Abstract: Embodiments may be directed towards enabling one or more load balance servers to maintain connection flow persistence if the server initiates to the communication to a client. A packet traffic management device may (PTMD) intercept the request from the server and generate reverse persistence information. The PTMD may include a portion of the reverse persistence information in the request before forwarding the request to the targeted client device. The client device may send the response to the PTMD. The PTMD may employ reverse persistence information to identify the target server. The PTMD may remove the reverse persistence information from the response sent by the client and forward the response to the determined server. Removing the reverse persistence information may remove evidence that the PTMD intervened in the connection between the client and server.

Abstract: A method and apparatus of accessing data through an independent intermediary mechanism (IIM) is described. The method includes displaying a frame including a user interface of the IIM, the frame framing a destination server display area (DSDA). The method further includes having one or more of the following functions provided by the IIM: a home page, a history list, bookmarks, a one-click account log-in function, a transaction record accessible to the user, a forms database permitting new forms to be added to the forms database, a user profile, and automatic form-fill function based on the forms database and the user profile.

Abstract: The present invention relates to increasing performance of Wide Area Network (WAN) communications and in particular to a redundant proxy device associated with one end of a transport layer connection that monitors packet traffic and selectively reroutes packets to a proxy application.

Abstract: A system and method for reducing processing load on an encapsulated data packet transmitted over a virtual private network. The method includes handling an initial encapsulated data packet to be transmitted over an established VPN tunnel connection to a receiving device, the initial encapsulated data packet having a Layer 2 (L2) protocol header, an IP data packet and at least one framing element; removing the at least one framing element; removing the L2 protocol header; appending an alternate L2 encapsulated protocol header to the IP data packet to generate a modified encapsulated data packet, wherein the alternate header contains information of the IP data packet; and sending the modified encapsulated data packet to the receiving device, wherein the alternate encapsulated protocol header allows the receiving device to handle the IP data packet using less computational resources in comparison to receiving the initial encapsulated data packet.

Abstract: Methods and systems for efficient transmission of data between a requesting computer and a server. A request is received for server data from a requesting computer and the request is sent to the server over at least one network. The requested server data responsive to the request is forwarded on to the requesting computer. It is determined whether the requested server data has been previously forwarded either to the requesting computer or at least one other requesting computer. A preemptive acknowledgement signal is sent to the transmitting server substantially upon determining the requested server data has been previously forwarded for causing the transmitting server to cease transmitting any remaining, un-transmitted portions of the requested server data. These methods and systems increase the efficiency of transmission resources in a network.

Abstract: A network traffic management device (NTMD) capable of gracefully handling remote file transfer errors is disclosed. A first local area network (LAN) may include a first NTMD and a client device. A second LAN may include a file server and an optional second NTMD. The first and second LANs are connected by a wide area network. The first NTMD optimizes network file transfer protocol (e.g., CIFS, NFS) operations by locally acknowledging file write command messages from the client device and reliably handling any file transfer errors that may occur by withholding flush data command messages from the client device until determining the locally acknowledged and forwarded file write commands were received by the file server. If any errors are encountered, the first NTMD returns a failed flush message to the client device or terminates the TCP/IP connection between the client device and the file server to indicate the error.

Abstract: A server array controller that includes a Data Flow Segment (DFS) and at least one Control Segment (CS). The DFS includes the hardware-optimized portion of the controller, while the CS includes the software-optimized portions. The DFS performs most of the repetitive chores including statistics gathering and per-packet policy enforcement (e.g. packet switching). The DFS also performs tasks such as that of a router, a switch, or a routing switch. The CS determines the translation to be performed on each flow of packets, and thus performs high-level control functions and per-flow policy enforcement. Network address translation (NAT) is performed by the combined operation of the CS and DFS. The CS and DFS may be incorporated into one or more separate blocks. The CS and DFS are independently scalable. Additionally, the functionality of either the DFS or the CS may be separately implemented in software and/or hardware.

Abstract: A method, system, and apparatus for integrating a rate shaping class analysis with a load balancing decision across multiple network links to improve traffic management decisions. For each of the available multiple network links, a determination is made as to how much bandwidth is available to each class associated with that network link. When a request for a connection is received, the request's class is determined. A load balancing decision is based on the available bandwidths for the determined class for the request. The invention may also integrate other Quality of Service metrics into the load balancing decision, including link type, failure rates, or the like.

Abstract: A method, system, and apparatus are directed towards enabling access to payload by a third-party sent over an SSL session. The third-party may be a proxy situated between a client and a server. SSL handshake messages are sent between the client and the server to establish the SSL connection. As the SSL handshake messages are routed through the proxy, the proxy may extract data. In addition, one of the client or the server may send another message within, or out-of-band to, the series of SSL handshake message directly to the proxy. The other SSL message may include secret data that the proxy may use to generate a session key for the SSL connection. With the session key, the proxy may receive SSL messages over the SSL connection, modify and/or transpose the payload within the received SSL messages, and/or terminate the SSL connection at the proxy.

Abstract: Embodiments are directed towards employing a traffic management system (TMS) that is enabled to deploy component virtual machines (CVM) to the cloud to perform tasks of the TMS. In some embodiments, a TMS may be employed with one or more CVMs. In at least one embodiment, the TMS may maintain an image of each CVM. Each CVM may be configured to perform one or more tasks, to operate in specific cloud infrastructures, or the like. The TMS may deploy one or more CVMs locally and/or to one or more public and/or private clouds. In some embodiments, deployment of the CVMs may be based on a type of task to be performed, anticipated resource utilization, customer policies, or the like. The deployment of the CVMs may be dynamically updated based on monitored usage patterns, task completions, customer policies, or the like.

