Quality of service for inbound network traffic flows
Granted: March 25, 2014
Patent Number:
8681614
An edge network device controls the quality-of-service of incoming network traffic flows by limiting the bandwidth of incoming network traffic flows. To ensure that incoming network traffic classes quickly converge to the desired bandwidth allocations, the maximum bandwidth allocation to each network traffic class is dynamically varied based on current overall usage. The maximum bandwidth allocated to each traffic class at any given moment is the sum of its minimum guaranteed bandwidth…
Booting devices using virtual storage arrays over wide-area networks
Granted: March 18, 2014
Patent Number:
8677111
Virtual storage arrays consolidate data storage at a data center for physical and virtual computer systems at one or more branch network locations. Standalone and virtualized computer systems at a branch network location load, execute, and store their operating systems, applications, and data using virtual storage arrays and do not require any built-in or external non-volatile data storage devices such as hard disk drives or solid-state drives at the branch network location. The virtual…
Detecting outliers in network traffic time series
Granted: March 18, 2014
Patent Number:
8676964
According to an aspect of the invention, a system and method is configured to detect time series outliers in network traffic.
Cooperative proxy auto-discovery and connection interception
Granted: March 11, 2014
Patent Number:
8671205
In a network supporting transactions between clients and servers and proxies that are interposable in a network path, a pair of proxies can modify a packet stream such that packet data from client to server is transformed at a client-side proxy of the pair and untransformed at a server-side of the pair and packet data from server to client is transformed at the server-side proxy and untransformed at the client-side proxy. A discovering proxy transparently discovers its position in a…
Link inference in large networks based on incomplete data
Granted: March 11, 2014
Patent Number:
8670352
A network is partitioned into a set of independent partitions, and the topology of each partition is determined, then merged to form a topology of the entire network. Preferably, the partitioning is hierarchical, wherein the network is partitioned to form individual VLAN partitions, and each of the VLAN partitions is further partitioned based on the nodes that are simply connected to each port of one or more selected root switches within the VLAN partition. Simple connections to each…
Virtualization planning system that models performance of virtual machines allocated on computer systems
Granted: February 25, 2014
Patent Number:
8661438
The embodiments related to systems and methods for virtualization planning. A set of target machines may employ one or more virtualization technologies to divide resources of the given target computer system into multiple execution environments for virtual machines. Overhead profiles are determined based on a configuration of a given target computer system, the virtualization technology, and work performed by the virtual machines. The overhead consumed by the virtualization technologies…
Communicating between a server and clients
Granted: January 21, 2014
Patent Number:
8635265
Communication occurs between at least one server and a plurality of clients. Client-side connections are established between a traffic manager and clients, in response to clients making requests to communicate with a server. Server-side connections are created and maintained between the traffic manager and the server in order to service the client requests. At least one of the server-side connections is reused to service a client request.
Transaction acceleration using application-specific locking
Granted: January 21, 2014
Patent Number:
8635361
A data access request from an application for access to a data resource is received from a first application. The data access request is analyzed to identify application-specific behavior indicating a type of data access for the data resource. The WAN acceleration functionality of a first device is configured for network traffic optimization based on the type of data access for the data resource. The analysis of the data access request may be based on attributes of the data access…
Content delivery for client server protocols with user affinities using connection end-point proxies
Granted: January 21, 2014
Patent Number:
8635346
In a network supporting transactions between clients and servers over a network path having operating characteristics to overcome, data is transported to overcome the operating characteristics using user affinities and dynamic user location information to selectively preload data, or representations, signatures, segments, etc. of data, in order to overcome the one or more operating characteristic. Examples of operating characteristics to overcome include bandwidth limitations, errors and…
Web transaction analysis
Granted: January 21, 2014
Patent Number:
8635334
Individual network activities are correlated to interactions with a target web page to facilitate an analysis of the performance of the web page. This correlation is preferably performed using a combination of heuristics and rules developed to filter network activities into those activities that are likely to have been caused by the particular transaction, and those that are unlikely to be associated with that transaction. The activities that are identified as being associated with the…
Extended network protocols for communicating metadata with virtual machines
Granted: January 21, 2014
Patent Number:
8634437
