Abstract: A method for controlling a virtual meeting includes receiving a meeting template including at least one rule. The rule or rules associated with the meeting template define a first time period relating a first virtual meeting session of a first endpoint computing device and a second time period relating to a second virtual meeting session of a second endpoint computing device. The method further includes causing, responsive to the rule(s), a first audio mute/unmute action to occur in the first virtual meeting session at or prior to an expiration of the first time period. The method further includes causing a second audio mute/unmute action to occur in the second virtual meeting session at or prior to a start of the second time period, where the second time period is different from with the first time period.

Abstract: In one aspect, the present disclosure relates to a method including: receiving, by a client device, a request to access content stored on a remote server; determining, by the client device, that the requested content includes sensitive information based on a user profile associated with the client device; modifying, by the client device, the requested content in response to the determination that the content includes sensitive information; and providing, by client device, access to the modified content in place of the requested content that includes the sensitive information.

Abstract: Systems and methods for controlling access to a mobile device. A method for unlocking a mobile device includes detecting a user input comprising two or more user actions performed at one or more physical input buttons of the mobile device when the mobile device is in a lock state. The lock state prevents use of at least one functionality of the mobile device. Each user action corresponds to a code. The method also includes determining whether the detected user input is valid, and changing a state of the mobile device from the lock state to an unlock state to enable the use of the at least one functionality of the mobile device if the detected user input is valid.

Abstract: In one disclosed method, a computing system receives, from a first remote device, a first request for a file and determines that at least a second remote device is within a proximity of the first remote device. The computing system further divides the file into at least a first portion and a second portion. The computing system further sends, to the first remote device, the first portion of the file and sends, to the second remote device, the second portion of the file. The computing system further sends, to the second remote device, first data to enable the second remote device to establish a connection with the first remote device, for transfer of at least the second portion of the file to the first remote device via the connection with the second remote device.

Abstract: Described embodiments provide systems and methods for context aware frictionless authentication. A server may determine authentication method information, contextual scores and contextual weights of a device, in connection with a user request to access a resource via the device. The authentication method information may include a weight and a completion duration for each of a plurality of authentication methods available via the device. The server may determine an authentication score for each of the plurality of authentication methods using the authentication method information, the contextual scores and the contextual weights of the device. The server may identify a first authentication method from the plurality of authentication methods, according to the determined authentication score. The server may authenticate the user request via the first authentication method using a first device that supports the first authentication method.

Abstract: Techniques prepare a document for electronic signing. Such techniques involve identifying a set of signature fields common within the document, the set being for use with different pages of the document. Such techniques further involve, in response to identifying the set of signature fields, modifying content of the different pages to include the set of signature fields. Such techniques further involve outputting a prepared version of the document that includes the modified content of the different pages of the document.

Abstract: Described are systems and methods of detecting processes causing degradation of machine performance using heuristics. A device may identify a plurality of time intervals having a use of a resource on a machine above a threshold. The device may identify a percentage of the use of the resource by each of a plurality processes on the machine using the resource during each time interval of the plurality of time intervals. The device may determine a score for each process of the plurality processes based at least on a function of the percentage of the use of the resource over one or more of the plurality of time intervals in which each process used the resource. The device may provide, for display, a selection of one or more processes from the plurality of processes ranked by the score.

Abstract: Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.

Abstract: Systems and methods for supporting unauthenticated POST requests include a device arranged intermediary to a client and a server which receives an unauthenticated HTTP POST request from the client for the server. The unauthenticated HTTP POST request may include a body. The device may generate one more data objects for the body of the unauthenticated HTTP POST request. The device may transmit a request to cause an authentication of a user to the client. The request may include the data object(s) to be stored on the client. The device may receive an HTTP GET request including the data object(s) from the client responsive to authenticating the user. The device may generate an authenticated HTTP POST request corresponding to the unauthenticated HTTP POST request using the one or more data objects included in the HTTP GET request. The device may transmit the authenticated HTTP POST request to the server.

Abstract: Described embodiments provide systems, methods, computer readable media for determining risk metrics. A device may provide a risk model for a network environment. The risk model may include an input level and an output level. The input level may process first datasets each corresponding to a feature and a time window. The first datasets may include factors on access requests. The output level may generate a first aggregate risk metric of a first access request according to the datasets processed by the input level. The device may identify a second dataset corresponding to a second access request over the features and time windows. The device may determine a second aggregate risk metric by applying the second dataset to the risk model. The device may generate a response to the second access request according to an access control policy and the second aggregate risk metric.

Abstract: Systems and apparatuses for identifying root causes of events within an computing environment described herein. A causality network may be generated based on detected events in the computing environment. The causality network may be nodes for the events and directed edges showing the casual relations between the nodes. Conditional probability tables (CPTs) for the nodes may show the strength of the causal relations. When an event occurs, computing device may identify the node for the event in the causal network and traverse the causal network until a root cause node is identified. The computing device may output the root cause node and the path of traversal.

