Abstract: Example methods and systems for connection establishment in a global server load balancer (GSLB) environment are described. In one example, a computer system may establish a first connection with a first entity and a second connection with the second entity. The first connection may be established based on first parameter information that includes a shared certificate and a first identifier (ID). The second connection may be established based on second parameter information that includes the shared certificate and a second ID. The shared certificate may be shared by multiple entities that include the first entity and a second entity. In response to receiving a first request, a first response may be generated and sent towards the first entity via the first connection. In response to receiving a second request, a second response may be generated and sent towards the second entity via the second connection.

Abstract: Example methods and systems for dynamic site selection in a global server load balancer (GSLB) environment are described. In one example, a computer system may obtain first health information from a first entity and second health information from a second entity. The first health information may be generated based on multiple first traffic flows between (a) multiple first client devices and (b) a first pool of backend servers. The second health information may be generated based on multiple second traffic flows between (a) multiple second client devices and (b) a second pool of backend servers. In response to receiving a request to access the service, the computer may select a selected site based on the first health information and/or second health information. A response may be generated and sent to cause a third client device to access the service by directing a third traffic flow towards the selected site.

Abstract: Some embodiments of the invention provide a method of deploying a tenant deployable element to one public cloud. The method identifies first and second candidate resource elements respectively of first and second resource element sub-types to deploy in a public cloud to implement the tenant deployable element. The method identifies, for the first and second candidate resource elements respectively first and second sets of performance metric values to evaluate. The method evaluates the identified first and second sets of metrics to select one candidate resource element to implement the tenant deployable element in the public cloud. The method uses the selected resource element to implement the tenant deployable element in the public cloud.

Abstract: System and computer-implemented method for managing placements of software components in host computers of a computing environment uses placement rules for a software component, which are automatically generated based on user input received at a managed entity in the computing environment. The placement rules are transmitted to a management entity that controls placement and migration of software components in the computing environment using a resource scheduler. The placement rules are then provided to the resource scheduler to be applied to the software component for placement operations.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to dynamically monitor and control compute device identities during operations. Disclosed is an apparatus comprising interface circuitry, machine readable instructions, and processor circuitry to at least one of instantiate or execute the machine readable instructions to generate a unique label for a node from a data plane, the unique label to identify the node, perform an operation on the node, the operation to be performed on the node by identifying the node associated with the unique label, and maintain the unique label until the operation on the node is successful.

Abstract: An example method may include receiving a first authentication credential corresponding to a component in a data center. The first authentication credential may be provided by a user to access the component. Further, the method may include dynamically generating a second authentication credential corresponding to the first authentication credential. The second authentication credential may be system-generated to access the component. Furthermore, the method may include generating mapping information for mapping the second authentication credential to the first authentication credential. In response to receiving a first request to perform a data center operation that is dependent on the component, the method may include utilizing the first authentication credential to authenticate the first request and utilizing the second authentication credential to perform the data center operation using the mapping information.

Abstract: Some embodiments of the invention provide a method of deploying first and second tenant deployable elements to a set of one or more public clouds, the first and second tenant deployable elements being different types of elements. The method identifies first and second sets of performance metrics respectively for first and second sets of candidate resource elements to use to deploy the first and second tenant deployable elements, the two sets of performance metrics being different sets of metrics because the first and second tenant deployable elements being different types of elements, the first set of performance metrics having at least one metric that is not included in the second set of performance metrics.

Abstract: An example method may include receiving a first authentication credential corresponding to a component in a data center. The first authentication credential may be provided by a user to access the component. Further, the method may include dynamically generating a second authentication credential corresponding to the first authentication credential. The second authentication credential may be system-generated to access the component. Furthermore, the method may include generating mapping information for mapping the second authentication credential to the first authentication credential. In response to receiving a first request to perform a data center operation that is dependent on the component, the method may include utilizing the first authentication credential to authenticate the first request and utilizing the second authentication credential to perform the data center operation using the mapping information.

Abstract: An example method of file transfer between a client and a server includes: initiating, by the client, a front-end control connection between the client and a horizontally scaled proxy service; creating, by a first proxy instance of a plurality of proxy instances of the horizontally scaled proxy service, a back-end control connection between the first proxy instance and the server; returning, to the client from the first proxy instance, a unique client parameter associated with the front-end connection as a destination port for a front-end data connection; initiating, by the client, the front-end data connection between the client and the horizontally scaled proxy service, the front-end data connection using the destination port as returned by the first proxy instance; and creating, by the first proxy instance, a back-end data connection between the first proxy instance and the server.

Abstract: Some embodiments provide a method that, at a first domain name system (DNS) cluster of a set of DNS clusters, receives a DNS request from a client. The first DNS cluster identifies, based on an identifier of the client in the DNS request, a home DNS cluster of the client. The method forwards the DNS request to the home DNS cluster. The home DNS cluster supplies a DNS response to the client. Identifying the home DNS cluster, in some embodiments, includes performing a hash on the identifier of the client. Supplying the DNS response, in some embodiments, includes receiving a virtual IP (VIP) address associated with one of a plurality of sets of application servers to the client and providing the received VIP address to the client in the DNS response.

