Abstract: The present invention leverages an existing content delivery network infrastructure to provide a system that enhances performance for any application that uses the Internet Protocol (IP) as its underlying transport mechanism. An overlay network comprises a set of edge nodes, intermediate nodes, and gateway nodes. This network provides optimized routing of IP packets. Internet application users can use the overlay to obtain improved performance during normal network conditions, to obtain or maintain good performance where normal default BGP routing would otherwise force the user over congested or poorly performing paths, or to enable the user to maintain communications to a target server application even during network outages.

Abstract: A method and system of load balancing application server resources operating in a distributed set of servers is described. In a representative embodiment, the set of servers comprise a region of a content delivery network. Each server is the set typically includes a server manager process, and an application server on which edge-enabled applications or application components are executed. As service requests are directed to servers in the region, the application servers manage the requests in a load-balanced manner, and without any requirement that a particular application server be spawned on-demand.

Abstract: An archival storage cluster of preferably symmetric nodes includes a metadata management system that organizes and provides access to given metadata, preferably in the form of metadata objects. Each metadata object may have a unique name, and metadata objects are organized into regions. Preferably, a region is selected by hashing one or more object attributes (e.g., the object's name) and extracting a given number of bits of the resulting hash value. The number of bits may be controlled by a configuration parameter. Each region is stored redundantly. A region comprises a set of region copies. In particular, there is one authoritative copy of the region, and zero or more backup copies. The number of backup copies may be controlled by a configuration parameter. Region copies are distributed across the nodes of the cluster so as to balance the number of authoritative region copies per node, as well as the number of total region copies per node.

Abstract: An archive cluster application runs in a distributed manner across a redundant array of independent nodes. Each node preferably runs a complete archive cluster application instance. A given nodes provides a data repository, which stores up to a large amount (e.g., a terabyte) of data, while also acting as a portal that enables access to archive files. Each symmetric node has a set of software processes, e.g., a request manager, a storage manager, a metadata manager, and a policy manager. The request manager manages requests to the node for data (i.e., file data), the storage manager manages data read/write functions from a disk associated with the node, and the metadata manager facilitates metadata transactions and recovery across the distributed database. The policy manager implements one or more policies, which are operations that determine the behavior of an “archive object” within the cluster. The archive cluster application provides object-based storage.

Abstract: A multimedia business communications platform enables conference casting over a network. End users or so-called “audience members” participate in conference casts from anywhere on the Internet or behind an enterprise firewall using a standard Web browser running a streaming media player. The conference platform typically includes a number of subsystems: a Web reservation subsystem, a voice server subsystem, a content storage subsystem, a monitoring data subsystem, an attendee access subsystem, and an archive subsystem. Web reservation subsystem provides a mechanism that enables an entity to make an event reservation. Web reservation subsystem typically includes a database and an associated database management system. Voice server subsystem validates a user and converts an incoming telephone signal (i.e., the conference call) to an output data stream. Attendee access subsystem responds to attendee requests and returns information (e.g.

Abstract: A method for content storage on behalf of participating content providers begins by having a given content provider identify content for storage. The content provider then uploads the content to a given storage site selected from a set of storage sites. Following upload, the content is replicated from the given storage site to at least one other storage site in the set. Upon request from a given entity, a given storage site from which the given entity may retrieve the content is then identified. The content is then downloaded from the identified given storage site to the given entity. In an illustrative embodiment, the given entity is an edge server of a content delivery network (CDN).

Abstract: An automatic channel selection (ACS) process enables an access point to determine a best channel available, i.e., the channel with a least amount of interference, for it operation. When ACS is enabled, the access point scans frequencies for all neighboring access points and their signal strengths. Based on this data, the access point then determines which frequency is least likely to be interfered with by these other access points. The access point switches itself to this frequency and begins operation. During normal operation, the access point may periodically rescan the air space and reevaluate its current operating channel. Preferably, every neighboring access point has its own channel, and the co-channel interference levels should be low enough so that there is a maximum coverage and high throughput for the network. If these characteristics cannot be achieved, the access point may then adjust its power automatically to reduce the interference level in the network.

