Abstract: A system for managing a virtual machine is provided. The system includes a processor configured to initiate a session for accessing a virtual machine by accessing an operating system image from a system disk and monitor read and write requests generated during the session. The processor is further configured to write any requested information to at least one of a memory cache and a write back cache located separately from the system disk and read the operating system image content from at least one of the system disk and a host cache operably coupled between the system disk and the at least one processor. Upon completion of the computing session, the processor is configured to clear the memory cache, clear the write back cache, and reboot the virtual machine using the operating system image stored on the system disk or stored in the host cache.

Abstract: A system for maintaining a state of a session of a network application across different client device is disclosed. A first client application establishes sessions of a user to a network application. Each of the sessions is accessed via a first embedded browser of a first client application. The first client application stores a state of the sessions to a workspace service in association with the user, and a context of the user to a workspace hub. A second client application establishes the sessions to the network application based on the state of the sessions obtained via the workspace service that are each accessed via a second embedded browser of the second client application. The second client application updates the state of the sessions to a second state based on detection of a state change and a context of the user obtained from the workspace hub.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to provide phishing attack protection based on identity provider verification. The at least one processor is further configured to capture an image of a browser web page to which the user has navigated and identify the domain name associated with the browser web page. The at least one processor is further configured to determine that the captured image matches an image of a known identity provider web page. The at least one processor is further configured to detect a phishing attempt in response to the determination that the images match and that the domain name associated with the browser web page differs from the domain name associated with the identity provider web page.

Abstract: Described embodiments provide systems and methods for validating connections while mitigating cookie hijack attacks. A device intermediary between a client and a server can receive a request from the client to establish a connection. The device may send a cookie to the client, the cookie generated according to a connection identifier and a shared counter. The device may receive a response from the client that includes a client validation cookie for validating the request. The client validation cookie may be generated according to the cookie. The device may determine a candidate validation cookie according to a value of a counter range of the shared counter, that matches the client validation cookie. The device may validate the request responsive to the determination.

Abstract: A method is provided for converting a single database query into multiple database queries for multiple databases and aggregating the results of each of the queries. The method includes receiving, from a calling device, an input database query including a selection set defining an aggregation key, at least one first field to be queried in a first database, and at least one second field to be queried in a second database, generating a first database query representing a first request to retrieve the at least one first field from the first database, generating a second database query representing a second request to retrieve the at least one second field from the second database, aggregating the first response and a second response to the second database query from the first database to produce an aggregated response, and providing the aggregated response to the calling device.

Abstract: Managing performance of elements providing a session via a multi-hop network topology is provided. A system receives values for factors associated with elements that form hops in a multi-hop network topology. The system determines a performance metric for each hop using the values for one or more factors selected from the factors. The system identifies a hop of the hops as having a performance issue based on the performance metric for the hop exceeding a threshold. The system selects, responsive to the performance metric of the hop exceeding the threshold, an action to take on at least one element forming the hop.

Abstract: Methods and systems for injection of tokens or certificates for managed application communication are described. A computing device may intercept a request from an application executable on the computing device, the request being to access a remote resource. The computing device may modify future network communications between the computing device and the remote resource to include a token or a client certificate, where the token or the client certificate is an identifier that enables the future network communications to be routed to the remote resource for a given computing session without use of data from the remote resource or data indicative of a connection of the remote resource in which to receive the future network communications. The computing device may send the future network communications to the remote resource to enable action to be taken on behalf of the computing device in response to receipt of the future network communications.

Abstract: Methods and systems for delivering data for cluster computing are described herein. A worker device may receive a dataset and store the dataset in a local storage media. This may prevent the need for the dataset to be sent over a network each time the applications are used to perform a task. Each application may be able to access the dataset in the local storage area. This may prevent the need to copy the dataset to memory associated with each application. A worker device may store a dataset, for example, if it determines that the frequency of updates to the dataset satisfy a threshold. The worker device may receive updates to the dataset via a messaging system and may store the updated data in the local storage media.

Abstract: Described embodiments provide systems and methods for upgrading user space networking stacks without disruptions to network traffic. A first packet engine can read connection information of existing connections of a second packet engine written to a shared memory region by the second packet engine. The first packet engine can establish one or more virtual connections according to the connection information of existing connections of the second packet engine. Each of the first packet engine and the second packet engine can receive mirrored traffic data. The first packet engine can receive a first packet and determine that the first packet is associated with a virtual connection corresponding to an existing connection of the second packet engine. The first packet engine can drop the first packet responsive to the determination that the first packet is associated with the virtual connection.

Abstract: Systems and methods for providing a privacy screen to a network application accessed via an embedded browser of a client application are described. The method includes establishing, by a client application on a client device, a session to a network application hosted on a third party server. The client application includes an embedded browser for accessing the network application. The method further includes identifying, by the client application, a policy for providing a privacy screen to one or more portions of the network application, detecting, by the embedded browser, that the one or more portions of the network application are to be rendered on a display of the client device, and displaying a privacy screen including one or more masks displayed over at least the one or more portions of the network application rendered on the display of the client device via the embedded browser.

