Abstract: The implementations described herein provide a tool for identifying security issues and applying security policies to the service(s) and/or microservices. Rather than a user (such as an administrator) reactively diagnosing security incidents, the systems and methods described herein may provide a tool by which the user can proactively monitor the use of the services and microservices for security issues and control the user of such microservices and services via policies. The systems and methods allow API granular policy control to determine which APIs may be granted or denies access based on a variety of criteria, such as but not limited to the source of the request, the specific API being called, temporal conditions, geography and so forth. The user can identify security concerns or issues on a per API basis.

Abstract: Described implementations provide systems and methods for automated maintenance of computing devices. The automated maintenance of computing devices may receive, by a management system from a server device providing services to a plurality of client devices, performance values for a plurality of time periods. The automated maintenance of computing devices may calculate, by the management system, for each time period, a score as a weighted sum of the performance values corresponding to the time period, the plurality of calculated scores stored in an array. The automated maintenance of computing devices may select, by the management system based on the array, a maintenance time for the server device. The automated maintenance of computing devices may initiate maintenance of the server device, responsive to a present time corresponding with the maintenance time for the server device.

Abstract: Described embodiments provide for associating a user experience score with a location of a client. A device may identify a session between the client and an application service established via a first network. The device may receive, via the application service, a network address of the client associated with a second network. The device may determine a location of the client accessing the application service via the first network based at least on the network address associated with the second network. The device may receive, from an instrumentation service, performance factors for the client. Each of the performance factors may be associated with access to the application service by the client. The device may generate a user experience score for the client based at least on the performance factors. The device may provide an instruction based at least on an association between the user experience score and the location.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to extract, from a website vulnerability scanner log, a uniform resource locator (URL) and a vulnerability score and vulnerability classification associated with the URL. The at least one processor is further configured to generate an application vulnerability graph comprising connected nodes that are associated with a field of the URL. The nodes are labeled to indicate the associated field of the URL and color coded based on the vulnerability score. The nodes are also associated with the vulnerability classification. The at least one processor is further configured to enable or disable security protection against a user-selected vulnerability classification of a user-selected node by generating web application firewall security rules and/or web application firewall relaxation rules.

Abstract: Methods and systems for shared file conflict detection on a computing device are described herein. A computing device may store a shared file that may be accessed by a variety of other computing devices. An operating system executing on one or more computing devices may generate file handles corresponding to file operations associated with the shared file. One or more of the computing devices may receive, from a remote computing device, a request for a file operation associated with the shared file. A notification corresponding to file handles associated with the shared file may be transmitted to a user. The request for the file operation may be implemented or rejected based on file handles associated with the shared file, the file operation, and/or whether the file operation may cause an application to crash or cause data corruption.

Abstract: Described embodiments provide systems and method for filtering notifications across multiple end points associated with a user. A server can establish, for a user of an end point, a session with the end point. The server can identify properties of a plurality of applications and properties of the plurality of end points. A filter can be generated for the user and the filter can include one or more polices to selectively permit or prevent notifications received from one or more applications through the client application. The server can apply the filter to the applications and use the filter to filter one or more notifications received from the applications to selectively permit or prevent the one or more notifications from being received at each end point of the plurality of end points that the user accesses during the session to the server through the client application.

Abstract: This disclosure is directed to embodiments of systems and methods for performing compression of data in a queue. A device intermediary between a client and a server may determine that a length of time to move existing data maintained in a queue from the queue exceeds a predefined threshold. The device may identify, responsive to the determination, a first quantity of the existing data to undergo compression, and a second quantity of the existing data according to a compression ratio of the compression. The device may reserve, according to the second quantity, a first portion of the queue that maintained the first quantity of the existing data, to place compressed data obtained from applying the compression on the first quantity of the existing. The device may place incoming data into the queue beyond the reserved first portion of the queue.

Abstract: One disclosed method involves determining first data indicative of a context of one or more client devices in response to access of a first file by the one or more client devices, and determining, subsequent to the access of the first file by the one or more client devices, second data indicative of a current context of a first client device. Based at least in part on the first data and the second data being of a first context type, at least one command is generated that causes the first client device to present an indication that the first file is available for access.

Abstract: Described embodiments provide systems and methods for stateless modification of operating system registry data across network boundaries. The system includes a processor coupled to memory and configured to execute instructions to receive, within a first network, a request to apply a modification to an operating system registry of a second device within a second network different from the first network. The processor queues data describing the requested modification, receives a polling request from the second device, and transmits, to the second device responsive to the polling request, the queued data describing the requested modification for the second device to apply to the operating system registry of the second device. For example, the requested modification may be to create a key, to create a value, to delete a key, or to delete a value.

Abstract: Embodiments described include systems and methods for adding watermarks using an embedded browser. To provide protection to sensitive information from a network application rendered via an embedded browser of a client application, the client application can generate an overlay with a digital watermark, and apply the overlay over the embedded browser. The client application can selectively generate such overlays, and can customize the format of the digital watermark according to the information rendered on the embedded browser. The watermark can remain with any information that is imaged from the embedded browser, and provides a deterrent against misuse of the information via image capture from a computer screen for instance. By adjusting properties (e.g., contrast) of such an image, the watermark can be made visible and detectable, thus allowing such imaging activities and information to be tracked.

