Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.

Abstract: Techniques for dynamically establishing, pausing, and/or terminating secure communication sessions. The techniques may include, detecting an occurrence of an authentication trigger event on a computing device and causing a user of the computing device to be authenticated for access to a resource that is to be accessed via a secure communication session. Based at least in part on authenticating the user for access to the resource, a token may be stored in a location that is accessible to a headend appliance associated with the secure communication session. The token may indicate that the user of the computing device is authenticated for access to the resource. In this way, at least partially responsive to detecting an occurrence of a networking trigger event, the secure communication session may be established between the computing device and the headend appliance to provide the computing device with access to the resource.

Abstract: Techniques for the transparent rolling of nodes in a cloud-delivered headend service without disrupting client traffic or making users aware of the various nodes in the system being rolled are described herein. The techniques may include receiving an indication that a first node of a network is to be rolled. Based at least in part on the indication, new connection requests may not be sent to the first intermediate node. Additionally, a client device having an existing connection through the first node may be identified. In some examples, a request may be sent to the client device to prompt the client device to establish a new connection. After determining that the new connection has been established such that the new connection flows through a second node of the network, the first node may be rolled.