Abstract: Systems and techniques are described for providing visibility into encrypted traffic without requiring access to the private key. Some embodiments can transparently intercept a secure connection handshake that establishes a secure connection between a client and a server, wherein during said transparently intercepting the secure connection handshake, the embodiments can (1) obtain connection information associated with the secure connection, and (2) obtain a session key that the client and server agree on during the secure connection handshake. The connection information and the session key can then be stored in a database, thereby providing visibility into encrypted traffic without requiring access to the private key.

Abstract: Systems and techniques are described for dynamically influencing route re-distribution between an exterior gateway protocol (EGP) and an interior gateway protocol (IGP). Some embodiments can dynamically influence which routes are re-distributed into the IGP network for use in cases where traffic destined to that particular remote site is desired to be steered on the desired network/border router. Moreover, some embodiments can dynamically influence route re-distribution from the IGP network to the EGP network for particular destinations so that traffic entering the local site is attracted over a particular network/border router.

Abstract: In a network including WAN accelerators and segment-oriented file servers, a method comprises responding to a client request to manipulate a file via a network file protocol by receiving a first request at a first WAN accelerator, wherein the request is a request to open a file located at a file server that is a segment-oriented file server, sending a local request for the file, corresponding to the first request, from the WAN accelerator to the file server, using a segment-aware network request protocol, returning at least a portion of the requested file in the form of a representation of a data map corresponding to the at least a portion of the requested file stored on the file server and using a data map for reconstruction of the requested file.

Abstract: A method and system that takes advantage of processes that are efficient for determining the topology of small to medium size networks to determine individual network topologies for such networks, and then merges these individual topologies into a consolidated topology for the entire network. Each of the processes that determines the topology of the smaller networks provides the determined network topology, as well as a list of factors that may be relevant in the determination of how the given topology might be attached to any other given topology, such as the identification of a node that is not included in the given topology, or other indications of external connections. The merging process is configured to substantially restrict its analysis to these factors, thereby limiting the extent, and therefore the time consumed, by this stitching and merging process.

Abstract: Systems and techniques are described for caching resources. Multiple distinct resource identifiers that correspond to the same resource can be automatically collected, wherein the multiple distinct resource identifiers are included in resource requests that are sent from at least one client to at least one server. Next, a key can be automatically determined that matches the multiple distinct resource identifiers by analyzing the multiple distinct resource identifiers. A resource request can be received from a client that includes a resource identifier, and in response to determining that the resource identifier matches the key, the resource can be sent to the client.

Abstract: Systems and techniques are described for optimizing network traffic by transparently intercepting a transport layer connection after connection establishment. Specifically, an intermediary device can monitor communications between two computers while a transport layer connection that uses a transport layer protocol is being established between the two computers. While monitoring communications, the intermediary device can save transport layer protocol state information associated with the transport layer connection that is being established. The intermediary device can then use the saved transport layer protocol state information to transparently intercept the transport connection.

Abstract: The disclosed embodiments provide a system that modifies execution of a target process in a computer system. During loading of a marker library by a target process, the system modifies import dependency data of the marker library to include an injection library as a dependency of a marker library. After the modified import dependency data is used to load the injection library into the target process by the operating system or loader, the system executes the injection library prior to execution of the marker library to revert the import dependency data to an original state and modify execution of the target process.

Abstract: Embodiments provide a data persisting mechanism that allows for efficient, unobtrusive persisting of large volumes of data while optimizing the use of system resources by the persisting process. In an embodiment, the persisting process includes a self-tuning algorithm that constantly monitors persistence performance and that adjusts persistence time to maintain performance within user-defined criteria. From one aspect, this allows the persisting process to seamlessly adapt to changes in system environment (speeding up persistence during times of low processor usage and slowing down persistence during times of high processor usage) and to reduce or eliminate CPU spikes caused by persisting process. From another aspect, the persisting process results in the data being persisted as quickly as possible given the system constraints, thereby minimizing the possibility of data loss.

Abstract: Systems and techniques are described for path selection. A packet can be transparently intercepted at an intermediary device. Next, the intermediary device may modify one or more bits in the header of the packet. The intermediary device can then forward the packet to the next hop device. In some network configurations, the modifications to the one or more bits in the header of the packet may cause a downstream device to select a path that is different from the path that would have been selected by the downstream device if the one or more bits in the header of the packet had not been modified. A path selection policy can be used to determine whether or not one or more bits in the header of the packet are to be modified.

Abstract: A network analysis system provides for a user-definable display of information related to messages communicated on the network. The network analysis system includes one or more display formats that provide a display of message exchanges between nodes of a network, and a display augmenter that provides additional information on the display based on a user-defined visualization. The user defined visualization includes augmenting the display based on user-defined coloring characteristics and/or augmenting the display with user-defined labels. To further facilitate user control of the augmentation of the display, the system accepts user-defined programs for discriminating among messages, for controlling the labeling of messages, and for controlling the coloring of messages and labels. Commonly used user-defined characteristics and labels are stored in a library, for use via a selection from among the library entries.