Abstract: Techniques for implementing a non-relational database that makes efficient use of collections within the database. For one or more collections, two or more sub-collections can be created for storing documents. Each collection can be configured as a single partition entity or a partitioned entity within the database. Each sub-collection is identified by a sub-collection identifier. If the collection is configured as a partitioned entity, then a partition key can be determined for documents to be accessed in the collection. The partition key can be extended with the sub-collection ID to form a compound property (sub-collection ID, partition key) that determines placements of the respective documents in the identified sub-collection across partitions of the collection. If the collection is configured as a single partition entity, then a field for the partition key is ignored and the respective documents are placed in the identified sub-collection within the single partition of the collection.

Abstract: Described embodiments provide systems and methods for selecting communication paths for applications sensitive to bursty packet drops. A device intermediary to a client and a server may identify an application for which packets are to be communicated between the client and the server. The device may determine a sensitivity level of the application to a network disruption affecting the packets. The device may estimate, for each path between the client and the server for communicating the one or more packets, a path quality for the path indicating a likelihood that the network disruption affects the one or more packets. The device may select path for communicating the packets based on the sensitivity level of the application and the path quality. The device may communicate the packets between the client and the server via the path.

Abstract: Systems and methods described herein provide access to encrypted user data at a multi-tenant hosted cloud service. The cloud service enrolls a first tenant in the cloud service. The cloud service receives a request for a ticket for a user of the first tenant to access the cloud service. The cloud service communicates a user data access ticket for the user to access a user data service of the cloud service. The cloud service receives a request to store user data of the user. The request includes encrypted user data. The cloud service stores the encrypted user data. The cloud service may provide the encrypted user data to a computing device of the user after validating the user data access ticket received from the computing device. The computing device may decrypt the encrypted user data and identify the data of the user for resources provided by server(s).

Abstract: Systems and methods of training a model is provided. The system can identify an unlabeled data set with phrases received by a virtual assistant that interfaces with one or more virtual applications to execute one or more functions. The system can query the unlabeled data set to select a first set of phrases based at least on one or more confidence scores output by a surrogate model that corresponds to a third-party model maintained by a third-party system. The system can receive, via a user interface, indications of functions to be executed by the one or more virtual applications responsive to the selected first set of phrases. The system can provide, to the third-party system, the indications of functions for the selected first set of phrases to train the third-party model and configure the virtual assistant to execute a function responsive to a phrase in the first set of phrases.

Abstract: Systems and methods for applying an application layer policy to a transport layer security request are provided. A device, intermediary to one or more clients and one or more servers, can receive a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers. The TLS request can include an application layer request to a resource of the server. The device can apply an application layer policy to the application layer request of the TLS request. The device can determine, responsive to applying the application layer policy, whether to one of accept or reject at least the application layer request of the TLS request.

Abstract: A computer system to track and enhance performance of a virtual workspace system is provided. The computer system receives requests to profile phases of a distributed process executed by hosts coupled to one another via a network. Each of phase includes operations executed by processes hosted by the hosts. Each of phase either starts with receipt of a request via a user interface of a virtualization client or ends with provision of a response to the request via the user interface. The computer system identifies event log entries that each include an identifier of an event marking a start or an end of one of the operations, constructs a performance profile based on the event log entries, and transmits the performance profile to the user interface.

Abstract: Described embodiments provide systems and method for reordering the IP addresses within a DNS response. The servers associated with a domain can often be located across multiple locations. The paths from a client to each of those different servers can have different link qualities. Additionally, the connection between the client and the domain can have different quality requirements. The present solution can consider the link qualities and the connection quality requirements to reorder the IP addresses within a DNS response. By reordering the IP addresses, the system can control to which of the servers the client connects and can ensure that the connection is made over a path that can fulfill the connection's quality requirements.

Abstract: Disclosed herein includes a system, a method, and a device for providing persistence across applications using a content switching server. A device can receive a first request from a client for a version of an application having different versions provided by one or more servers. The device can provide access to each version of the application via different load balancing virtual servers. A content switching virtual server of the device can select a load balancing virtual server to handle the first request for the version of the application. The content switching virtual server can generate a session identifier for a session between the client and the version of the application to persist the session with the selected load balancing virtual server for subsequent requests from the client for the version of the application.

Abstract: Methods and systems for generating and presenting one or more user interfaces on devices with foldable displays are described herein. An application, executing on the device, displays a first user interface on a first portion of a foldable display. The first user interface includes an indication of tasks for a plurality of applications hosted on a remote server. The application displays a second user interface on the first portion and a second portion of the foldable display when the device unfolded. The second user interface includes the tasks indicated by the first user interface. In response to receiving an input to initiate execution of at least one task, the application provides data to an application hosted by the remote server and associated with the at least one task. By adapting to the different displays provided by the foldable device, the application improves users' experiences with applications executing on the device.

Abstract: Described embodiments provide systems and methods for determining a change in a performance of a server. A device can receive a processing load and a request rate of a server. The device can determine a value indicative of a correlation between the processing load and the request rate of the server for a range of time. The device can determine whether the value is outside a range of a threshold for the server. The threshold can be indicative of one or more previous values determined for the server for the range of time. The device can generate an alert indicating a change in a performance of the server responsive to a comparison of the value to the threshold for the server.