US20180337894A1 - Scalable proxy clusters - Google Patents
Scalable proxy clusters Download PDFInfo
- Publication number
- US20180337894A1 US20180337894A1 US16/051,026 US201816051026A US2018337894A1 US 20180337894 A1 US20180337894 A1 US 20180337894A1 US 201816051026 A US201816051026 A US 201816051026A US 2018337894 A1 US2018337894 A1 US 2018337894A1
- Authority
- US
- United States
- Prior art keywords
- proxy
- data
- node
- cluster
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/546—Message passing systems or structures, e.g. queues
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/46—Cluster building
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/56—Routing software
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/58—Association of routers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/20—Traffic policing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1014—Server selection for load balancing based on the content of a request
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
- H04L67/1061—Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
- H04L67/1068—Discovery involving direct consultation or announcement among potential requesting and potential source peers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/143—Termination or inactivation of sessions, e.g. event-controlled end of session
- H04L67/145—Termination or inactivation of sessions, e.g. event-controlled end of session avoiding end of session, e.g. keep-alive, heartbeats, resumption message or wake-up for inactive or interrupted session
-
- H04L67/28—
-
- H04L67/32—
-
- H04L67/42—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/40—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
Definitions
- the present invention relates to the field of high-availability, high-scale and high security computing for API computing and API ecosystems.
- the invention provides scalable proxy clusters, and methods for configuring proxy clusters and/or proxy nodes within the proxy clusters.
- proxy as an intermediary between a client (i.e. a device requesting a service) and a server (i.e. a device providing the service) is known.
- Proxies can typically be used to implement several different networking functions, including any one or more of securing or capturing data samples of data traffic passing through such proxies, routing, load balancing and forwarding functions.
- FIG. 1 illustrates a networking architecture comprising client 102 , server backend 106 comprising servers 106 a to 106 c , proxy 104 and DNS server 108 .
- server backend 106 comprising servers 106 a to 106 c , proxy 104 and DNS server 108 .
- requests or messages from client 102 for services from server backend 106 are directed to proxy 102 .
- Proxy 102 thereafter transmits the received requests or messages to an appropriate server ( 106 a to 106 c ) within server backend 106 .
- responses from servers 106 a to 106 c may first be received at proxy 102 and thereafter redirected to requesting client 102 .
- Proxy based configurations of the type illustrated in FIG. 1 have a finite processing capacity—which limits the number of clients and servers a proxy can simultaneously service. Additionally prior art configurations present limitations in terms of high availability—where “high availability” refers to the characteristic of a system to continue running and handling failures with minimum planned or unplanned down time.
- a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) efficient methods of configuring and scaling the cluster, (iii) natural resiliency of clusters, (iv) efficient scaling of such clusters, (v) configurability of such clusters to span multiple servers, multiple data racks and multiple data centers and (vi) to provide for switching between proxies in case of a proxy failure or between servers in case of failure of a server, rack or data center without loss of session information—thereby ensuring high availability and disaster recovery.
- the invention provides scalable proxy clusters, and methods for configuring proxy clusters and/or proxy nodes within the proxy clusters.
- the invention provides a proxy node configured for implementation within a proxy cluster comprising a plurality of networked proxy nodes.
- the proxy node comprises (i) a processor, (ii) a proxy router configured to transmit received client message to one or more servers identified based on a specified routing policy, and (iii) a synchronization controller configured to respond to a defined synchronization event, by synchronizing one or more data states of the proxy node with corresponding one or more data states of at least one other proxy node within the plurality of proxy nodes.
- the synchronization controller may be configured to respond to a defined synchronization event by synchronizing the one or more data states of the proxy node with corresponding one or more data states of every other proxy node within the plurality of proxy nodes.
- the one or more data states of the proxy node or the corresponding one or more data states of the at least one other proxy node may comprise data states corresponding to any one or more of server characteristic data, session data, security data, configuration data and proxy node data associated with the respective proxy node.
- the one the one or more data states of the proxy node or the corresponding one or more data states of the at least one other proxy node may comprise data states corresponding to server characteristic data, session data, security data, and configuration data associated with the respective proxy node.
- the proxy router may be configured such that routing functionality of the proxy node is identical to routing functionality of at least one other proxy node within the plurality of proxy nodes.
- the proxy node may be configured for self-learning one or more functional capabilities of one or more other proxy nodes within the plurality of proxy nodes—wherein said self-learning is based on the synchronizing one or more data states of the proxy node with corresponding one or more data states of at the one or more other proxy nodes within the plurality of proxy nodes.
- the invention additionally provides a proxy cluster comprising a plurality of networked proxy nodes.
- At least one of the plurality of proxy nodes respectively comprises (i) a processor, (ii) a proxy router configured to transmit received client message to one or more servers identified based on a specified routing policy, and (iii) a synchronization controller configured to respond to a defined synchronization event, by synchronizing one or more data states of the proxy node with corresponding one or more data states of at least one other proxy node within the plurality of proxy nodes.
- the synchronization controller may be configured to respond to a defined synchronization event by synchronizing the one or more data states of the proxy node with corresponding one or more data states of every other proxy node within the plurality of proxy nodes.
- One or more data states of the proxy node within the proxy cluster, or the corresponding one or more data states of the at least one other proxy node within the proxy cluster may comprise data states corresponding to any one or more of server characteristic data, session data, security data, configuration data and proxy node data associated with the respective proxy node.
- the invention additionally provides a method of synchronizing data states between proxy nodes within a networked cluster of proxy nodes.
- the method comprises (i) detecting a synchronization event at a first proxy node within the cluster of proxy nodes, (ii) selecting a second proxy node from among the cluster of proxy nodes, and (iii) synchronizing one or more data states of the first proxy node with corresponding one or more data states of the second proxy node within the cluster of proxy nodes.
- Each proxy node within the cluster of proxy nodes may be configured to transmit received client message to one or more servers identified based on a specified routing policy.
- the one or more data states of the first proxy node may be synchronized with one or more data states of every other proxy node within the cluster of proxy nodes.
- the one or more data states of the first proxy node or the corresponding one or more data states of the second proxy node may comprise data states corresponding to any one or more of server characteristic data, session data, security data, configuration data and proxy node data associated with the respective proxy node.
- the invention additionally provides a method of adding a proxy node to a networked cluster of proxy nodes.
- the method comprises configuring a processor implemented first proxy node to (i) transmit received client message to one or more servers identified based on one or more routing policies, and (ii) respond to a defined synchronization event, by synchronizing one or more data states of the first proxy node with corresponding one or more data states of one or more proxy nodes within the cluster of proxy nodes.
