Abstract: Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.

Abstract: Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.

Abstract: Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.

Abstract: Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.

Abstract: Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.

Abstract: A system for streaming packet captures over the Internet includes multiple network access devices, each operating as one of a gateway device, a wireless access point, and a network switch, and a management server communicatively coupled to the network access devices over the Internet for managing the network access devices. The management server maintains a persistent hypertext transport protocol (HTTP) connection with each of the network access devices over the Internet. The management server is to generate a bytecode based on a filtering expression for packet captures (PCAPs) representing one or more PCAPs filtering rules, transmit the bytecode to the network access devices without requiring the network access devices to compile the PCAPs filtering rules, receive PCAPs from the network access devices captured by the network access devices based on the PCAPs filtering rules, and merge the PCAPs received from the network access devices into merged PCAPs.

Abstract: A network access device (NAD) receives a UDP packet from a client to be transmitted to a management server over Internet, the UDP packet including a management message. The NAD is one of NADs managed by the management server. The NAD determines whether the management server is reachable using a UDP protocol. The NAD transmits the UDP packet to the management server using the UDP protocol over the Internet if it is determined that the management server is reachable using the UDP protocol. Otherwise, the NAD extracts a UDP payload from the UDP packet, encapsulates the UDP payload within an HTTP POST request, and transmits the HTTP POST request having the UDP payload encapsulated therein to the management server using a HTTP protocol over the Internet.

Abstract: A virtualization system supports secure, controlled execution of application programs within virtual machines. The virtual machine encapsulates a virtual hardware platform and guest operating system executable with respect to the virtual hardware platform to provide a program execution space within the virtual machine. An application program, requiring license control data to enable execution of the application program, is provided within the program execution space for execution within the virtual machine. A data store providing storage of encrypted policy control information and the license control data is provided external to the virtual machine. The data store is accessed through a virtualization system including a policy controller that is selectively responsive to a request received from the virtual machine to retrieve the license control data dependent on an evaluation of the encrypted policy control information.

Abstract: A system for streaming packet captures over the Internet includes multiple network access devices, each operating as one of a gateway device, a wireless access point, and a network switch, and a management server communicatively coupled to the network access devices over the Internet for managing the network access devices. The management server maintains a persistent hypertext transport protocol (HTTP) connection with each of the network access devices over the Internet. The management server is to generate a bytecode based on a filtering expression for packet captures (PCAPs) representing one or more PCAPs filtering rules, transmit the bytecode to the network access devices without requiring the network access devices to compile the PCAPs filtering rules, receive PCAPs from the network access devices captured by the network access devices based on the PCAPs filtering rules, and merge the PCAPs received from the network access devices into merged PCAPs.

Abstract: A Web-based management server includes an ACP manager to manage access control rules (ACRs) and access control policies (ACPs). The ACRs and ACPs are configured by an administrator via a Web interface of the management server. The ACP manager is to transmit over the Internet the ACPs and the ACRs to network access devices (NADs) to allow the NADs to apply the ACPs to their respective network client devices (NCDs) based on the ACRs, where the NADs are managed by the management server over the Internet. Each of the NADs operates as one of a router, a network switch, and an access point. The ACP manager is to periodically update the ACRs and ACPs stored in the NADs, including receiving an update from one NAD and broadcasting the update to a remainder of the NADs.

Abstract: A system for streaming packet captures over the Internet includes multiple network access devices, each operating as one of a gateway device, a wireless access point, and a network switch, and a management server communicatively coupled to the network access devices over the Internet for managing the network access devices. The management server maintains a persistent hypertext transport protocol (HTTP) connection with each of the network access devices over the Internet. The management server is to generate a bytecode based on a filtering expression for packet captures (PCAPs) representing one or more PCAPs filtering rules, transmit the bytecode to the network access devices without requiring the network access devices to compile the PCAPs filtering rules, receive PCAPs from the network access devices captured by the network access devices based on the PCAPs filtering rules, and merge the PCAPs received from the network access devices into merged PCAPs.

