VIRTUALIZED DATA STORAGE SYSTEM ARCHITECTURE
Granted: July 30, 2020
Application Number:
20200242088
Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the…
METHOD AND APPARATUS FOR PATH SELECTION
Granted: August 8, 2019
Application Number:
20190245780
Systems and techniques are described for configuring path selection in a network. The network can comprise a first router, a second router, a third router, a fourth router, and an intermediary device. The second router can be configured to use Differentiated Services Code Point (DSCP) while routing packets so that packets with a first DSCP value are routed through the third router, and packets with a second DSCP value are routed through the fourth router. The intermediary device can be…
AUTOMATED PROBLEM DIAGNOSIS ON LOGS USING ANOMALOUS TELEMETRY ANALYSIS
Granted: May 30, 2019
Application Number:
20190163553
Systems and techniques are described for performing automatic problem diagnosis. Telemetry data of a system can be analyzed to identify a set of time ranges during which the telemetry data exhibits anomalous behavior. Next, a subset of log entries having a timestamp that is in one of the time ranges in set of time ranges can be extracted from a set of log entries generated by the system. The subset of log entries can then be analyzed, by using natural language processing, to identify a…
ADVANCED INJECTION RULE ENGINE
Granted: January 24, 2019
Application Number:
20190026130
Systems and techniques are described for controlling injection of a library into a process. Specifically, some embodiments provide an Advanced Injection Rule Engine (AIRE), which uses a set of rules to selectively inject a library, e.g., a dynamic-link library (DLL), into a process. Some embodiments implement a Domain Specific Language (DSL), called AIRE Script, to define the injection rules that are used by the AIRE at runtime.
AUTO DISCOVERY BETWEEN PROXIES IN AN IPv6 NETWORK
Granted: July 5, 2018
Application Number:
20180191673
Systems and techniques are described for performing proxy auto-discovery in an Internet Protocol version 6 (IPv6) network by using the destination options extension header field in the IPv6 header. Specifically, systems and techniques are described to enable a pair of proxies to transparently intercept connection handshake messages that are carried in IPv6 packets between two network nodes, and to use the destination options extension header field in the IPv6 packets to automatically…
PROVIDING VISIBILITY INTO ENCRYPTED TRAFFIC WITHOUT REQUIRING ACCESS TO THE PRIVATE KEY
Granted: May 3, 2018
Application Number:
20180124025
Systems and techniques are described for providing visibility into encrypted traffic without requiring access to the private key. Some embodiments can transparently intercept a secure connection handshake that establishes a secure connection between a client and a server, wherein during said transparently intercepting the secure connection handshake, the embodiments can (1) obtain connection information associated with the secure connection, and (2) obtain a session key that the client…
DYNAMICALLY INFLUENCING ROUTE RE-DISTRIBUTION BETWEEN AN EXTERIOR GATEWAY PROTOCOL AND AN INTERIOR GATEWAY PROTOCOL
Granted: May 3, 2018
Application Number:
20180123946
Systems and techniques are described for dynamically influencing route re-distribution between an exterior gateway protocol (EGP) and an interior gateway protocol (IGP). Some embodiments can dynamically influence which routes are re-distributed into the IGP network for use in cases where traffic destined to that particular remote site is desired to be steered on the desired network/border router. Moreover, some embodiments can dynamically influence route re-distribution from the IGP…
MINIMALLY INVASIVE MONITORING OF PATH QUALITY
Granted: May 3, 2018
Application Number:
20180123910
Systems and techniques are described for performing minimally invasive monitoring of path quality in a network. Specifically, path quality requests and measurements can be piggy-backed on the data traffic that is flowing through a secure connection between two network nodes. For example, path quality requests and measurements can be inserted into the TFC padding field of IP/ESP packets that are being communicated between two IPsec devices. The disclosed embodiments ensure that the…
OPTIMIZING NETWORK TRAFFIC BY TRANSPARENTLY INTERCEPTING A TRANSPORT LAYER CONNECTION AFTER CONNECTION ESTABLISHMENT
Granted: June 15, 2017
Application Number:
20170171045
Systems and techniques are described for optimizing network traffic by transparently intercepting a transport layer connection after connection establishment. Specifically, an intermediary device can monitor communications between two computers while a transport layer connection that uses a transport layer protocol is being established between the two computers. While monitoring communications, the intermediary device can save transport layer protocol state information associated with…
DYNAMIC KEY GENERATION FOR IDENTIFYING DATA SEGMENTS
Granted: June 15, 2017
Application Number:
20170171345
Systems and techniques are described for caching resources. Multiple distinct resource identifiers that correspond to the same resource can be automatically collected, wherein the multiple distinct resource identifiers are included in resource requests that are sent from at least one client to at least one server. Next, a key can be automatically determined that matches the multiple distinct resource identifiers by analyzing the multiple distinct resource identifiers. A resource request…
TARGET PROCESS INJECTION PRIOR TO EXECUTION OF MARKER LIBRARIES
Granted: May 11, 2017
Application Number:
20170132025
