Abstract: A traffic management device (TMD), system, and processor-readable storage medium are directed to determining that an end-to-end encrypted session has been established between a client and an authentication server, intercepting and decrypting subsequent task traffic from the client, and forwarding the intercepted traffic toward a server. In some embodiments, a second connection between the TMD and server may be employed to forward the intercepted traffic, and the second connection may be unencrypted or encrypted with a different mechanism than the encrypted connection to the authentication server. The encrypted connection to the authentication server may be maintained following authentication to enable termination of the second connection if the client becomes untrusted, and/or to enable logging of client requests, connection information, and the like. In some embodiments, the TMD may act as a proxy to provide client access to a number of servers and/or resources.

Abstract: A method, non-transitory computer readable medium and an application manager computing device that assists with provisioning applications based on user anticipated workloads includes obtaining, a user anticipated resource based on information within a user workload database, prior to receiving a request from a client computing device. The obtained user anticipated resource is provisioned. The provisioned user anticipated resource is provided upon establishing a session with the requesting client computing device.

Abstract: IP reflection comprising double static NAT (network address translation) is disclosed. In some embodiments, a packet having a public IP address is received at a protecting network. The public IP address of the packet is translated to a corresponding protected IP address associated with a protected network, and the packet is forwarded to the protected network for servicing. The protected IP address of a response to the packet from the protected network is translated back to the public IP address at the protected network before sending.

Abstract: A traffic management device (TMD), system, and processor-readable storage medium directed towards re-establishing an encrypted connection of an encrypted session, the encrypted connection having initially been established between a client device and a first server device, causing the encrypted connection to terminate at a second server device. As described, a traffic management device (TMD) is interposed between the client device and the first server device. In some embodiments, the TMD may request that the client device renegotiate the encrypted connection. The TMD may redirect the response to the renegotiation request towards a second server device, such that the renegotiated encrypted connection is established between the client device and the second server device.

Abstract: Methods, systems, and devices are described for managing network communications. A traffic manager module may receive a message from a first network device to a second network device. The traffic manager module may serve as a proxy between the first network device and the second network device. The traffic manager module may perform an application layer inspection at the traffic manager module on at least one of the message or a response to the message from the second network device, and forward the message or the response to the message to a third network device based on the application layer inspection at the traffic manager module.

Abstract: A server array controller that includes a Data Flow Segment (DFS) and at least one Control Segment (CS). The DFS includes the hardware-optimized portion of the controller, while the CS includes the software-optimized portions. The DFS performs most of the repetitive chores including statistics gathering and per-packet policy enforcement (e.g. packet switching). The DFS also performs tasks such as that of a router, a switch, or a routing switch. The CS determines the translation to be performed on each flow of packets, and thus performs high-level control functions and per-flow policy enforcement. Network address translation (NAT) is performed by the combined operation of the CS and DFS. The CS and DFS may be incorporated into one or more separate blocks. The CS and DFS are independently scalable. Additionally, the functionality of either the DFS or the CS may be separately implemented in software and/or hardware.

Abstract: A method, non-transitory computer readable medium, and access policy management computing device that obtains a first set of attributes based on a login request received from a client device. The first set of attributes includes at least credentials for a user of the client device. A persistent data store record for the user is identified and a second set of attributes associated with the user, and included in the persistent data store record, is imported into a session cache record for the user. A fingerprint including the second set of attributes is compared to the first set of attributes. A multifactor or single factor authentication is initiated based on a result of the comparison to determine when the credentials for the user are valid. A session for the user is established and access by the user to network resource(s) is allowed, when the credentials for the user are valid.

Abstract: A method and system for controlling provisioning and access to cache servers with an application programming interface (API). The API includes components for performing various actions including: (i) prepopulating content on at least one cache server from a content server; (ii) expiring content on at least one cache server; (iii) pinning content in a memory of at least one cache server; (iv) assigning resources on at least one cache server in accordance with a quota; (v) retrieving content from at least one cache server; and (vi) flushing deleted content from at least one selected cache. The API may include a security layer. The security layer determines whether a requestor has permission to cause the requested action to be performed.

Abstract: Embodiments are directed towards network address based flood attack mitigation methods. A PTMD disposed between one or more computers may monitor several network flows and generate metrics associated with malicious network activity, such as, flood attacks. If flood attacks are determined to be occurring, the PTMD may determine the network addresses targeted by the flood attack. Further, the PTMD may activate flood attack mitigation procedures for the targeted network addresses such that other network addresses associated with the monitored network flows are excluded from the flood attack mitigation procedure. The PTMD may monitor the network traffic subsequently communicated to the targeted network addresses. Accordingly, the PTMD may determine if the flood attack has ceased based on characteristics of the monitored network traffic. If the flood attack has ceased, the flood attack mitigation procedures for the targeted network addresses may be deactivated.

Abstract: A method, apparatus, and system are directed to managing traffic towards a tunnel in a network. The invention enables a network device, to extract data from a received packet. A deep packet inspection is employed that enables examination of the extracted data at virtually any layer of an OSI layered protocol of the packet. If the extracted data does not satisfy the flow criteria, a second packet may be inspected at a deep packet level to determine whether the data of the first and second packet satisfies the flow criteria. If the extracted data satisfies the flow criteria a tunnel is determined based, in part, on the flow criteria. The packet is associated with and forwarded towards the determined tunnel.

