Abstract: Methods, systems, computer-readable media, and apparatuses for providing a native desktop using cloud-synchronized data are presented. In some embodiments, a desktop management service provided by at least one computing device may selectively store data from a remote desktop. Subsequently, the desktop management service may synchronize the stored data with a cloud-based data storage platform. Thereafter, the desktop management service may cause a native desktop to be presented on a client device using the synchronized data. In some arrangements, the extracted, analyzed, and/or selectively stored data may include one or more application shortcuts, one or more documents, one or more registry keys, one or more personalization settings, or one or more layout settings. Additionally or alternatively, the remote desktop may be associated with a first operating system, and the native desktop may be associated with a second operating system different from the first operating system.

Abstract: Systems and methods of propagating maximum segment size and path maximum transmission unit of network paths between an intermediary device of a cluster with a plurality of destinations are described. A first core of a node including multiple cores and intermediary to a client and a plurality of servers may receive a response to a packet transmitted to a destination indicating that the packet has a size greater than a MTU of a network path between the node and a destination. The first core identifies the MTU of the network path and determines that the identified MTU is different than an MTU used by the first core. The first core replaces the MTU stored in an entry corresponding to the destination in a PMTU table maintained with the identified MTU. The first core transmits, to other cores of the node, the identified MTU to update each core's PMTU table.

Abstract: The present disclosure is directed towards systems and methods for application performance measurement. A device may receive a first document for transmission to a client, comprising instructions for the client to transmit a request for an embedded object. A flow monitor executed the device may generate a unique identification associated with the first document, the unique identification identifying a first access of the first document, and transmit the first document and unique identification to the client. The device may receive, from the client, a request for the embedded object comprising the unique identification, and transmit, to a server, the request for the embedded object at a transmit time. The device may receive, from the server, the embedded object at a receipt time, and may transmit a performance record comprising an identification of the object, the server, the transmit time, the receipt time, and the unique identification to a data collector.

Abstract: This disclosure is directed to systems and methods for handling the processing of a next protocol negotiation extension for a transport layer security (TLS) session. A device, intermediary to a client and a server, may receive a client hello message from the client in a handshake to establish a transport layer security (TLS) session with the server. The client hello message may include a next protocol negotiation extension. The device may include a first TLS processor that is software based and a second TLS processor that is hardware based. The device may determine that the client hello message includes the next protocol negotiation extension. The device may establish, responsive to the determination, the TLS session using the first TLS processor. The device may process, upon establishment of the TLS session using the first TLS processor, encrypted data for the TLS session using the second TLS processor.

Abstract: The present application is directed towards invalidating (also referred to as poisoning) ASDR table entries that are determined to be inaccurate because of changes to a multi-node system. For example, when a node leaves or enters a multi-node system, the ownership of the entries in the ASDR table can change thus invalidating cached and replica entries. More specifically, the system and methods disclosed herein include searching an ASDR table for cached entries responsive to the system determining the multi-node system has changed. After finding a cached entry, the system may determine if the entry should be poisoned. The decision to poison the entry may be responsive to the creation time of the entry, the time when the change to the multi-node system occurred, and in the case of a replica, the owner of the replica's position in a replication chain relative to source of the replica.

Abstract: The systems and methods of the present solution are directed to collecting log information from multiple nodes in a multi-nodal cluster. Generally, a logging process runs to collect log information from multiple nodes in a multi-nodal cluster, e.g., a cluster of appliances. The logging process collects the log information and merges the collected log information to create a coherent unified log. The logging process may run on a node designated for the purpose. The designated node may be internal or external to the cluster. The logging process determines a topology for the cluster, establishes a communication channel with each active intermediary device identified in the topology, collects log entries from each active intermediary device, each log entry comprising information on network traffic traversing the respective intermediary device, and merges the collected log entries into a unified cluster log comprising information on network traffic traversing the cluster.

Abstract: For multiple multi-core nodes in a cluster, the filtered statistics clients contacts the aggregator on a master node of the cluster, referred to as the cluster configuration owner (“CCO”) or cluster coordinator and expects the stats aggregated from all the cluster nodes. The aggregator on the CCO nodes relay the client request to packet engines on the CCO node and to an aggregator on each of the other nodes in the cluster. Then the CCO node aggregator gets responses from other cores on the node and responses from all other cluster node aggregators. The CCO node aggregator aggregates the responses and sends back the aggregated response to the clients. Communication between nodes is via a static authenticated communication channel.

Abstract: The present invention is directed towards systems and methods for managing one or more SSL sessions. A first node from a cluster of nodes intermediary between a client and a server may receive a first request from the client to use a first session established with the server. The first request may include a session identifier of the first session. The first node may determine that the first session is not identified in a cache of the first node. The first node may identify, via a hash table responsive to the determination, an owner node of the first session from the cluster using a key. The key may be determined based on the session identifier. The first node may send a second request to the identified owner node for session data of the first session. The session data may be for establishing a second session with the server.

Abstract: The present application is directed towards using a distributed hash table to track the use of resources and/or maintain the persistency of resources across the plurality of nodes in the multi-node system. More specifically, the systems and methods can maintain the persistency of resources across the plurality of nodes by the use of a global table. A global table may be maintained on each node. Each node's global table enables efficient storage and retrieval of distributed hash table entries. Each global table may contain a linked list of the cached distributed hash table entries that are currently stored on a node.

Abstract: The present application is directed towards systems and methods of hunting for a hash table entry in a hash table distributed over a multi-node system. More specifically, when entries are created in an ASDR table, the owner node of the entry may replicate the entry onto a non-owner node. The replica can act as a backup of the ASDR table entry in the event the node leaves the multi-mode system. When the node returns to the multi-node system, the node may no longer have the most up to date ASDR table entries, and may hunt to find the existence of the value associated with the entry. Responsive to receiving a request for an entry that may be outdated on the node, the node sends a request down a replication chain for an updated copy of the ASDR table entry from one of the replicas. Responsive to receiving the replica copy of the entry, the node responds to the client's request for the entry.

