INTERCEPTION OF A CLOUD-BASED COMMUNICATION CONNECTION
Granted: December 16, 2010
Application Number:
20100318665
Methods and apparatus are provided for intercepting a client-server communication connection in a computing environment. A first network intermediary configured to facilitate optimization of client-server transactions may be installed in a path of communications between the client and the server. A second network intermediary configured to cooperate with the first network intermediary is not in the path of communications between the client and the server. The first network intermediary…
METHOD AND APPARATUS FOR SPLIT-TERMINATING A SECURE NETWORK CONNECTION, WITH CLIENT AUTHENTICATION
Granted: November 25, 2010
Application Number:
20100299525
A method and apparatus are provided for split-terminating a secure client-server communication connection, with client authentication. During handshaking between the client and the server, cooperating network intermediaries relay the handshaking messages, without altering the messages. At least one of the intermediaries possesses a private key of the server, and extracts a set of data fields from the handshaking messages, including a Client-Key-Exchange message that can be decrypted with…
Selecting proxies from among autodiscovered proxies
Granted: October 21, 2010
Application Number:
20100268829
Network devices include proxies and where multiple proxies are present on a network, they can probe to determine the existence of other proxies. Where more than two proxies are present and thus different proxy pairings are possible, the proxies are programmed to determine which proxies should form a proxy pair. Marked probe packets are used by proxies to discover each other and probing is done such a connection can be eventually formed even if some probe packets fail due to the marking…
VIRTUALIZED DATA STORAGE SYSTEM OPTIMIZATIONS
Granted: September 23, 2010
Application Number:
20100241654
Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. Virtual storage arrays overcome bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the…
VIRTUALIZED DATA STORAGE SYSTEM ARCHITECTURE
Granted: September 23, 2010
Application Number:
20100241673
Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the…
Virtualized Data Storage Over Wide-Area Networks
Granted: September 23, 2010
Application Number:
20100241726
Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the…
VIRTUALIZED DATA STORAGE SYSTEM CACHE MANAGEMENT
Granted: September 23, 2010
Application Number:
20100241807
Virtual storage arrays consolidate branch data storage at data centers connected via wide area networks. Virtual storage arrays appear to storage clients as local data storage; however, virtual storage arrays actually store data at the data center. The virtual storage arrays overcomes bandwidth and latency limitations of the wide area network by predicting and prefetching storage blocks, which are then cached at the branch location. Virtual storage arrays leverage an understanding of the…
ESTABLISHING A SPLIT-TERMINATED COMMUNICATION CONNECTION THROUGH A STATEFUL FIREWALL, WITH NETWORK TRANSPARENCY
Granted: September 9, 2010
Application Number:
20100228867
A method and apparatus are provided for establishing a split-terminated client-server communication connection through a stateful firewall, with network transparency. In an environment in which a pair of network intermediaries is employed to optimize client-server communications, a first intermediary intercepts a client request for a new connection. The first intermediary probes the network for a counterpart near the server, and opens an optimized communication session with a second…
SPLIT TERMINATION OF SECURE COMMUNICATION SESSIONS WITH MUTUAL CERTIFICATE-BASED AUTHENTICATION
Granted: September 9, 2010
Application Number:
20100228968
A method and apparatus are provided for split-terminating a secure client-server communication connection when the client and server perform mutual authentication by exchanging certificates, such as within a Lotus Notes environment. When the client submits a certificate to the server, an intermediary device intercepts the certificate and submits to the server a substitute client certificate generated by that intermediary. A certificate authority's private key is previously installed on…
VIRTUAL FILE SYSTEM STACK FOR DATA DEDUPLICATION
Granted: April 8, 2010
Application Number:
20100088349
A data virtualization storage appliance performs data deduplication transformations on the data. The original or non-deduplicated file system is used as shell to hold the directory/file hierarchy and file metadata. The data of the file system is stored by a separate data storage in a transformed and deduplicated form. The deduplicated data store may be implemented as one or more hidden files. The shell file system preserves the hierarchy structure and potentially the file metadata of the…
CONTENT DELIVERY FOR CLIENT SERVER PROTOCOLS WITH USER AFFINITIES USING CONNECTION END-POINT PROXIES
Granted: April 8, 2010
Application Number:
20100088370
In a network supporting transactions between clients and servers over a network path having operating characteristics to overcome, data is transported to overcome the operating characteristics using user affinities and dynamic user location information to selectively preload data, or representations, signatures, segments, etc. of data, in order to overcome the one or more operating characteristic. Examples of operating characteristics to overcome include bandwidth limitations, errors and…
