Abstract: Provided herein are systems and methods for providing insights or metrics in connection with provisioning applications and/or desktop sessions to end-users. Network devices (e.g., appliances, intermediary devices, gateways, proxy devices or middle-boxes) can gather insights such as network-level statistics. Additional insights (e.g., metadata and metrics) associated with virtual applications and virtual desktops can be gathered to provide administrators with comprehensive end-to-end real-time and/or historical reports of performance and end-user experience (UX) insights. Insights relating to an application or desktop session can be used to determine and/or improve the overall health of the infrastructure of the session, Citrix Virtual Apps and Desktops, the applications (e.g., remote desktop application) being delivered using the infrastructure, and/or the corresponding user experience.

Abstract: A method includes retrieving, by a workspace client on a computing device, a first set of resource associations from a workspace server. The first set of resource associations identify one or more data file-types executable by each application on a virtualization server. The method also includes generating, by the workspace client, from the first set of resource associations, a second set of resource associations. The second set of resource associations identify a subset of applications on the virtualization server operable to perform operations on each of the one or more data file-types. The method further includes obtaining, by a storage provider client on the computing device, the second set of resource associations. The storage provider client is configured to enable one or more applications on the virtualization server to execute at least one data file accessible from a storage provider.

Abstract: Data is received characterizing a virtual resource requirement for deployment of a resource in a first remote computing environment and/or a second remote computing environment. Second data is received characterizing resource cost for the first remote computing environment and the second remote computing environment. The receiving the second data includes accessing, via an application programming interface of the first remote computing environment and based on an account identity of an entity associated with the virtual resource requirement, the second data characterizing computing resource cost for the first remote computing environment. A first cost for deploying the resource within the first remote computing environment and a second cost for deploying the resource within the second remote computing environment is predicted using the received data. The first cost and the second cost is provided. Related apparatus, systems, techniques and articles are also described.

Abstract: Described embodiments provide systems and methods for monitoring server utilization and reallocating resources using upper bound values. A device can determine a value indicative of an upper bound of a processing load of a server using data points detected for the processing load over a first range of time. The upper bound can correspond to a percentage of the processing load during the first range of time. The device can monitor, using the value, the processing load of the server over a second range of time. A determination can be made whether the value of the processing load is greater than a threshold during the second range of time. The device can generate an alert for the device responsive to a comparison of the value of the processing load to the threshold.

Abstract: Described embodiments provide a method, computer program product, and computer system for receiving, by a computing device, first and second images of an application, the first image indicative of no input data present within input fields of the application, and the second image being received after input data is present within at least one input field of the application. The input data of the second image may be identified based upon, at least in part, a comparison with the first image. The identified input data of the second image may be provided into the input field of the application after restart of the application so as to prevent loss of the input data.

Abstract: A computer system to track and enhance performance of a virtual workspace system is provided. The computer system receives requests to profile phases of a distributed process executed by hosts coupled to one another via a network. Each of phase includes operations executed by processes hosted by the hosts. Each of phase either starts with receipt of a request via a user interface of a virtualization client or ends with provision of a response to the request via the user interface. The computer system identifies event log entries that each include an identifier of an event marking a start or an end of one of the operations, constructs a performance profile based on the event log entries, and transmits the performance profile to the user interface.

Abstract: A computer system to establish a connection between a client device and a server device is provided. The computer system includes a gateway device that receives a message from the client device. The message includes a connection request and authentication information. The gateway device extracts the authentication information and the connection request from the message. The gateway device authenticates the client device, based on the authentication information. Subsequently, the gateway device transmits the connection request to the server device. Thereafter, the gateway device acts as a transparent proxy between the client and server devices, while the client and server devices engage in a handshake process to establish the connection between the client and server devices.

Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.

Abstract: Described embodiments provide systems and methods for resource appropriation in a multi-tenant environment using risk and value modeling. A resource server can provide a plurality of applications access to a plurality of resources in response to requests from clients based in part on risk scores and value scores. The resource server can generate and execute a risk model and a value model to determine a risk score and a value score for each of the applications. The resource server can use the risk and value scores to determine access to a particular resource for a requested application. The resource server can assign a first allocation of resource tokens to an application. The resource tokens can correspond to access privileges to plurality of resources. The resource server can dynamically modify the resource allocation for applications responsive to changes to a risk score or value score of a respective application.

Abstract: Methods and systems for changing communication paths in a network based on predicted Quality of Experience metrics are described herein. Computing devices in a network may communicate via one or more communication paths and using one or more applications. One or more Quality of Experience metrics may be determined for the one or more applications. Network metrics for the network may be measured and, based on one or more Quality of Service policies for the network, predicted Quality of Experience metrics may be determined using, e.g., a model network. A communication path recommendation may be output based on the predicted Quality of Experience metrics. For example, the recommendation may cause an application to change from a first communication path to a second communication path.

