Abstract: The present disclosure is directed to network traffic management and load balancing at a cloud-based secure access service accessible to remotely connected user devices. In one example, a cloud-based secure service system includes a network controller configured to receive network traffic from one or more user devices remotely connected to the controller; parse the network traffic into flow data and contextual information associated with the network traffic; determine that the network traffic is to be serviced by a target firewall service at the cloud-based secure service system based on the flow data and the contextual information; and direct the network traffic to the target firewall service to be serviced.

Abstract: The present disclosure is directed to managing network traffic in a cloud-based secure access service. In one aspect, a method includes determining, by a controller of a cloud-based secure access service, that data packets from a user device should be dropped, a plurality of user devices, including the user device, being remotely connected to the controller for access to the cloud-based secure access service; determining, by the controller, a type of remote connection through which the user device is connected to the controller, each type of remote connection having a corresponding communication prototype; and transmitting a message, by the controller, to the user device, over a control protocol corresponding to the type of remote connection through which the user device is connected to the controller, the message providing a signal to the user device to drop packets at the user device prior to sending the packets to the controller.

Abstract: In one aspect, the present disclosure is directed to a method that includes receiving, at an edge component of a cloud-based secure access service, a corresponding access designation for each of a plurality of endpoints, each access designation specifying a type of access a corresponding endpoint has to remaining ones of the plurality of endpoints and other accessible network resources; based on the corresponding access designation of each of the plurality of endpoints, updating a routing table at the edge component, to include routing information for a subset of the plurality of endpoints having access to at least one other endpoint of the plurality of endpoints or to the other accessible network resources; and enabling routing of network traffic, via the cloud-based secure access service, between any number of the plurality of endpoints based at least in part on the routing table.

Abstract: A data storage system includes a first storage layer, a second storage layer, an I/O manager, and a data organizer. The first storage layer utilizes a first type of data storage device. The first storage layer includes (i) a first data bucket that includes first data having a first data attribute, the first data bucket including a first data limit, and (ii) a second data bucket. The second storage layer utilizes a second type of data storage device. The I/O manager receives a data write request from the user and directs the data write request to the first storage layer. The data organizer (a) determines whether data in the data write request has the first data attribute; and (b) stores the data in the data write request in at least one of the first data bucket and the second data bucket if the data in the data write request has the first data attribute.

Abstract: Systems and methods for mapping random data writes to sequential or semi-sequential storage. Data writes may be initially directed to an SSD or other relatively low latency and high IOPS data storage layer. The data may remain in the SSD storage layer until a group of data may be written, together, to a sequential or semi-sequential storage layer. A data organizer may group the data into data buckets based on tags and/or policies associated with the data. In this way, data subject to similar lifetime, priority, data protection, and/or other policies may be stored on a same segment or other portion of the sequential storage layer. Similarly, data having similar access patterns, authors, files, objects, or project affiliations, may be stored together on a same segment of the sequential storage layer.

Abstract: Systems and methods for data management using tagging rules and/or policies. The systems and methods described herein may allow users or administrators to easily label data, so as to organize the data in using any suitable terminology or parameters. Tagging rules (or tag rules) may apply or assign one or more tags to a data file or object. A tag may relate to various components of the data file or object. For example, a tag may relate to a creation date, author, size, or information within the data, such as whether the file or object includes a picture. Once the data is associated with one or more tags, policies may determine how the data is manipulated, stored, accessed, or otherwise used. Policies may relate to actions or operations to be performed with respect to data having one or more particular tags.

Abstract: Systems and methods for data management using tagging rules and/or policies. The systems and methods described herein may allow users or administrators to easily label data, so as to organize the data in using any suitable terminology or parameters. Tagging rules (or tag rules) may apply or assign one or more tags to a data file or object. A tag may relate to various components of the data file or object. For example, a tag may relate to a creation date, author, size, or information within the data, such as whether the file or object includes a picture. Once the data is associated with one or more tags, policies may determine how the data is manipulated, stored, accessed, or otherwise used. Policies may relate to actions or operations to be performed with respect to data having one or more particular tags.

Abstract: Systems and methods for mapping random data writes to sequential or semi-sequential storage. Data writes may be initially directed to an SSD or other relatively low latency and high IOPS data storage layer. The data may remain in the SSD storage layer until a group of data may be written, together, to a sequential or semi-sequential storage layer. A data organizer may group the data into data buckets based on tags and/or policies associated with the data. In this way, data subject to similar lifetime, priority, data protection, and/or other policies may be stored on a same segment or other portion of the sequential storage layer. Similarly, data having similar access patterns, authors, files, objects, or project affiliations, may be stored together on a same segment of the sequential storage layer.

Abstract: Systems and methods for data management using tagging rules and/or policies. The systems and methods described herein may allow users or administrators to easily label data, so as to organize the data in using any suitable terminology or parameters. Tagging rules (or tag rules) may apply or assign one or more tags to a data file or object. A tag may relate to various components of the data file or object. For example, a tag may relate to a creation date, author, size, or information within the data, such as whether the file or object includes a picture. Once the data is associated with one or more tags, policies may determine how the data is manipulated, stored, accessed, or otherwise used. Policies may relate to actions or operations to be performed with respect to data having one or more particular tags.