The disclosed embodiments provide a system that modifies execution of a target process in a computer system. During loading of a marker library by a target process, the system modifies import dependency data of the marker library to include an injection library as a dependency of a marker library. After the modified import dependency data is used to load the injection library into the target process by the operating system or loader, the system executes the injection library prior to…
METHOD AND APPARATUS FOR PATH SELECTION
Granted: March 23, 2017
Application Number:
20170085468
Systems and techniques are described for path selection. A packet can be transparently intercepted at an intermediary device. Next, the intermediary device may modify one or more bits in the header of the packet. The intermediary device can then forward the packet to the next hop device. In some network configurations, the modifications to the one or more bits in the header of the packet may cause a downstream device to select a path that is different from the path that would have been…
OPTIMIZATION OF A SECURE CONNECTION WITH ENHANCED SECURITY FOR PRIVATE CRYPTOGRAPHIC KEYS
Granted: September 22, 2016
Application Number:
20160277372
A system, method, and apparatus are provided for establishing a secure, split-terminated, communication connection between a client and a server (or two other communicants), without exposing to possible compromise one or more private keys used at an intermediate device to establish the communication connection. The private key(s) is or are stored on a key server that is separate from the intermediate device and from any other devices whose private keys are also stored on the key server.…
DISTRIBUTED NETWORK TRAFFIC DATA COLLECTION AND STORAGE
Granted: June 18, 2015
Application Number:
20150172143
Network traffic information from multiple sources, at multiple time scales, and at multiple levels of detail are integrated so that users may more easily identify relevant network information. The network monitoring system stores and manipulates low-level and higher-level network traffic data separately to enable efficient data collection and storage. Packet traffic data is collected, stored, and analyzed at multiple locations. The network monitoring locations communicate summary and…
METHOD AND APPARATUS FOR SCHEDULING A HETEROGENEOUS COMMUNICATION FLOW
Granted: May 7, 2015
Application Number:
20150124835
A method and apparatus are provided for scheduling a heterogeneous communication flow. A heterogeneous flow is a flow comprising packets with varying classes or levels of service, which may correspond to different priorities, qualities of service or other service characteristics. When a packet is ready for scheduling, it is queued in order in a flow queue that corresponds to the communication flow. The flow queue then migrates among class queues that correspond to the class or level of…
AUTOMATIC PROMPT DETECTION FOR UNIVERSAL DEVICE SUPPORT
Granted: November 6, 2014
Application Number:
20140331093
Embodiments provide systems, methods, and computer program products for network management application to automatically determine a session prompt for a network device and perform error handling. After logging in to a network device, the network management application records the first session prompt response. The network management application sends a series of empty carriage returns and random characters and records the session prompt responses. The network management application…
NATIVE CODE PROFILER FRAMEWORK
Granted: September 18, 2014
Application Number:
20140282431
Embodiments provide systems, methods, and computer program products for dynamically hooking multiple levels of application code. A server receives identifying information that identifies a target function of a target application to hook. The server pauses a target process of the target application. The server locates the target function within the target application code based on the received identifying information. The server then hooks the located function outside of the target…
MULTI-TIER MESSAGE CORRELATION
Granted: September 18, 2014
Application Number:
20140280929
A system and method determines correlations within multi-tier communications based on repeated iterations/episodes of executions of a target application. Content-based correlations are determined by encoding the content using a finite alphabet, then searching for similar sequences among the multiple traces. By encoding the content to a finite alphabet, common pattern matching techniques may be used, including, for example, DNA alignment algorithms. To facilitate alignment of the traces,…
Persisting Large Volumes of Data in an Efficient, Unobtrusive Manner
Granted: September 18, 2014
Application Number:
20140280386
Embodiments provide a data persisting mechanism that allows for efficient, unobtrusive persisting of large volumes of data while optimizing the use of system resources by the persisting process. In an embodiment, the persisting process includes a self-tuning algorithm that constantly monitors persistence performance and that adjusts persistence time to maintain performance within user-defined criteria. From one aspect, this allows the persisting process to seamlessly adapt to changes in…
INFERRING CONNECTIVITY IN THE PRESENCE OF CONFLICTING NETWORK DATA
Granted: August 21, 2014
Application Number:
20140236878
The connectivity information provided by a variety of inference engines is integrated to provide a set of inferred links within a network. A consolidation is performed among inference engines that operate at a base level of connectivity detail to create a model of the network at this base level. The connectivity information provided by inference engines at each subsequent higher level of connectivity abstraction is then overlaid on the base level connectivity. By separately consolidating…