Abstract: Example methods and systems for application security enforcement are described. In one example, a computer system may detect, from a client device, a packet requiring processing by a first server pool; and determine whether the packet is associated with a security attack. In response to determination that the packet is not associated with the security attack, the packet may be steered towards the first server pool to cause processing of the packet by one of multiple first application servers. Otherwise, the packet may be steered towards a second server pool to cause processing of the packet by one of multiple second application servers and to learn attack information associated with the security attack. The multiple second application servers in the second server pool may be capable of mimicking behavior of the multiple first application servers in the first server pool.

Abstract: Some embodiments provide a method that, at a first domain name system (DNS) cluster of a set of DNS clusters, receives a DNS request from a client. The first DNS cluster identifies, based on an identifier of the client in the DNS request, a home DNS cluster of the client. The method forwards the DNS request to the home DNS cluster. The home DNS cluster supplies a DNS response to the client. Identifying the home DNS cluster, in some embodiments, includes performing a hash on the identifier of the client. Supplying the DNS response, in some embodiments, includes receiving a virtual IP (VIP) address associated with one of a plurality of sets of application servers to the client and providing the received VIP address to the client in the DNS response.

Abstract: Some embodiments provide a method that, at a first domain name system (DNS) cluster of a set of DNS clusters, receives a DNS request from a client. The first DNS cluster identifies, based on an identifier of the client in the DNS request, a home DNS cluster of the client. The method forwards the DNS request to the home DNS cluster. The home DNS cluster supplies a DNS response to the client. Identifying the home DNS cluster, in some embodiments, includes performing a hash on the identifier of the client. Supplying the DNS response, in some embodiments, includes receiving a virtual IP (VIP) address associated with one of a plurality of sets of application servers to the client and providing the received VIP address to the client in the DNS response.

Abstract: Some embodiments provide a method of enforcing a set of access policies on traffic exchanged between remote clients and virtual desktop applications. This method receives and stores access policies that define access to different virtual desktop applications by remote clients. To a set of one or more access gateways remote, the method forwards client requests to launch virtual desktop applications. The method analyzes responses provided by the gateway set to virtual desktop requests, and based on this analysis, creates records that identify the virtual applications that will be launched. The method passes the gateway responses back to the remote clients, and upon receiving traffic to the identified virtual applications from the remote clients, (1) uses the created records to identify the virtual applications associated with the received traffic and (2) applies the access policies associated with the identified virtual applications to the received traffic.

Abstract: The method of some embodiments forwards packets to a destination node executing on a host computer. The method identifies a set of one or more attributes associated with a set of one or more packets of a data flow. Based on the identified set of attributes, the method dynamically specifies a set of parameters for aggregating, for the destination node, payloads of multiple groups of packets of the data flow. The method creates, according to the set of parameters, an aggregate packet for each group of packets and then forwards each aggregate packet to the destination node. In some embodiments, aggregating each group of packets includes setting headers for each aggregate packet, forwarded to the destination node, where the headers for each aggregate packet correspond to headers of the group of packets.

Abstract: Some embodiments provide a method of enforcing a set of access policies on traffic exchanged between remote clients and virtual desktop applications. This method receives and stores access policies that define access to different virtual desktop applications by remote clients. To a set of one or more access gateways remote, the method forwards client requests to launch virtual desktop applications. The method analyzes responses provided by the gateway set to virtual desktop requests, and based on this analysis, creates records that identify the virtual applications that will be launched. The method passes the gateway responses back to the remote clients, and upon receiving traffic to the identified virtual applications from the remote clients, (1) uses the created records to identify the virtual applications associated with the received traffic and (2) applies the access policies associated with the identified virtual applications to the received traffic.

Abstract: Some embodiments of the invention provide a method of deploying first and second tenant deployable elements to a set of one or more public clouds, the first and second tenant deployable elements being different types of elements. The method identifies first and second sets of performance metrics respectively for first and second sets of candidate resource elements to use to deploy the first and second tenant deployable elements, the two sets of performance metrics being different sets of metrics because the first and second tenant deployable elements being different types of elements, the first set of performance metrics having at least one metric that is not included in the second set of performance metrics.

Abstract: Some embodiments of the invention provide a method of adjusting deployment of a set of resource elements in a public cloud. The method deploys agents on a first set of resource elements in the public cloud. The method communicates with the deployed agents to generate performance metrics regarding the first set of resource elements. The method analyzes the performance metrics to determine that a deployment of a second set of resource elements in the public cloud has to be modified. The method modifies the deployment of the second set of resource elements based on the analysis.

Abstract: Some embodiments of the invention provide a method of deploying a tenant deployable element to one public cloud. The method identifies first and second candidate resource elements respectively of first and second resource element sub-types to deploy in a public cloud to implement the tenant deployable element. The method identifies, for the first and second candidate resource elements respectively first and second sets of performance metric values to evaluate. The method evaluates the identified first and second sets of metrics to select one candidate resource element to implement the tenant deployable element in the public cloud. The method uses the selected resource element to implement the tenant deployable element in the public cloud.

Abstract: Some embodiments of the invention provide a method for evaluating multiple candidate resource elements associated with different resource element types for deploying one tenant deployable element in a single public cloud. The method deploys a set of one or more agents in the public cloud to collect metrics evaluating performance of each of the multiple candidate resource elements. The method communicates with the set of deployed agents to collect metrics to quantify performance of each candidate resource element. The method aggregates the collected metrics in order to generate a report that quantifies performance of each type of candidate resource element for deploying the tenant deployable element in the single public cloud.