Abstract: Securely transferring session credentials from a client-side traffic management device (TMD) to a second server-side TMD that replaces a first server-side TMD. A client-side TMD and the first server-side TMD have copies of secret data associated with an encrypted session between a client device and a server device. The first server-side TMD may be replaced with the second server-side TMD, which may not have the secret data. In response to a request to create an encrypted connection associated with the encrypted session, the client-side TMD encrypts the secret data using the server device's public key and transmits the encrypted secret data to the second server-side TMD. Using the server device's private key, the second server-side TMD decrypts the secret data and participates in the encrypted connection.

Abstract: A method, computer readable medium, and device that manages traffic in a multi-service environment including determining a self score for a front virtual service which is coupled to one or more inner virtual services. An aggregate score for the front virtual service is determined based on an aggregate score for each of the one or more inner virtual services and a number of connections between each of the one or more inner virtual services and the front virtual service. An advertised score for the front virtual service for load balancing is obtained based on the determined self score and the determined aggregate score.

Abstract: This technology discloses a controlling and steering device for maintaining national connection between a mobile device of a subscriber and a mobile network. The system comprises: a tracing module, a steering logic module and a communication module. The tracing module is configured to: (i) periodically sample a mobile device of a subscriber or a location of the mobile device; and (ii) check amount of data sent and received from the mobile device is below a specified threshold. The steering logic module is configured to determine if a national connection between a mobile device of a subscriber via a Mobility Management Entity (MME) and a mobile network via a Home Subscriber Server (HSS) is permitted and wherein the communication module is arranged to send and receive messages from HSS to MME and from MME to HSS.

Abstract: Creating a connection between one of a first plurality of computing devices in a primary chassis and one of a second plurality of computing devices in a failover chassis. A first plurality of buckets may be associated with the primary chassis, a second plurality of buckets may be associated with the failover chassis, where the first plurality of buckets may correspond to the second plurality of buckets. One of the first plurality of computing devices may be associated with one of the first plurality of buckets, and can create a connection with attributes such that a disaggregator in the failover chassis routes the connection to one of the second plurality of computing devices, wherein the one of the second plurality of computing devices may be associated with a bucket of the second plurality of buckets that corresponds to the one of the first plurality of buckets.

Abstract: Embodiments are directed towards managing network traffic that includes SSL secured NTLM acceleration. A Packet Traffic Management Computer (PTMC) may receive a challenge sent by a server computer before the challenge is provided to a client computer. After receiving the challenge from the server computer, the PTMC may generate a cookie that at least includes a session-ID that corresponds to the client computer. The PTMC may add the cookie to the challenge before the modified challenge is forwarded to the client computer. If response is received from the client computer and it includes the same cookie that was sent with the challenge. The session-ID may be extracted from the cookie and employed to determine which server computer should receive the message. If a server computer may be determined, the PTMC may forward the message to the determined server computer.

Abstract: A method, non-transitory computer readable medium and an multi-blade network traffic manager device that assists with aggregating per-session statistics on a clustered system includes receiving a request for a HTTP transaction. Presence of a cookie within the received request is determined. One or more actions is performed based on the determination of the presence of the cookie to prepare for aggregating session statistics within a clustered system. Session statistics information is aggregated upon performing the one or more actions and completing the request for the HTTP transaction.

Abstract: Methods, systems, and devices are described for managing virtual network services provided to a network. Network services may be provided to a client network having a first network fabric at a self-contained network services system implementing a number of redundant instances of a network service application. The self-contained network services system may have a second network fabric. The second network fabric may be adapted to distribute network service tasks received from the client network which are associated with the network service application among the redundant instances of the network service application.

Abstract: A method, computer readable medium, and apparatus for secure application delivery includes forming at a traffic management device a session identifier in response to a first request from a client device for access to a network application. The session identifier is encrypted for sending to the client device using a session variable formed by hashing at least one physical identifier associated uniquely with the client device in response to the first request. In a second request from the client device to access the network application, the encrypted session identifier is decrypted using an updated value of the session variable. The access to the network application is provided when the decrypted session identifier matches the formed session identifier, and denied when the decrypted session identifier does not match the formed session identifier.

Abstract: A network traffic management cluster, medium and method is disclosed. The cluster includes a plurality of network traffic management devices, a backplane switch coupled to the network traffic management devices. A network traffic management device of the plurality includes a network interface and a hardwire failover switch. The switch has a primary bus coupled to the network interface and a secondary bus coupled to the backplane switch. The switch passes network traffic to the network interface via the primary bus when the network traffic management device is operational. The switch automatically redirects the network traffic to the backplane switch via the secondary bus when the network traffic management device experiences a failure. The backplane switch redistributes the redirected network traffic to one or more other network traffic management devices in the cluster.

Abstract: A system and method for preventing web scraping which includes receiving a request between a web client and a web server for the web client to receive web content. A client side language script is injected into a response to be sent to the requesting web client, wherein the client side language script contains an event listener to detect a keystroke and/or a mouse movement at the web client. Information is collected from the client side language script relating to whether the keystroke and/or the mouse movement were detected. The web client is selectively allowed to access the web server to receive the web content based on the collected information.

