Abstract: A method, non-transitory computer readable medium and application manager computing device comprises obtaining at least one cryptographic key from a request by a client computing device for a user session. User information corresponding to a user is encrypted or decrypted using the cryptographic key. The request is authenticated based on encryption or decryption of the user information. The cryptographic key is deleted after the completion or termination of the user session.

Abstract: A method, computer readable medium, and network traffic management apparatus that accesses data in a compressed file system includes obtaining an original write request from a client computing device including at least object data. The object data is compressed into a plurality of compressed blocks. A mapping of each compressed block to a portion of the object data compressed therein is generated, wherein the portion of the object data compressed therein is represented in the mapping by a unique object identifier, a start offset, and a length. The compressed blocks and the mapping are stored in at least one data storage device. At least one data access request for at least a portion of the object data is serviced based on the mapping.

Abstract: Methods, systems, and devices are described for managing virtual network services provided to a network. Network services may be provided to a client network having a first network fabric at a self-contained network services system implementing a number of redundant instances of a network service application. The self-contained network services system may have a second network fabric. The second network fabric may be adapted to distribute network service tasks received from the client network which are associated with the network service application among the redundant instances of the network service application.

Abstract: A facility that for a multithreaded program executing on a root machine causes the threads of the program to be executed in a relative scheduling that produces an interesting result. The facility suspends execution of the program. The facility then tests a plurality of relative thread schedulings on one or more virtual machines and observes the result. Based upon the observed result the facility selects one of the tested relative thread schedulings. The facility then resumes execution of the program using the selected relative thread scheduling.

Abstract: A system, method, and apparatus are directed towards identifying adaptive length segments of redundant data for encoding a data structure. Initial boundaries are identified for an input matching segment within input data and for a candidate store matching segment in a synchronized store. The data prior to and after the boundaries are compared to identify matching data. As matching data is identified, at least one of the boundaries of the matching segments is revised. An encoded representation of the resulting input matching segment is then generated based in part on pointers and offsets into the synchronized store. A data structure is generated based on the encoded representation and unmatched portion, which is sent to a receiver. The receiver uses the data structure to extract matching data from the synchronized store, and together with the unmatched input data in the data structure, reconstruct the input data.

Abstract: A method and system for improving the security and control of internet/network web application processes, such as web applications. The invention enables validation of requests from web clients before the request reaches a web application server. Incoming web client requests are compared to an application model that may include an allowed navigation path within an underlying web application. Requests inconsistent with the application model are blocked before reaching the application server. The invention may also verify that application state data sent to application servers has not been inappropriately modified. Furthermore, the invention enables application models to be automatically generated by employing, for example, a web crawler to probe target applications. Once a preliminary application model is generated it can be operated in a training mode. An administrator may tune the application model by adding a request that was incorrectly marked as non-compliant to the application model.

Abstract: A method, non-transitory computer readable medium, and a system for communicating with networked clients and servers through a network device includes receiving a first network data packet destined for a first executing traffic management application of a plurality of executing traffic management applications operating in the network device. A first DMA channel is identified to allocate the received first network data packet. Further, the first network data packet is transmitted to the first traffic management executing application over the first identified DMA channel.

Abstract: A network device is arranged to perform frame chunking directed towards enabling fast video content starts on a client device. When a request for video content is received, characteristics of a connection to the client device, and the client device are used to determine a threshold bitrate that provides a defined amount of video content to the client device within a configurable amount of first play time. When a bitrate for the video content that satisfies the threshold bitrate is currently unavailable, then the first chunks or bytes of the video content may be optimized to satisfy the threshold bitrate. The optimized first chunks are then provided to the client device followed by the remaining video content at an available bitrate.

Abstract: Handling network data packets classified as being high throughput and low latency with a network traffic management device is disclosed. Packets are received from a network and classified as high throughput or low latency based on packet characteristics or other factors. Low latency classified packets are generally processed immediately, such as upon receipt, while the low latency packet processing is strategically interrupted to enable processing coalesced high throughput classified packets in an optimized manner. The determination to cease processing low latency packets in favor of high throughput packets may be based on a number of factors, including whether a threshold number of high throughput classified packets are received or based on periodically polling a high throughput packet memory storage location.

Abstract: The present invention disclose a system and method for mediating between signaling network peers of diameter type, where each peer is associated with different telecommunication service providers network or different application vendors.

Abstract: A system, method and machine readable medium for automated policy building in a policy module of a network traffic management device is disclosed. Parsed network traffic data is received at a policy builder of a network traffic management device. The received network traffic data is analyzed in accordance with one or more threshold conditions specified by a user, via a user interface, for an existing policy. The existing policy is modified by the policy builder if the one or more threshold conditions for the network traffic have been met.