Abstract: A system includes at least one data processor and memory storing instructions which, when executed by the at least one data processor, configures the at least one data processor to: provide, via a display, a visual stimulus including an animation containing at least a first object and a second object, the visual stimulus prompting for user input for authentication to a virtual domain; monitor movement of a user while providing the visual stimulus; identify, based on the monitoring, a sequence of dwell times of a characteristic of the user's movement with respect to the first object and the second object; compare the identified sequence of dwell times to a stored sequence of dwell times; and provide the comparison to enable authentication of the user in the virtual domain. Related apparatus, systems, techniques and articles are also described.

Abstract: An example computing system is disclosed that may send a first notification to a first client device, the first notification indicating a first task to be performed by a first user with respect to a resource accessible to the computing system. The computing system may determine a second task of a second user with respect to the resource, and may further determine that the second user has completed the second task. Based at least in part on the second user having completed the second task, the computing system may determine a parameter indicating an urgency level of the first task, and may cause an indication of the urgency level to be presented on the first client device.

Abstract: A method, which may be performed by a computing system, involves determining that a plurality of notifications, including a first notification, is to be sent to a first client device, the first notification indicating a first task that is to be performed with respect to a resource accessible to the computing system; determining that a second task has a dependency relationship with the first task; determining at least one first parameter relating to the first task and at least one second parameter relating to the second task; determining, based at least in part on the at least one first parameter and the at least one second parameter, a first priority score corresponding to the first notification; and causing the plurality of notifications to be presented by the first client device in an order that is determined based at least in part on the first priority score.

Abstract: Described embodiments provide systems and methods resolving test case dependencies to execute test suites. An agent may establish a connected graph representing a test suite having a test cases to test an application that provides APIs. The connected graph may have an ordered connection of nodes via paths corresponding to each test case. The agent may traverse the ordered connection of nodes in each path of the connected graph to identify test case dependencies and API assertion dependencies. The agent may resolve each test case dependency by executing the dependency. The agent may resolve each API assertion dependency by executing the dependency. The agent may concurrently execute, responsive to resolving each dependency, each test case. The agent may determine a result of an execution of a test case of the test suite. The result may indicate one of a success or failure in executing the test case.

Abstract: Data characterizing a list of resources including a first resource within a first remote computing environment and a second resource within a second remote computing environment is received from a database separate from a plurality of remote computing systems. Metadata characterizing a first tag to be applied to the first resource and a second tag to be applied to the second resource is received. A data model of the resources is generated. The data model associates the first resource with the first tag and the second resource with the second tag. The data model is stored within a second database. Related apparatus, systems, techniques and articles are also described.

Abstract: System and methods discussed for automatically optimizing application and notification delivery based on user preferences and historical application usage. Applications that a user is likely to want to use at the present time or in the near future are displayed in an organizationally distinct way in an application catalog so they are easy to find and are pre-loaded on an application delivery server so they are available with minimal system lag caused by application loading processes. Application notifications are also optimized such that notifications that are likely to be relevant to users at the current time are identified and presented to them in an organizationally distinct way.

Abstract: A system to identify automated submissions of web pages, such as those submitted by bots, in real time. The system comprising a processor configured to update an initial version of a requested web page with at least one hidden field, transmit the updated web page to the client, then, upon receipt parse the completed web page, and identify if a data entry is associated with the at least one hidden field. Where a data entry is associated with the at least one hidden field, the system blocks the transmission of the completed web page to the server. Where a data entry is not associated with the at least one hidden field the system removes the at least one hidden field, and transmits the final web page to the server.

Abstract: Aspects of the disclosure relate to wrapping continuation tokens to support paging for multiple servers across different geolocations. An enterprise server may receive a first request for a plurality of records, and the first request for the plurality of records may request a quantity of records exceeding a page size limit. In response to receiving the first request, the enterprise server may retrieve a first set of records comprising a first number of records equal to the page size limit. The enterprise server may generate a first wrapped continuation token comprising location information identifying a geographic location of a first server where a next set of records is to be retrieved. Finally, the enterprise server may send, to the client device, the first set of records and the first wrapped continuation token, which may cause the client device to process the first set of records.

Abstract: Described embodiments provide systems and methods for detection of the degradation of a virtual desktop environment. A computing device may receive data from a plurality of client devices. The computing device may identify a subset of client devices from the plurality of client devices with at least one characteristic in common based on the received data. The computing device may determine a ratio of the identified subset of client devices, the ratio being a comparison of client devices of the subset with a value above a first threshold to a total number of client devices of the subset, and the value being indicative of a characteristic of performance for that client device. The computing device may identify a cause of an anomaly in the performance of the application based on the ratio exceeding a second threshold.

Abstract: The present disclosure is directed towards systems and methods for validation of a secure socket layer (SSL) certificate of a server for clientless SSL virtual private network (VPN) access. An intermediary device can receive a first request from a client for a clientless SSL VPN connection to a first server. The intermediary device can determine, using a preconfigured policy, that the first server in the first request meets a condition of the preconfigured policy. The intermediary device 801 can perform, responsive to the determination, an action to validate a SSL certificate of the first server using one or more certificate authority (CA) certificate files available to the intermediary device. The one or more CA certificate files can be specified by the preconfigured policy for the action.