Abstract: In an example computer-implemented method, a trusted root certificate for an application running in a container is dynamically generated. The generated trusted root certificate is injected at runtime. The generated certificate is dynamically added to a list of trusted root certificates. A proxy associated with the application instance is authenticated based on the generated root trust certificate.

Abstract: In some examples, a system for managing distributed data can include a processor to detect an update notification from a client device to update a managing server, the update notification indicating that a remote server node is unavailable. The processor can also generate a comparison value by comparing a first time stamp to a second time stamp, wherein the first time stamp corresponds to a time at which the system receives the update notification from the client device and the second time stamp corresponds to a time the remote server node transmits a set of renewal data. Furthermore, the processor can determine that the comparison value indicates the remote server node is unavailable and remove the remote server node from the managing server.

Abstract: Embodiments of the present invention may provide techniques by which missed interactions with display advertising may be reduced or recovered. For example, in an embodiment of the present invention, a computer-implemented method for processing computer input may comprise displaying on a display screen at least one background application and a foreground item frame, removing display of the foreground item frame, and after removing display of the foreground item frame, detecting user input in the location where the foreground item frame was displayed.

Abstract: An example system includes a plurality of containers associated with a plurality of tenants. The plurality of containers are to execute code in isolation for the associated plurality of tenants. The system also include a container daemon communicatively coupled to the plurality of containers via an internal proxy. The container daemon is to provide a service to the plurality of containers. The internal proxy is to receive a daemon access policy. The internal proxy is to further intercept a daemon command from a container. The internal proxy is to detect that the container is allowed access to the container daemon based on the daemon access policy. The internal proxy is to also generate a modified daemon command and forward the modified daemon command to the container daemon.

Abstract: In some examples, a system for managing distributed data can include a processor to detect an update notification from a client device to update a managing server, the update notification indicating that a remote server node is unavailable. The processor can also generate a comparison value by comparing a first time stamp to a second time stamp, wherein the first time stamp corresponds to a time at which the system receives the update notification from the client device and the second time stamp corresponds to a time the remote server node transmits a set of renewal data. Furthermore, the processor can determine that the comparison value indicates the remote server node is unavailable and remove the remote server node from the managing server.

Abstract: An example system includes a plurality of containers associated with a plurality of tenants. The plurality of containers are to execute code in isolation for the associated plurality of tenants. The system also include a container daemon communicatively coupled to the plurality of containers via an internal proxy. The container daemon is to provide a service to the plurality of containers. The internal proxy is to receive a daemon access policy. The internal proxy is to further intercept a daemon command from a container. The internal proxy is to detect that the container is allowed access to the container daemon based on the daemon access policy. The internal proxy is to also generate a modified daemon command and forward the modified daemon command to the container daemon.

Abstract: An example system and method includes a processor to receive an image ID corresponding to a container image of a container to be run. The processor is to also send the image ID to a registry. The processor is also to receive an image metadata corresponding to the image ID from the registry. The processor is to store the image metadata on a local file system. The processor is to generate a container comprising an application. The processor is to execute the application using the image metadata.

Abstract: Embodiments of the present invention may provide techniques by which missed interactions with display advertising may be reduced or recovered. For example, in an embodiment of the present invention, a computer-implemented method for processing computer input may comprise displaying on a display screen at least one background application and a foreground item frame, removing display of the foreground item frame, and after removing display of the foreground item frame, detecting user input in the location where the foreground item frame was displayed.

Abstract: A method for enabling access to a data resource, which is held on a file server (25) on a first local area network (LAN) (21a), by a client (28) on a second LAN (21b). A proxy receiver (48) on the second LAN (21b) intercepts a request for the data resource submitted by the client (28) and transmits a message via a wide area network (WAN) (29) to a proxy transmitter (52) on the first LAN (21a), requesting the data resource. The proxy transmitter (52) retrieves a replica of the data resource from the file server (25) and conveys the replica of the data resource over the WAN (29) to the proxy receiver (48), which serves the replica of the data resource from the proxy receiver (48) to the client (28) over the second LAN (21b).