Abstract: Fast recovery from losses is an important problem for reliable data communication protocols. The Internet standard TCP protocol (Transmission Control Protocol) implements two algorithms for that: an original one based on a special timer, and a later addition to TCP that is triggered when there are three packets received by the client after the missing one. Web communications are most frequently carrying rather small objects that are generally ineligible for anything other than timeout-based retransmission schemes. The present invention describes a system delivering performance improvements to TCP (and other reliable data communication protocols) that are compliant with present Internet standards. One improvement is to send duplicates of packets without waiting for a timeout to occur. Another is to split particular parts of a data stream into smaller packets. A third is to send packets out-of-order to force the remote host to acknowledge all packets that were successfully received.

Abstract: A tiered distribution service is provided in a content delivery network (CDN) having a set of surrogate origin (namely, “edge”) servers organized into regions and that provide content delivery on behalf of participating content providers, wherein a given content provider operates an origin server. According to the invention, a cache hierarchy is established in the CDN comprising a given edge server region and either (a) a single parent region, or (b) a subset of the edge server regions. In response to a determination that a given object request cannot be serviced in the given edge region, instead of contacting the origin server, the request is provided to either the single parent region or to a given one of the subset of edge server regions for handling, preferably as a function of metadata associated with the given object request. The given object request is then serviced, if possible, by a given CDN server in either the single parent region or the given subset region.

Abstract: An Internet content delivery network deploys one or more CDN server regions in an enterprise and manages those regions as part of the Internet CDN. In one aspect of the invention, a CDN service provider (CDNSP) deploys one or more CDN regions behind an enterprise's corporate firewall(s). The regions are used to deliver Internet content—content that has been tagged or otherwise made available for delivery over the Internet from the CDN's content servers. This content includes, for example, content that given content providers have identified is to be delivered by the CDN. In addition, the enterprise may tag intranet content, which is then also served from the CDN regions behind the firewall. Intranet content remains secure by virtue of using the enterprise's existing security infrastructure.

Abstract: A content delivery network is enhanced to provide for delivery of cacheable markup language content files such as HTML. To support HTML delivery, the content provider provides the CDNSP with an association of the content provider's domain name (e.g., www.customer.com) to an origin server domain name (e.g., html.customer.com) at which one or more default HTML files are published and hosted. The CDNSP provides its customer with a CDNSP-specific domain name. The content provider, or an entity on its behalf, then implements DNS entry aliasing (e.g., a CNAME of the host to the CDNSP-specific domain) so that domain name requests for the host cue the CDN DNS request routing mechanism. This mechanism then identifies a best content server to respond to a request directed to the customer's domain.

Abstract: A real-time approach for detecting aberrant modes of system behavior induced by abnormal and unauthorized system activities that are indicative of an intrusive, undesired access of the system. This detection methodology is based on behavioral information obtained from a suitably instrumented computer program as it is executing. The theoretical foundation for the present invention is founded on a study of the internal behavior of the software system. As a software system is executing, it expresses a set of its many functionalities as sequential events. Each of these functionalities has a characteristic set of modules that is executed to implement the functionality. These module sets execute with clearly defined and measurable execution profiles, which change as the executed functionalities change. Over time, the normal behavior of the system will be defined by the boundary of the profiles.

Abstract: A remote access session is established between client and host computers with the assistance of a gateway. The gateway requests the host computer to send a plurality of data packets to different external addresses and monitors the network ports used for these outgoing packets. The gateway then uses the network port information to predict which port the host will use to transmit future outgoing data packets. A similar process is performed on the client computer. The gateway then directs the client computer to send further data packets to the network address and the predicted port of the host computer. Similarly, the host computer is directed to send further data packets to the network address and predicted port of the client computer. The computers are then directly connected together so that further data communications bypass the gateway.

Abstract: A data management system or “DMS” provides an automated, continuous, real-time, substantially no downtime data protection service to one or more data sources associated with a set of application host servers. To facilitate the data protection service, a host driver embedded in an application server captures real-time data transactions, preferably in the form of an event journal that is provided to other DMS components. The driver functions to translate traditional file/database/block I/O and the like into a continuous, application-aware, output data stream. The host driver includes an event processor. When a data protection command for a given data source is forwarded to a host driver, the event processor enters into an initial upload state. During this state, the event processor gathers a list of data items of the data source to be protected and creates a data list. Then, the event processor moves the data (as an upload, preferably one data element at a time) to a DMS core to create initial baseline data.