Abstract: Disclosed is a method involving identifying a first activity a user is to complete using a computing resource; causing a client device operated by the user to output a first notification concerning the first activity, the first notification including at least one first user interface element with which the user can interact to begin the first activity; determining an estimated time for the user to complete the first activity; and causing the client device to output an indication of the estimated time in association with the first notification.

Abstract: Disclosed is a computing system capable of performing a method that involves receiving, from a first device, a first indication that a peripheral device associated with the first device is available for sharing; sending, to a second device, a second indication that the peripheral device is available for sharing; receiving, from the second device, a request to access the peripheral device; and based at least in part on receipt of the request, causing a peer-to-peer connection to be established between the second device and the first device, the peer-to-peer connection enabling communication between the second device and the peripheral device. The peer-to-peer connection may, for example, enable direction of the peripheral device to the second device so that the peripheral device is a virtual device of the second device.

Abstract: Described embodiments provide systems, methods, and computer readable media for generating environment descriptors. A device having at least one process may identify a plurality of feature vectors. Each vector may describe a corresponding access to an application hosted on a server in one of a plurality of network environments and having a corresponding performance metric. The device may provide a performance model using the plurality of feature vectors and the corresponding performance metrics. The performance model may be used to determine expected performance metrics for at least a first network environment. A first environment descriptor of the expected performance metrics may be generated for at least the first network environment. The first environment descriptor of the expected performance metrics may be used to assess a measured performance metric or a second environment descriptor of a second network environment.

Abstract: Described embodiments provide for routing remote application data. A device can receive a request to access an application. The application can be provided by data centers and accessible via service providers. The device can select a data center from the plurality of data centers and a service provider based at least on a metric indicative of a connection between the data center and the service provider. The device can query a database including one or more connection metrics using the application identified in the request and a location of a router transmitting the request. The device can determine the location of the router based on an internet protocol (IP) address of a client communicably coupled to the router. The device can transmit a response to the request identifying the selected data center and the selected service provider.

Abstract: Methods and systems for device authentication based on generating and displaying an optically scannable visual representation of a public portion of a hardware secured encryption key (EK) are described herein. A client certificate is encrypted with the public portion of the EK based on a scan of the displayed visual representation. A connection may be established between a computing device and a server using the encrypted client certificate and a private portion of the EK to authenticate the computing device. In some implementations, a request is received from a second computing device to access a first computing device, and includes data encrypted using a public portion of an EK acquired from a displayed optically scannable visual representation of the public portion of the EK. The second computing device is provided access to the first computing device based on decryption of the encrypted data using a private portion of the EK.

Abstract: Described herein are systems and methods for end user connection load balancing amongst multiple on-premise connector proxies deployed across geographic locations and reducing connection setup latency without using a shared or distributed database. The system can load balance connections deterministically amongst the on-premise connector proxies using load statistics. The system utilizes an intelligent DNS service that can use network experience data, service availability, and application metrics to provide sophisticated traffic management via DNS or API-based decisions. The system can include a domain name system (DNS) resolver configured to receive metrics for a first connector and a second connector of a data center of an entity, receive a DNS request including an entity identifier and a data center identifier; and transmit a response to the DNS request identifying a server selected based on the metrics identified using the entity identifier and the data center identifier.

Abstract: Improving load distribution and consistency is provided. A device intermediary to clients and servers can maintain bit values indicative of server availability stored in indices arranged in various levels. A lowest level comprises indices corresponding to a list of servers repeated multiple times. Each index in a higher level maps to a set of indices in a lower level. The device can receive a request from a client to access a server. The device can identify an index in a highest level. The device can determine a second index in the highest level that is after the index in the highest level and has a bit value indicating server availability. The device can identify an index in the lowest level mapping to the second index in the highest level. The device can select a server corresponding to the index in the lowest level.

Abstract: Reducing vulnerability to a server is provided. A device intermediary to a client and a server can receive a RPC message from the RPC based client to the RPC based server, the RPC message having a plurality of fields to execute one or more routines on the server. The device can detect that one or more fields of the plurality of fields exploits a vulnerability of the RPC based server. The device can modify the RPC message to remove the one or more fields from the RPC message. The device can forward the modified RPC message to the RPC server.

Abstract: Aspects described herein relate to methods, devices and systems that allow for a client device, as part of a remote access or cloud-based network environment, to map external user identities to desktops and applications. Local user accounts can be dynamically generated on a virtual delivery agent. A mapping of the local user account to an external identity can be secured using signed tokens and maintained by a broker machine that allocates resources for the deployment of particular applications to the client device from the virtual delivery agent. This allows for the removal of any dependency on an Active Directory for maintaining user identities or federated sign-on services, greatly simplifying the management of user identities within the system and allowing for greater compatibility across client devices.