- the one or more data states of the first proxy node are synchronized with one or more data states of every proxy node within the cluster of proxy nodes.
- the one or more data states of the first proxy node or the corresponding one or more data states of the second proxy node may comprise data states corresponding to any one or more of server characteristic data, session data, security data, configuration data and proxy node data associated with the respective proxy node.
- the invention additionally provides a method of modifying configuration of a proxy cluster comprising a plurality of networked proxy nodes, wherein each of the plurality of proxy nodes is configured to (i) transmit received client message to one or more servers identified based on a specified routing policy, and (ii) responsive to detection of a synchronization event, synchronize one or more data states of said proxy node with corresponding one or more data states of at least one other proxy node within the plurality of proxy nodes.
- the method comprises (i) receiving operator input identifying a modification to configuration of a first proxy node within the plurality of proxy nodes, (ii) responsive to the receive operator input, modifying the configuration of the first proxy node, and (iii) implementing a modification to configuration of a second proxy node within the plurality of proxy nodes, wherein said modification is effected by synchronization of one or more data states of said second proxy node with corresponding one or more data states of said first proxy, in response to detection of a synchronization event by the second proxy node.
- the invention additionally provides a proxy cluster comprising a plurality of networked proxy nodes, wherein at least one of the plurality of proxy nodes respectively comprises (i) a processor, (ii) a proxy router configured to transmit received client message to one or more servers identified based on a specified routing policy, and (iii) a synchronization controller configured to respond to a defined synchronization event, by synchronizing one or more data states of the proxy node with corresponding one or more data states of at least one other proxy node within the plurality of proxy nodes.
- the proxy cluster may be configured for one or more of high availability, disaster recovery, scalability and security of API computing use (i) within data centers, (ii) within private, public or hybrid clouds, (iii) across multiple datacenters, (iv) across private, public or hybrid clouds, and (v) across a combination of one or more datacenters and one or more clouds.
- the invention additionally provides computer program products for implementing one or more of the above methods, the computer program product comprising a non-transitory computer usable medium having a computer readable program code embodied therein, said computer readable program code comprising instructions for implementing said one or more methods.
- FIG. 1 illustrates a network configuration involving a prior art proxy interposed between a client device and a server backend.
- FIGS. 2 and 3 illustrate exemplary scalable proxy clusters.
- FIG. 4 illustrates a proxy node within a proxy cluster.
- FIG. 5 illustrates a peer-to-peer network configuration of a proxy cluster.
- FIG. 6 is a flowchart illustrating a method of synchronizing proxy nodes within a proxy cluster.
- FIG. 7 illustrates a method of adding a new proxy node to a proxy cluster.
- FIG. 8 illustrates an exemplary system in accordance with the present invention.
- the present invention provides a scalable cluster of proxies configured, which proxies may in various non limiting examples be configured for one or more of securing or capturing data samples of data traffic passing through such proxies, routing communications between one or more clients and one or more servers, load balancing and forwarding functions.
- the invention additionally provides for (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) efficient methods of configuring and scaling the cluster, (iii) natural resiliency of clusters and/or proxy nodes within a cluster, (iv) efficient scaling of clusters, (v) configurability of clusters to span multiple servers, multiple data racks and multiple data centers, (vi) switching between proxies in case of a proxy failure or between servers in case of failure of a server, rack or data center (for example in case of loss of power, internet, hardware or software errors etc.), without loss of session information, and (vii) responsive to server failure (for enabling reconnection of a client device with a backup server in the same datacenter or in a different datacenter—thereby ensuring high availability and disaster recovery.
- client shall mean any device having information processing and network communication capabilities.
- the types of clients may vary widely and include but are not limited to desktop computers, laptop computers or notebook computers, personal digital assistants, handheld computers, cellular phones, servers and Internet of Things (IOT) sensors or devices or gateways or servers.
- IOT Internet of Things
- proxy or “proxy node” shall mean any device having information processing and network communication capabilities that may in various non limiting examples be configured for one or more of securing or capturing data samples of data traffic passing through such proxies, routing communications between one or more clients and one or more servers, load balancing and forwarding functions.
- the types of proxies may vary widely and include but are not limited to full proxies, half proxies, security proxies, IOT proxies or load balancing proxies.
- proxy cluster or “cluster of proxies” shall mean a plurality of proxy nodes.
- proxy nodes within a proxy cluster may be understood as being interconnected in an overlay network.
- server shall mean any device having information processing and network communication capabilities, and which is configured to provide one or more services to a requesting client, over a communication network.
- the types of servers may vary widely, and include but are not limited to API servers, Applications Servers, Microservices, web servers, FTP servers, IOT brokers or servers or gateways, message brokers, or service oriented architecture (SOA) servers.
- API servers Application Servers, Microservices, web servers, FTP servers, IOT brokers or servers or gateways, message brokers, or service oriented architecture (SOA) servers.
- SOA service oriented architecture
- server backend shall mean a set of one or more servers.
- FIG. 2 illustrates an embodiment of the invention, wherein proxy cluster 204 is disposed as a network intermediate between clients 202 (i.e. clients 202 a , 202 b and 202 c ) and server backend 206 (i.e. servers 206 a , 206 b and 206 c ). Each client request or client message directed towards server backend 206 , and each response from server backend 206 is routed through proxy cluster 204 .
- clients 202 i.e. clients 202 a , 202 b and 202 c
- server backend 206 i.e. servers 206 a , 206 b and 206 c
- proxy cluster 204 comprises a plurality of proxy nodes (proxy nodes 204 a , 204 b and 204 c ).
- a client request or message for server backend 206 is routed to a proxy node within proxy cluster 204 .
- said proxy node Based on routing policies and/or other information available to the specific proxy node, said proxy node routes the client request to an appropriate server within server backend 206 .
- Server responses to the client request or message are likewise transmitted from the server back to the specific proxy node, and onward from the specific proxy node to the client from which the request or message originated.
- requests or messages from client 202 a are routed to proxy node 204 a within proxy cluster 204 . Said requests or messages are thereafter routed to servers 206 a and 206 b within server backend 206 .
- a request from client 202 b is routed to proxy node 204 b and onward to server 206 c within server backend 206 .
- a request from client 202 c is routed to proxy node 204 c and onward to server 206 b in server backend 206 .
