Abstract: Described embodiments provide systems and methods for accessing a web application hosted in an intranet from outside said intranet. A server hosting a domain name service configured for the intranet can receive a request from a client that is outside the intranet to access the web application. The request may include a fully qualified domain name (FQDN) of the web application in the intranet. Responsive to the FQDN of the web application in the intranet, the server may send a notification to an access service, to cause the access service to pre-establish a connection to the intranet. Responsive to the FQDN of the web application in the intranet, the server may direct the client to send a handshake message to the access service to request access to the web application.

Abstract: The present disclosure is directed generally to systems and methods for providing load balancing as a service. A load balancer executing on a device intermediary to a server and a plurality of clients can receive a request from an agent executing on the server. The request can be to initiate establishment of a transport layer connection. The load balancer can accept the request to establish the transport layer connection with the server. The load balancer can receive a request to access the server from a client of the plurality of clients. The load balancer can forward the request to the server via the transport layer connection established between the load balancer and the server responsive to the request of the server.

Abstract: A system and method that automatically terminates an application. A method includes monitoring activity data points for an application launched by a client device within a workspace environment. The activity data points may include user interactions with a physical interface component. State data for each file associated with the application is monitored and, if a determination is made that the application is inactive based on the activity data points, the method determines if a file associated with the application includes unsaved content based on state data. If it is determined that no files for the application include unsaved content, the method forecasts whether the application will be inactive for a future period based on the activity data. The application is terminated if it is determined that no files for the application include unsaved content and the application is forecast to be inactive.

Abstract: Embodiments described include a method for providing context-aware input across network applications. The method can include establishing a plurality of sessions for a user with a plurality of network applications via an embedded browser within a client application. The method can include storing input activities of the user across the plurality of network applications to a data storage. The method can include detecting input focus on an input element of a network application of the plurality of network applications, the input element having a type of data to be inputted. The method can include identifying one or more inputs of the type of data used in another network application of the plurality of network applications stored in the data storage. The method can include providing the one or more inputs from another network application as selectable input for the input element of the network application.

Abstract: Systems and methods described herein provide for building policies using namespaces. A device may receive a request to access a resource in a computing environment. The request may include one or more attributes. The device may identify a set of namespaces having domain-specific policy grammar to generate domain-specific policies. The device may determine a namespace from the identified set of namespaces which corresponds to the one or more attributes of the request. The device may generate, using domain-specific policy grammar of the determined namespace, a domain-specific policy to apply to the request.

Abstract: Disclosed is a system for tracking user interactions with an application to recommend creation of a microapp. The system determines a recommendation score for creating a microapp corresponding to a functionality of an application based on at least one of the amount of time users spend interacting with the application, the number of interface elements of the application that the user changes, and the input values provided by the users. The system uses interactions corresponding to multiple different users to determine the recommendation score. The system may also recommend an interface element to be included in the microapp. The recommendation score is provided to an administrator, who may use the information to create a microapp.

Abstract: A server includes a network interface to interface with mobile computing devices operating within a geographical area, with at least one of the mobile computing devices providing a request for navigation instructions between two geo-locations based on prompting the user to select an optimized connectivity route prompt. A processor is coupled to the network interface and is configured to generate a network connectivity map based on varying cellular network connectivity metrics for the geographical area, and generate, based on the user-selected optimized connectivity route prompt, the navigation instructions between the two geo-locations to be provided to the at least one mobile communications device via said network interface. The navigation instructions are generated based on the network connectivity map to provide a single route that is optimized to include areas with strong cellular network connectivity metric values.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to evaluate a risk associated with an email attachment based on application of security policies to properties of the attachment and to the context associated with receipt of the email. The at least one processor is further configured to detect an attempt by a user to open the email attachment. The at least one processor is further configured to prevent the opening of the attachment based on the evaluated risk. The at least one processor is further configured to redirect the attachment to a secure browser, hosted on a remote server, based on the evaluated risk.

Abstract: Described embodiments provide systems and methods for validating a request to access a resource. A device can receive a first request from a client that includes a first uniform resource locator (URL) of the server. The device may receive a response from the server that includes a second URL. The device may update the response by including the client identifier in a set-cookie field, and adding to the second URL a first value of a query parameter determined according to: a client identifier assigned by the device, a key, and the second URL. The device may receive a second request that includes the client identifier, and a third URL having the first value. The device may determine to allow the server to receive the second request when the first value matches a second value determined according to the client identifier from the second request, the third URL and the key.

Abstract: Techniques are disclosed for context-aware obfuscation and unobfuscation of sensitive content in the display of the sensitive content. An example methodology implementing the techniques includes receiving content for display, the content including metadata indicative of a location of at least one item of sensitive content within the received content, and determining at least one contextual factor. The method also includes, responsive to a determination to obfuscate the item of sensitive content based on the at least one contextual factor, displaying the item of sensitive content in obfuscated form. The method may also include, responsive to a determination to not obfuscate the item of sensitive content based on at least one contextual factor, displaying a non-obfuscated version of the item of sensitive content.