Abstract: A method, non-transitory computer readable medium, and application acceleration management (AAM) computing device that modifies an obtained master playlist file such that a first set of meta information is appended to a network address of a secondary playlist file. The secondary playlist file is obtained and modified such that the first and second sets of meta information are appended to a network address of a media file. Alternatively to modifying the playlist files, first and second cookies including the first set of meta information and the first and second sets of meta information, respectively, can be used. A cache score is generated for the media file based on the first and second sets of meta information included in a request for the media file. The media file is obtained, stored in a cache as associated with the cache score, and sent in response to the request.

Abstract: A method, non-transitory computer readable medium and global traffic manager computing device for preventing distributed denial of service attack comprising machine executable code which when executed by at least one processor, causes the processor to perform steps including obtaining network information relating to a request in response to receiving the request. A rating is determined for the obtained network information based on one or more network parameters. An action to be taken for the received request is determined based on a comparison of the determined rating and a threshold rating. The determined action is executed for the received request.

Abstract: A system, method, and computer readable medium for sharing bandwidth among executing application programs across a packetized bus for packets from multiple DMA channels includes receiving at a network traffic management device first and second network packets from respective first and second DMA channels. The received packets are segmented into respective one or more constituent CPU bus packets. The segmented constituent CPU bus packets are interleaved for transmission across a packetized CPU bus.

Abstract: Embodiments are directed towards improving the performance of network traffic management devices by optimizing the management of hot connection flows. A packet traffic management device (“PTMD”) employs a data flow segment (“DFS”) and control segment (“CS”). The CS performs high-level control functions and per-flow policy enforcement for connection flows maintained at the DFS, while the DFS performs statistics gathering, and per-packet policy enforcement, on connection flows maintained at the DFS. The DFS may include high-speed flow caches and other high-speed components. Making efficient use of the high speed flow cache capacity may be improved by maximizing the number of hot connection flows based on unique service and network traffic characteristics through adaptive feedback pattern learning together with administrator configurable service preferences that may have flow control data for most bandwidth hungry and desired hot services offloaded to the high-speed flow cache, at appropriate time.

Abstract: A method, non-transitory computer readable medium and an application delivery controller for receiving a notification from a client computing device when an application is selected. A configuration file including one or more instructions is identified from one or more memory locations. One or more instructions within the application delivery controller is updated with the one or more instructions present within the identified configuration file to provision the selected application. The selected application is provisioned to the requesting client computing device using the updated one or more instructions.

Abstract: A system, medium and method of automatically discovering a wide area network optimized route is disclosed. A client request is received at a second optimization device to access a server. The second optimization device is of a second local area network with respect to a wide area network (WAN) and is configured to communicate with the server. A probe request is received at the second optimization device from a first optimization device of a first local area network. The probe request establishes an optimization route with the first optimization device. A probe response is sent to the first optimization device, wherein the probe response provides identifying information of the second optimization device. A paired relationship is established, wherein configuration information of the first and second optimization devices are exchanged. An optimization route based on the configuration information is exchanged between the paired first and second optimization devices.

Abstract: Embodiments are directed towards detecting and thwarting incoming network requests by either throttling and/or redirecting the attack requests towards a honeypot. As network requests are received, TCP segments are examined to identify a presence of attack signatures before returning an ACK. Such attack signatures may identified based on an absence of referrer headers, an invalid cookie, known improper sender addresses, known valid sender addresses, examination of OSI layer 4 and/or above content of a packet, or the like. If an attack is identified, throttling may be employed by responding to the attack requests by dropping and/or rejecting packets within the request, acknowledging the client device's packets at a byte level, modifying a round trip time (RTT) calculation by responding at a defined slowed rate, and/or redirecting client requests to a honeypot.

Abstract: Embodiments are directed towards employing a traffic management system (TMS) that is enabled to deploy component virtual machines (CVM) to the cloud to perform tasks of the TMS. In some embodiments, a TMS may be employed with one or more CVMs. In at least one embodiment, the TMS may maintain an image of each CVM. Each CVM may be configured to perform one or more tasks, to operate in specific cloud infrastructures, or the like. The TMS may deploy one or more CVMs locally and/or to one or more public and/or private clouds. In some embodiments, deployment of the CVMs may be based on a type of task to be performed, anticipated resource utilization, customer policies, or the like. The deployment of the CVMs may be dynamically updated based on monitored usage patterns, task completions, customer policies, or the like.

Abstract: A system and method for providing real time holographic reporting data of at least a portion of a data center to a user. Initializing a reporting profile of a data center via a network traffic management device, wherein the reporting profile includes a plurality of network sources of the data canter identified by the user to provide reporting information, the reporting profile including a user established policy configured to instruct how to process the reporting information from the identified network sources; receiving reporting information from one or more identified network sources of the data center; compiling the received reporting information of the one or more network sources in conformance with the user established policy; generating network statistics data of the data center based on compiling instructions of the user established policy; generating a report configured to display the generated network statistics data of a user identified portion of the data center.

Abstract: A method and system for use of XML Schema in conjunction with XML Schema aware applications on a SOAP message including a request with a method defined by a WSDL document. A WSDL document is converted offline to XML Schema. A SOAP message containing a request is received. An XML Schema aware operation is performed on the SOAP message based on previously determined XML Schema derived from the WSDL document.