virtual private network (VPN). For example, a module on a client device may intercept network traffic from an application executing on the client device. The module may then determine whether to send the application-layer data through a network-layer VPN tunnel from the client device to a gateway device. This network-layer VPN tunnel may be defined by a network address of a physical adapter of the client device and a network address of the VPN gateway. In other words, there may be no need for the interposition of a VPN proxy on the client device. The module makes this determination on an application-by-application basis. The client device then forwards the application-layer data through the VPN tunnel based on the determination.
摘要翻译: 描述了用于使用网络层虚拟专用网络(VPN)在网络流量从客户端设备上运行的特定应用到服务器设备的安全通信的技术。 例如,客户端设备上的模块可以拦截来自在客户端设备上执行的应用的网络流量。 然后,该模块可以确定是否通过网络层VPN隧道从客户端设备向网关设备发送应用层数据。 该网络层VPN隧道可以由客户端设备的物理适配器的网络地址和VPN网关的网络地址来定义。 换句话说,可能不需要在客户端设备上插入VPN代理。 该模块在逐个应用程序的基础上做出这一决定。 然后,客户端设备基于该确定通过VPN隧道转发应用层数据。
-
公开(公告)号:US08230415B1
公开(公告)日:2012-07-24
申请号:US11685374
申请日:2007-03-13
摘要: A network system includes an access control device and a client device. The access control device provides access to an enterprise network using a virtual private network (VPN) and provides a software update package to the client device. The client device includes an operating system that maintains a user context for a user having restricted privileges and a system context having elevated privileges. The client device further includes a user-level setup module, a system-level installation service and a user-level installation service. The setup module, system-level installation service and the user-level installation service interact to provide on-demand advertisement and installation of authorized software update packages on computing devices when needed by the user without requiring action by an administrator.
摘要翻译: 网络系统包括访问控制设备和客户端设备。 访问控制设备使用虚拟专用网(VPN)提供对企业网络的访问,并向客户端设备提供软件更新包。 客户端设备包括维护具有受限特权的用户的用户上下文和具有提升的特权的系统上下文的操作系统。 客户端设备还包括用户级安装模块,系统级安装服务和用户级安装服务。 安装模块,系统级安装服务和用户级安装服务进行交互,以在用户需要时在计算设备上提供按需广告和安装授权软件更新包,而无需管理员的操作。
-
4.发明授权Ordering of multiple plugin applications using extensible layered service provider with network traffic filtering 失效使用具有网络流量过滤的可扩展分层服务提供商订购多个插件应用程序
公开(公告)号:US6148336A
公开(公告)日:2000-11-14
申请号:US42306
申请日:1998-03-13
IPC分类号: H04L12/24 , H04L29/06 , G06F15/173
CPC分类号: H04L69/16 , H04L41/0893 , H04L69/162 , H04L69/165
摘要: Low-level network services are provided by network-service-provider plugins. These plugins are controlled by an extensible service provider that is layered above the TCP layer but below the Winsock-2 library and API. The extensible service provider orders the plugins based on the function performed by each plugin and on ordering hints. Plugins that redirect the protocol or socket are executed first. Plugins that examine packets or block entire packets are executed before plugins that modify packets. Plugins that compress or encrypt data are executed last for outgoing packets. Ordering hints cause a plugin to be executed before or after others in its functional class. Ordering allows examining plugins that simply read data get to the packets before an encrypting or compressing plugin renders the data unreadable. The extensible service provider has a plugin manager that orders and controls execution of the plugins. A filter manager evaluates one or more packet-filters. Filters are bound to plugins by binding objects; each socket has its own binding list of filters and plugins. Execution of some plugins can be skipped when filters bound to them do not match packets sent or received. Well-ordered plugins transparently provide a variety of network services such as content-filtering and blocking, encryption and compression, and statistics-gathering.
摘要翻译: 低级网络服务由网络服务提供商插件提供。 这些插件由位于TCP层之上但低于Winsock-2库和API的可扩展服务提供商控制。 可扩展服务提供商根据每个插件执行的功能和订购提示方式订购插件。 首先执行重定向协议或套接字的插件。 在修改数据包的插件之前执行检查数据包或阻止整个数据包的插件。 压缩或加密数据的插件最后执行输出数据包。 排序提示导致插件在其功能类中之前或之后执行。 订购允许检查在加密或压缩插件呈现数据不可读之前简单读取数据的插件到数据包。 可扩展服务提供商具有一个插件管理器,用于命令和控制插件的执行。 过滤器管理器评估一个或多个数据包过滤器。 过滤器通过绑定对象绑定到插件; 每个套接字都有自己的过滤器和插件绑定列表。 当绑定到它们的过滤器不匹配发送或接收的数据包时,可以跳过某些插件的执行。 良好的插件透明地提供各种网络服务,如内容过滤和封锁,加密和压缩以及统计收集。
-
5.发明授权Client-side application-classifier gathering network-traffic statistics and application and user names using extensible-service provider plugin for policy-based network control 失效客户端应用程序分类器使用可扩展服务提供程序插件收集网络流量统计信息和应用程序和用户名,用于基于策略的网络控制
公开(公告)号:US06141686A
公开(公告)日:2000-10-31
申请号:US103339
申请日:1998-06-23
CPC分类号: H04L41/065 , H04L41/0893 , H04L69/16 , H04L69/162 , H04L69/165
摘要: Low-level network services are provided by network-service-provider plugins. These plugins are controlled by an extensible service provider that is layered above the TCP or other protocol layer but below the Winsock-2 library and API. Policy servers determine priority of network traffic through control points on a network. Examining packets passing through these control points provides limited data such as the source and destination IP address and TCP ports. Many applications on a client machine may use the same IP address and TCP ports, so packet examination is ineffective for prioritizing data from different applications on one client machine. Often some applications such as videoconferencing or data-entry for corporate sales are more important than other applications such as web browsing. A application-classifier plugin to the extensible service provider intercepts network traffic at above the client's TCP/IP stack and associates applications and users with network packets. These associations and statistics such as maximum, average, and instantaneous data rates and start and stop time are consolidated into tables. The policy server can query these tables to find which application is generating network traffic and prioritize the traffic based on the high-level application. Bandwidth-hogging applications such as browsers can be identified from the statistics and given lower priority.
摘要翻译: 低级网络服务由网络服务提供商插件提供。 这些插件由位于TCP或其他协议层之上但Winsock-2库和API之下的可扩展服务提供商控制。 策略服务器通过网络上的控制点确定网络流量的优先级。 检查通过这些控制点的数据包提供有限的数据,如源和目标IP地址和TCP端口。 客户端机器上的许多应用程序可能使用相同的IP地址和TCP端口,因此,在一台客户机上对来自不同应用程序的数据进行优先级分组检测是无效的。 通常,诸如视频会议或企业销售的数据输入之类的应用程序比其他应用程序(如Web浏览)更为重要。 可扩展服务提供商的应用程序分类器插件拦截客户端TCP / IP堆栈上方的网络流量,并将应用程序和用户与网络数据包相关联。 这些关联和统计信息(如最大值,平均值和瞬时数据速率以及启动和停止时间)合并到表中。 策略服务器可以查询这些表,以查找哪个应用程序正在生成网络流量,并根据高级应用程序对流量进行优先级排序。 可以从统计信息中确定带宽占用应用程序(如浏览器),并给予较低优先级。
-
-
-
-
搜索结果
5 条记录 (耗时 0.032 秒)
