Abstract: A retractable fuselage mounted landing gear assembly is disclosed. The landing gear assembly includes a main strut, a drag stay and a landing gear main fitting. A first end of the drag stay is attached to the main strut and a second end of the drag stay is connected to the fuselage. A first end of the landing main fitting is attached to the main strut and a second end of the main fitting is connected to the fuselage. When the landing gear is extended, substantially all the landing gear loads are transferred from the landing gear to the fuselage via one or more of the drag stay and the main fitting.

Abstract: A facility for proxying network traffic between a pair of nodes is described. The facility receives packets traveling between the pair of nodes that together constitute a network connection. For each packet of the connection that is part of a transport protocol setup process, the facility updates a representation of the status of the setup process to reflect the packet, and forwards the packet to its destination without proxying the packet. For each packet of the connection that is subsequent to the setup process, the facility proxies the contents of the packet to the packet's destination.

Abstract: A facility for proxying network traffic between a pair of nodes is described. The facility receives packets traveling between the pair of nodes that together constitute a distinguished network connection. For each packet of the connection that is part of a transport protocol setup process, the facility updates a representation of the status of the setup process to reflect the packet, and forwards the packet to its destination without proxying the packet. For each packet of the connection that is subsequent to the setup process, the facility proxies the contents of the packet to the packet's destination.

Abstract: A facility for proxying network traffic between a pair of nodes is described. The facility receives packets traveling between the pair of nodes that together constitute a distinguished network connection. For each packet of the connection that is part of a transport protocol setup process, the facility updates a representation of the status of the setup process to reflect the packet, and forwards the packet to its destination without proxying the packet. For each packet of the connection that is subsequent to the setup process, the facility proxies the contents of the packet to the packet's destination.

Abstract: A system and method for generating and tracking health diagnoses of devices connected to a computer network via a statement of health provided by each device. The system monitors the health of devices on the network and attempts to engage the operator of undiagnosed devices in order to provide a diagnosis. Undiagnosed devices are quarantined to restrict their access to network resources. For example, access requests from quarantined devices to certain Web services may be intercepted and the device redirected to a page informing the operator of the need to provide a health diagnosis by installing or activating a compatible system health agent.

Abstract: A policy enforcement point (PEP) controls access to a network in accordance with one or more policy statements that specify conditions for compliant devices. The PEP receives current health data from a device seeking to access the network, and stores this health data in local volatile memory. If the health data stored in local volatile memory complies with the policy statements, the device is permitted to access the network. Otherwise, the device is denied access to the network, or permitted only limited access to the network in order to resolve its compliance issues. The PEP occasionally stores the health data in local persistent memory and on an online service (OLS). During reboot, the PEP accesses the OLS to confirm that it has the most recent health data. If more recent health data is available from the OLS, the OLS provides this more recent data to the PEP.

Abstract: A facility for causing a device connected to a network that is configured to act as a DHCP server to enforce network health policies against hosts connected to the network is described. The device intercepts network packets sent to a DHCP server from any host connected to the network. For each of at least a portion of these intercepted network packets that contain a statement of health, the facility (1) applies a health policy to the contained statement of health to identify any network access controls required by the health policy in view of the contained statement of health, and (2) causes the identified network access controls to be composed on the host from which the intercepted network packet was received.

Abstract: An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device's audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.

Abstract: A facility in a single manager computer system for managing properties for a plurality of managed computer systems is described. The facility reiteratively receives new managed properties for an identified managed computer system. In response, the facility delivers the received new managed properties to the identified managed computer system.

Abstract: An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device's audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.