Abstract: Provided is a method for maintaining a Virtual Private Network (VPN) connection between a mobile device and a server over a wireless network in a manner that conserves the power supply of the mobile device and is suitable for connections that employ server-initiated traffic. After a successful login to a VPN server, a VPN client establishes a Transport Control Protocol (TCP) connection and a UDP connection with the server. After a power timeout, the server calculates the elapsed time between the current transmission and the last tunnel traffic. If the elapsed time exceeds a power timeout value, the VPN server transmits a simple control message to the client via the TCP channel. The client then reestablishes the UDP connection to the client and the server resumes transmission on the reestablished UDP channel.

Abstract: Provided is a method for maintaining a Virtual Private Network (VPN) connection between a mobile device and a server over a wireless network in a manner that conserves the power supply of the mobile device and is suitable for connections that employ server-initiated traffic. After a successful login to a VPN server, a VPN client establishes a Transport Control Protocol (TCP) connection and a UDP connection with the server. After a power timeout, the server calculates the elapsed time between the current transmission and the last tunnel traffic. If the elapsed time exceeds a power timeout value, the VPN server transmits a simple control message to the client via the TCP channel. The client then reestablishes the UDP connection to the client and the server resumes transmission on the reestablished UDP channel.

Abstract: Dynamically selecting an endpoint for a tunnel into an enterprise computing infrastructure. A client dynamically selects a gateway (which may alternatively be referred to as a boundary device or server) as a tunnel endpoint for connecting over a public network (or, more generally, an untrusted network) into an enterprise computing infrastructure. The selection is made, in preferred embodiments, according to least-cost routing metrics pertaining to paths through the enterprise network from the selected gateway to a destination host. The least-cost routing metrics may be computed using factors such as the proximity of selectable tunnel endpoints to the destination host; stability or redundancy of network resources for this gateway; monetary costs of transmitting data over a path between the selectable tunnel endpoints and destination host; congestion on that path; hop count for that path; and/or latency or transmit time for data on that path.

Abstract: Provided is a method for maintaining a Virtual Private Network (VPN) connection between a mobile device and a server over a wireless network in a manner that conserves the power supply of the mobile device and is suitable for connections that employ server-initiated traffic. After a successful login to a VPN server, a VPN client establishes a Transport Control Protocol (TCP) connection and a UDP connection with the server. After a power timeout, the server calculates the elapsed time between the current transmission and the last tunnel traffic. If the elapsed time exceeds a power timeout value, the VPN server transmits a simple control message to the client via the TCP channel. The client then reestablishes the UDP connection to the client and the server resumes transmission on the reestablished UDP channel.

Abstract: Dynamically selecting an endpoint for a tunnel into an enterprise computing infrastructure. A client dynamically selects a gateway (which may alternatively be referred to as a boundary device or server) as a tunnel endpoint for connecting over a public network (or, more generally, an untrusted network) into an enterprise computing infrastructure. The selection is made, in preferred embodiments, according to least-cost routing metrics pertaining to paths through the enterprise network from the selected gateway to a destination host. The least-cost routing metrics may be computed using factors such as the proximity of selectable tunnel endpoints to the destination host; stability or redundancy of network resources for this gateway; monetary costs of transmitting data over a path between the selectable tunnel endpoints and destination host; congestion on that path; hop count for that path; and/or latency or transmit time for data on that path.

Abstract: A client attempts to transmit a presence state to a presence server that is behind a firewall of a secure network. If the client is inside the firewall, the presence server instructs resources within the secure network to directly communicate with the client. However, if the client is outside the firewall, then the client must tunnel into the secure network via a Virtual Private Network (VPN) before accessing the resources in the secure network.

Abstract: Dynamically selecting an endpoint for a tunnel into an enterprise computing infrastructure. A client dynamically selects a gateway (which may alternatively be referred to as a boundary device or server) as a tunnel endpoint for connecting over a public network (or, more generally, an untrusted network) into an enterprise computing infrastructure. The selection is made, in preferred embodiments, according to least-cost routing metrics pertaining to paths through the enterprise network from the selected gateway to a destination host. The least-cost routing metrics may be computed using factors such as the proximity of selectable tunnel endpoints to the destination host; stability or redundancy of network resources for this gateway; monetary costs of transmitting data over a path between the selectable tunnel endpoints and destination host; congestion on that path; hop count for that path; and/or latency or transmit time for data on that path.

Abstract: Provided is a method for maintaining a Virtual Private Network (VPN) connection between a mobile device and a server over a wireless network in a manner that conserves the power supply of the mobile device and is suitable for connections that employ server-initiated traffic. After a successful login to a VPN server, a VPN client establishes a Transport Control Protocol (TCP) connection and a UDP connection with the server. After a power timeout, the server calculates the elapsed time between the current transmission and the last tunnel traffic. If the elapsed time exceeds a power timeout value, the VPN server transmits a simple control message to the client via the TCP channel. The client then reestablishes the UDP connection to the client and the server resumes transmission on the reestablished UDP channel.

Abstract: A client attempts to transmit a presence state to a presence server that is behind a firewall of a secure network. If the client is inside the firewall, the presence server instructs resources within the secure network to directly communicate with the client. However, if the client is outside the firewall, then the client must tunnel into the secure network via a Virtual Private Network (VPN) before accessing the resources in the secure network.

Abstract: Dynamically selecting an endpoint for a tunnel into an enterprise computing infrastructure. A client dynamically selects a gateway (which may alternatively be referred to as a boundary device or server) as a tunnel endpoint for connecting over a public network (or, more generally, an untrusted network) into an enterprise computing infrastructure. The selection is made, in preferred embodiments, according to least-cost routing metrics pertaining to paths through the enterprise network from the selected gateway to a destination host. The least-cost routing metrics may be computed using factors such as the proximity of selectable tunnel endpoints to the destination host; stability or redundancy of network resources for this gateway; monetary costs of transmitting data over a path between the selectable tunnel endpoints and destination host; congestion on that path; hop count for that path; and/or latency or transmit time for data on that path.

Abstract: A method, system, and computer program by which a logical network connection can be maintained in the presence of disruption or failure of the underlying physical network connection. The technique defines a virtual connection between the client and gateway, which is not dependent upon continuous connectivity in the underlying physical connection, and can resume operation transparently even though the physical connection may be established on a different media type. Additionally, the technique of the present invention enables the physical medium to be changed even though the physical connection was not disrupted. This change in medium may be based on a number of factors, such as quality of service or transmission speed, which can be monitored. A graphical user interface (“GUI”) is defined whereby the human user may observe a depiction of the available physical connections and their status, information regarding the physical connection currently in use, etc.