Abstract: One embodiment includes identifying a common file associated with a first software container deployed on a host; adding a single copy of the common file to a common file pool maintained by the host, removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool, and removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool; identifying at least one unique file associated with the first container; and moving the unique file to the common file pool maintained by the host and removing the unique file from the first container and replacing it with a pointer to the copy of the unique file in the shared file pool.

Abstract: Disclosed are systems, methods, and computer-readable storage media for adaptive load balancing for application chains. A load-balancer can receive a data packet for a connection/transaction to be routed through an application chain. The load-balancer can select, based on an application path table, a first end-to-end application path through the application chain. The application path table can identify two or more end-to-end application paths through the application chain along with a corresponding performance status for each end-to-end application path through the application chain. The performance status for an application path can indicate a performance level of the end-to-end application path determined based on performance of previous data packets for previous connections transmitted through the application chain according to the end-to-end application path.

Abstract: One embodiment includes identifying a common file associated with a first software container deployed on a host; adding a single copy of the common file to a common file pool maintained by the host, removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool, and removing the common file from the first container and replacing it with a pointer to the copy of the common file in the shared file pool; identifying at least one unique file associated with the first container; and moving the unique file to the common file pool maintained by the host and removing the unique file from the first container and replacing it with a pointer to the copy of the unique file in the shared file pool.

Abstract: Disclosed are systems, methods, and computer-readable storage media for adaptive load balancing for application chains. A load-balancer can receive a data packet for a connection/transaction to be routed through an application chain. The load-balancer can select, based on an application path table, a first end-to-end application path through the application chain. The application path table can identify two or more end-to-end application paths through the application chain along with a corresponding performance status for each end-to-end application path through the application chain. The performance status for an application path can indicate a performance level of the end-to-end application path determined based on performance of previous data packets for previous connections transmitted through the application chain according to the end-to-end application path.

Abstract: In one embodiment, a cloud network provides cloud services to the one or more clients, where data usage of each client is monitored on a per client basis. If the data usage of any client is above a first predetermined threshold, then a WAN optimization platform is automatically implemented within the cloud network for the client having the data usage determined to be above the first predetermined threshold.

Abstract: A method is described and in one embodiment includes intercepting an API call destined for an application executing on a host server; accessing a Service Level Agreement (“SLA”) profile for the application, wherein the SLA indicates performance guarantees for the application; determining resource utilization for the host server and resource utilization for the current application and other applications running on that server; comparing the performance guarantees with the host server and application resource utilization to determine whether performance guarantees can be met if the API call is forwarded to the application based on the host server resource utilization; and, if it determined that the performance guarantees cannot be met if the API call is forwarded to the application, refraining from forwarding the API call to the application.

Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.

Abstract: A device and method are provided to provide multi-exit firewall capabilities for cloud server or cloud service deployments without prior knowledge of reachability information of a client device where the client device may belong to one of several networks accessing the cloud server or cloud service. The reachability information may be derived based on flow of data to and from the client device in response to a data transfer initiation request. A firewall connection table may be updated to record routability to the client device comprising the derived reachability information. The recorded reachability information in the connection table may be used for the data transfer with the client device instead of a default route in a routing table.

Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.

Abstract: A device and method are provided to provide multi-exit firewall capabilities for cloud server or cloud service deployments without prior knowledge of reachability information of a client device where the client device may belong to one of several networks accessing the cloud server or cloud service. The reachability information may be derived based on flow of data to and from the client device in response to a data transfer initiation request. A firewall connection table may be updated to record routability to the client device comprising the derived reachability information. The recorded reachability information in the connection table may be used for the data transfer with the client device instead of a default route in a routing table.

Abstract: In one embodiment, a cloud network provides cloud services to the one or more clients, where data usage of each client is monitored on a per client basis. If the data usage of any client is above a first predetermined threshold, then a WAN optimization platform is automatically implemented within the cloud network for the client having the data usage determined to be above the first predetermined threshold.

Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.

Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.

Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.

Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.

Abstract: Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker.

Abstract: An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.

Abstract: An interface comprising a docking site having a first electrical connector adapted to interconnect a bus, and having at least one first retainer portion; and an adapter comprising: at least one second retainer portion, wherein the at least one second retainer portion and the at least one first retainer portion are adapted to releasably engage; a second electrical connector, wherein the second electrical connector and the first electrical connector are adapted to engage and interconnect; at least one port adapted to accept at least one modular connector having at least one electrical contact; and at least one electrical interconnect adapted to interconnect the at least one electrical contact with the second electrical connector.

Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.

Abstract: Apparatus, methods, and other embodiments associated with providing service insertion architecture (SIA) differentiated services in a virtual private network (VPN) environment are described. Embodiments may provision an authentication, authorization, and accounting (AAA) server with user-to-SIA service-context mapping information. With the AAA server provisioned, embodiments may acquire, in an IPSec VPN hub, during IPSec tunnel user authentication, from the AAA server, the user-to-SIA service-context mapping information. With the mapping information available, embodiments may dynamically map an SIA service to an IPSec VPN tunnel user based on the service information acquired from the Service Broker or Pseudo-Service Broker.