Abstract: Systems and techniques are described for optimizing secure communications. Specifically, a first intermediary and a second intermediary can split-terminate a secure connection handshake or a handshake renegotiation between two computing devices. The first and second intermediaries can then optimize secure communications between the two computing devices.

Abstract: The present invention relates to correlating requests between a client and a server to a particular transaction. In one embodiment, transactions in a system of clients and servers are monitored and traced. From this information, a context comprising sets or groupings of transaction call sequences are determined. For example, a sequence of method calls on a client process is traced to a socket carrying data for transmission of a request message to a server. In response to this request message, the server then executes a set of method calls that can be correlated to the request message and the socket. This set of actions is considered part of a causally related grouping, and thus, associated together. In one embodiment, HTTP requests from a client may be comprise a unique custom header that is readily identified and traced. For other protocols, a client socket is associated with a corresponding server socket or to data received over a socket receive call.

Abstract: Systems and techniques are described for path selection. A packet can be transparently intercepted at an intermediary device. Next, the intermediary device may modify one or more bits in the header of the packet. The intermediary device can then forward the packet to the next hop device. In some network configurations, the modifications to the one or more bits in the header of the packet may cause a downstream device to select a path that is different from the path that would have been selected by the downstream device if the one or more bits in the header of the packet had not been modified. A path selection policy can be used to determine whether or not one or more bits in the header of the packet are to be modified.

Abstract: Embodiments provide systems, methods, and computer program products for dynamically hooking multiple levels of application code. A server receives identifying information that identifies a target function of a target application to hook. The server pauses a target process of the target application. The server locates the target function within the target application code based on the received identifying information. The server then hooks the located function outside of the target application, thereby creating hooked code during application runtime.

Abstract: The present invention relates to displaying data in a time-aligned fashion. A dashboard may have a defined time window and a plurality of graphs for various types of monitoring data metrics. Updates to each of the graphs may occur at different intervals while the graphs stay aligned to the same time window. The updates may be asynchronously received and displayed in the dashboard in real-time or near real-time. The graphs are aligned to the same time window in a dashboard by adding a future time buffer. When the live data reaches the end of the time window, the future time buffer allows a brief overflow period for updates to be added to the graphs while keeping all the graphs on a common time axis. Once the current time reaches the end of the future time buffer, the dashboard is then shifted forward and a future time buffer is added.

Abstract: In a network that includes intermediary nodes, such as WAN accelerators, that transform messages between nodes, an end-to-end path of the messages is determined. The determined end-to-end path is used in subsequent analyses of message traces, to identify timing and other factors related to the performance of the network relative to the propagation of these messages, including the propagation of the transformed messages. A variety of techniques are presented for determining the path of the messages, depending upon the characteristics of the collected trace data. Upon determining the message path, the traces are synchronized in time and correlations between the connections along the path are determined, including causal relationships. In a preferred embodiment, a user identifies an application process between or among particular nodes of a network, and the system provides a variety of formats for viewing statistics related to the performance of the application on the network.

Abstract: A system, method, and apparatus are provided for establishing a secure, split-terminated, communication connection between a client and a server (or two other communicants), without exposing to possible compromise one or more private keys used at an intermediate device to establish the communication connection. The private key(s) is or are stored on a key server that is separate from the intermediate device and from any other devices whose private keys are also stored on the key server. During the handshaking to establish the communication connection, one or more handshaking messages (or components of the messages) are submitted to the key server, by the intermediate device, for encryption or decryption with the corresponding key(s). The resulting encrypted or decrypted information is returned to the intermediate device for further action (e.g., to be forwarded or processed).

Abstract: Systems and techniques are described for optimizing communications between a client and a server. Specifically, in some embodiments, an executing script on a client can send a resource request to a server. In response, the server can send an optimized version of the resource back to the client. The client can then reconstruct the resource from the optimized version of the resource.

Abstract: A network health monitoring application computes aggregate reports of network health by combining status results from a group of segments to render a summary health status indicative of the entire group. Individual status values result from policies, which monitor various segments and metrics, or performance parameters (such as byte counts or retransmissions), concerned with providing a particular service. The policies form a hierarchy defining the general or specific nature of the segments included in the policy according to a range of attributes, in which the attributes define a scope of the segments included in the policy group. Multiple metrics gathered on each segment allow filtering by polices based on the metric, rather than the attribute (hierarchy level), thus lending a hierarchy filtering based on “vertical” slices of the hierarchy, allowing the user flexibility to filter on specific attribute values while still computing aggregate health at a particular attribute level.

Abstract: Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. Virtual storage arrays overcome bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the semantics and structure of high-level data structures associated with storage blocks to predict which storage blocks are likely to be requested by a storage client. Virtual storage arrays may use proximity-based, heuristic-based, and access time-based prefetching to predict high-level data structure entities that are likely to be accessed by the storage client. Virtual storage arrays then identify and prefetch storage blocks corresponding with the predicted high-level data structure entities.