Abstract: Systems and methods for measuring the performance of a scalable network are disclosed. In one embodiment, a system configured in accordance with this disclosure may comprise a packet generator for providing test packets to a network under test; and a packet count unit for counting test packet received from the network under test. The system may be configured to test networks of various bandwidths such as OC-3 and OC-12 level networks.

Abstract: A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.

Abstract: A security server qualifies the execution of programs for networked host computer systems using a database storing pre-qualified program signatures and defined policy rules associating execution permission qualifiers with execution control values. The server executes a control program in response to execution requests received via a communications network interface from identifiable hosts, wherein a predetermined execution request received from a predetermined host computer system includes an identification of a program load request, request context related data, and a secure program signature. The control program determines an execution control value based on an evaluation of the execution request relative to the pre-qualified program signatures and defined policy rules. The execution control value is then returned to the predetermined host computer system to securely qualify the execution of the program identified from the program load request.

Abstract: Network data files are secure through the operation of an infrastructure gateway-based network file access appliance. Network file data, corresponding to network pocket payload data, are further reduced to a sequence of data blocks that are secured through any combination of block encryption, compression, and digital signatures. File meta-data, including encryption, compression and block-level digital signatures are persistently stored with the file data, either in-band in the file as stored or out-of-band key as a separately stored file or file policy record. File meta-data is recovered with accesses of the file data to support bidirectional encryption and compression and to detect tampering with the file data by comparison against block-level digital signatures.

Abstract: A network gateway processor architecture including a scalable array of compute processors that function to convert inbound data packets to outbound data packets, an ingress processor coupleable to a first network to receive the inbound data packets and coupled to provide the inbound data packets to the compute processors, and an egress processor coupleable to a second network and coupled to the compute processors to collect and forward the outbound data packets to the second network. The ingress processor distributes inbound data packets to the compute processors based on a least load value selected from current load values determined for the respective compute processors of the scalable array. The current load values represent estimated processing completion times for the respective compute processors of the scalable array of compute processors.

Abstract: On an archive server, a secure storage control layer is interposed in the archive data stream between an archiving application and a storage device driver. The secure storage control layer includes an encryption engine providing for two-level cipher processing of data segments transported by the stream. A secure policy controller is coupled to the secure storage control layer and, responsive to identifying information obtained from the stream, retrieves a group of encryption keys from a secure storage repository to enable the encryption engine to selectively encrypt data segments or a single encryption key conditionally enabling the encryption engine to decrypt select data segments. For both encryption and decryption, the integrity of the stream is maintained allowing operation of the secure storage control layer to be functionally transparent to the archiving application and storage device driver.

Abstract: A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.

Abstract: A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.

Abstract: Methods and apparatus are disclosed for testing the scalability size of a Unit Under Test (UUT) bridging a WAN and a LAN. The method may be repeated until a desired scalability limit has been reached. The apparatus may verify the proper creation of bindings and static routes. The method may be performed by a Dynamic Host Control Protocol (DHCP) server in a system where the UUT comprises a router.

Abstract: The secure trust relationship between communicating programs is established at any policy defined level down to individual program instances. Policy enforcement modules installed on host computer systems support qualified encrypted communications channels between discretely selected program instances. Program instances are qualified to establish communication channels, each defined by a unique session encryption key, based on an evaluation of security data including the individual process execution contexts, user authorizations, and access attributes of the program instances. A security appliance server performs the policy-based qualification based on a mutually interdependent evaluation of the security data for both the communications channel source and target program instances.

Abstract: A security server qualifies the execution of programs for networked host computer systems using a database storing pre-qualified program signatures and defined policy rules associating execution permission qualifiers with execution control values. The server executes a control program in response to execution requests received via a communications network interface from identifiable hosts, wherein a predetermined execution request received from a predetermined host computer system includes an identification of a program load request, request context related data, and a secure program signature. The control program determines an execution control value based on an evaluation of the execution request relative to the pre-qualified program signatures and defined policy rules. The execution control value is then returned to the predetermined host computer system to securely qualify the execution of the program identified from the program load request.

