Abstract: Various embodiments of systems and methods to configure network devices in a network are described herein. In one aspect, upon determining an unsuccessful configuration of a first network device, configuring the first network device is retried for a predetermined number of times. Further, a configuration of a second network device is reverted when the configuration of the first network device is unsuccessful upon retrying for the predetermined number of times. Upon determining of a successful configuration of the first network device, the configuration of the first network device and the second network device is committed.

Abstract: Secure communication between processes in cloud platform may be performed by receiving a request from a client application process hosted in an application virtual machine at a load balancer. A first secure communication channel is established between the client application process and the load balancer. The first secure communication channel is encrypted with the client certificate. The first secure communication channel is terminated at the load balancer. A service process in a service virtual machine is identified based on the request received from the client application process. A new request is sent to the service virtual machine to establish a second secure communication channel between the load balancer and the service virtual machine. The load balancer certificate signed by the internal certificate authority is validated at the service virtual machine. Upon successful validation of the load balancer certificate, the second secure communication channel is accepted at the service virtual machine.

Abstract: Various embodiments of systems and methods to configure network devices in a network are described herein. In one aspect, upon determining an unsuccessful configuration of a first network device, configuring the first network device is retried for a predetermined number of times. Further, a configuration of a second network device is reverted when the configuration of the first network device is unsuccessful upon retrying for the predetermined number of times. Upon determining of a successful configuration of the first network device, the configuration of the first network device and the second network device is committed.

Abstract: Secure communication between processes in cloud platform may be performed by receiving a request from a client application process hosted in an application virtual machine at a load balancer. A first secure communication channel is established between the client application process and the load balancer. The first secure communication channel is encrypted with the client certificate. The first secure communication channel is terminated at the load balancer. A service process in a service virtual machine is identified based on the request received from the client application process. A new request is sent to the service virtual machine to establish a second secure communication channel between the load balancer and the service virtual machine. The load balancer certificate signed by the internal certificate authority is validated at the service virtual machine. Upon successful validation of the load balancer certificate, the second secure communication channel is accepted at the service virtual machine.

Abstract: Various embodiments of systems and methods for remote method invocation (RMI) tunneling over hypertext transfer protocol (HTTP) are described herein. RMI client uses HTTP client to send a protocol message in the body of an HTTP request to a special application on a server. The application dispatches the content of the message to RMI service of the server to handle remote call. RMI response may be sent in the HTTP response of the same HTTP request or some of the further requests. RMI callbacks initiated from the server back to the client are also delivered in an HTTP response of a client's HTTP request.

Abstract: Various embodiments of systems and methods for Cross-Site Request Forgery (XSRF) protection are described herein. An XSRF protection framework provides rich configuration possibilities for protection using an XSRF token. In one aspect—XSRF encoding is performed for a set of URLs according to a configuration and then a token validation is performed for incoming requests to protected resources. In another aspect—XSRF token leakage via the referrer header to external URLs is prevented.

Abstract: Various embodiments of systems and methods for remote method invocation (RMI) tunneling over hypertext transfer protocol (HTTP) are described herein. RMI client uses HTTP client to send a protocol message in the body of an HTTP request to a special application on a server. The application dispatches the content of the message to RMI service of the server to handle remote call. RMI response may be sent in the HTTP response of the same HTTP request or some of the further requests. RMI callbacks initiated from the server back to the client are also delivered in an HTTP response of a client's HTTP request.