Abstract: A distributed system for content storage and access includes a storage platform having at least a first storage component, and an access platform having one or multiple access components. Each access component is associated with at least one access service. The access service may be an administrative service for receiving a service request initiated by a first user, the service request being associated with a first item of content, and for identifying a characteristic of the service request, a content management service for determining, based at least in part on the characteristic of the service request, a specification of a data transfer operation to be executed in association with the first storage component, and a directory service for maintaining information associated with the first item of content.

Abstract: A communication session over a network is facilitated. A signaling datagram from a source device having a source identity may be intercepted by a network device, and a response datagram may be generated for instructing the source device to send a subsequent datagram to the network device. The signaling datagram may be forwarded to a SIP server, where the SIP server associates the source identity with the network device acting on behalf of the source device, and where the SIP server operates to connect a destination device with the source device to establish a communication session over the network. The subsequent datagram may be received from the source device, and the subsequent datagram may be made available to the destination device via the network.

Abstract: Techniques are described for providing secure communication of network traffic from specific applications operating on a client device to a server device using a network-layer virtual private network (VPN). For example, a module on a client device may intercept network traffic from an application executing on the client device. The module may then determine whether to send the application-layer data through a network-layer VPN tunnel from the client device to a gateway device. This network-layer VPN tunnel may be defined by a network address of a physical adapter of the client device and a network address of the VPN gateway. In other words, there may be no need for the interposition of a VPN proxy on the client device. The module makes this determination on an application-by-application basis. The client device then forwards the application-layer data through the VPN tunnel based on the determination.

Abstract: A first network client requests initiation of a data transfer with a second network client. An admission control facility (ACF) responds to the initiation request by performing admission analysis to determine whether to initiate the data transfer. The ACF sends one or more packets to the second network client. In response, the second network client sends acknowledgment packets back to the ACF. The ACF performs admission analysis based on the packets sent and the acknowledgment packets, and determines whether the data transfer should be initiated based on the analysis. The admission analysis may be based on a variety of factors, such as the average time to receive an acknowledgment for each packet, the variance of the time to receive an acknowledgment for each packet, a combination of these factors, or a combination of these and other factors.

Abstract: A system harvests sessions in a network device. The system receives a first data unit associated with a session and installs the session in a first queue until expiration of a first time period. The system installs the session in a second queue until the occurrence of at least one of an expiration of a second time period and a receipt of a data unit associated with the session. The system harvests the session upon expiration of the second time period.

Abstract: Intermediate policy information is used to translate policy information between forwarding domains. For example, a network device may associate intermediate policy information, such as intermediate CoS information, with a packet. The network device utilizes the intermediate CoS information to indirectly map first class of service (CoS) information that conforms with a first protocol to second CoS information that conforms to a second protocol. The network device may, for example, apply a first policy to map the first CoS information to the intermediate CoS information and a second policy to map the intermediate CoS information to the second CoS information.

Abstract: A device and method are disclosed for correctly restoring a read clock when there are a plurality of STM data stream transmission sources. In a CES device of an ATM communication system, ATM cells from respective connections, which are to be delivered to the same outgoing line, are accumulated in a reassembly buffer memory and a PLO control unit aggregates the amount of ATM cells accumulated in the reassembly buffer memory for each connection. Subsequently, the PLO control unit calculates the frequency of a read clock based on the amount of accumulated ATM cells for each connection. A PLO restores the read clock which is applied to read data from the reassembly buffer memory for delivery to an STM network.

Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.

Abstract: A system may include a switchover element configurable to source or sink power from or to an electronic device electrically coupled to the switchover element and a controller in communication with the switchover element. The controller may be configured to determine if the electronic device is healthy. When the electronic device is healthy, the controller may configure the switchover element to deliver power from the electronic device to the system and configure the switchover element to provide the power to any unhealthy electronic device electrically coupled to the system.

Abstract: In general, techniques are described by which a path through a network may be selected based on service information. For example, a network device may include one or more interfaces, a control unit, and an integrated network acceleration device that provides a first set of services. The interfaces may receive service information that describes a second set of services provided by another network device. The control unit then determines, based on the service information, whether the other device shares any services in common with the integrated device. If so, the control unit selects a path through the network that includes the other device and causes the integrated device to apply the shared service to a portion of the traffic. The interfaces forward this portion along the determined path to the other device such that the other device applies the shared network acceleration services to the portion of the network traffic.