Abstract: A network file access appliance operates as a secure portal for network file access operations between client computer systems and network storage resources. The file access appliance terminates network file access transactions, identified by packet information including client system, mount point, and file request identifiers, between client systems and mount points supported by the access controller. A policy parser determines, based on the packet information, to selectively initiate network file access transactions between the access controller and network storage resources to enable completion of selected network file access transactions directed from the clients to the network file access appliance. The network file access transactions directed to the network storage resources are modified counterparts of policy selected client network file access transactions modified to reference mapped network storage resource mount points and support the secure transfer and storage of network file data.

Abstract: Host computer systems dynamically engage in independent transactions with servers of a server cluster to request performance of a network service, preferably a policy-based transfer processing of data. The host computer systems operate from an identification of the servers in the cluster to autonomously select servers for transactions qualified on server performance information gathered in prior transactions. Server performance information may include load and weight values that reflect the performance status of the selected server and a server localized policy evaluation of service request attribute information provided in conjunction with the service request. The load selection of specific servers for individual transactions is balanced implicitly through the cooperation of the host computer systems and servers of the server cluster.

Abstract: Communications between server computer systems of a cluster routinely exchange notice of configuration status and, on demand, transmit updated configuration data sets. Each status message identifies any change in the local configuration of a servers and, further, includes encrypted validation data. Each of the servers stores respective configuration data including respective sets of data identifying the servers known to the respective servers as participating in the cluster. Each status message, as received, is validating against the respective configuration data stored by the receiving server. A status message is determined valid only when originating from a server as known by the receiving server, as determined from the configuration data held by the receiving server. Where a validated originating server identifies updated configuration data, the receiving server requests a copy of the updated configuration data set, which must also be validated, to equivalently modify the locally held configuration data.

Abstract: A secure network file access appliance supports the secure access and transfer of data between the file system of a client computer system and a network data store. An agent provided on the client computer system and monitored by the secure network file access appliance ensures authentication of the client computer system with respect to file system requests issued to the network data store. The secure network file access appliance is provided in the network infrastructure with the client computer system and network data store to apply qualifying access policies to file system requests. The secure network file access appliance maintains an encryption key store and associates encryption keys with corresponding filesystem files to permit encryption and decryption of file data as transferred to and read from the network data store.

Abstract: A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.

Abstract: A network file access appliance operates as a secure portal for network file access operations between client computer systems and network storage resources. The file access appliance terminates network file access transactions, identified by packet information including client system, mount point, and file request identifiers, between client systems and mount points supported by the access controller. A policy parser determines, based on the packet information, to selectively initiate network file access transactions between the access controller and network storage resources to enable completion of selected network file access transactions directed from the clients to the network file access appliance. The network file access transactions directed to the network storage resources are modified counterparts of policy selected client network file access transactions modified to reference mapped network storage resource mount points and support the secure transfer and storage of network file data.

Abstract: Network data files are secure through the operation of an infrastructure gateway-based network file access appliance. Network file data, corresponding to network pocket payload data, are further reduced to a sequence of data blocks that are secured through any combination of block encryption, compression, and digital signatures. File meta-data, including encryption, compression and block-level digital signatures are persistently stored with the file data, either in-band in the file as stored or out-of-band key as a separately stored file or file policy record. File meta-data is recovered with accesses of the file data to support bidirectional encryption and compression and to detect tampering with the file data by comparison against block-level digital signatures.

Abstract: A secure network file access appliance supports the secure access and transfer of data between the file system of a client computer system and a network data store. An agent provided on the client computer system and monitored by the secure network file access appliance ensures authentication of the client computer system with respect to file system requests issued to the network data store. The secure network file access appliance is provided in the network infrastructure between the client computer system and network data store to apply qualifying access policies and selectively pass through to file system requests. The secure network file access appliance maintains an encryption key store and associates encryption keys with corresponding filesystem files to encrypt and decrypt file data as transferred to and read from the network data store through the secure network file access appliance.

Abstract: A server appliance self-adaptively configures to the operating parameters of a communications network to enable remote configuration control exclusively via the communications network. The server appliance includes a host computer system including a network interface controller and an operating system, executable by the host computer system, that is configurable by a defined set of network values for transmitting and receiving data packets through the network interface controller without network configuration conflicts. A control program, executable by the host computer system in conjunction with the operating system, determines, on initial start-up and specifically with respect to the communications network, an initial set of network values to configure the operating system.