Abstract: Embodiments are directed to providing access to a resource over a network. A client device may request access to a server. An application may be provided to the client device. The application may cause control of the client device to be switched from a first desktop to a secure desktop. The secure desktop may be configured to restrict applications access to within the secure desktop. An indication of the resource on the server to map to may be received at the client device. The indicated resource may be mapped onto a file system on the client device. Mapping may comprise using a remote file access protocol, using DLL injection, or adding a kernel module to an operating system on the client device. The mapped resource may be constrained to be accessed through the secure desktop.

Abstract: A method, computer readable medium, and application delivery controller apparatus for content inlining includes obtaining content from one or more servers as requested by one or more clients, obtaining external content from the one or more servers as referenced by one or more external references included in the requested content, modifying the requested content to include at least one of the external content, and servicing the client request by communicating the modified requested content.

Abstract: A system and method for improving TCP performance in a L2 tunneling environment by snooping TCP/IP packets from the tunnel interface, terminating TCP locally and proxying TCP data in separate TCP connections. In particular, the system and method detects an encapsulated outgoing packet utilizing a Layer 2 tunneling protocol, processes a Point to Point Protocol layer in the outgoing packet to establishing Layer 2 tunneling protocol for a connection. The system and method also removes the Point to Point Protocol layer from the outgoing packet and inspects the outgoing packet for TCP information in the packet. The system and method forwards the outgoing packet to a locally driven application protocol path if TCP information is present, wherein the outgoing packet is encapsulated in association with the application protocol path.

Abstract: A system and method of idle driven scheduling in a network device is disclosed. An interrupt signal is received from a timer, wherein a network processing component of a network device awakes from sleep mode of a first sleep duration for a first cycle upon receiving the interrupt signal. Load information of a computer processing unit in the network device for the first cycle is determined. A second sleep duration is selected for the network processing component in a second cycle based on the load information, wherein the second sleep duration is different from the first sleep duration. The timer is then instructed to send the interrupt signal to the network processing component at an expiration of the second sleep duration.

Abstract: A program code data structure is described. The data structure contains substantive code of a multithreaded computer program that includes a plurality of communicating instructions that effect communication between threads. The data structure further contains, at each of one or more points in the substantive code, an indication that, when the computer program is being executed, one or more communicating instructions that are in a selected relationship with the indication should be executed by any thread that reaches the point in a particular order relative to execution of one or more other communicating instructions by other threads. The contents of the data structure may be used to determine an order in which to execute communicating instructions.

Abstract: A system, apparatus, and method are directed to managing an ordered page flow browsing of a website. As a request is received for a webpage on the website, a referrer is examined. If the referrer indicates that the request is from another website, the request may be redirected to a pre-selected webpage on the website. In addition, a cookie may be generated that includes, in part, the request and a secret. The request and rotating secret may also be encrypted. The cookie may then be provided along with a response to the request. When another request is received with the cookie, the cookie may be compared, in part, with the referrer and the secret to determine if the request is from an ordered page within the website. If it is not, the request may be redirected to the pre-selected webpage, thereby enforcing orderly page flow browsing.

Abstract: A system and method of idle driven scheduling in a network device is disclosed. An interrupt signal is received from a timer, wherein a network processing component of a network device awakes from sleep mode of a first sleep duration for a first cycle upon receiving the interrupt signal. Load information of a computer processing unit in the network device for the first cycle is determined. A second sleep duration is selected for the network processing component in a second cycle based on the load information, wherein the second sleep duration is different from the first sleep duration. The timer is then instructed to send the interrupt signal to the network processing component at an expiration of the second sleep duration.

Abstract: Embodiments are directed towards providing protection to DNS servers against DNS flood attacks by causing a requesting device to perform multiple DNS lookup requests for resolving a resource record. A request from a network device for a resolution of a domain name may be received by a device interposed between the requesting network device and a DNS server. Upon receiving the request to resolve the domain name, the interposed device may respond with a CNAME that includes a cookie. The requesting device may then send another request that includes the cookie preceded CNAME. The interposed device may then validate the returned cookie returned in the CNAME and if valid, forward the domain name resolution request on to a DNS server. The response may then be forwarded to the requesting device.

Abstract: A method and apparatus for handling packets received from a server over a network based upon quality of network service on DMA channels includes inspecting a packet received by a network device, classifying the inspected packet with the network device based on one or more class of service identifiers in the packet, assigning with the network device the classified packet to one of a plurality of DMA rings associated with a DMA channel based on the one or more class of service identifiers in the packet, and moving the assigned packet to a host memory based upon the assigning.