Abstract: An integrated, multi-service virtual private network (VPN) network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise VPN connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The multi-service client integrates with an operating system of the device to provide a VPN handler to establish a VPN connection with a remote VPN security device. The VPN network client includes to data acceleration module exchange network packets with the VPN handler and apply at least one acceleration service to the network packets, and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the data acceleration module.

Abstract: An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client integrates with an operating system of the device to provide a single entry point for user authentication for secure enterprise connectivity, endpoint security services including endpoint compliance with respect to anti-virus and spyware software, and comprehensive integrity checks.

Abstract: A virtual private network client for cellular mobile devices is described. The VPN network client establishes a secure VPN connection with a remote VPN security device. The VPN network client establishes a secure control channel with the secure VPN gateway and, upon a successful authentication, receives a session cookie with a unique identifier. In the event communication with the secure VPN gateway is subsequently temporarily lost, the VPN network client performs a fast reconnect without requiring re-authentication of the cellular mobile device by communicating the session cookie to the secure VPN gateway.

Abstract: An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The VPN network client is programmed to receive a web-based home page from an enterprise VPN appliance, process the web-based home page to identify a bookmark embedded within the response that corresponds to an enterprise webmail for the user and dynamically construct a user interface to have an input control native to the cellular mobile device for launching a native email client of the cellular mobile device to access the email without launching a web browser.

Abstract: An integrated, multi-service network client for cellular mobile devices is described. The multi-service client includes a VPN handler having an interface programmed to exchange the network packets with the security manager for application of the security service, wherein the VPN handler is configurable to operate in one of an enterprise mode and in a non-enterprise mode, wherein in the enterprise mode the VPN handler establishes a VPN connection with a remote VPN security device and provides encryption services to securely tunnel the network packets between the cellular mobile device and the remote VPN security device, and wherein in the non-enterprise mode the VPN handler directs the network packets to the security manager without application of the encryption services and communicates the network packets to a packet-based network without tunneling the packets.

Abstract: A network interface card may issue interrupts to a host in which the determination of when to issue an interrupt to the host may be based on the incoming packet rate. In one implementation, an interrupt controller of the network interface card may issue interrupts to that informs a host of the arrival of packets. The interrupt controller may issue the interrupts in response to arrival of a predetermined number of packets, where the interrupt controller re-calculates the predetermined number based on an arrival rate of the incoming packets.

Abstract: A virtual private network (VPN) client for cellular mobile devices is described. The VPN network client processes network packets for securely tunneling the network packets between the cellular mobile device and the remote VPN security device. Upon establishing the VPN connection, the VPN network client receives a web-based home page from the secure VPN device via a secure response, dynamically parses bookmark links from the secure response and renders a bookmark window using input controls native to the cellular mobile device without invoking a web browser on the cellular mobile device. Each of the input controls corresponds to a different one of the bookmarks parsed from the secure response. Upon selection of one of the input controls, the VPN network client formulates and outputs an appropriate request to the secure VPN device as if a corresponding one of the bookmark links were selected by the user.

Abstract: An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client establishes the VPN connection to concurrently include both a layer three (L3) tunnel that uses a first type of transport layer protocol of the operating system and a layer four (L4) tunnel that uses a second type of transport layer protocol of the operating system. The VPN handler determines whether network ports associated with the L3 tunnel are unblocked by an operating system and, when the network ports are unblocked, automatically transitions from the L4 tunnel to the L3 tunnel without terminating the VPN connection.

Abstract: A system processes packets in a network device and includes a memory for buffering the packets. The memory may store the packets in memory in data cells. To expedite packet processing, portions of the packet are extracted and placed in a notification, which is then used for packet processing operations, such as route lookup, policing, and accounting. The notification may also include address elements, such as address offsets, that define the locations of the data cells in memory. The address elements can be used to read the data cells from the memory when packet processing is done. If the notification cannot hold all the address elements, additional cells, indirect cells, are created for holding the remaining address elements. The indirect cells are formed in a linked list. The notification contains an address element. To prevent reading incorrect indirect cells, each indirect cell is written with a signature that is created based on the notification.

Abstract: A method performed by a first network device may include receiving a request for a resource from an end-point device and acknowledging the request for the resource to the end-point device. The method may also include receiving a resource coordination message from a second network device and transmitting a return resource coordination message to the second network device.