Abstract: At least one embodiment relates to a method and a system for cloud application visibility of network traffic. The method includes: receiving, from a network gateway, hardware identity extracted from network session traffic for accessing cloud-based application services, wherein the hardware identities correspond to user devices that initiate the network session traffic; receiving, from an application processing engine, user credentials decoded from the network session traffic, wherein the user credentials authorize the network session traffic to access the cloud-based application services; and matching the hardware identities with the user credential to identify a user who uses multiple user devices or multiple user credentials to access the cloud-based application services.

Abstract: This invention relates to a method and a network device for establishing a Virtual Private Network (VPN) among Local Area Networks (LANs). The method uses a cloud controller that has a static IP address to control a plurality of network devices. The method comprises receiving, at the cloud controller, messages indicative of dynamic public network addresses associated with the first and second network devices; pre-assigning, at the cloud controller, the first and second network devices to an account maintained by the cloud controller; and sending an authorization message to the dynamic public network addresses associated with the first and second network devices to authorize the first and second network devices to establish a virtual network comprising two private networks to which the first and second network devices belong.