Abstract: In one aspect, the present disclosure is directed to a method that includes receiving, at an edge component of a cloud-based secure access service, a corresponding access designation for each of a plurality of endpoints, each access designation specifying a type of access a corresponding endpoint has to remaining ones of the plurality of endpoints and other accessible network resources; based on the corresponding access designation of each of the plurality of endpoints, updating a routing table at the edge component, to include routing information for a subset of the plurality of endpoints having access to at least one other endpoint of the plurality of endpoints or to the other accessible network resources; and enabling routing of network traffic, via the cloud-based secure access service, between any number of the plurality of endpoints based at least in part on the routing table.

Abstract: In one aspect, the present disclosure is directed to a method that includes receiving, at an edge component of a cloud-based secure access service, a corresponding access designation for each of a plurality of endpoints, each access designation specifying a type of access a corresponding endpoint has to remaining ones of the plurality of endpoints and other accessible network resources; based on the corresponding access designation of each of the plurality of endpoints, updating a routing table at the edge component, to include routing information for a subset of the plurality of endpoints having access to at least one other endpoint of the plurality of endpoints or to the other accessible network resources; and enabling routing of network traffic, via the cloud-based secure access service, between any number of the plurality of endpoints based at least in part on the routing table.

Abstract: In one aspect, the present disclosure is directed to a method that includes receiving, at an edge component of a cloud-based secure access service, a corresponding access designation for each of a plurality of endpoints, each access designation specifying a type of access a corresponding endpoint has to remaining ones of the plurality of endpoints and other accessible network resources; based on the corresponding access designation of each of the plurality of endpoints, updating a routing table at the edge component, to include routing information for a subset of the plurality of endpoints having access to at least one other endpoint of the plurality of endpoints or to the other accessible network resources; and enabling routing of network traffic, via the cloud-based secure access service, between any number of the plurality of endpoints based at least in part on the routing table.

Abstract: The present disclosure is directed to network traffic management and load balancing at a cloud-based secure access service accessible to remotely connected user devices. In one example, a cloud-based secure service system includes a network controller configured to receive network traffic from one or more user devices remotely connected to the controller; parse the network traffic into flow data and contextual information associated with the network traffic; determine that the network traffic is to be serviced by a target firewall service at the cloud-based secure service system based on the flow data and the contextual information; and direct the network traffic to the target firewall service to be serviced.

Abstract: The present disclosure is directed to network traffic management and load balancing at a cloud-based secure access service accessible to remotely connected user devices. In one example, a cloud-based secure service system includes a network controller configured to receive network traffic from one or more user devices remotely connected to the controller; parse the network traffic into flow data and contextual information associated with the network traffic; determine that the network traffic is to be serviced by a target firewall service at the cloud-based secure service system based on the flow data and the contextual information; and direct the network traffic to the target firewall service to be serviced.

Abstract: The present disclosure is directed to network traffic management and load balancing at a cloud-based secure access service accessible to remotely connected user devices. In one example, a cloud-based secure service system includes a network controller configured to receive network traffic from one or more user devices remotely connected to the controller; parse the network traffic into flow data and contextual information associated with the network traffic; determine that the network traffic is to be serviced by a target firewall service at the cloud-based secure service system based on the flow data and the contextual information; and direct the network traffic to the target firewall service to be serviced.

Abstract: In one aspect, the present disclosure is directed to a method that includes receiving, at an edge component of a cloud-based secure access service, a corresponding access designation for each of a plurality of endpoints, each access designation specifying a type of access a corresponding endpoint has to remaining ones of the plurality of endpoints and other accessible network resources; based on the corresponding access designation of each of the plurality of endpoints, updating a routing table at the edge component, to include routing information for a subset of the plurality of endpoints having access to at least one other endpoint of the plurality of endpoints or to the other accessible network resources; and enabling routing of network traffic, via the cloud-based secure access service, between any number of the plurality of endpoints based at least in part on the routing table.

Abstract: The present disclosure is directed to managing network traffic in a cloud-based secure access service. In one aspect, a method includes determining, by a controller of a cloud-based secure access service, that data packets from a user device should be dropped, a plurality of user devices, including the user device, being remotely connected to the controller for access to the cloud-based secure access service; determining, by the controller, a type of remote connection through which the user device is connected to the controller, each type of remote connection having a corresponding communication prototype; and transmitting a message, by the controller, to the user device, over a control protocol corresponding to the type of remote connection through which the user device is connected to the controller, the message providing a signal to the user device to drop packets at the user device prior to sending the packets to the controller.

Abstract: A data storage system includes a first storage layer, a second storage layer, an I/O manager, and a data organizer. The first storage layer utilizes a first type of data storage device. The first storage layer includes (i) a first data bucket that includes first data having a first data attribute, the first data bucket including a first data limit, and (ii) a second data bucket. The second storage layer utilizes a second type of data storage device. The I/O manager receives a data write request from the user and directs the data write request to the first storage layer. The data organizer (a) determines whether data in the data write request has the first data attribute; and (b) stores the data in the data write request in at least one of the first data bucket and the second data bucket if the data in the data write request has the first data attribute.