Abstract: Systems and methods for mapping random data writes to sequential or semi-sequential storage. Data writes may be initially directed to an SSD or other relatively low latency and high IOPS data storage layer. The data may remain in the SSD storage layer until a group of data may be written, together, to a sequential or semi-sequential storage layer. A data organizer may group the data into data buckets based on tags and/or policies associated with the data. In this way, data subject to similar lifetime, priority, data protection, and/or other policies may be stored on a same segment or other portion of the sequential storage layer. Similarly, data having similar access patterns, authors, files, objects, or project affiliations, may be stored together on a same segment of the sequential storage layer.

Abstract: Systems and methods for viewing, accessing, and monitoring data stored in a data storage system. Tags, metadata, and/or other attributes of data stored in a storage system may be used to define and create particular views of relevant data. In particular, a membership specification may provide inclusion and exclusion directives for determining which files and objects in the storage system to include in the view. A structure specification may provide a structure for organizing and presenting the files and objects in the view. Systems and methods described herein may allow a user to easily identify and view particularly relevant data from, for example, a large storage system storing data form hundreds of files systems. Moreover, the systems and methods described herein may allow for tracking and/or monitoring of particular data attributes.

Abstract: The subject technology addresses the need in the art for improving provisioning and booting of virtual machines in a cloud computing environment. Different versions of boot volume images may be shared in a storage repository accessible by one or more host computers. When a virtual machine is created, a shared boot volume image, including confirmation information for the virtual machine, may be selected for booting the virtual machine. Over time, newer version(s) of boot volume images may be stored in the storage repository and new virtual machine(s) may use the newer version of the boot volume image for booting.

Abstract: In one embodiment, a method includes receiving static profiles each comprising one or more properties of an operating environment, receiving a dynamic profile for identifying a configuration of an interface based on the static profile associated with said dynamic profile, associating the dynamic profile with one of the static profiles based on the operating environment of the interface, and automatically updating the association upon identifying a change in the operating environment. An apparatus is also disclosed.

Abstract: In one embodiment, an apparatus includes a port profile manager for receiving a port configuration policy and creating a port profile for the port configuration policy. The apparatus further includes a management interface for transmitting the port profile to a management station operable to receive input mapping the port profile to one or more interfaces associated with virtual machines. The port profile manager receives and stores the mapping input at the management station, for use in configuring the interfaces according to the port configuration policy. A method for policy based configuration of interfaces in a virtual machine environment is also disclosed.

Abstract: Described herein are techniques for preventing MAC address spoofs in a virtualization cluster. When a virtual switch first sees a new MAC address on a port designated as being a secure port, the packet is redirected to a virtual supervisor agent used to manage the distributed virtual switch. Assuming the MAC may be bound to the secure port, the supervisor agent broadcasts a message to both the virtual switch that redirected the packet and to virtual switches on other virtualization servers within the cluster.

Abstract: A method and system to exchange information between computer applications are provided. The system may include a source operating system, a destination operating system and an offload stack, all residing on the device. The source operating system and the destination operating system appear to users as distinct network entities. The offload stack may be configured to function as an intermediate network device for the source operating system. The offload stack, in one embodiment, comprises a back end to receive a message from the source operating system to the destination operating system, an analyzer to determine that the destination operating system resides on the device and a cut though socket module to process the message such that a network layer of the offload stack is bypassed.

Abstract: Methods and apparatus for transferring data from an application server are provided. By offloading network and file system stacks to a common stack accessible by multiple operating systems in a virtual computing system, embodiments of the present invention may achieve data transfer support for web and application servers without the data needing to be copied to or reside in the address space of the server operating systems.

Abstract: In one embodiment, an apparatus includes a port profile manager for receiving a port configuration policy and creating a port profile for the port configuration policy. The apparatus further includes a management interface for transmitting the port profile to a management station operable to receive input mapping the port profile to one or more interfaces associated with virtual machines. The port profile manager receives and stores the mapping input at the management station, for use in configuring the interfaces according to the port configuration policy. A method for policy based configuration of interfaces in a virtual machine environment is also disclosed.

Abstract: In one embodiment, an apparatus includes a port channel manager for receiving information identifying switches connected to a group of physical ports at a network device and creating subgroups each comprising the physical ports connected to one of the switches. The apparatus further includes a virtual interface agent for assigning a virtual interface connecting a virtual switch to a virtual machine, to one of the subgroups. Traffic received from the virtual machine on the virtual interface is transmitted to one of the switches on one of the physical ports in the assigned subgroup. A method for grouping ports for association with virtual interfaces is also disclosed.

Abstract: In one embodiment, a method includes receiving static profiles each comprising one or more properties of an operating environment, receiving a dynamic profile for identifying a configuration of an interface based on the static profile associated with said dynamic profile, associating the dynamic profile with one of the static profiles based on the operating environment of the interface, and automatically updating the association upon identifying a change in the operating environment. An apparatus is also disclosed.