- Responses from the servers 206 a to 206 c are routed back to the corresponding requesting client through the same proxy node from which the request or message was received by the server.
- the decision to route a client request or message to a specific proxy node within proxy cluster 204 may in an embodiment of the invention be based on routing logic or routing policies within DNS server 208 or other name server.
- Exemplary load balancing or connection parameters that the routing policies of DNS server 208 may rely on for selecting a specific proxy node within proxy cluster 204 may include one or more of location of the requesting client, location of the target server(s), existing load balance among proxies within the proxy clusters, content and/or type of request etc.
- Selection of a target server (within server backend 206 ) by a proxy node within proxy cluster 204 may be determined based on routing logic or routing policies specified for the proxy node.
- a plurality of proxy nodes within proxy cluster 204 (and preferably all proxy nodes within proxy cluster 204 ) may be configured to use identical routing policies for selecting a target server.
- FIG. 3 illustrates another embodiment of the invention, wherein proxy cluster 304 is disposed as a network intermediate between clients 302 (i.e. clients 302 a , 302 b and 302 c ) and server backend 306 .
- server backend 306 comprises server cluster 3061 (in turn comprising servers 3061 a and 3061 b ) corresponding to a first data center (data center 1 ) and server cluster 3062 (in turn comprising servers 3062 a and 3062 b ) corresponding to a second data center (data center 2 ).
- proxy cluster 304 comprises a plurality of proxy nodes 304 a and 304 b .
- a client request or message for one or more services from server backend 306 are routed to a specific proxy node within proxy cluster 304 .
- the specific proxy node routes the client request or message to an appropriate server within server backend 306 and server responses are likewise transmitted from the server back to the specific proxy node, and onward to the requesting client.
- client requests for (or messages to) servers within data center 1 are routed to a first proxy node (i.e. proxy node 304 a ), while client requests for (or messages to) servers within data center 2 are routed to a second proxy node (i.e. proxy node 304 b ).
- the decision to route a client request to a specific proxy node based on location of a target server may in an embodiment of the invention be based on routing logic or routing policies within DNS server 308 .
- proxy nodes ( 304 a , 304 b ) within proxy cluster 304 may be configured such that in case of failure of a server located within a specific server rack or a specific data center, the proxy node receiving client requests or messages targeted at the failed server may instead route such requests or messages to a backup server/mirror server/peer server providing the same functionality as the failed server.
- the configuration of proxy nodes within proxy cluster 304 ensures that such re-routing may be effected regardless of whether the failed server and backup server/mirror server/peer server are located within the same server rack or the same data center, or are located across multiple server racks and/or across multiple data centers.
- proxy cluster 304 may be configured to respond to server failure by re-routing client messages or requests to a backup server/mirror server/peer server despite simultaneous failure of the proxy node that was previously receiving client requests or messages targeted at the failed server. Proxy cluster 304 may achieve this by substituting an operational proxy node within the proxy cluster for the failed proxy node—and may in an embodiment (discussed in more detail hereinafter) implement such substitution of proxy nodes and consequent re-routing of client messages or requests to a backup server/mirror server/peer server without having to re-initialize a client or user session (i.e. without loss of session data).
- selection of a target server (within server backend 306 ) by a proxy node within proxy cluster 304 may be determined based on routing logic or routing policies provisioned for the proxy node.
- a plurality of proxy nodes within proxy cluster 304 (and preferably all proxy nodes within proxy cluster 304 ) are provisioned with identical routing policies for selecting a target server.
- FIG. 4 illustrates an embodiment of a proxy node configured for implementation within a scalable proxy cluster of the present invention.
- Proxy node 400 comprises a proxy router 402 and a synchronization controller 404 .
- Proxy node 400 may additionally include or enable access to one or more repositories of data associated with proxy node 400 , said repositories of data comprising (i) server characteristic data 406 , (ii) session data 408 , (iii) security data 410 , (iv) configuration data 412 , and (v) proxy node data 414 .
- One or more repositories comprising the above data may in various embodiment of the invention be accessible by one or both of proxy router 402 and synchronization controller 404 .
- Server characteristic data 406 comprises information identifying one or more characteristics of one or more servers within the server backend i.e. information that is descriptive of configuration, interfaces, and/or functionality of one or more servers within the server backend to which a proxy node is configured to route client requests or messages.
- server characteristic data 406 includes one or more of (i) network sockets corresponding to servers, (ii) TCP, HTTP/WebSocket, Request/Response, streaming and/or Publish/Subscribe message patterns for accessing servers (iii) business logic execution engine(s) implemented within servers (iv) backend connectivity between a server and other servers, (v) applications implemented on servers, and/or (vi) database systems relied on or implemented within servers.
- Session data 408 comprises information identifying one or more characteristics of users/clients communicating through a proxy node.
- session data 408 comprises one or more of (i) cookies, (ii) tokens, (iii) client ids and/or (iv) device ids.
- session data 408 may be limited to information that is active (i.e. that has not expired) in accordance with session expiry policies of one or more servers within the server backend to which a proxy node is configured to route client requests or messages.
- Security data 410 comprises Transport Layer Security/Secure Sockets Layer (TLS/SSL) security data corresponding to each session that is active (i.e. that has not expired) in accordance with applicable session expiry policies.
- security data 410 may comprise one or more of cipher suites, digital certificates (including one or more of server name, a trusted certificate authority (CA) and a backend server's public encryption key), session keys and/or asymmetric and symmetric ciphers that have been received at proxy node 400 .
- CA trusted certificate authority
- Configuration data 412 comprises configuration information that a proxy node requires to effect routing of incoming client requests or messages to a server within the server backend in one or more data centers.
- configuration data 412 may comprise one or more of (i) data port information and/or other routing information corresponding to one or more servers within a server backend, (ii) load balancing or routing policies, (iii) load balancing and/or routing techniques (iv) management ports, (v) maximum number of processes/threads for each port, (vi) policies for generating logs (i.e. policies regarding what events or information to log, event triggers for logging and log persistence and/or management policies) and/or (vii) firewall settings corresponding to one or more servers within the server backend.
- Proxy node data 414 comprises information identifying live or active proxy nodes (other than proxy node 400 ) within the proxy cluster.
- proxy node data 414 may comprise one or more of hardware identification information, IP address information and/or network routing information corresponding to such live or active proxy nodes within the proxy cluster.
- Proxy router 402 comprises a processor based controller that is configured to (i) receive client requests or client messages, and (ii) responsive to received requests or messages satisfying one or more predefined criteria, transmitting said requests or messages onward to one or more server(s) within server backend 206 , 306 .
