Abstract: Provided herein are systems and methods for configuring a segmented cloud based network based on separate Internet Protocol (IP) segments, comprising receiving instructions to create one or more additional private virtual networks as respective additional segments in a multi-tenant multi-regional cloud based network segmented to a plurality of segments each mapped by a respective IP address range, calculating one or more non-conflicting new IP address range based on analysis of the IP address range of each of the segments, allocating a respective new IP address range to each additional segment, and deploying automatically one or more gateways. The gateways are configured to connect one or more client devices to the additional segment(s) by assigning each client device an IP address in the respective new IP address range and routing network packets between the client devices and the respective additional segment according to mapping of the respective new IP address range.

Abstract: Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

Abstract: Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

Abstract: Provided herein are systems and methods for configuring a segmented cloud based network based on separate Internet Protocol (IP) segments, comprising receiving instructions to create one or more additional private virtual networks as respective additional segments in a multi-tenant multi-regional cloud based network segmented to a plurality of segments each mapped by a respective IP address range, calculating one or more non-conflicting new IP address range based on analysis of the IP address range of each of the segments, allocating a respective new IP address range to each additional segment, and deploying automatically one or more gateways. The gateways are configured to connect one or more client devices to the additional segment(s) by assigning each client device an IP address in the respective new IP address range and routing network packets between the client devices and the respective additional segment according to mapping of the respective new IP address range.

Abstract: Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

Abstract: Provided herein are systems and methods for configuring a segmented cloud based network based on separate Internet Protocol (IP) segments, comprising receiving instructions to create one or more additional private virtual networks as respective additional segments in a multi-tenant multi-regional cloud based network segmented to a plurality of segments each mapped by a respective IP address range, calculating one or more non-conflicting new IP address range based on analysis of the IP address range of each of the segments, allocating a respective new IP address range to each additional segment, and deploying automatically one or more gateways. The gateways are configured to connect one or more client devices to the additional segments) by assigning each client device an IP address in the respective new IP address range and routing network packets between the client devices and the respective additional segment according to mapping of the respective new IP address range.

Abstract: Provided herein are systems, devices and methods for applying address translation to network traffic originating from client devices having dynamic Internet Protocol (IP) addresses to support IP based security measures using a gateway configured to connect a plurality of client devices used by a plurality of users to a plurality of cloud based networks. The gateway may receive, from a client device assigned a dynamic IP address, credentials of a user using the respective client device, access a translation record mapping the user, identified by his credentials, to a respective unique static IP address, adjust a source address of each packet received from the client device to include the static IP address, and forward each adjusted packet to a security engine configured to apply security policy(s) to each adjusted packet before transmitting it to the cloud based network(s). The security policy(s) is applied according to the static IP address.

Abstract: Provided herein are systems and methods for configuring a segmented cloud based network based on separate Internet Protocol (IP) segments, comprising receiving instructions to create one or more additional private virtual networks as respective additional segments in a multi-tenant multi-regional cloud based network segmented to a plurality of segments each mapped by a respective IP address range, calculating one or more non-conflicting new IP address range based on analysis of the IP address range of each of the segments, allocating a respective new IP address range to each additional segment, and deploying automatically one or more gateways. The gateways are configured to connect one or more client devices to the additional segments) by assigning each client device an IP address in the respective new IP address range and routing network packets between the client devices and the respective additional segment according to mapping of the respective new IP address range.

Abstract: Provided herein are systems, devices and methods for applying address translation to network traffic originating from client devices having dynamic Internet Protocol (IP) addresses to support IP based security measures using a gateway configured to connect a plurality of client devices used by a plurality of users to a plurality of cloud based networks. The gateway may receive, from a client device assigned a dynamic IP address, credentials of a user using the respective client device, access a translation record mapping the user, identified by his credentials, to a respective unique static IP address, adjust a source address of each packet received from the client device to include the static IP address, and forward each adjusted packet to a security engine configured to apply security policy(s) to each adjusted packet before transmitting it to the cloud based network(s). The security policy(s) is applied according to the static IP address.

Abstract: Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include associating a token with a computing device, defining preferences for the computing device, and conveying, by the computing device, the token and the preferences to an event processing system. Upon the event processing system, an event message from a computing system via a one-way firewall and matching the computing device preferences to the event message, the event processing system can convey the token and the event message to a push notification system. In some embodiments, upon the push notification service receiving the token and the event message, the mobile device can be identified based on the token, and the event message can be conveyed to the computing device. The event messages may include a severity level, and the preferences may include a severity threshold and a message detail level.