Abstract: An automatic channel selection (ACS) process enables an access point to determine a best channel available, i.e., the channel with a least amount of interference, for it operation. When ACS is enabled, the access point scans frequencies for all neighboring access points and their signal strengths. Based on this data, the access point then determines which frequency is least likely to be interfered with by these other access points. The access point switches itself to this frequency and begins operation. During normal operation, the access point may periodically rescan the air space and reevaluate its current operating channel. Preferably, every neighboring access point has its own channel, and the co-channel interference levels should be low enough so that there is a maximum coverage and high throughput for the network. If these characteristics cannot be achieved, the access point may then adjust its power automatically to reduce the interference level in the network.

Abstract: An automatic channel selection (ACS) process enables an access point to determine a best channel available, i.e., the channel with a least amount of interference, for it operation. When ACS is enabled, the access point scans frequencies for all neighboring access points and their signal strengths. Based on this data, the access point then determines which frequency is least likely to be interfered with by these other access points. The access point switches itself to this frequency and begins operation. During normal operation, the access point may periodically rescan the air space and reevaluate its current operating channel. Preferably, every neighboring access point has its own channel, and the co-channel interference levels should be low enough so that there is a maximum coverage and high throughput for the network. If these characteristics cannot be achieved, the access point may then adjust its power automatically to reduce the interference level in the network.

Abstract: The present invention implements a multimedia business communications platform that enables conference casting over a network. End users or so-called “audience members” participate in conference casts from anywhere on the Internet or behind an enterprise firewall using a standard Web browser running a streaming media player. The conference platform typically includes a number of subsystems: a Web reservation subsystem, a voice server subsystem, a content storage subsystem, a monitoring data subsystem, an attendee access subsystem, and an archive subsystem. Web reservation subsystem provides a mechanism that enables an entity to make an event reservation. Web reservation subsystem typically includes a database and an associated database management system. Voice server subsystem validates a user and converts an incoming telephone signal (i.e., the conference call) to an output data stream. Attendee access subsystem responds to attendee requests and returns information (e.g.

Abstract: A domain to be published to an enterprise ECDN is associated with a set of one or more enterprise zones configurable in a hierarchy. When a DNS query arrives for a hostname known to be associated with given content within the control of the ECDN, a DNS server responds by: (a) handing back an IP address, e.g., for an ECDN intelligent node that knows how to obtain the requested content from a surrogate or origin server; (b) executing a zone referral to a next (lower) level name server in a zone hierarchy, or (c) CNAMing to another hostname. In the latter case, this new CNAME causes the resolution process to start back at the root and resolve a new path, probably along a different path in the hierarchy. At any particular level in the zone hierarchy, preferably there is an associated zone server. That server executes logic that applies the requested hostname against a map that may be generated from given performance metrics.

Abstract: A method for content storage on behalf of participating content providers begins by having a given content provider identify content for storage. The content provider then uploads the content to a given storage site selected from a set of storage sites. Following upload, the content is replicated from the given storage site to at least one other storage site in the set. Upon request from a given entity, a given storage site from which the given entity may retrieve the content is then identified. The content is then downloaded from the identified given storage site to the given entity. In an illustrative embodiment, the given entity is an edge server of a content delivery network (CDN).

Abstract: A method is provided for processing an application on an edge server, wherein the application comprises a set of defined presentation, code and data components, each of which are preferably URI-addressable objects. In response to a client request, the presentation, code and data components are processed according to a set of metadata to generate a response, and the response is delivered to the client. The presentation components are typically content such as HTML fragments, WML fragments, or some combination thereof. The code components are typically Java servlets or beans, XSLT style sheets, or some combination thereof. The data components are typically XML files, native database formatted files, and the like. Each of the presentation, code and data components may have a distinct management profile, cacheability profile, deployment profile, invalidation profile, and security profile. These profiles are settable via metadata or other similar means.