- Proxy router 402 is a controller configured to implement predefined routing logic or routing policies on client requests or messages received at a proxy node—to ensure that legitimate client requests or messages are transmitted onwards to a server configured to respond to such requests or messages.
- proxy router 402 may rely on one or more of server characteristic data 406 , session data 408 , security data 410 and configuration data 412 that is associated with and accessible to proxy node 400 .
- Synchronization controller 404 comprises a processor based controller that is configured to respond to a predefined synchronization event or synchronization trigger by synchronizing (i) a data state of one or more of server characteristic data 406 , session data 408 , security data 410 , configuration data 412 and proxy node data 414 that is associated with said proxy node, with (ii) a data state of corresponding server characteristic data, session data, security data, configuration data and/or proxy node data associated with another proxy node within proxy cluster 204 , 304 .
- synchronization controller 404 is configured to synchronize data states of one or more (and preferably all) of server characteristic data 406 , session data 408 , security data 410 , configuration data 412 and proxy node data 414 associated with said proxy node, with (ii) data states of corresponding server characteristic data, session data, security data, configuration data and proxy node data associated with every other proxy node within proxy cluster 204 , 304 .
- synchronization of data states may involve synchronization of state changes that have occurred since a previous synchronization event.
- synchronization controller 404 may be configured to establish distinct read and write connections with each proxy node that it synchronizes with.
- the distinct read and write connections with each proxy node that a synchronization controller 404 synchronizes with may be implemented by initializing separate read and write pipe endpoints for each such proxy node.
- every proxy node within proxy cluster 204 , 304 may comprise an instance of proxy node 400 . Since synchronization controller 404 of each proxy node within the cluster is configured to ensure synchronization of the above mentioned proxy node data states with corresponding data states of every other proxy node within the cluster, the synchronization process results in all proxy nodes within the cluster having an identical data state corresponding to one or more (and preferably all) of server characteristic data, session data, security data, configuration data and proxy node data.
- proxy router 402 within each proxy node 400 may rely on one or more of server characteristic data, session data, security data and configuration data that is associated with or accessible to proxy node 400 .
- proxy cluster 204 , 304 can be configured for self-learning, wherein any proxy node within the proxy cluster achieves the necessary functionality required by all proxy nodes in the proxy cluster, without requiring configuration by an operator or administrator.
- the synchronization between proxy nodes additionally ensures that every proxy node within said proxy cluster performs routing/onward transmission functions identically (i.e. a specific client request or message will undergo identical routing/onward transmission by a recipient proxy node, regardless of which proxy node (within the proxy cluster) the client request or message is received at).
- FIG. 5 illustrates the embodiment of the invention where proxy cluster 504 comprises four proxy nodes 500 a to 500 d . While FIG. 5 illustrates a proxy cluster comprising only four proxy nodes, it will be understood that the four proxy nodes are only illustrative and that the proxy cluster may be scaled up or down to include any number of proxy nodes.
- Each proxy node 500 a to 500 d within proxy cluster 504 may comprise an instance of proxy node 400 . Accordingly, the synchronization process between proxy nodes 500 a to 500 d may result in all proxy nodes within the cluster having identical data states corresponding to one or more (and preferably all) of server characteristic data 406 , session data 408 , security data 410 , configuration data 412 and proxy node data 414 .
- the synchronization of data states between proxy nodes results in a peer-to-peer synchronization configuration within proxy cluster 504 —wherein each proxy node 500 a to 500 d is a peer node within the peer-to-peer synchronization configuration.
- each proxy node within a proxy cluster periodically carries out a heartbeat messaging procedure (i.e. a ping-pong message/response procedure) with all other proxy nodes and updates its list of active peer nodes (i.e. proxy node data 414 ) depending on whether the heartbeat messaging procedure returns an error.
- a heartbeat messaging procedure i.e. a ping-pong message/response procedure
- FIG. 6 illustrates a method of achieving peer-to-peer synchronization between proxy nodes within a proxy cluster.
- each peer node is a proxy node 400 of the type described in connection with FIG. 4 .
- the method of peer-to-peer synchronization in FIG. 6 is described in terms of achieving data state synchronization between a proxy node and all peer proxy nodes (i.e. all other proxy nodes) within the proxy cluster.
- Step 602 of FIG. 6 comprises detection of a predefined synchronization trigger event at a proxy node.
- the synchronization trigger event may comprise any predefined event based trigger—and in an embodiment may comprise a time based event trigger.
- the synchronization trigger event may comprise a trigger instruction generated at a proxy node upon expiry of a predefined time period from the last trigger instruction.
- the synchronization trigger event may comprise a trigger instruction generated when a proxy node is bootstrapped into a proxy cluster, or when a proxy node resumes operations within a proxy cluster subsequent to recovery from a state of failure.
- the proxy node retrieves information identifying peer nodes within the proxy cluster.
- information identifying peer nodes within the proxy cluster may be retrieved from proxy node data 414 associated with proxy node 400 .
- Step 606 comprises selecting a peer node from among the identified peer nodes.
- Step 608 thereafter comprises initiating data synchronization at the proxy node—to achieve synchronization of (i) a data state of one or more of server characteristic data, session data, security data, configuration data and proxy node data associated with the proxy node, with (ii) a data state of corresponding server characteristic data, session data, security data, configuration data and proxy node data associated with the selected peer node.
- initiating data synchronization at a proxy node comprises establishing distinct read and write connections with every other proxy node that said proxy node synchronizes with.
- the distinct read and write connections with every other proxy node that the proxy node synchronizes with may be implemented by initializing separate read and write pipe endpoints for every such other proxy node.
- Step 610 comprises repeating steps 606 and 608 to achieve synchronization of data states (corresponding to the selected data parameters) within the proxy node with corresponding data states within every other identified peer node in the proxy cluster.
- the method ensures that all proxy nodes within the proxy cluster have synchronized data states corresponding to one or more of server characteristic data, session data, security data, configuration data and proxy node data.
- the method of FIG. 6 can ensure that every proxy node within the proxy cluster performs routing/onward transmission functions identically.
- FIG. 7 illustrates an exemplary method for bootstrapping a new processing node and adding the new processing node as a proxy node within an existing proxy cluster. It would be understood that the method of FIG. 7 may be used for scaling the proxy cluster up in response to an increased demand for proxy nodes within the cluster.
- Step 702 comprises configuring the new processing node for operating as a proxy node within a proxy cluster.
