Abstract: A method, system, and apparatus are directed towards selectively compressing data for transmission over a network. In one embodiment, a sending network device and receiving network device negotiates different compression modes to communicate data between them. An initial compression mode may be selected based on a network bandwidth. The sending network device then reads data, and compresses using the selected compression mode. The compressed data may then be written out. Ratios of compression and the write times are then employed to selectively adjust the compression mode for subsequent data compressions. In one embodiment, a compression ratio is also employed to determine whether to employ the selected compression mode, or to reduce the level of compression by using a different compression mode. The receiving network device having received information about the selected compression mode, then employs that compression mode to decompress the received data.

Abstract: A system and method are directed to providing a sales channel registration system that allows sales deals to be managed. Aspects of the invention include a sales portal that receives information relating to sales deals, mechanisms for qualifying sales leads, and mechanisms for notifying sales partners, distributors, or a company of new information or changes in status relating to sales deals. One aspect of the invention determines when there may be potential conflicts, and performs actions to prevent such conflicts.

Abstract: A system and method for providing persistence in a secure network access by using a client certificate sent by a client device to maintain the identity of a target. A security handshake is performed with a client device to establish a secure session. A target is determined. A client certificate is associated with the target. During subsequent secure sessions, the client certificate is used to maintain persistent communications between the client and a target. A session ID can be used in combination with the client certificate, by identifying the target based on the session ID or the client certificate, depending on which one is available in a client message.

Abstract: Layer-7 application layer message (“message”) classification is disclosed. A network traffic management device (“NTMD”) receives incoming messages over a first TCP/IP connection from a first network for transmission to a second network. Before transmitting the incoming messages onto the second network, however, the NTMD classifies the incoming messages according to some criteria, such as by assigning one or more priorities to the messages. The NTMD transmits the classified messages in the order of their message classification. Where the classification is priority based, first priority messages are transmitted over second priority messages, and so forth, for example.

Abstract: A system, computer readable medium and method of load balancing of requests between Diameter-enabled network devices is disclosed. Processing occurs at a signal controller in communication with a first Diameter-enabled network device and a second Diameter-enabled network device, request handling capacity of at least the second Diameter-enabled network device. One or more tokens are allocated for inbound requests from the first Diameter-enabled network device to the second Diameter-enabled network device. The second Diameter-enabled network device is notified of the one or more allocated tokens for handling a corresponding number of requests from the first Diameter-enabled network device. Transmission of the corresponding number of requests from the first Diameter-enabled network device to the second Diameter-enabled network device is coordinated by the signal controller.

Abstract: A system and method for reducing latency when re-routing at least partial client communications from a first, active data center site to a second data center site due to a virtualization service disruption. Configuration data is imported from the first file virtualization device, wherein the configuration data represents object relationships and mapping information between components in the first data center site and the second data center site. An instruction is received for the back-up file virtualization device to begin handling at least one virtualization service that is disrupted at the first data center site. A most recent import of the configuration data is loaded for the one or more disrupted virtualization services and enabled such that the back-up file virtualization device performs the disrupted virtualization service with one or more storage devices in the second data center site using the at least a portion of the imported configuration data.

Abstract: A proxy (e.g., a switch) resides in a respective network environment between one or more clients and multiple servers. One purpose of the proxy is to provide the clients a unified view of a distributed file system having respective data stored amongst multiple remote and disparate storage locations over a network. Another purpose of the proxy is to enable the clients to retrieve data stored at the multiple servers. To establish a first connection between the proxy and a respective client, the proxy communicates with an authentication agent (residing at a location other than at the client) to verify a challenge response received from the client. When establishing a set of second connections with the multiple servers, the proxy communicates with the authentication agent to generate challenge responses on behalf of the client. The proxy facilitates a flow of data on the first connection and the set of second connections.

Abstract: A file switch, logically positioned between client computers and file servers in a computer network, distributes user files among multiple file servers using an aggregated directory mechanism. A hierarchical directory structure is created on the file servers and used to store metadata files, which store metadata for each user file to indicate where data files, containing portions of the user file, are stored. The file switch automatically spreads the data files and metadata files over a large number of distinct directories on multiple file servers, preventing large number of data files from being stored in a single directory on a single file server. In response to a directory enumeration request from a client computer, one or more directories of metadata files on one or more of the file servers are enumerated, instead of enumerating the data file that store the user file portions.

Abstract: A method, computer readable medium, and a system for reconstituting a virtual snapshot of files in a file virtualization system includes forming at a file virtualization device a virtual snapshot that includes a plurality of physical snapshots associated with one or more file storage devices participating in the virtual snapshot, receiving a request for performing an operation on one or more physical snapshots in the plurality of physical snapshots, providing the one or more physical snapshots in response to the request for performing the operation when the one or more physical snapshots exists in the virtual snapshot, and reconstituting the virtual snapshot by including the one or more physical snapshots to form a reconstituted virtual snapshot in response to the request for performing the operation when the one or more physical snapshots do not exist in the virtual snapshot.

Abstract: A method and apparatus for inserting and examining Cookies in the data streams of HTTP connections for the purpose of persistently directing HTTP connections to the same destination. A network device directs subsequent HTTP connections from the same client to the same server (destination) for accessing the requested resources. There are four modes for employing the Cookie to persistently direct HTTP connections. The associated mode inserts a Cookie that uniquely identifies the client into an HTTP response. The passive mode inserts Cookie information that uniquely identifies a previously selected destination into an HTTP response. In the rewrite mode, a network device manages the destination information that is rewritten over blank Cookie information generated by the destination producing the HTTP response. The insert mode inserts and removes Cookie information in the data packets for HTTP requests and response prior to processing by the destination.