Abstract: System and method for automatically establishing a Virtual Private Network (VPN) link between a mobile device and a VPN server over an unsecure wireless network, comprising, at the mobile device, detecting an attempt to establish a wireless connection to the internet via an unsecure wireless network, probing the unsecure wireless network to determine accessibility over the unsecure wireless network to a VPN server, automatically initializing, based on the determination, a VPN client, the VPN client executed to establishes a VPN link between the mobile device and the VPN server over the unsecure wireless network, directing network traffic of the mobile device through the VPN link and automatically terminating the VPN client when the mobile device disconnects from the unsecure wireless network.

Abstract: Receive output dynamically generated by a running program and check that output for spelling, grammar, and/or other usage errors, providing notice to a user of any errors found. The dynamically generated output includes an assembly of component parts not statically assigned in a predetermined configuration or with predetermined content, but rather generated and/or configured by the executing program as it runs.

Abstract: A multilayered context enriched text translation interface includes a simulation layer comprising one or more text objects and a translation layer. The interface displays one or more mimicked views of an application GUI in the simulation layer. Subsequent to a user engaging a text object, the interface displays a prompt for a text translation of the text object within a translation layer. In certain embodiments, the mimicked views are graphical reproductions of the application GUI pages with functionality of one or more text objects of the application GUI disabled. In certain embodiments, the prompt includes an accentuation objects to visually accentuate the text object, a text-editing object to receive the text translation of the text object, and a link object to visually connect the accentuation objects and text-editing object.

Abstract: A method of automatically establishing a Virtual Private Network (VPN) over an unsecure wireless network, comprising using one or more processors of a mobile device for detecting an attempt to establish a wireless connection to the internet via an unsecure wireless network, probing the unsecure wireless network to determine accessibility over the unsecure wireless network to a VPN server, initializing automatically a VPN client based on the determination, the VPN client executed by the one or more processors establishes a VPN link to the VPN server over the unsecure wireless network, directing network traffic of the mobile device through the VPN link and terminating automatically the VPN client when the mobile device disconnects from the unsecure wireless network.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include associating a token with a computing device, defining preferences for the computing device, and conveying, by the computing device, the token and the preferences to an event processing system. Upon the event processing system, an event message from a computing system via a one-way firewall and matching the computing device preferences to the event message, the event processing system can convey the token and the event message to a push notification system. In some embodiments, upon the push notification service receiving the token and the event message, the mobile device can be identified based on the token, and the event message can be conveyed to the computing device. The event messages may include a severity level, and the preferences may include a severity threshold and a message detail level.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include detecting, by a file-level storage system such as a network attached storage system, a user operating a first computer in communication with the file level storage system via a network, and maintaining, while the user is operating the first computer, multiple states for the user. In some embodiments, the user may operate the first computer by logging on to the first computer, and executing one or more applications and data files. Upon detecting the user operating a second computer in communication with the file level storage system via the network, the file-level storage system can synchronize applications and data files on the second computer to the multiple states. In embodiments of the present invention, the user operates the second computer by logging on to the second computer while still logged on to the first computer.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include storing multiple files to a file-level storage system that includes one or more storage devices, and maintaining, by the file-level storage system, one or more searchable indexes for the multiple files, each of the indexes indexing a respective key field. In some embodiments the file-level storage system may be configured as a network attached storage system. Upon receiving, via a network, a search query from a computer, the file-level storage system can identify, using the one or more searchable indexes, one or more of the multiple files that match the search query, and convey, to the computer, the respective name and the respective location of each of the one or more identified files. In some embodiments, the file-level storage system includes a web server exposing a representational state transfer application programming interface.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include associating a token with a computing device, defining preferences for the computing device, and conveying, by the computing device, the token and the preferences to an event processing system. Upon the event processing system, an event message from a computing system via a one-way firewall and matching the computing device preferences to the event message, the event processing system can convey the token and the event message to a push notification system. In some embodiments, upon the push notification service receiving the token and the event message, the mobile device can be identified based on the token, and the event message can be conveyed to the computing device. The event messages may include a severity level, and the preferences may include a severity threshold and a message detail level.

Abstract: A multilayered context enriched text translation interface includes a simulation layer comprising one or more text objects and a translation layer. The interface displays one or more mimicked views of an application GUI in the simulation layer. Subsequent to a user engaging a text object, the interface displays a prompt for a text translation of the text object within a translation layer. In certain embodiments, the mimicked views are graphical reproductions of the application GUI pages with functionality of one or more text objects of the application GUI disabled. In certain embodiments, the prompt includes an accentuation objects to visually accentuate the text object, a text-editing object to receive the text translation of the text object, and a link object to visually connect the accentuation objects and text-editing object.