Abstract: The present disclosure is directed generally to systems and methods for changing an application layer transaction timeout to prevent Denial of Service attacks. A device intermediary to a client and a server may receive, via a transport layer connection between the device and the client, a packet of an application layer transaction. The device may increment an attack counter for the transport layer connection by a first predetermined amount responsive to a size of the packet being less than a predetermined fraction of a maximum segment size for the transport layer connection. The device may increment the attack counter by a second predetermined amount responsive to an inter-packet-delay between the packet and a previous packet being more than a predetermined multiplier of a round trip time. The device may change a timeout for the application layer transaction responsive to comparing the attack counter to a predetermined threshold.

Abstract: Methods and systems for providing congestion control to a transport control protocol implementation are described. A device detects that there is a congestion event on a transport control protocol (TCP) connection of the device. The device determines that a bandwidth estimate is lower than half a current value of a slow start threshold for the TCP connection. In response to the determination, the device changes the slow start threshold to half of the current value of the slow start threshold for the TCP connection. The bandwidth estimate can be the product of the eligible rate estimate and the minimum round trip time. In some implementations, the transport control protocol implementation is a TCP Westwood implementation.

Abstract: The present application is directed towards ASDR table contract renewal. In some embodiments, a core may cache an ASDR table entry received from an owner core such that when the entry is needed again the core does not need to re-request the entry from the owner core. As storing a cached copy of the entry allows the non-owner core to use an ASDR table entry without requesting the entry from the owner core, the owner core may be unaware of an ASDR table entry's use by a non-owner core. To ensure the owner core keeps the ASDR table entry alive, which the non-owner core has cached, the non-owner core may perform contract renewal for each of its recently used cached entries. The contract renewal method may include sending a message to the owner core that indicates which cached ASDR table entries the non-owner core has recently used or accessed. Responsive to receiving the message the owner core may reset a timeout period associated with the ASDR table entry.

Abstract: The present application is directed towards systems and methods for configuring and applying autoscaling to a service group of an intermediary device for a domain based server. All the IP addresses resolved by the domain name of the server and that are determined as up will automatically become members of the service group. The resolver monitor will resolve the server's domain name based on the TTL (Time to Live) value in the address record or whenever the appropriate command is executed.

Abstract: The present application is directed towards systems and methods for providing monitoring in a cluster system. The systems and methods distribute the monitors for a service and the ownership of a service across a cluster system comprising a plurality of nodes. The nodes in the cluster can be configured to have different sets of virtual servers (sometimes referred to as “vservers”) and services. The ownership and monitoring of the services can be distributed among all the nodes in the cluster. The system can identify a service in a cluster system and identify a master node that has ownership of the service. The master node can transmit a service status update to other nodes in the cluster system.

Abstract: The present solution relates to systems and methods for capturing and consolidating packet tracing in a cluster system. A multi-nodal cluster processing network traffic contains multiple nodes each handling some of the processing. A node may initially receive a flow and transfer processing of the flow to another node for processing. A flow may therefore pass from one node to another, from two nodes to many nodes. In some instances, it is helpful to generate a trace of a flow. For example, in debugging a network communication flow, a trace of the flow through the cluster can be helpful. Each node has a packet engine (“PE”) which processes data packets and can, when trace is enabled, generate a trace file for the packets processed at the respective node.

Abstract: The present solution is directed to systems and methods for synchronizing a random seed value among a plurality of multi-core nodes in a cluster of nodes for generating a cookie signature. The cookie signature may be used for protection from SYN flood attacks. A cluster of nodes comprises one master node and one or more other nodes. Each node comprises one master core and one or more other cores. A random number is generated at the master core of the master node. The random number is synchronized across every other core. The random number is used to generated a secret key value that is attached in the encoded initial sequence number of a SYN-ACK packet. If the responding ACK packet does not contain the secret key value, then the ACK packet is dropped.

Abstract: Systems and methods of the present disclosure provide for caching, by a device intermediary to a client and a database, a result of a structured query language (SQL) query request. In some embodiments, the device intermediary to a plurality of clients and a database receives a SQL response from the database to a first SQL query request of a client of the plurality of clients. The device may maintain a cache of SQL responses from the database. The device may identify that the first SQL query request matches a rule of a policy for caching SQL responses from the database. The policy may include a cache action to take when the rule is matched. The device may perform, responsive to the policy, on the SQL response the cache action identified by the policy.

Abstract: The present solution allows users, such as administrators to configure slow start parameters for new services. These slow start parameters specify a rate at which requests should be given to a newly added or up service. The users can also chose to automatically increase the load in multiples of the chosen rate by specifying an increment interval. The services are given the configured rate for the interval, and once the interval is reached, the next multiple of the rate of requests is given. The increase of rate of requests is done automatically until an existing service request rate is reached. At that point in time this functionality is disabled and the existing and new services are treated the same.

Abstract: The present disclosure relates to methods and systems for dynamically changing an advertised window for a transport layer connection. A device can receive data from a server destined for an application. The device identifies the size of the application buffer corresponding to the application and advertises the application buffer size as a window size to the server. The device stores the data in the device memory. The device then determines the memory usage by comparing the memory usage to one or more predetermined thresholds. If the device determines that the memory usage is below a first predetermined threshold, the device can implement an aggressive dynamic receive buffering policy in which the device increases the advertised window size by a first increment. If the device determines that the memory usage is above the first threshold and below a second threshold, the device executes a more conservative dynamic receive buffering policy.