Abstract: A method, system, machine-readable storage medium, and apparatus are directed towards upgrading a cluster by bifurcating the cluster into two virtual clusters, an “old” virtual cluster (old active cluster) and a “new” virtual cluster (new standby cluster), and iteratively upgrading members of the old cluster while moving them into the new cluster. While members are added to the new cluster, existing connections and new connections are seamlessly processed by the old cluster. Optionally, state mirroring occurs between the old cluster and the new cluster once the number of members of the old and new clusters are approximately equal. Once a threshold number of members have been transferred to the new cluster, control and processing may be taken over by the new cluster. Transfer of control from the old cluster to the new cluster may be performed by failing over connectivity from the old cluster to the new cluster.

Abstract: An apparatus is related to connection management for a communications network. A control component receives a data flow requesting a resource from a client, identifies the client, and determines when the data flow is unassociated with a connection to a requested resource. The control component selects a new content server for an unassociated resource request when either the identified client was previously unknown or the identified client has exceeded a maximum number of connections with a previously selected content server. The control component selects the previously selected content server when the identified client has not exceeded the maximum number of connections. A switch component is employed to maintain a connection between the client and the selected content server such that the client receives the requested resource. Utilizing cached connection information for up to “N” connections enhances the speed of connections between the client and the selected content server.

Abstract: A system, apparatus, and method are directed towards managing traffic over a network by imposing temporal delays in acknowledgments (ACKs). A Traffic Management Device (TMD), interposed between two network session end-points monitors a buffer of relayed packets. If the contents of the buffer exceed a threshold value, delays are imposed on sending of acknowledgements. If the buffer contents exceed the threshold, and the buffer's contents are increasing, the delays may be increased. If the buffer's contents are about at steady state, the acknowledgement delays may be decreased, or maintained at a current delay status. In one embodiment, if the sender is sending packets at a rate above a receiver's ability to receive the packets, and the sender appears not to be decreasing its rate of transmission, an explicit congestion notification echo (ECE) may be sent to the sender.

Abstract: The invention is directed to managing secure communications using a virtual meeting room (VR) through a firewall. The VR may operate as a virtual subnet managed by a VR server (VRS). A client requests a VR from the VRS. The VRS allocates the virtual subnet, and enables access to requested resources. The VRS provides information and authentication credentials to the client for distribution to other clients. The clients may use the provided information to authenticate to the VRS. In one embodiment, the VRS downloads to each client a virtual room client (VRC) application useable to connect to the VRS and establish a secure communications channel with the VRS and through the firewall. The secure communications channel may be used to communicate through the VRS directly to another client device, and/or broadcast messages to each client within the VR. Communications may be monitored for communication constraint compliance by the VRS.

Abstract: A method and system for caching content, such as content requested from a server on the World Wide Web. Requests for dynamic content are forwarded directly to a content server to avoid caching data that might only be used once. Requests for static content are forwarded to a hot or a regular cache depending on the frequency at which the content is requested. When a hot cache does not contain the content, it forwards the request to the forwarder which then forwards the request to a regular cache. When the regular cache does not contain the content, it requests the content from the forwarder which then forwards the request to a content server. There may be more than two layers of cache.

Abstract: A method, computer readable medium, and system for generating a unified virtual snapshot in accordance with embodiments of the present invention includes invoking with a file virtualization system a capture of a plurality of physical snapshots. Each of the physical snapshots comprises content at a given point in time in one of the plurality of data storage systems. A unified virtual snapshot is generated with the file virtualization system based on the captured plurality of the physical snapshots.

Abstract: A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.

Abstract: A memory system for ingress processing is arranged to access multiple banks in a time interleaved fashion. Each memory bank has an associated memory bank manager, which is arranged to track the contents and egress ports associated with data stored in the memory bank. Incoming data from ingress traffic is evaluated and segregated based on criteria. One of the memory banks is identified based on the criteria, and the incoming data is stored in the identified memory bank in the next available write cycle timeslot. Data constructs in the memory bank manager are updated to indicate the location and egress port associated with the stored data. The memory bank managers submit egress transmit bids to a master scheduler, which controls access to the memory banks. The memory banks are readout in interleaved fashion such that the effective average traffic arrival rate is increased and memory bandwidth requirements are reduced.

Abstract: A method, computer readable medium, and a system for communicating with networked clients and servers through a network device is disclosed. A first network data packet is received at a first port of a network device. The first network data packet is destined for a first executing application of a plurality of executing applications operating in the network device. The plurality of executing applications are associated with corresponding application drivers utilizing independent and unique direct memory access (DMA) channels. A first DMA channel is identified, wherein the first DMA channel is mapped to the first port and associated with a first application driver corresponding to the first executing application. The first network data packet is transmitted to the first executing application over the first identified DMA channel.

Abstract: Disclosed is a system and method for providing persistence in network access, by enhancing the likelihood that a gateway that is employed by a server array controller to send a client's message to a resource in another network outside of a local network behind the server array controller, is the same gateway employed by the resource for a responding message. In one embodiment, an outbound gateway is selected based on load-balanced gateways that have been enabled for automatic mapping of a source address to an available corresponding global Internet Protocol address. In another embodiment, multiple server array controllers are employed in a multi-active mode that enables multiple network address translation tables to be available in the event of a failover of one or more of the server array controllers.