Network devices include hosted virtual machines and virtual machine applications. Hosted virtual machines and their applications implement additional functions and services in network devices. Network devices include data taps for directing network traffic to hosted virtual machines and allowing hosted virtual machines to inject network traffic. Network devices include unidirectional data flow specifications, referred to as hyperswitches. Each hyperswitch is associated with a hosted…
Split termination for secure communication protocols
Granted: December 17, 2013
Patent Number:
8613071
Transaction accelerators can be configured to terminate secure connections. A server-side accelerator intercepts a secure connection request that is from a client and that is directed to a server. The server-side accelerator responds to the secure connection request in place of the server, thereby establishing a secure connection between the client and the server-side accelerator. Alternatively, the server-side accelerator monitors the establishment of a secure connection between the…
Correcting packet timestamps in virtualized environments
Granted: December 10, 2013
Patent Number:
8607229
A network capture element is embodied on a virtual machine, and a utility function is embodied on the actual device, preferably within the virtual machine manager. Both the utility function and the traffic capture element are configured to monitor communication events. To minimize the overhead imposed, the utility function is configured to merely store the time that the event occurred on the actual machine, corresponding to an identifier of the event. The network capture element, on the…
Managing captured network traffic data
Granted: December 3, 2013
Patent Number:
8601122
A system and method for managing captured network traffic data is provided. The invention comprises a plurality of capture agents, each being configured to capture the network traffic associated with one or more applications. Each application is associated with one or more capture agents according to an application profile that is stored and maintained in a capture server. When analysis of an application's network traffic is required, the capture server contacts the corresponding capture…
Network difference reporting
Granted: November 19, 2013
Patent Number:
8589531
A network difference reporting method and system categorizes the differences between two networks, and provides an output report structured by these categories. The preferred categories include objects common to both networks that have different attributes; objects found only in the first network; objects found only in the second network; and objects common to both networks that have similar attributes. A user-interface is provided to allow a user to identify objects or attributes that…
Method and system for managing a distributed network of network monitoring devices
Granted: November 19, 2013
Patent Number:
8589530
Network traffic information for nodes of a first logical hierarchy is stored at a monitoring device according to ranks of the nodes within the logical hierarchy as determined by each node's position therein and user preferences. At least some of the network traffic information stored at the network monitoring device may then be reported to another network monitoring device, where it can be aggregated with similar information from other network monitoring devices. Such reporting may occur…
Worm propagation mitigation
Granted: November 5, 2013
Patent Number:
8578479
A system, method, and computer program product for identifying a worm are disclosed. The system, method, and computer product are configured to generate a signature for a computer worm by identifying a set of bits representing the signature, generate a first worm signature based on the signature, and generate a second worm signature based on the signature. The first worm signature is formatted for a first device and the second worm signature is formatted for a second, different device.…
User-configurable network performance monitors
Granted: November 5, 2013
Patent Number:
8577956
A network analysis system provides for a user-definable display of information related to messages communicated on the network. The network analysis system includes one or more display formats that provide a display of message exchanges between nodes of a network, and a display augmenter that provides additional information on the display based on a user-defined visualization. The user defined visualization includes augmenting the display based on user-defined coloring characteristics…
Configuring bypass functionality of a network device based on the state of one or more hosted virtual machines
Granted: October 29, 2013
Patent Number:
8572609
Network devices include hosted virtual machines and virtual machine applications. Hosted virtual machines and their applications implement additional functions and services in network devices. Network devices include data taps for directing network traffic to hosted virtual machines and allowing hosted virtual machines to inject network traffic. Network devices include unidirectional data flow specifications, referred to as hyperswitches. Each hyperswitch is associated with a hosted…
Distributed web application firewall
Granted: October 22, 2013
Patent Number:
8566919
A method for protecting a Web application running on a first local Web Server bases from hacker attacks, said Web Server being connectable to at least one client, the method comprising the following steps: —providing a plurality of preset rules on said Server, which correspond to specific characteristics of HTTP requests; —receiving an HTTP request on said server from the client, said HTTP request comprising a plurality of characteristics; —analyzing said characteristics of said…
