Abstract: Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device identifies whether a security service of a cloud-based security service is not reachable or is unresponsive. The security service is associated with a particular security function implemented by the agent. When the security service is not reachable or is unresponsive, the agent further determines whether the endpoint device is within a trusted network of multiple trusted networks that have been previously registered with the cloud-based security service by querying a trusted network determination service associated with the cloud-based security service. When the determination is affirmative, the particular security feature is configured for operating inside a trusted network. When the determination is negative, the particular security feature is configured for operating outside a trusted network.

Abstract: Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device identifies whether a security service of a cloud-based security service is not reachable or is unresponsive. The security service is associated with a particular security function implemented by the agent. When the security service is not reachable or is unresponsive, the agent further determines whether the endpoint device is within a trusted network of multiple trusted networks that have been previously registered with the cloud-based security service by querying a trusted network determination service associated with the cloud-based security service. When the determination is affirmative, the particular security feature is configured for operating inside a trusted network. When the determination is negative, the particular security feature is configured for operating outside a trusted network.

Abstract: Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device identifies whether a security service of a cloud-based security service is not reachable or is unresponsive. The security service is associated with a particular security function implemented by the agent. When the security service is not reachable or is unresponsive, the agent further determines whether the endpoint device is within a trusted network of multiple trusted networks that have been previously registered with the cloud-based security service by querying a trusted network determination service associated with the cloud-based security service. When the determination is affirmative, the particular security feature is configured for operating inside a trusted network. When the determination is negative, the particular security feature is configured for operating outside a trusted network.

Abstract: Systems and methods for establishing a secure connection between an endpoint agent and a cloud-based security service are provided. According to one embodiment, a DNS request is issued by an agent running on an endpoint device to a secure Internet connection service of a cloud-based security service that includes multiple pools of geographically distributed VPN servers. A DNS response to the DNS request is received containing an IP address of a particular VPN server within a pool of the multiple pools. The pool is selected by the secure Internet connection service based on a geographic location of the endpoint device inferred by a source IP address of the DNS request. The particular VPN server is selected from multiple VPN servers in the pool based on its status. A secure Internet connection is established between the agent and the particular VPN server via a particular logical port.

Abstract: Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device detects whether the endpoint has moved to a new network by monitoring for changes to an IP address associated with the endpoint. When the detecting is affirmative, the agent further determines whether a trusted network determination service associated with a cloud-based security service is reachable. When the determining is affirmative, the agent further identifies whether the new network is among a set of trusted networks that have been previously registered with the cloud-based security service by querying the trusted network determination service. When the identifying is affirmative, a particular security feature on the endpoint is configured for operation within a trusted network and when the identifying is negative, the particular security feature is configured for operation outside of a trusted networks.

Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.

Abstract: Methods and systems for high-availability data processing include detecting, at a first data processing system, a change in link state between the first data processing system and a second data processing system. A link state between the first data processing system and a third data processing system is changed responsive to the detection in accordance with a first high availability policy stored at the first data processing system. An identifier of the first data processing system is changed in accordance with the first high availability policy to conform to a second high availability policy stored at the first data processing system. The detection, change of the link state, and change of the identifier are repeated in accordance with the second high availability policy.

Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.

Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.

Abstract: Methods and systems for high-availability data processing include detecting, at a first data processing system, a change in link state between the first data processing system and a second data processing system. A link state between the first data processing system and a third data processing system is changed responsive to the detection in accordance with a first high availability policy stored at the first data processing system. An identifier of the first data processing system is changed in accordance with the first high availability policy to conform to a second high availability policy stored at the first data processing system. The detection, change of the link state, and change of the identifier are repeated in accordance with the second high availability policy.

Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.