Abstract: Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection.

Abstract: Systems and methods that integrate social media applications having social media communities of like-minded users with other applications, such as enterprise applications, are described herein. A user may join one or more of the social media communities based on a variety of factors, including applications the user uses or plans to use, user type (e.g., end-user, administrator, etc.), the user's level of expertise, and/or the type of activities that the user plans to perform in one or more applications. A user's actions within or using one or more applications may be monitored. In response to detecting performance of a monitored action, a description of the user's action may be published to other users in the social media community, the user may be paired with one or more social media communities, and/or recommendations for resources related to the detected action may be provided to the user. Recommendations may also be provided based on posts made by the user in the social media community.

Abstract: At least a method and a system for migrating a plurality of endpoint computing devices of an organization are described herein. User applications, data, and settings are migrated from a plurality of endpoint computing devices of the organization into a client server operating environment employing a thin client implementation. A server may execute software for deploying the thin client implementation. By way of creating a personalized virtualization disk for each endpoint computing device, migration to a thin client virtualized desktop implementation may be easily performed by the organization without modification, change, or loss of user installed applications, personalized settings, and user data.

Abstract: Systems and methods that integrate social media applications having social media communities of like-minded users with other applications, such as enterprise applications, are described herein. A user may join one or more of the social media communities based on a variety of factors, including applications the user uses or plans to use, user type (e.g., end-user, administrator, etc.), the user's level of expertise, and/or the type of activities that the user plans to perform in one or more applications. A user's actions within or using one or more applications may be monitored. In response to detecting performance of a monitored action, a description of the user's action may be published to other users in the social media community, the user may be paired with one or more social media communities, and/or recommendations for resources related to the detected action may be provided to the user. Recommendations may also be provided based on posts made by the user in the social media community.

Abstract: The present invention is directed towards systems and methods for establishing and applying a policy group to control a user's access to an identified resource. A policy group representing an aggregate of one or more access configurations for a user to access one or more identified resources may be established via a policy manager. The policy group may include a login point component representing an entry point to access the identified resource. The login point may be configured via the policy manager to specify a uniform resource locator for the entry point. One or more authentication and authorization methods may be selected for the login point component. The device may receive a request to access the uniform resource locator. The device may initiate the policy group for evaluation. The device may initiate, with the user, one or more authentication and authorization methods specified by the login point component.

Abstract: A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two or more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.

Abstract: Systems and methods for reducing file sizes for files delivered over a network are disclosed. A method comprises receiving a first file comprising sequences of data; creating a hash table having entries corresponding to overlapping sequences of data; receiving a second file comprising sequences of data; comparing each of the sequences of data in the second file to the sequences of data in the hash table to determine sequences of data present in both the first and second files; and creating a third file comprising sequences of data from the second file and representations of locations and lengths of said sequences of data present in both the first and second files.

Abstract: The present disclosure presents systems and methods for maintaining original source and destination IP addresses of a request while performing intermediary cache redirection. An intermediary receives a request from a client destined to a server identifying a client IP address as a source IP address and a server IP address as a destination IP address. The intermediary transmits the request to a cache server, the request maintaining original IP addresses and identifying a MAC address of the cache server as the destination MAC address. The intermediary receives the request from the cache server responsive to a cache miss, the received request maintaining the original source and destination IP addresses. The intermediary identifying that the third request is coming from the cache server via one or more data link layer properties of the third transport layer connection.

Abstract: Virtual machines, virtualization servers, and other physical resources in a cloud computing environment may be dynamically configured based on the resource usage data for the virtual machines and resource capacity data for the physical resources in the cloud system. Based on an analysis of the virtual machine resource usage data and the resource capacity data of the virtualization servers and other physical resources in the cloud computing environment, each virtual machine may be matched to one of a plurality of virtualization servers, and the resources of the virtualization servers and other physical resources in the cloud may be reallocated and reconfigured to provide additional usage capacity to the virtual machines.

Abstract: The present disclosure features methods and systems for updating a taskbar, generated and displayed by a local computer, with a user interface element representative of a remote application executing on a remote computer and application output generated by the remote application. These methods and system include a local client receiving application output generated by a remote application and remote window configuration information, generating an application output window comprising local taskbar grouping configuration information, and updating a taskbar responsive to the local taskbar grouping configuration information.

Abstract: Methods for providing layered gear mechanism to enable optimal transmission of data packets includes identifying types of data that are scheduled for transmission over a network. Data packets are generated at different depths for a particular type of data identified for transmission, wherein the data packets are generated at a source. The data packets of different depths are transmitted in different layers over a network, to a destination, wherein each layer of data packets corresponds to a specific depth. Response for the data packets transmitted in each layer is collected from the network as the data packets progress along the network. The response is analyzed to identify network transmission characteristics for each layer. A depth is selected for transmitting subsequent data packets for the particular data type based on the network transmission characteristics obtained through the analysis.

