Abstract: Described embodiments provide systems and methods selecting one or more applications to launch based in part on features of a file. A device can receive a file from a user of a client device. The device can select, according to a file type of the file, an algorithm to identify one or more features of the file. The device can determine, according to the one or more features, one or more applications to execute the file on the client device. The device can provide, to the user through the client device, a listing of the one or more applications to execute the file.

Abstract: Aspects of the disclosure relate to dynamic crypto key management for mobility in a cloud environment. A computing platform may receive a request to generate a new tenant master key and a new server recovery key. Subsequently, the computing platform may send to a cloud-based key vault server, the new tenant master key and the new server recovery key. The computing platform may send to a tenant database, the encrypted server recovery key. As a result, the computing platform may provision the enrollment servers with the encrypted server recovery key. In some embodiments, the enrollment servers are configured to manage enrollment of policy-managed devices in a policy enforcement scheme and to authenticate with the key update service based on the encrypted server recovery key.

Abstract: The present disclosure relates to methods and systems for performing response based cache redirection to a cache proxy. A device intermediary to a plurality of clients and a plurality of servers and in communication with a plurality of cache proxies, receives a request for content from a client. The request is for content from a server of the plurality of servers. The device forwards the request to the server. The device identifies a cache redirection policy that specifies an amount of bytes of a response to buffer to calculate a signature of the content of the response. The device computes the signature of the content of the response based on the amount of bytes of the response received from the server and buffered by the device. The device selects a cache proxy based on the computed signature and forwards the request of the client to the selected cache proxy.

Abstract: Techniques are disclosed for providing messaging participant identity leak prevention. An example methodology implementing the techniques includes, receiving, by a computing device, a message from a sender to a recipient via a software application running on the computing device, the software application having a non-confidential messaging view and a confidential messaging view. The method also includes determining a message type of the message, the message type is one of a non-confidential message or a confidential message, and displaying the message in the confidential messaging view of the software application in response to a determination that the message type indicates a confidential message, the confidential messaging view being distinct from the non-confidential messaging view, wherein messaging participant identity information is obfuscated in the display of the message in the confidential messaging view.

Abstract: Virtual application and desktop delivery may be optimized by supplying application metadata and user intent to the device between a client and a server hosting resources for the delivery. The data packets used to deliver the virtual application or desktop may be also tagged with references to the application. By supplying the metadata and tagging packets with the metadata, an intermediary network device may provide streams of data packets at the target QoS. In addition, the device may apply network resource allocation rules (e.g., firewalls and QoS configuration) for redirected content retrieved by the client out of band relative to a virtual channel such as the Internet. The network resource allocation rules may differ for different types of resources accessed. The device may also control a delivery agent on the server to modify communication sessions established through the virtual channels based on network conditions.

Abstract: Described embodiments provide systems and methods for contextual confidence scoring-based access control. The systems and methods can include one or more processors configured to receive a request from the client device to access an item of content. The one or more processors can select a first subset of authentication techniques. The authentication techniques identifiable with a score. The one or more processors can determine that a sum of the scores of the selected first subset of the authentication techniques exceeds a threshold. The one or more processors can transmit, to the client device, one or more authentication requests utilizing the selected first subset of authentication techniques. The one or more processors can provide, responsive to successful authentication by the client device, access to the item of content to the client device.

Abstract: Described embodiments provide systems and methods of allocating cloud resources for application deployments. A resource allocator may identify a first metric indicating usage of cloud resources by clients in a first release environment for an application update. The resource allocator may generate, using the first metric, a resource capacity model for predicting usage of the cloud resources by clients in a second release environment for the application update. The resource allocator may determine, using the resource capacity model, a metric predicting the usage of the cloud resources by the clients in the second release environment. The resource allocator may generate instructions to set an allocation of the cloud computing resources for performing deployment of the application update to the second release environment based on the second metric.

Abstract: Systems and methods for proactively alerting administrators of upcoming or possible network outages include a server which receives metrics for usage of one or more networks for each workspace application of plurality of workspace applications of a plurality of endpoints across a plurality of different locations of an enterprise. The server may determine a network download speed for each location of the plurality of different locations according to the metrics for each workspace application. The server may generate an alert to be provided to a device of a user associated with a first location of the plurality of different locations responsive to the network download speed for a network of the one or more networks falling below a threshold.

Abstract: Systems and methods for identifying individuals with a user-requested expertise are provided. For example, the system can include a processor configured to receive a user input and extract one or more keywords from the input. The processor can generate search requests based upon the one or more keywords, each search request identifying at least one application programming interface (API) call configured to invoke at least one API function as exposed by a software application. The processor can transmit the search requests to the software applications and receive search responses. The processor can determine a plurality of software application users and a set of associated evidence, each set of associated evidence including user interactions with each of the software applications. The processor can aggregate the evidence into an aggregated data set and configure the aggregated data set as an input to a machine learning classifier for ranking the sets of evidence.

Abstract: Systems and methods for Optical Character Recognition (“OCR”) based anti-spoofing for Unicode homograph. The method comprises: performing operations by a computing device to make an OCR identification on an original electronic address so as to obtain an OCR electronic address; encoding (a) the original electronic address to obtain an encoded access address and (b) the OCR electronic address to obtain an encoded OCR electronic address; comparing the encoded access address to the encoded OCR electronic address; and determining if a Unicode homograph spoofing situation exists based on results of the comparing.