Abstract: A method and system for protection against denial of service attacks to a server coupled to a network. The server may establish connections with client computers through the network. Packets are received over the network directed to the server. It is determined whether the packets are associated with an established connection. The packets associated with the established connection are separated for processing by the server in a first buffer. The packets requesting a new connection are separated in a second buffer. The packets in the second buffer requesting a new connection are serviced at a lower priority than the packets relating to established connections.

Abstract: A system and method for providing persistence in a secure network access by using a client certificate sent by a client device to maintain the identity of a target. A security handshake is performed with a client device to establish a secure session. A target is determined. A client certificate is associated with the target. During subsequent secure sessions, the client certificate is used to maintain persistent communications between the client and a target. A session ID can be used in combination with the client certificate, by identifying the target based on the session ID or the client certificate, depending on which one is available in a client message.

Abstract: A computer-implemented method for providing software fault tolerance is provided. A multithreaded program is executed. The program execution includes a plurality of multithreaded processes. A set of inputs is provided to one of the multithreaded processes and the inputs set is copied to each of the other multithreaded processes. The executions of the multithreaded processes are divided into deterministic subsets of the execution that end at a checkpoint. An execution of the deterministic subset is speculatively executed continuously on one of the multithreaded processes. Upon completion of execution through the checkpoint, the successfully completed execution path through the deterministic subset is retired. Execution of the deterministic instructions subset on the other multithreaded process is continued along the completed execution path.

Abstract: The present invention provides a system for intermediating between client nodes and pools of server nodes in an NGN network where the server nodes provide network services to client nodes, wherein the client nodes use various communication protocols and at least part of said communication protocols are different from the communication protocol used by the server nodes. The system comprising: a cluster of associated gateway nodes providing an integrated service for the clients nodes, where each gateway provides services of at least one of: translations of request and answers between the client node and a provider server node, load balancing and managing scenario rules. Each gateway comprise: a database of scripts including, scenario rules, routing scripts and associated transformation scripts, an execution processing module for handling events of at least client requests and server answers according to scenario rules.

Abstract: A method, non-transitory computer readable medium, and network traffic management apparatus that receives a request for content from a client computing device. A length of the content is determined. A plurality of requests for a portion of the length of the content is sent to a plurality of server computing devices, wherein the portion of the length of the content is specified as a byte range in a range header of each of the plurality of requests. A plurality of responses to the plurality of requests is received. At least a subset of the plurality of responses is output to the client computing device.

Abstract: A system, apparatus, and method for managing the flow of data on a network. A plurality of processors are used to implement a virtual queue, for controlling a rate of flow of data on the network. Each of the processors has a member queue, the combination of member queues combining to form the virtual queue. Aspects of the invention use messages to communicate among the processors, to properly control the rate of flow.

Abstract: A method, apparatus, and system are directed toward managing network traffic over a plurality of Open Systems Interconnection (OSI) Level 2 switch ports. A network traffic is received over the plurality of OSI Level 2 switch ports. At least a part of the network traffic is categorized into a flow. The categorization may be based on a IP address, an OSI Level 4 port, a protocol type, a Virtual Local Area Network (VLAN) number, or the like, associated with the network traffic. One of the plurality of OSI Level 2 switch ports is selected based on a load-balancing metric. The load-balancing metric may be a priority of the flow, a congestion characteristic, a prediction of a load usage for the flow, a combination thereof, or the like. A frame associated with the flow is sent over the selected one of the plurality of OSI Level 2 switch ports.

Abstract: A traffic management device (TMD), system, and processor-readable storage medium are directed to determining that an end-to-end encrypted session has been established between a client and an authentication server, intercepting and decrypting subsequent task traffic from the client, and forwarding the intercepted traffic toward a server. In some embodiments, a second connection between the TMD and server may be employed to forward the intercepted traffic, and the second connection may be unencrypted or encrypted with a different mechanism than the encrypted connection to the authentication server. The encrypted connection to the authentication server may be maintained following authentication to enable termination of the second connection if the client becomes untrusted, and/or to enable logging of client requests, connection information, and the like. In some embodiments, the TMD may act as a proxy to provide client access to a number of servers and/or resources.

Abstract: A system, apparatus, and method are directed towards managing traffic over a network by imposing temporal delays in acknowledgments (ACKs). A Traffic Management Device (TMD), interposed between two network session end-points monitors a buffer of relayed packets. If the contents of the buffer exceed a threshold value, delays are imposed on sending of acknowledgements. If the buffer contents exceed the threshold, and the buffer's contents are increasing, the delays may be increased. If the buffer's contents are about at steady state, the acknowledgement delays may be decreased, or maintained at a current delay status. In one embodiment, if the sender is sending packets at a rate above a receiver's ability to receive the packets, and the sender appears not to be decreasing its rate of transmission, an explicit congestion notification echo (ECE) may be sent to the sender.

Abstract: A plurality of network file manager switches interoperate to provide remote file virtualization. Copies of file data and/or metadata are maintained at a central site and at one or more remote sites. The network file manager switch at the remote site may satisfy certain client requests locally without having to contact the network file manager switch at the central site. A global namespace is maintained and is communicated to all network file manager switches.