Abstract: Methods and systems for providing a cost effective and robust security solution for shared files stored by file sharing software solutions are described herein. The methods and systems for generating a ledger associated with shared files, which may include scanning data received from applications associated with a number of client devices and from a cloud based scanner. An access manager may control file permissions granted to users based on requests for scan data from each user device requesting access to a shared file. A plurality of different scanning applications may provide data that is collected for each shared file to provide a diverse analysis of a shared file to increase user confidence in a file security status.

Abstract: Secure communications between services or components of a cloud computing system, are facilitated by generating at a first service provided by a first computing entity of a cloud computing system, a request for computing resources, generating at the first computing entity a digital data signature based at least on the request, using a private key associated with the first service; and inserting the digital data signature within an HTTP header associated with the request. A computer data network is used to communicate the request to a second service. The second service extracts the digital data signature and uses a public key to validate the digital data signature.

Abstract: A computing device may include a memory and a processor cooperating with the memory to generate data to correct errors in transmission of packets to a client device based upon a ratio of a first bandwidth in which to transfer content of a buffer and a second bandwidth in which to transfer the generated data, the packets to transfer the content and the generated data to the client device via a channel. The processor may further adjust the ratio based upon a parameter of the channel, and send the content of the buffer and the generated data via packets and through the channel to the client device based on the adjusted ratio.

Abstract: Disclosed embodiments describe systems and methods for predicting health of a link. A device in communication with a link can identify profile information of a stream of network traffic traversing the link. The device can determine a first prediction of health of the link by applying one or more rules to the plurality of parameters of the profile information. The device can determine a second prediction of health of the link by applying a classifier to one or more timed sequences of the plurality of parameters of the profile information. The device can establishes a respective weight for each of the first prediction of health and the second prediction of heath. The device can select, using the respective weight, between the first prediction of health and the second prediction of health to provide a predictor of the health of the link.

Abstract: Described embodiments provide systems and methods for resource scaling. A computing device may include a data processor. The data processor may receive, from a distributed database service (DDS), usage data on resource request-units from a plurality of services that use resources provided by the DDS. The computing device may include a transform agent. The transform agent may transform at least a subset of the N sets of data, into at least three transformed datasets each corresponding to a different frequency range. The computing device may include a predictor. The predictor may provide a predicted value of request-units according to the at least three transformed datasets. The predictor may request the DDS to provide the resources up to a number of request-units at a given time instance according to the predicted value.

Abstract: Methods and systems for detecting and/or synchronizing browsing session navigation between one or more browsers are described herein. A browser window associated with a browser application executing at a server device may be displayed at a client device. An instance of a local browser window may execute at the client device, and a page comprising content may be displayed via the instance of the local browser window. Commands to navigate to a different page may be issued to either browser, and the commands may be synchronized between the browsers.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to extract, from a website vulnerability scanner log, a uniform resource locator (URL) and a vulnerability score and vulnerability classification associated with the URL. The at least one processor is further configured to generate an application vulnerability graph comprising connected nodes that are associated with a field of the URL. The nodes are labeled to indicate the associated field of the URL and color coded based on the vulnerability score. The nodes are also associated with the vulnerability classification. The at least one processor is further configured to enable or disable security protection against a user-selected vulnerability classification of a user-selected node by generating web application firewall security rules and/or web application firewall relaxation rules.

Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.

Abstract: A server may include a memory and a processor configured to cooperate with the memory to provide access to shared applications by a client computing device, extract text displayed by the shared applications on the display while the shared applications are being used by the client computing device, associate the extracted text with actions initiated by the client computing device in a relational database after displaying respective text on the display, and weight the extracted text within the relational database. The processor may further determine a suggested action to perform based upon text subsequently displayed on the display and the relational database, generate an overlay to be displayed on the display including the suggested action, and change a weighting associated with the extracted text in the relational database based upon a response to the suggested action included in the overlay by the at least one client computing device.

Abstract: Disclosed is a computing system capable of performing a method that involves determining that a first user is authorized to use each of a first device and a second device to access the computing system. The computing system may receive, from the first device, a file transfer request that identifies a first file, and may determine, based at least in part on the file transfer request, that the first file is to be transferred between the computing system and the second device. In response to the file transfer request and based at least in part on the first user being authorized to use each of the first and second devices to access the computing system, the computing system may cause the first file to be transferred between the computing system and the second device.