Abstract: Systems and methods for mapping random data writes to sequential or semi-sequential storage. Data writes may be initially directed to an SSD or other relatively low latency and high IOPS data storage layer. The data may remain in the SSD storage layer until a group of data may be written, together, to a sequential or semi-sequential storage layer. A data organizer may group the data into data buckets based on tags and/or policies associated with the data. In this way, data subject to similar lifetime, priority, data protection, and/or other policies may be stored on a same segment or other portion of the sequential storage layer. Similarly, data having similar access patterns, authors, files, objects, or project affiliations, may be stored together on a same segment of the sequential storage layer.

Abstract: Systems and methods for data management using tagging rules and/or policies. The systems and methods described herein may allow users or administrators to easily label data, so as to organize the data in using any suitable terminology or parameters. Tagging rules (or tag rules) may apply or assign one or more tags to a data file or object. A tag may relate to various components of the data file or object. For example, a tag may relate to a creation date, author, size, or information within the data, such as whether the file or object includes a picture. Once the data is associated with one or more tags, policies may determine how the data is manipulated, stored, accessed, or otherwise used. Policies may relate to actions or operations to be performed with respect to data having one or more particular tags.

Abstract: Systems and methods for data management using tagging rules and/or policies. The systems and methods described herein may allow users or administrators to easily label data, so as to organize the data in using any suitable terminology or parameters. Tagging rules (or tag rules) may apply or assign one or more tags to a data file or object. A tag may relate to various components of the data file or object. For example, a tag may relate to a creation date, author, size, or information within the data, such as whether the file or object includes a picture. Once the data is associated with one or more tags, policies may determine how the data is manipulated, stored, accessed, or otherwise used. Policies may relate to actions or operations to be performed with respect to data having one or more particular tags.

Abstract: Systems and methods for mapping random data writes to sequential or semi-sequential storage. Data writes may be initially directed to an SSD or other relatively low latency and high IOPS data storage layer. The data may remain in the SSD storage layer until a group of data may be written, together, to a sequential or semi-sequential storage layer. A data organizer may group the data into data buckets based on tags and/or policies associated with the data. In this way, data subject to similar lifetime, priority, data protection, and/or other policies may be stored on a same segment or other portion of the sequential storage layer. Similarly, data having similar access patterns, authors, files, objects, or project affiliations, may be stored together on a same segment of the sequential storage layer.

Abstract: Systems and methods for mapping random data writes to sequential or semi-sequential storage. Data writes may be initially directed to an SSD or other relatively low latency and high IOPS data storage layer. The data may remain in the SSD storage layer until a group of data may be written, together, to a sequential or semi-sequential storage layer. A data organizer may group the data into data buckets based on tags and/or policies associated with the data. In this way, data subject to similar lifetime, priority, data protection, and/or other policies may be stored on a same segment or other portion of the sequential storage layer. Similarly, data having similar access patterns, authors, files, objects, or project affiliations, may be stored together on a same segment of the sequential storage layer.

Abstract: Systems and methods for data management using tagging rules and/or policies. The systems and methods described herein may allow users or administrators to easily label data, so as to organize the data in using any suitable terminology or parameters. Tagging rules (or tag rules) may apply or assign one or more tags to a data file or object. A tag may relate to various components of the data file or object. For example, a tag may relate to a creation date, author, size, or information within the data, such as whether the file or object includes a picture. Once the data is associated with one or more tags, policies may determine how the data is manipulated, stored, accessed, or otherwise used. Policies may relate to actions or operations to be performed with respect to data having one or more particular tags.

Abstract: Systems and methods for viewing, accessing, and monitoring data stored in a data storage system. Tags, metadata, and/or other attributes of data stored in a storage system may be used to define and create particular views of relevant data. In particular, a membership specification may provide inclusion and exclusion directives for determining which files and objects in the storage system to include in the view. A structure specification may provide a structure for organizing and presenting the files and objects in the view. Systems and methods described herein may allow a user to easily identify and view particularly relevant data from, for example, a large storage system storing data form hundreds of files systems. Moreover, the systems and methods described herein may allow for tracking and/or monitoring of particular data attributes.

Abstract: Described herein are techniques for preventing MAC address spoofs in a virtualization cluster. When a virtual switch first sees a new MAC address on a port designated as being a secure port, the packet is redirected to a virtual supervisor agent used to manage the distributed virtual switch. Assuming the MAC may be bound to the secure port, the supervisor agent broadcasts a message to both the virtual switch that redirected the packet and to virtual switches on other virtualization servers within the cluster.

Abstract: A method and system to exchange information between computer applications are provided. The system may include a source operating system, a destination operating system and an offload stack, all residing on the device. The source operating system and the destination operating system appear to users as distinct network entities. The offload stack may be configured to function as an intermediate network device for the source operating system. The offload stack, in one embodiment, comprises a back end to receive a message from the source operating system to the destination operating system, an analyzer to determine that the destination operating system resides on the device and a cut though socket module to process the message such that a network layer of the offload stack is bypassed.

Abstract: Methods and apparatus for transferring data from an application server are provided. By offloading network and file system stacks to a common stack accessible by multiple operating systems in a virtual computing system, embodiments of the present invention may achieve data transfer support for web and application servers without the data needing to be copied to or reside in the address space of the server operating systems.

Abstract: A method, system, apparatus, and signal-bearing media for provided discovering a target device via one port of a plurality of virtual ports, creating a target data structure associated with the target device, and allocating a second port of the plurality of virtual ports to a host if the second port is available. In an embodiment, an initiator identifier for the host may be created based on a port number of the second port and a media access control address and sent to the target device to identify the host.