Abstract: Methods and systems for a centralized notification service are described herein. The centralized notification service may store notification data received from a plurality of devices and workspaces in a notification database. The notification database may store user account information, associated device and workspace information, associated application information, and notifications received or retrieved from each device and application associated with a user account. The notification service may receive notification data from a plurality of applications based on hooks injected into applications or into a notification manager service.

Abstract: Systems and methods for authenticating a user requesting access to a resource in a cloud-computing system. The methods comprise, by a resource service: receiving an access request for accessing a resource associated with the resource service from a computing device associated with a user, determining context information corresponding to the access request, and using the determined context information for identifying an authentication protocol for authenticating the user. The authentication protocol includes at least one authentication scheme. The methods further comprise generating an authentication challenge and transmitting the authentication challenge to the computing device. The authentication challenge includes an initial token and authentication parameters corresponding to the identified authentication protocol.

Abstract: Methods, systems, and computer-readable media for secure offline transmission of a plurality of data segments from a sending device to one or more receiving devices. The sending device and the one or more receiving devices may communicate via an offline local network. A secure, encrypted container may be created at the receiving device to temporarily cache the received data segments one at a time and the encrypted storage container prevents access by one or more applications of the receiving device to data stored therein based on storage instructions from the sending device. The encrypted container may be configured to store the data segments such that less than all of the data segments are stored at the receiving device at any one time.

Abstract: A computing system may determine different patterns of modifications that are to be made to data of a file to generate respective modified versions of the file, the different patterns of modifications enabling identification of other files derived from the respective modified versions of the file, the different patterns of modifications including a first pattern of modifications. The computing system may generate a first modified version of the file at least in part by modifying the data based on the first pattern of modifications, may send the first modified version of the file to a client device, and may store signature data indicative the first pattern of modifications so as to enable identification of other files derived from the first modified version of the file.

Abstract: In some embodiments, a method may involve a computing system sending, to a client device, first data indicating that the client device is authorized to send an application programming interface (API) call to the computing system during at least a first time slot. The computing system may receive, from the client device, a first API call during the first time slot, and may process the first API call. In some embodiments, a method may involve a computing system sending, to a client device, first data indicating that the client device is prohibited from sending an API call to the computing system during at least a first time slot. The computing system may receive, from the client device, a first API call during a second time slot that is different than the first time slot, and may process the first API call.

Abstract: A computing system may perform a method that involves generating a document object model (DOM) at a host web browser representing contents of a web page, providing data to a first endpoint device enabling replication of the DOM to display the contents of the web page in a web browser of the first endpoint device, detecting a request to access the web page via a second endpoint device, and providing data to the second endpoint device to replicate the DOM to enable access to the web page in the same fashion as the first endpoint device.

Abstract: A method for updating cloud resource tags is provided. The tag associated with a cloud resource may assign the cloud resource to one or more categories to enable tracking of the cloud resource. The method may include determining, based on a synchronization profile, the scope of the update. For example, the scope of the update may encompass individual resources, groups of resources, and/or subscriptions. A metadata data store may be queried to retrieve mapping rules corresponding to tags of resources from one or more cloud service providers that are within the scope of the update. If the value of a tag does not match the value specified by the corresponding mapping rule, the value of the tag may be updated to match the value specified by the mapping rule. Related systems and articles of manufacture, including computer program products, are also provided.

Abstract: A computer system is provided. The computer system includes a memory and a processor coupled to the memory. The processor is configured to receive a first message from an identity provider, the first message including an arbitrary identifier generated by the identity provider, the arbitrary identifier being incompatible with a dependent process that is reliant upon the identity provider; encode, in response to reception of the first message, the arbitrary identifier into an encoded identifier that is compatible with the dependent process; and transmit a second message including the encoded identifier to the dependent process.

Abstract: This disclosure is directed to embodiments of systems and methods for containerizing files and managing policy data applied to the resulting containers. In some of the disclosed embodiments, a computing system determines that a file stored in storage medium is to be included in a container to be sent to at least one computing component associated with a device including a user interface. The computing system determines that the file is of a particular type and also determines code that can be used to access files of the particular type. The computing system combines the file and the code into the container such that container is configured to be executed by the at least one computing component so as to cause content of the file to be presented by the user interface. The computing system then sends the container to the at least one computing component.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to recognize a user input field of a web site displayable in a browser, the website identified as a security risk based on a whitelist of website addresses; determine that a sequence of characters within the user input field matches one or more entries in a list of partial passwords in response to the web site being identified as a security risk; and prevent the user from entering additional characters into the user input field in response to the determination, to block receipt of the password by the web site. The determination may be performed in response to a count of characters in the sequence of characters exceeding a threshold.