Abstract: A method, system, and apparatus are directed towards managing content over a network. A request from a requestor for a resource is received over the network. The request may include a request for resource identified by a Network Resource Identifier (NRI). The request may also include Systems Interconnection (OSI) level 2-7 data. Characteristics of the requestor are determined based on the request. The characteristics are mapped onto a label. A unique key is generated based on the request, the characteristics, and/or the label. A version of the resource to cache is determined based on the request, the characteristics, the label, and/or the unique key. The version of the resource is cached based on the unique key.

Abstract: A system, computer readable medium and method of load balancing of requests between Diameter-enabled network devices is disclosed. Processing occurs at a signal controller in communication with a first Diameter-enabled network device and a second Diameter-enabled network device, request handling capacity of at least the second Diameter-enabled network device. One or more tokens are allocated for inbound requests from the first Diameter-enabled network device to the second Diameter-enabled network device. The second Diameter-enabled network device is notified of the one or more allocated tokens for handling a corresponding number of requests from the first Diameter-enabled network device. Transmission of the corresponding number of requests from the first Diameter-enabled network device to the second Diameter-enabled network device is coordinated by the signal controller.

Abstract: A method, non-transitory computer readable medium, and network traffic management apparatus that selects a first one of a plurality of Short Message Service Center (SMSC) servers based on a load balancing decision in response to an external short messaging entity (ESME) SMPP request message received from a first one of a plurality of ESMEs. A first sequence number is generated for the ESME SMPP request message. The first sequence number is stored in a first entry of a mapping table as associated with a sequence number included in the ESME SMPP request message and an indication of the first one of the plurality of SMSC servers. The sequence number included in the ESME SMPP request message is replaced with the first sequence number. The ESME SMPP request message is sent to the first one of the plurality of SMSC servers.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) may employ a data flow segment (“DFS”) and control segment (“CS”). The CS may perform high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS may perform statistics gathering, per-packet policy enforcement (e.g., packet address translations), or the like, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components that may be comprised of high-performance computer memory. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows and minimizing the number of malicious and/or in-operative connections flows (e.g., non-genuine flows) that may have flow control data stored in the high-speed flow cache.

Abstract: Handling network data packets classified as being high throughput and low latency with a network traffic management device is disclosed. Packets are received from a network and classified as high throughput or low latency based on packet characteristics or other factors. Low latency classified packets are generally processed immediately, such as upon receipt, while the low latency packet processing is strategically interrupted to enable processing coalesced high throughput classified packets in an optimized manner. The determination to cease processing low latency packets in favor of high throughput packets may be based on a number of factors, including whether a threshold number of high throughput classified packets are received or based on periodically polling a high throughput packet memory storage location.

Abstract: Embodiments are directed to providing access to a resource over a network. A client device may request access to a server. An application may be provided to the client device. The application may cause control of the client device to be switched from a first desktop to a secure desktop. The secure desktop may be configured to restrict applications access to within the secure desktop. An indication of the resource on the server to map to may be received at the client device. The indicated resource may be mapped onto a file system on the client device. Mapping may comprise using a remote file access protocol, using DLL injection, or adding a kernel module to an operating system on the client device. The mapped resource may be constrained to be accessed through the secure desktop.

Abstract: A method, non-transitory computer readable medium, and apparatus that enhance management of backup data sets include receiving an operation on a region of a production data set. A corresponding region of a backup data set is marked as having a change state status until the received operation is completed on the region of the production data set and mirrored on a corresponding region of a backup data set.

Abstract: A method and network traffic management device to protect a network from network based attacks is disclosed. The method comprises receiving, at a network traffic management device, a plurality of requests from a plurality of client devices for one or more resources from one or more servers. The method comprises monitoring a number of server responses including an invalid transaction message for a particular client device or a particular requested resource. The method comprises comparing a ratio of invalid transactions to valid transactions for the particular client device or requested resource to a preestablished ratio threshold value. The method comprises marking the particular client device or requested resource as suspicious when the ratio exceeds the ratio threshold value. The method comprises preventing the suspicious particular client device or requested resource from being transmitted to the one or more servers when the network traffic management device detects a network attack.

Abstract: A method, non-transitory computer readable medium, and device that identifies network traffic characteristics to correlate and manage one or more subsequent flows includes transmitting a monitoring request comprising one or more attributes extracted from an HTTP request received from a client computing device and a timestamp to a monitoring server to correlate one or more subsequent flows associated with the HTTP request. The HTTP request is transmitted to an application server after receiving an acknowledgement response to the monitoring request from the monitoring server. An HTTP response to the HTTP request is received from the application server. An operation with respect to the HTTP response is performed.

Abstract: A system, method and medium is disclosed which includes selecting, at a software component of a network traffic management device, a first bucket having a first predetermined transmit time. The disclosure includes populating one or more selected data packet descriptors associated with one or more corresponding data packets in the first bucket. The disclosure includes releasing the first bucket to a hardware component of the network traffic management device, wherein the hardware component processes the one or more data packet descriptors of the first bucket for the first predetermined transmit time.