Abstract: Described embodiments provide system and methods for selecting a device via which a client is to connect with a server. A client may identify a server and a plurality of devices intermediary to the client and the server via one of which the client is authenticated to connect to access the server using a certificate. The client may detect that the server is unreachable from the client authenticated to use a first connection via a first device of the plurality of devices using the certificate. The client may select, responsive to detecting that the server is unreachable, a second device of the plurality of devices via which the client is to access the server. The client may authenticate, using the certificate used to authenticate with the first device, the client to establish a second connection with the second device to access the server.

Abstract: Described embodiments provide systems and methods for launching a connection to a resource link from a client device. A device can authenticate the client device for access to a plurality of resource links accessible via one or more servers. The device can provide a list of the plurality of resource links responsive to the authentication, and receive a request from the client device, identifying a first resource link to access. The device can cause first authenticated credentials for the first resource link to be stored on the client device responsive to the request. The first authenticated credentials can correspond to the client device and provide access the first resource link. The client device can be configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.

Abstract: Systems and methods for secure sharing of sensitive information in a computing environment. The methods comprise, by a first entity of a first computing environment receiving sensitive information of the first computing environment, receiving a request to share the sensitive information from a second entity of the first computing environment, and determining whether the second entity is a trusted entity included in a list of trusted entities held by a configuration service associated with a second computing environment. If the second entity is not a trusted entity, determining whether the second entity can establish trust by validating a subscription of the second entity with a directory service, and validating a digital certificate corresponding to the second entity with a certificate authority. If the second entity can establish trust or is a trusted entity, sharing the sensitive information with the second entity so as to enable operation of the second entity.

Abstract: Described embodiments provide systems and methods for connecting to a server of a plurality of servers. The system may include a device intermediary between a client and a plurality of servers. The device may receive a remote desktop protocol (RDP) request from the client to connect to one of the plurality of servers. The RDP request may include a token. The device may cause a load-balancer of the plurality of servers to modify or remove the token of the RDP request, responsive to presence of a session directory/broker. The device may receive a server redirect packet that indicates a target server identified from the plurality of servers by the session directory, to which the client is to connect. The device may cause the server redirect packet to be modified to cause the client to send a redirected connection request packet for connecting with the target server.

Abstract: A method is provided for converting a single database query into multiple database queries for multiple databases and aggregating the results of each of the queries. The method includes receiving, from a calling device, an input database query including a selection set defining an aggregation key, at least one first field to be queried in a first database, and at least one second field to be queried in a second database, generating a first database query representing a first request to retrieve the at least one first field from the first database, generating a second database query representing a second request to retrieve the at least one second field from the second database, aggregating the first response and a second response to the second database query from the first database to produce an aggregated response, and providing the aggregated response to the calling device.

Abstract: A computer system includes a memory to store an application. A processor is configured to start the application, and insert a secret-server hook into the application during start-up. The secret-server hook has instructions to access a secret server with the secret information stored therein. In response to a call being made by the application for the secret information, the secret-server hook has further instructions to intercept the call, and provide the secret information in the secret server to the application based on the intercepted call.

Abstract: A virtual server includes at least one processor to retrieve a user layer from a user's personalization container, and initiate mounting of the user layer to a target operating system. During the mounting, the at least one processor determines that the user layer did not originate with the target operating system. The user layer is modified so that file system objects and registry objects are compatible with the target operating system. Mounting of the modified user layer is completed to create a single composited layered image.

Abstract: A computing device configured to provide recommended candidates for completion of an assigned task to a user assigning the task is provided. The computing device includes a memory, a user interface, and at least one processor coupled to the memory and the user interface. The at least one processor is configured to receive input specifying information regarding the task, determine one or more task specifics associated with the task from the task information, identify candidate value information regarding one or more candidates to complete the task, compare the one or more task specifics to the candidate value information regarding the one or more candidates to determine one or more match scores of the one or more candidates, organize a list of recommended candidates based upon the one or more match scores, and display, on the user interface, at least a portion of the list of recommended candidates.

Abstract: A GUI testing device may be configured to execute a testing state machine for interacting with a software application to generate an initial screen of a GUI. The GUI testing device may be configured to determine a current state in the testing state machine based upon a matching trigger target in the initial screen to a given state. The current state may include an operation, and the operation may associate with a trigger target to operate on. The trigger may include a source state, a destination state, and a trigger target. The operation may include a user input operation, and an operation trigger target. The GUI testing device may be configured to perform the operation on the matching trigger target in the initial screen to generate a next screen of the GUI, and advance from the current state to a next state based upon the trigger.

Abstract: A computing device configured to provide personal contact recommendations to a user of a messaging application is provided. The computing device includes a memory, a user interface, and at least one processor coupled to the memory and the user interface. The at least one processor is configured to monitor interactions between the user and the messaging application during a messaging session, determine one or more additional participants in the messaging session, determine a plurality of closeness values based upon the user and the one or more additional participants in the messaging session, determine one or more recommended contacts for the user based upon the plurality of closeness values, and display, on the user interface, an identifier of at least one of the one or more recommended contacts to the user during the messaging session.