Abstract: The present disclosure is directed towards systems and methods for compressing messages, such as Short Message Service (SMS) or text messages between fixed or mobile devices through communications networks. The data of, for example, SMS messages is compressed and forwarded through a communication network to an appliance having a processing unit. The appliance decompresses the message and controls its delivery through network communication devices, where the decompressed SMS message is forwarded to its destination.

Abstract: A network optimization engine can be used to optimize the transmission of network traffic by employing means to prioritize highly compressed network traffic over other network traffic. The network optimization engine accomplishes network traffic optimization by calculating a compression ratio for received data packets and determining whether the calculated compression ratios exceed a compression ratio threshold. The predetermined compression ratio threshold can be a hard coded value or an empirically determined compression ratio threshold that is calculated using a sample of the received network packets. Network packets having a compression ratio that exceeds the compression ratio threshold are classified as highly compressed network traffic and transmitted according to a transmission scheme that is different than a transmission scheme used to transmit non-highly compressed network traffic.

Abstract: The present application is related methods to monitor a state of one or more components of a remote access server farm by an intermediary to distinguish between operating and functional components and improve farm availability for user application requests. The intermediary may be deployed between a client and the remote access server farm and forwards client requests to functional components of the remote access server farm.

Abstract: The present disclosure is directed towards systems and methods for validating a configuration across a cluster of intermediary devices. Within the cluster, a configuration change is entered at one node and propagated to the remaining nodes of the cluster. Before propagation, the new configuration is validated. The systems and methods include creating, on a first intermediary device, a configuration to be propagated to a plurality of routing daemons; executing, by a validation module of the first intermediary device, the configuration on a plurality of pseudo routing daemons, each pseudo routing daemon of the plurality of pseudo routing daemons corresponding to the routing daemon of a corresponding intermediary device of the cluster; and determining from results of executing the second configuration whether to propagate the second configuration to each routing daemon.

Abstract: Leveraging an established authenticated session in obtaining authentication to a client application includes receiving a request for access to a client application requiring authentication of a requestor and determining whether there exist characteristics of leverageable authentications corresponding to established sessions having an authenticated state at a time of the determination. When the determination reveals characteristics of at least one leverageable authentication corresponding to an established session, and attempt is made to obtain access for the requestor to the client application based on the at least one leverageable authentication, and the requestor is provided with a notification related to the 1 attempt to obtain access for the requestor to the client application.

Abstract: Systems and methods of storing previously transmitted data and using it to reduce bandwidth usage and accelerate future communications are described. By using algorithms to identify long compression history matches, a network device may improve compression efficiently and speed. A network device may also use application specific parsing to improve the length and number of compression history matches. Further, by sharing compression histories, compression history indexes and caches across multiple devices, devices can utilize data previously transmitted to other devices to compress network traffic. Any combination of the systems and methods may be used to efficiently find long matches to stored data, synchronize the storage of previously sent data, and share previously sent data among one or more other devices.

Abstract: One aspect of the preferred embodiment relates to an application framework for managing mobile clients and application programs. By utilizing the preferred embodiment, a system administrator may be provided the capability to manage and control multiple devices, directly and indirectly, using push (server-initiated) and/or pull (client-initiated) techniques from a single location. Additionally, the preferred embodiment may be utilized to back up and securely store information on the mobile clients, identify device usage and to deliver files and databases to the mobile clients.

Abstract: The virtual Server (vServer) of an intermediary device deployed between a plurality of clients and services supports parameters for setting maximum segment size (MSS) on a per vServer/service basis and for automatically learning the MSS among the back-end services. In case of vServer/service setting, all vServers will use the MSS value set through the parameter for the MSS value set in TCP SYN+ACK to clients. In the case of learning mode, the backend service MSS will be learnt through monitor probing. The vServer will monitor and learn the MSS that is being frequently used by the services. When the learning is active, the intermediary device may keep statistics of the MSS of backend services picked up during load balancing decisions and once an interval timer expires, the MSS value may be picked by a majority and set on the vServer. If there is no majority, then the highest MSS is picked up to be set on the vServer.

Abstract: A technique manages an electronic conference. The technique involves receiving a set of audio signals from a set of participants of the electronic conference, each audio signal being received from a respective participant. The technique further involves categorizing the set of audio signals received from the set of participants, each audio signal being individually categorized as currently representing (i) intentional participant sound or (ii) unintentional participant sound. The technique further involves controlling operation of the electronic conference based on the categorized set of audio signals.