Abstract: A network access device (NAD) receives a UDP packet from a client to be transmitted to a management server over Internet, the UDP packet including a management message. The NAD is one of NADs managed by the management server. The NAD determines whether the management server is reachable using a UDP protocol. The NAD transmits the UDP packet to the management server using the UDP protocol over the Internet if it is determined that the management server is reachable using the UDP protocol. Otherwise, the NAD extracts a UDP payload from the UDP packet, encapsulates the UDP payload within an HTTP POST request, and transmits the HTTP POST request having the UDP payload encapsulated therein to the management server using a HTTP protocol over the Internet.

Abstract: Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.

Abstract: A network access device (NAD) receives a UDP packet from a client to be transmitted to a management server over Internet, the UDP packet including a management message. The NAD is one of NADs managed by the management server. The NAD determines whether the management server is reachable using a UDP protocol. The NAD transmits the UDP packet to the management server using the UDP protocol over the Internet if it is determined that the management server is reachable using the UDP protocol. Otherwise, the NAD extracts a UDP payload from the UDP packet, encapsulates the UDP payload within an HTTP POST request, and transmits the HTTP POST request having the UDP payload encapsulated therein to the management server using a HTTP protocol over the Internet.

Abstract: Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices.

Abstract: A Web-based management server includes an ACP manager to manage access control rules (ACRs) and access control policies (ACPs). The ACRs and ACPs are configured by an administrator via a Web interface of the management server. The ACP manager is to transmit over the Internet the ACPs and the ACRs to network access devices (NADs) to allow the NADs to apply the ACPs to their respective network client devices (NCDs) based on the ACRs, where the NADs are managed by the management server over the Internet. Each of the NADs operates as one of a router, a network switch, and an access point. The ACP manager is to periodically update the ACRs and ACPs stored in the NADs, including receiving an update from one NAD and broadcasting the update to a remainder of the NADs.

Abstract: A system for streaming packet captures over the Internet includes multiple network access devices, each operating as one of a gateway device, a wireless access point, and a network switch, and a management server communicatively coupled to the network access devices over the Internet for managing the network access devices. The management server maintains a persistent hypertext transport protocol (HTTP) connection with each of the network access devices over the Internet. The management server is to generate a bytecode based on a filtering expression for packet captures (PCAPs) representing one or more PCAPs filtering rules, transmit the bytecode to the network access devices without requiring the network access devices to compile the PCAPs filtering rules, receive PCAPs from the network access devices captured by the network access devices based on the PCAPs filtering rules, and merge the PCAPs received from the network access devices into merged PCAPs.

Abstract: A Web-based management server includes an ACP manager to manage access control rules (ACRs) and access control policies (ACPs). The ACRs and ACPs are configured by an administrator via a Web interface of the management server. The ACP manager is to transmit over the Internet the ACPs and the ACRs to network access devices (NADs) to allow the NADs to apply the ACPs to their respective network client devices (NCDs) based on the ACRs, where the NADs are managed by the management server over the Internet. Each of the NADs operates as one of a router, a network switch, and an access point. The ACP manager is to periodically update the ACRs and ACPs stored in the NADs, including receiving an update from one NAD and broadcasting the update to a remainder of the NADs.

Abstract: A system for streaming packet captures over the Internet includes multiple network access devices, each operating as one of a gateway device, a wireless access point, and a network switch, and a management server communicatively coupled to the network access devices over the Internet for managing the network access devices. The management server maintains a persistent hypertext transport protocol (HTTP) connection with each of the network access devices over the Internet. The management server is to generate a bytecode based on a filtering expression for packet captures (PCAPs) representing one or more PCAPs filtering rules, transmit the bytecode to the network access devices without requiring the network access devices to compile the PCAPs filtering rules, receive PCAPs from the network access devices captured by the network access devices based on the PCAPs filtering rules, and merge the PCAPs received from the network access devices into merged PCAPs.

Abstract: A virtualization system supports secure, controlled execution of application programs within virtual machines. The virtual machine encapsulates a virtual hardware platform and guest operating system executable with respect to the virtual hardware platform to provide a program execution space within the virtual machine. An application program, requiring license control data to enable execution of the application program, is provided within the program execution space for execution within the virtual machine. A data store providing storage of encrypted policy control information and the license control data is provided external to the virtual machine. The data store is accessed through a virtualization system including a policy controller that is selectively responsive to a request received from the virtual machine to retrieve the license control data dependent on an evaluation of the encrypted policy control information.