Log Structured Content Addressable Deduplicating Storage
Granted: April 1, 2010
Application Number:
20100082529
A log structured content addressable deduplicated data storage system may be used to store deduplicated data. Data to be stored is partitioned into data segments. Each unique data segment is associated with a label. The storage system maintains a transaction log. Mutating storage operations are initiated by storing transaction records in the transaction log. Additional transaction records are stored in the log when storage operations are completed. Upon restarting an embodiment of the…
Log Structured Content Addressable Deduplicating Storage
Granted: April 1, 2010
Application Number:
20100082547
A log structured content addressable deduplicated data storage system may be used to store deduplicated data. Data to be stored is partitioned into data segments. Each unique data segment is associated with a label. The storage system maintains a transaction log. Mutating storage operations are initiated by storing transaction records in the transaction log. Additional transaction records are stored in the log when storage operations are completed. Upon restarting an embodiment of the…
STORAGE SYSTEM FOR DATA VIRTUALIZATION AND DEDUPLICATION
Granted: April 1, 2010
Application Number:
20100082700
A data virtualization storage appliance performs data deduplication transformations on the data. The original or non-deduplicated file system is used as shell to hold the directory/file hierarchy and file metadata. The data of the file system is stored by a separate data storage in a transformed and deduplicated form. The deduplicated data store may be implemented as one or more hidden files. The shell file system preserves the hierarchy structure and potentially the file metadata of the…
COOPERATIVE PROXY AUTO-DISCOVERY AND CONNECTION INTERCEPTION
Granted: June 18, 2009
Application Number:
20090157888
In a network supporting transactions between clients and servers and proxies that are interposable in a network path between at least one client and at least one server, wherein a pair of proxies can modify a packet stream between a client and a server such that packet data from the client to the server is transformed at a client-side proxy of the proxy pair and untransformed at a server-side proxy of proxy pair and such that packet data from the server to the client is transformed at…
TRANSACTION ACCELERATION USING APPLICATION-SPECIFIC LOCKING
Granted: June 4, 2009
Application Number:
20090144440
A data access request from an application for access to a data resource is received from a first application. The data access request is analyzed to identify application-specific behavior indicating a type of data access for the data resource. The WAN acceleration functionality of a first device is configured for network traffic optimization based on the type of data access for the data resource. The analysis of the data access request may be based on attributes of the data access…
INTERCEPTING AND SPLIT-TERMINATING AUTHENTICATED COMMUNICATION CONNECTIONS
Granted: May 7, 2009
Application Number:
20090119504
Systems and methods are provided for enabling optimization of communications within a networked computing environment requiring secure, authenticated client-server communication connections. Optimization is performed by a pair of intermediary network devices installed in a path of communications between the client and the server. A secure, authenticated communication connection between the client and server is split-terminated at a pair of intermediary network devices by intercepting a…
CONNECTION FORWARDING
Granted: April 9, 2009
Application Number:
20090094371
Two or more network traffic processors connected with the same LAN and WAN are identified as neighbors. Neighboring network traffic processors cooperate to overcome asymmetric routing, thereby ensuring that related sequences of network traffic are processed by the same network proxy. A network proxy can be included in a network traffic processor or as a standalone unit. A network traffic processor that intercepts a new connection initiation by a client assigns a network proxy to handle…
CONTENT-BASED SEGMENTATION SCHEME FOR DATA COMPRESSION IN STORAGE AND TRANSMISSION INCLUDING HIERARCHICAL SEGMENT REPRESENTATION
Granted: March 26, 2009
Application Number:
20090079597
In a coding system, input data within a system is encoded. The input data might include sequences of symbols that repeat in the input data or occur in other input data encoded in the system. The encoding includes determining a target segment size, determining a window size, identifying a fingerprint within a window of symbols at an offset in the input data, determining whether the offset is to be designated as a cut point and segmenting the input data as indicated by the set of cut…
SERVER CONFIGURATION SELECTION FOR SSL INTERCEPTION
Granted: March 26, 2009
Application Number:
20090083537
A network intermediary device such as a transaction accelerator intercepts a client request for a secure communication connection with a server. The intermediary issues a substitute connection request to the server and receives a digital certificate during establishment of a secure communication session between the intermediary and the server. Based on information in the received digital certificate, the intermediary selects an appropriate operational configuration for responding to the…