- Configuring the new processing node may comprise configuring one or more processors associated with the new processing node to implement functions of proxy router 402 and synchronization controller 404 that have been illustrated and described in connection with FIG. 4 .
- configuring the new processing node may comprise providing program instructions that enable the one or more processors associated with the new processing node to implement one or both of proxy router functionality and synchronization controller functionality.
- Step 704 comprises provisioning the new processing node with an identifier of at least one existing peer proxy node within the proxy cluster.
- the identifier information provisioned at step 704 may comprise an IP address (or any other information described previously in connection with proxy node data 414 of FIG. 4 ) corresponding to at least one live or active peer node within the proxy cluster.
- Step 706 comprises bootstrapping the new node into the overlay network formed by peer nodes in the proxy cluster, and initiating at the new node, a data state synchronization with at least one peer node of which the new node is aware.
- the data state synchronization between the new node and the peer node may in a preferred embodiment involve synchronization of data states of the new node with data states of the one peer node—in respect of one or more (and preferably all) of server characteristic data, session data, security data, configuration data and proxy node data associated with said proxy node.
- the new node receives information regarding all other peer nodes identified within the proxy node data 414 corresponding to the peer node, or (ii) the peer node broadcasts address information corresponding to the new node to every other peer node identified within proxy node data 414 corresponding to said peer node—both of which methods (when coupled with the step of data synchronization between all proxy nodes within the proxy cluster) result in data state synchronization between the new node and all other peer nodes within the proxy cluster.
- the new node achieves data state synchronization with all pre-existing peer nodes within the proxy cluster—thereby achieving the status of a fully synchronized peer node within the proxy cluster.
- each pre-existing peer node within the proxy cluster updates its proxy node data 414 to include received identifier or address information corresponding to each new peer node, thereby adding to its own list of active peer nodes with which data state synchronization requires to be implemented in response to the next synchronization event or synchronization trigger.
- bootstrapping the new node into the proxy cluster may additionally include adding or modifying (automatically or manually) one or more DNS server entries corresponding to one or more servers within the server backend that is serviced by the proxy cluster, wherein the added or modified DNS server entries comprises address information corresponding to the new node, and may also include data that is determinative of routing policies that may be applied by the DNS server for routing client requests or messages to the new node.
- one or more nodes may be removed from the proxy cluster to scale the proxy cluster down in response to a decreased demand for proxy nodes.
- this process may comprise removal of a peer node from network communication with the remaining peer nodes, and updating proxy node data in at least one of the remaining peer nodes—which updating comprises removal of the removed peer node from the list of active peer nodes.
- this updating of proxy node data will be communicated to (and updated at) all other peer nodes within the proxy network in response to the next synchronization event or synchronization trigger.
- failure of any peer node to response to a predefined number of heartbeat messages may result in the peer node being marked as inactive and/or deleted from proxy node data 414 within each proxy node.
- DNS server entries corresponding to a removed peer node may be automatically modified to reflect the inactive/removed status in response to one or more error messages received in response to requests or messages routed to the removed peer node.
- DNS server entries may be updated by a proxy node within the proxy cluster (or by the proxy cluster) in response to a new proxy node being added to the proxy cluster or a previously operational proxy node being removed from the proxy cluster.
- the proxy cluster may be accessible through a command-line-interpreter (CLI) or a RESTful API (REST API) which permits configuration inputs and/or configuration modifications at any one or more proxy nodes within the proxy cluster.
- CLI command-line-interpreter
- REST API RESTful API
- any additions or modifications to any one of server characteristic data, session data, security data, configuration data and proxy node data associated with proxy nodes within the proxy cluster may be implemented at any one of the proxy nodes through the CLI or REST API—which additions or modifications will be automatically communicated to and implemented within all other proxy nodes within the proxy cluster by way of data state synchronizations implemented by each proxy node within the proxy cluster. It would accordingly be understood that implementation of data state synchronizations between proxy nodes within a proxy cluster presents significant advantages in terms of ease of administration and configuration of nodes within the proxy cluster.
- the proxy cluster can support multiple communication and/or messaging protocols, both at the node level and at the cluster level.
- protocols that can be supported at the node level or at the cluster level within the proxy cluster include (i) HTTP/HTTPS, (ii) WebSocket/WebSocket over SSL, (iii) MQTT/WebSocket, (iv) MQTT/WebSocket over SSL, (v) MQTT/TCP, (vi) MQTT/TLS, and (vii) CoAP.
- proxy clusters in accordance with the teachings of the present invention offer multiple advantages over solutions known in the prior art.
- a primary advantage comprises scalability or elasticity in terms of (i) a number of users/clients that can be served, (ii) type of client devices that can be served within the same or across different data centers, (iii) a number of servers within the server backend that can be served, and/or (iv) a number of protocols that can be served or accommodated.
- the invention also enables proxy nodes to be added to or removed from a proxy cluster with minimal configuration overheads. By enabling ready upward and downward scaling, the invention presents significant cost advantages over the prior art.
- the invention further avoids dependence on a master-slave or a centralized control model—which makes proxy clusters of the present invention simpler to configure as well as to scale.
- proxy clusters of the present invention avoid any single point of failure—by providing alternative proxy nodes for routing of client requests or messages in case of failure of one or more proxy nodes. This natural resiliency ensures high availability. Additionally, assuming a specific proxy node fails but later comes back online, the data state synchronization process ensures that the revived proxy node is synchronized with all other peer proxy nodes in the course of the next synchronization event—and that such proxy node can therefore resume full functionality upon conclusion of the next synchronization event.
- the resilience and data state synchronization aspects of the proxy cluster also enable real time and “live” reconfiguration or updates of the proxies to reflect changes to APIs or API servers within the server backend or to provide new routing instructions.
- corresponding server characteristic data 408 within one of the proxy nodes 400 is updated. While such updating of information occurs at the proxy node 400 , the proxy node is unable to continue providing functionality as a proxy node within the proxy cluster —during which period the remaining proxy nodes in the proxy cluster continue to route information between clients and servers and thereby ensure high availability.
- the updated proxy node is rebooted and brought back online within the proxy cluster.
- the updated information now available at the updated proxy node may be propagated to all other proxy nodes within the proxy cluster during the next data state synchronization event—which ensures updating of information throughout the proxy cluster, without the proxy cluster suffering a system failure or outage at any point of time. It would be understood that functioning of the proxy cluster, and transmission of client requests or messages between clients and the server backend can continue without observable disruption while the above described server updates/reconfiguration, proxy node updating and proxy node synchronization is implemented.