Abstract: One embodiment comprises an apparatus for automatic proxy registration and discovery in a multi-proxy communication system. The apparatus executes a proxy server that is configured to provide optimized connections to remote proxy servers that are communicatively connected to the proxy server over a Wide Area Network (WAN). A file server, which is communicatively connected to the proxy server over a Local Area Network (LAN), is automatically discovered. An association record corresponding to the file server is created, where the association record identifies the file server and the proxy server and indicates that the proxy server is configured to provide the remote proxy servers with optimized connections to the file server. The association record is registered with a centralized database server, where the remote proxy servers are communicatively connected to the centralized database server over the WAN.

Abstract: In various embodiments, data processing apparatus, software, or machine-implemented methods can optimize NFSv3 asynchronous write requests or MSRPC calls that traverse a wide area network, for example, by receiving, from a client, a first request directed to a server across a wide area network; determining whether a related second request has been received previously; when a related second request has been received previously, sending, to the client, a first reply to the second request and forwarding the first request to the server, and otherwise forwarding the first request to the server without sending any reply to the client for the first request. Sending local replies from a WAN optimizer induces the client to send continuous requests, improving throughput, but at least one client request remains unreplied to, and one server error reply is always reported to the client, facilitating correct error processing at the client.

Abstract: In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.

Abstract: Approaches are disclosed for lock optimization and lock prediction for reducing the number of client-server messages involved in working with server-based resources. First one or more lock requests for first one or more locks on a remote data resource that is linked by a slow communication link are received. Based on the first one or more lock requests, a sequence of lock requests for locks on the remote data resource is determined. A first message that includes the sequence of lock requests is sent. A second message is received. The second message includes second one or more locks on the remote data resource, where the second one or more locks correspond to second one or more lock requests of the sequence of lock requests. A particular lock of the second one or more locks is granted in response to receiving a particular lock request for the particular lock on the remote data resource.

Abstract: In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.

Abstract: In one embodiment, a method for tracing a connection path from a source node to a destination node through a network having one or more transparent proxies includes generating a trace packet at the source node, transmitting the trace packet over the network towards the destination node, and receiving trace response packets in response to transmission of the trace packet. The trace response packets include a packet from the destination node and a packet from each of the transparent proxies in a data path from the source node to the destination node. Each of the packets from the transparent proxies includes an identifier of the transparent proxy transmitting the packet. The method further includes identifying the transparent proxies in the connection path based on information in the trace response packets. An apparatus for tracing a connection path is also disclosed.

Abstract: In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.

Abstract: A method and apparatus is disclosed for balancing throughput and compression in a network communication system. A message is received. A first compression mechanism is applied to the message to generate a first compressed message, where applying the first compression mechanism comprises gathering compression information. Based on the compression information, a compression metric associated with the first compressed message is computed. The compression metric is compared to a threshold value. A second compression mechanism is applied to the first compressed message to generate a second compressed message only when the compression metric does not exceed the threshold value. The second compressed message is then transmitted.

Abstract: A data redundancy elimination system.

Abstract: A method for enabling access to a data resource, which is held on a file server (25) on a first local area network (LAN) (21a), by a client (28) on a second LAN (21b). A proxy receiver (48) on the second LAN (21b) intercepts a request for the data resource submitted by the client (28) and transmits a message via a wide area network (WAN) (29) to a proxy transmitter (52) on the first LAN (21a), requesting the data resource. The proxy transmitter (52) retrieves a replica of the data resource from the file server (25) and conveys the replica of the data resource over the WAN (29) to the proxy receiver (48), which serves the replica of the data resource from the proxy receiver (48) to the client (28) over the second LAN (21b).

Abstract: A method for enabling access to a data resource, which is held on a file server (25) on a first local area network (LAN) (21a), by a client (28) on a second LAN (21b). A proxy receiver (48) on the second LAN (21b) intercepts a request for the data resource submitted by the client (28) and transmits a message via a wide area network (WAN) (29) to a proxy transmitter (52) on the first LAN (21a), requesting the data resource. The proxy transmitter (52) retrieves a replica of the data resource from the file server (25) and conveys the replica of the data resource over the WAN (29) to the proxy receiver (48), which serves the replica of the data resource from the proxy receiver (48) to the client (28) over the second LAN (21b).