Abstract: The present disclosure relates to systems and methods for synchronizing device states across two distributed systems. Various embodiments include a convergence mechanism also referred to as a device resync engine. The basis of the present system and methods is that any and every operation done between the two distributed systems, via Application Programming Interfaces (API's), pushes the system towards re-synchronization. This is achieved by providing an active feedback of the user's device state on every user action. For example, a user performs an authentication on one device; the two systems complete the authentication and additionally ensure all states of all devices owned by the user are in sync. By performing these small corrections for every user, the present systems and methods are able to re-converge into a synchronized state while keeping compute expanses low and process efficient.

Abstract: Systems and methods include, in a cloud node, receiving Mobile Device Management (MDM) data from a central authority, wherein the MDM data includes policy metadata specifying MDM functions for mobile devices associated with users of an enterprise; communicating to an application on a mobile device associated with a user, via a tunnel, wherein the application is configured for service discovery and connectivity; and providing the MDM data to the mobile device associated with the user via the tunnel.

Abstract: Systems and methods include, in a cloud node, receiving Mobile Device Management (MDM) data from a central authority, wherein the MDM data includes policy metadata specifying MDM functions for mobile devices associated with users of an enterprise; communicating to an application on a mobile device associated with a user, via a tunnel, wherein the application is configured for service discovery and connectivity; and providing the MDM data to the mobile device associated with the user via the tunnel.

Abstract: A cloud-based method of service function chaining using Security Assertion Markup Language (SAML) assertions includes receiving configuration information related to any of users, services, and correspondence between the users and the services; responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and providing the SAML assertion with the stack of service tags to the user in response to the request. The method can further include providing the SAML assertion by the user to one or more services, wherein each of the services creates a context based on the stack of service tags. Each of the services identifies itself in the stack and sends the SAML assertion to a next service or application in the stack.

Abstract: Systems and methods for replication and validation between a plurality of nodes in a cloud-based system forming a cluster include replicating a database and a software state between the plurality of nodes utilizing a replication algorithm which elects a master of the plurality of nodes and remaining nodes comprising peers, wherein the master is configured to perform the replicating; validating database sequences in the database at all of the plurality of nodes utilizing the replication algorithm to ensure sequential order of the validating between the plurality of nodes; and, responsive to differences between a peer and the master, performing a failure recovery in the database at the peer.

Abstract: Systems and methods for replication and validation between a plurality of nodes in a cloud-based system forming a cluster include replicating a database and a software state between the plurality of nodes utilizing a replication algorithm which elects a master of the plurality of nodes and remaining nodes comprising peers, wherein the master is configured to perform the replicating; validating database sequences in the database at all of the plurality of nodes utilizing the replication algorithm to ensure sequential order of the validating between the plurality of nodes; and, responsive to differences between a peer and the master, performing a failure recovery in the database at the peer.

Abstract: A cloud-based method of service function chaining using Security Assertion Markup Language (SAML) assertions includes receiving configuration information related to any of users, services, and correspondence between the users and the services; responsive to a request from a user, generating a SAML assertion for the request and attaching a stack of service tags with the SAML assertion, wherein the stack of service tags defines a service chain for the user and for the request; and providing the SAML assertion with the stack of service tags to the user in response to the request. The method can further include providing the SAML assertion by the user to one or more services, wherein each of the services creates a context based on the stack of service tags. Each of the services identifies itself in the stack and sends the SAML assertion to a next service or application in the stack.

Abstract: A cloud-based method, a system, and a cloud-based security system include receiving a request from a user for a cloud application at a proxy server; determining whether the user is authenticated based on a presence of cookies in the request; if the cookies are present, un-transforming the cookies by the proxy server and forwarding the request with the un-transformed cookies to the cloud application; and, if the cookies are not present, forwarding the request to the cloud application by the proxy server for authentication and transforming the cookies subsequent to the authentication prior to sending the cookies to the user.

Abstract: A cloud-based method, a system, and a cloud-based security system include receiving a request from a user for a cloud application at a proxy server; determining whether the user is authenticated based on a presence of cookies in the request; if the cookies are present, un-transforming the cookies by the proxy server and forwarding the request with the un-transformed cookies to the cloud application; and, if the cookies are not present, forwarding the request to the cloud application by the proxy server for authentication and transforming the cookies subsequent to the authentication prior to sending the cookies to the user.