- synchronization of data states includes synchronization of session data 408 and security data 410
- a user or client device may be shifted from one proxy node within a proxy cluster to another proxy node within the cluster (for example, in response to failure of a proxy node, or in response to a shift due to a change in state of a user or client device) without having to reinitialize a user session or client session.
- the proxy cluster is a non-symmetric cluster, in that at least two proxy nodes within the proxy cluster have different operating specifications in terms of one or more of hardware, operating systems and/or application software.
- proxy clusters in accordance with the teachings of the present invention can be configured to span one or more server backends that are implemented across a plurality of server racks and/or a plurality of datacenters.
- the invention enables geography specific scaling of proxy clusters based on local demand, as well as setting up of cross-border datacenters.
- the data state synchronizations of the invention additionally ensure persistence of data and metadata across all proxy nodes within a proxy cluster—which data and metadata may span a server backend that has been set up across multiple datacenters.
- Persistence of data and metadata across data centers has been found to present significant advantages over the earlier state of art—particularly in view that synchronizing session state data ensures true session recovery (for high availability and/or disaster recovery) by servers in a second datacenter in case of failure of servers within a first datacenter—thereby ensuring that an ongoing session and/or business logic within an ongoing session can be continued without having to re-initialize the session.
- the proxy cluster may be configured to span at least two data centers, wherein the secondary data center (and servers therein) is configured to provide disaster recovery support for the primary data center.
- the proxy cluster is configured such that in case of a disaster event causing entire failure of the primary data center (including one or more proxy nodes corresponding to said primary data center), the DNS server (or other name server) is reconfigured (automatically or manually) to route client requests or messages to the secondary data center without causing disruption to the end user(s).
- the proxy cluster is configured such that in the event the primary data center (or servers therein) fails without a corresponding failure of proxy nodes servicing said primary data center, client requests or messages corresponding to client sessions that were previously being serviced by the primary data center are subsequently routed to one or more servers within the secondary data center.
- FIG. 8 illustrates an exemplary system in which various embodiments of the invention, including one or more proxy nodes within a proxy cluster, may be implemented.
- the system 802 comprises at-least one processor 804 and at-least one memory 806 .
- the processor 804 executes program instructions and may be a real processor.
- the processor 804 may also be a virtual processor.
- the computer system 802 is not intended to suggest any limitation as to scope of use or functionality of described embodiments.
- the computer system 802 may include, but not limited to, one or more of a general-purpose computer, a programmed microprocessor, a micro-controller, an integrated circuit, and other devices or arrangements of devices that are capable of implementing the steps that constitute the method of the present invention.
- the memory 806 may store software for implementing various embodiments of the present invention.
- the computer system 802 may have additional components.
- the computer system 802 includes one or more communication channels 808 , one or more input devices 810 , one or more output devices 812 , and storage 814 .
- An interconnection mechanism such as a bus, controller, or network, interconnects the components of the computer system 802 .
- operating system software (not shown) provides an operating environment for various softwares executing in the computer system 802 , and manages different functionalities of the components of the computer system 802 .
- the communication channel(s) 808 allow communication over a communication medium to various other computing entities.
- the communication medium provides information such as program instructions, or other data in a communication media.
- the communication media includes, but not limited to, wired or wireless methodologies implemented with an electrical, optical, RF, infrared, acoustic, microwave, bluetooth or other transmission media.
- the input device(s) 810 may include, but not limited to, a touch screen, a keyboard, mouse, pen, joystick, trackball, a voice device, a scanning device, or any another device that is capable of providing input to the computer system 802 .
- the input device(s) 810 may be a sound card or similar device that accepts audio input in analog or digital form.
- the output device(s) 812 may include, but not limited to, a user interface on CRT or LCD, printer, speaker, CD/DVD writer, or any other device that provides output from the computer system 802 .
- the storage 814 may include, but not limited to, magnetic disks, magnetic tapes, CD-ROMs, CD-RWs, DVDs, any types of computer memory, magnetic stripes, smart cards, printed barcodes or any other transitory or non-transitory medium which can be used to store information and can be accessed by the computer system 802 .
- the storage 814 contains program instructions for implementing the described embodiments.
- system of FIG. 8 may further include some or all of the components of a proxy node of the type more fully described in connection with FIG. 4 herein above.
- the present invention may be implemented in numerous ways including as a system, a method, or a computer program product such as a computer readable storage medium or a computer network wherein programming instructions are communicated from a remote location.
- the present invention may suitably be embodied as a computer program product for use with the computer system 802 .
- the method described herein is typically implemented as a computer program product, comprising a set of program instructions which is executed by the computer system 802 or any other similar device.
- the set of program instructions may be a series of computer readable codes stored on a tangible medium, such as a computer readable storage medium (storage 814 ), for example, diskette, CD-ROM, ROM, flash drives or hard disk, or transmittable to the computer system 802 , via a modem or other interface device, over either a tangible medium, including but not limited to optical or analogue communications channel(s) 808 .
- the implementation of the invention as a computer program product may be in an intangible form using wireless techniques, including but not limited to microwave, infrared, bluetooth or other transmission techniques. These instructions can be preloaded into a system or recorded on a storage medium such as a CD-ROM, or made available for downloading over a network such as the Internet or a mobile telephone network.
- the series of computer readable instructions may embody all or part of the functionality previously described herein.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Cardiology (AREA)
- Medical Informatics (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
- This application is a divisional of U.S. patent application Ser. No. 15/164,512, filed on May 25, 2016, now pending, which claims the benefit of U.S. Provisional Application Ser. No. 62/167,165 filed May 27, 2015, the disclosures of which are hereby incorporated by reference in their entirety.
- The present invention relates to the field of high-availability, high-scale and high security computing for API computing and API ecosystems. In particular, the invention provides scalable proxy clusters, and methods for configuring proxy clusters and/or proxy nodes within the proxy clusters.
- The use of a proxy as an intermediary between a client (i.e. a device requesting a service) and a server (i.e. a device providing the service) is known. Proxies can typically be used to implement several different networking functions, including any one or more of securing or capturing data samples of data traffic passing through such proxies, routing, load balancing and forwarding functions.
