Abstract: Aggregating traffic over multiple VPN connections is described. A first Virtual Private Network (VPN) connection is established between a client device and a first VPN server via a a first access network of the client device. A second Virtual Private Network (VPN) connection is established between the client device and a second VPN server via a second access network of the client device. Application traffic associated with a connection between an application server and a client application that corresponds to the client device is received.

Abstract: A load balancer receives a client request from a client device for a connection to an application. The load balancer queries a monitoring server for a list of one or more application servers associated with the application. The monitoring server determines, based on cache state information of the plurality of application servers, the list of one or more application servers. The load balancer establishes a connection on behalf of the client device to one of the application servers.

Abstract: A control and monitoring node receives information from a user tracking system indicating a current association between a user identifier of an authenticated user and a device identifier of a client device associated with the authenticated user. The control and monitoring node accesses a user-specific security policy that is associated with the user identifier and that indicates at least a network destination and a user-specific security-related action associated with the network destination. The control and monitoring node generates an active security policy based at least on the user-specific security policy and the information indicating the current association between the user identifier and the device identifier, and provides the active security policy to a network node, such as a firewall or application server.

Abstract: Disclosed herein are systems, methods, computer media, and apparatuses for providing resource tracking, such as in a data center environment. A control and monitoring node receives updates indicating instantiation of resources in the computing system network. The control and monitoring node determines that there are duplicate resources in the network, and then determines which of the duplicate resources to provide connectivity to. The control and monitoring node provides network configuration updates to various networking resources in the network to provide network connectivity to the one of the duplicate resources in the network.

Abstract: A control and monitoring system orders a service chain—an order of data flow through a plurality of network nodes—based on network node identifiers. The control and monitoring system provide a policy to networking nodes in order to enforce the order of the service chain. In some embodiments, features are implemented to improve the availability of service chains. Such features include load-balancing, fail-over, traffic engineering, and automated deployment of virtualized network functions at various stages of a service chain, among others.

Abstract: Disclosed herein are systems, methods, computer media, and apparatuses for providing service chains. A control and monitoring system orders a service chain—an order of data flow through a plurality of network nodes—based on network node identifiers. The control and monitoring system provides a policy to all networking nodes in order to enforce the order of the service chain. In some embodiments, features are implemented to improve the availability of service chains. Such features include load-balancing, fail-over, traffic engineering, and automated deployment of virtualized network functions at various stages of a service chain, among others.

Abstract: Disclosed are a connectivity platform that allows for proprietary connectivity modules to plug into the operating system and also allows the operating system users and various existing networking applications in the operating system that are authorized by those providers to use that connectivity via existing APIs without the need for the applications to change or for extra configuration of the application to be performed. In an example disclosed herein, the providers provide NAT or firewall traversal and implement the appropriate transport mechanism. This allows for applications and computing devices to communicate in environments where connectivity is prevented by intermediate systems.

Abstract: Disclosed are a connectivity platform that allows for proprietary connectivity modules to plug into the operating system and also allows the operating system users and various existing networking applications in the operating system that are authorized by those providers to use that connectivity via existing APIs without the need for the applications to change or for extra configuration of the application to be performed. In an example disclosed herein, the providers provide NAT or firewall traversal and implement the appropriate transport mechanism. This allows for applications and computing devices to communicate in environments where connectivity is prevented by intermediate systems.

Abstract: Disclosed are a connectivity platform that allows for proprietary connectivity modules to plug into the operating system and also allows the operating system users and various existing networking applications in the operating system that are authorized by those providers to use that connectivity via existing APIs without the need for the applications to change or for extra configuration of the application to be performed. In an example disclosed herein, the providers provide NAT or firewall traversal and implement the appropriate transport mechanism. This allows for applications and computing devices to communicate in environments where connectivity is prevented by intermediate systems.

Abstract: Methods, systems, and computer-readable media are disclosed for processing a secure data connection request. A particular method receives, at a first gateway, a secure data connection request from a client identifying a server to connect to. The first gateway sends the client device a redirect message instructing the client device to attempt alternate connection via a second gateway. The client sends a secure data connection request to the second gateway and the second gateway facilitates the secure data connection between the client and the server.

Abstract: Disclosed are an approach form managing and assigning addresses in a connectivity platform that allows for proprietary connectivity modules (Providers) to plug into the operating system. In this disclosure, when a user/application/computing device, connects to another user on another computing device an address is generated for that user. However, because of a limited number of addresses that are available in an address space, it is necessary to ensure that a conflicting address is not present. To ensure this the connectivity platform determines if the address assigned is in conflict with another address associated with users that are located on the other computing devices. If an address is found to be in conflict the connectivity platform reassigns the address until a non-conflicting address is found. If a non-conflicting address cannot be found the connectivity platform blocks the connection between the user and the other user.

Abstract: Methods, systems, and computer-readable media are disclosed for processing a secure data connection request. A particular method receives, at a first gateway, a secure data connection request from a client identifying a server to connect to. The first gateway sends the client device a redirect message instructing the client device to attempt alternate connection via a second gateway. The client sends a secure data connection request to the second gateway and the second gateway facilitates the secure data connection between the client and the server.

Abstract: Disclosed are an approach form managing and assigning addresses in a connectivity platform that allows for proprietary connectivity modules (Providers) to plug into the operating system. In this disclosure, when a user/application/computing device, connects to another user on another computing device an address is generated for that user. However, because of a limited number of addresses that are available in an address space, it is necessary to ensure that a conflicting address is not present. To ensure this the connectivity platform determines if the address assigned is in conflict with another address associated with users that are located on the other computing devices. If an address is found to be in conflict the connectivity platform reassigns the address until a non-conflicting address is found. If a non-conflicting address cannot be found the connectivity platform blocks the connection between the user and the other user.

Abstract: Disclosed are a connectivity platform that allows for proprietary connectivity modules to plug into the operating system and also allows the operating system users and various existing networking applications in the operating system that are authorized by those providers to use that connectivity via existing APIs without the need for the applications to change or for extra configuration of the application to be performed. In an example disclosed herein, the providers provide NAT or firewall traversal and implement the appropriate transport mechanism. This allows for applications and computing devices to communicate in environments where connectivity is prevented by intermediate systems.