-
FIG. 1 illustrates a networkingarchitecture comprising client 102,server backend 106 comprisingservers 106 a to 106 c,proxy 104 andDNS server 108. Based on information retrieved fromDNS server 108, requests or messages fromclient 102 for services fromserver backend 106 are directed toproxy 102.Proxy 102 thereafter transmits the received requests or messages to an appropriate server (106 a to 106 c) withinserver backend 106. Depending on the configuration ofproxy 104, responses fromservers 106 a to 106 c may first be received atproxy 102 and thereafter redirected to requestingclient 102. - Proxy based configurations of the type illustrated in
FIG. 1 have a finite processing capacity—which limits the number of clients and servers a proxy can simultaneously service. Additionally prior art configurations present limitations in terms of high availability—where “high availability” refers to the characteristic of a system to continue running and handling failures with minimum planned or unplanned down time. - There is accordingly a need for (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) efficient methods of configuring and scaling the cluster, (iii) natural resiliency of clusters, (iv) efficient scaling of such clusters, (v) configurability of such clusters to span multiple servers, multiple data racks and multiple data centers and (vi) to provide for switching between proxies in case of a proxy failure or between servers in case of failure of a server, rack or data center without loss of session information—thereby ensuring high availability and disaster recovery.
- The invention provides scalable proxy clusters, and methods for configuring proxy clusters and/or proxy nodes within the proxy clusters.
- The invention provides a proxy node configured for implementation within a proxy cluster comprising a plurality of networked proxy nodes. The proxy node comprises (i) a processor, (ii) a proxy router configured to transmit received client message to one or more servers identified based on a specified routing policy, and (iii) a synchronization controller configured to respond to a defined synchronization event, by synchronizing one or more data states of the proxy node with corresponding one or more data states of at least one other proxy node within the plurality of proxy nodes.
- The synchronization controller may be configured to respond to a defined synchronization event by synchronizing the one or more data states of the proxy node with corresponding one or more data states of every other proxy node within the plurality of proxy nodes.
- The one or more data states of the proxy node or the corresponding one or more data states of the at least one other proxy node may comprise data states corresponding to any one or more of server characteristic data, session data, security data, configuration data and proxy node data associated with the respective proxy node.
- The one the one or more data states of the proxy node or the corresponding one or more data states of the at least one other proxy node may comprise data states corresponding to server characteristic data, session data, security data, and configuration data associated with the respective proxy node.
- In an embodiment of the invention, the proxy router may be configured such that routing functionality of the proxy node is identical to routing functionality of at least one other proxy node within the plurality of proxy nodes.
- In an embodiment of the invention, the proxy node may be configured for self-learning one or more functional capabilities of one or more other proxy nodes within the plurality of proxy nodes—wherein said self-learning is based on the synchronizing one or more data states of the proxy node with corresponding one or more data states of at the one or more other proxy nodes within the plurality of proxy nodes.
- The invention additionally provides a proxy cluster comprising a plurality of networked proxy nodes. At least one of the plurality of proxy nodes respectively comprises (i) a processor, (ii) a proxy router configured to transmit received client message to one or more servers identified based on a specified routing policy, and (iii) a synchronization controller configured to respond to a defined synchronization event, by synchronizing one or more data states of the proxy node with corresponding one or more data states of at least one other proxy node within the plurality of proxy nodes. The synchronization controller may be configured to respond to a defined synchronization event by synchronizing the one or more data states of the proxy node with corresponding one or more data states of every other proxy node within the plurality of proxy nodes.
- One or more data states of the proxy node within the proxy cluster, or the corresponding one or more data states of the at least one other proxy node within the proxy cluster may comprise data states corresponding to any one or more of server characteristic data, session data, security data, configuration data and proxy node data associated with the respective proxy node.
- The invention additionally provides a method of synchronizing data states between proxy nodes within a networked cluster of proxy nodes. The method comprises (i) detecting a synchronization event at a first proxy node within the cluster of proxy nodes, (ii) selecting a second proxy node from among the cluster of proxy nodes, and (iii) synchronizing one or more data states of the first proxy node with corresponding one or more data states of the second proxy node within the cluster of proxy nodes. Each proxy node within the cluster of proxy nodes may be configured to transmit received client message to one or more servers identified based on a specified routing policy.
- In an embodiment of the method, the one or more data states of the first proxy node may be synchronized with one or more data states of every other proxy node within the cluster of proxy nodes. In a method embodiment, the one or more data states of the first proxy node or the corresponding one or more data states of the second proxy node may comprise data states corresponding to any one or more of server characteristic data, session data, security data, configuration data and proxy node data associated with the respective proxy node.
- The invention additionally provides a method of adding a proxy node to a networked cluster of proxy nodes. The method comprises configuring a processor implemented first proxy node to (i) transmit received client message to one or more servers identified based on one or more routing policies, and (ii) respond to a defined synchronization event, by synchronizing one or more data states of the first proxy node with corresponding one or more data states of one or more proxy nodes within the cluster of proxy nodes. In an embodiment, the one or more data states of the first proxy node are synchronized with one or more data states of every proxy node within the cluster of proxy nodes. The one or more data states of the first proxy node or the corresponding one or more data states of the second proxy node may comprise data states corresponding to any one or more of server characteristic data, session data, security data, configuration data and proxy node data associated with the respective proxy node.
- The invention additionally provides a method of modifying configuration of a proxy cluster comprising a plurality of networked proxy nodes, wherein each of the plurality of proxy nodes is configured to (i) transmit received client message to one or more servers identified based on a specified routing policy, and (ii) responsive to detection of a synchronization event, synchronize one or more data states of said proxy node with corresponding one or more data states of at least one other proxy node within the plurality of proxy nodes. The method comprises (i) receiving operator input identifying a modification to configuration of a first proxy node within the plurality of proxy nodes, (ii) responsive to the receive operator input, modifying the configuration of the first proxy node, and (iii) implementing a modification to configuration of a second proxy node within the plurality of proxy nodes, wherein said modification is effected by synchronization of one or more data states of said second proxy node with corresponding one or more data states of said first proxy, in response to detection of a synchronization event by the second proxy node.
- The invention additionally provides a proxy cluster comprising a plurality of networked proxy nodes, wherein at least one of the plurality of proxy nodes respectively comprises (i) a processor, (ii) a proxy router configured to transmit received client message to one or more servers identified based on a specified routing policy, and (iii) a synchronization controller configured to respond to a defined synchronization event, by synchronizing one or more data states of the proxy node with corresponding one or more data states of at least one other proxy node within the plurality of proxy nodes. Additionally, the proxy cluster may be configured for one or more of high availability, disaster recovery, scalability and security of API computing use (i) within data centers, (ii) within private, public or hybrid clouds, (iii) across multiple datacenters, (iv) across private, public or hybrid clouds, and (v) across a combination of one or more datacenters and one or more clouds.
- The invention additionally provides computer program products for implementing one or more of the above methods, the computer program product comprising a non-transitory computer usable medium having a computer readable program code embodied therein, said computer readable program code comprising instructions for implementing said one or more methods.
-
FIG. 1 illustrates a network configuration involving a prior art proxy interposed between a client device and a server backend. -
FIGS. 2 and 3 illustrate exemplary scalable proxy clusters. -
FIG. 4 illustrates a proxy node within a proxy cluster. -
FIG. 5 illustrates a peer-to-peer network configuration of a proxy cluster. -
FIG. 6 is a flowchart illustrating a method of synchronizing proxy nodes within a proxy cluster. -
FIG. 7 illustrates a method of adding a new proxy node to a proxy cluster. -
FIG. 8 illustrates an exemplary system in accordance with the present invention. - The present invention provides a scalable cluster of proxies configured, which proxies may in various non limiting examples be configured for one or more of securing or capturing data samples of data traffic passing through such proxies, routing communications between one or more clients and one or more servers, load balancing and forwarding functions. The invention additionally provides for (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) efficient methods of configuring and scaling the cluster, (iii) natural resiliency of clusters and/or proxy nodes within a cluster, (iv) efficient scaling of clusters, (v) configurability of clusters to span multiple servers, multiple data racks and multiple data centers, (vi) switching between proxies in case of a proxy failure or between servers in case of failure of a server, rack or data center (for example in case of loss of power, internet, hardware or software errors etc.), without loss of session information, and (vii) responsive to server failure (for enabling reconnection of a client device with a backup server in the same datacenter or in a different datacenter—thereby ensuring high availability and disaster recovery.
- For the purposes of the invention “client” shall mean any device having information processing and network communication capabilities. The types of clients may vary widely and include but are not limited to desktop computers, laptop computers or notebook computers, personal digital assistants, handheld computers, cellular phones, servers and Internet of Things (IOT) sensors or devices or gateways or servers.
- For the purposes of the present invention, “proxy” or “proxy node” shall mean any device having information processing and network communication capabilities that may in various non limiting examples be configured for one or more of securing or capturing data samples of data traffic passing through such proxies, routing communications between one or more clients and one or more servers, load balancing and forwarding functions. The types of proxies may vary widely and include but are not limited to full proxies, half proxies, security proxies, IOT proxies or load balancing proxies.
- For the purposes of the present invention, “proxy cluster” or “cluster of proxies” shall mean a plurality of proxy nodes. For the purposes of the present invention, proxy nodes within a proxy cluster may be understood as being interconnected in an overlay network.
- For the purposes of the invention, “server” shall mean any device having information processing and network communication capabilities, and which is configured to provide one or more services to a requesting client, over a communication network. The types of servers may vary widely, and include but are not limited to API servers, Applications Servers, Microservices, web servers, FTP servers, IOT brokers or servers or gateways, message brokers, or service oriented architecture (SOA) servers.
- For the purposes of the invention, “server backend” shall mean a set of one or more servers.
-
FIG. 2 illustrates an embodiment of the invention, whereinproxy cluster 204 is disposed as a network intermediate between clients 202 (i.e. clients i.e. servers server backend 206, and each response fromserver backend 206 is routed throughproxy cluster 204. - As illustrated in
FIG. 2 ,proxy cluster 204 comprises a plurality of proxy nodes (proxy nodes server backend 206 is routed to a proxy node withinproxy cluster 204. Based on routing policies and/or other information available to the specific proxy node, said proxy node routes the client request to an appropriate server withinserver backend 206. Server responses to the client request or message are likewise transmitted from the server back to the specific proxy node, and onward from the specific proxy node to the client from which the request or message originated. - In the embodiment illustrated in
FIG. 2 requests or messages fromclient 202 a are routed toproxy node 204 a withinproxy cluster 204. Said requests or messages are thereafter routed toservers server backend 206. Likewise, a request fromclient 202 b is routed toproxy node 204 b and onward toserver 206 c withinserver backend 206. A request fromclient 202 c is routed toproxy node 204 c and onward toserver 206 b inserver backend 206. Responses from theservers 206 a to 206 c are routed back to the corresponding requesting client through the same proxy node from which the request or message was received by the server. - The decision to route a client request or message to a specific proxy node within
proxy cluster 204, may in an embodiment of the invention be based on routing logic or routing policies withinDNS server 208 or other name server. Exemplary load balancing or connection parameters that the routing policies ofDNS server 208 may rely on for selecting a specific proxy node withinproxy cluster 204 may include one or more of location of the requesting client, location of the target server(s), existing load balance among proxies within the proxy clusters, content and/or type of request etc. - Selection of a target server (within server backend 206) by a proxy node within
proxy cluster 204 may be determined based on routing logic or routing policies specified for the proxy node. In a specific embodiment of the invention, a plurality of proxy nodes within proxy cluster 204 (and preferably all proxy nodes within proxy cluster 204) may be configured to use identical routing policies for selecting a target server. -
FIG. 3 illustrates another embodiment of the invention, whereinproxy cluster 304 is disposed as a network intermediate between clients 302 (i.e.clients server backend 306. In the illustrated embodiment,server backend 306 comprises server cluster 3061 (inturn comprising servers turn comprising servers - As in the case of
FIG. 2 , a client request or message relating to services fromserver backend 306 are routed through a proxy node withinproxy cluster 304. In the illustrated embodiment,proxy cluster 304 comprises a plurality ofproxy nodes server backend 306 are routed to a specific proxy node withinproxy cluster 304. The specific proxy node routes the client request or message to an appropriate server withinserver backend 306 and server responses are likewise transmitted from the server back to the specific proxy node, and onward to the requesting client. - As would be observed from the illustration in
FIG. 3 , client requests for (or messages to) servers withindata center 1 are routed to a first proxy node (i.e.proxy node 304 a), while client requests for (or messages to) servers withindata center 2 are routed to a second proxy node (i.e.proxy node 304 b). The decision to route a client request to a specific proxy node based on location of a target server, may in an embodiment of the invention be based on routing logic or routing policies withinDNS server 308. In an embodiment of the invention, proxy nodes (304 a, 304 b) withinproxy cluster 304 may be configured such that in case of failure of a server located within a specific server rack or a specific data center, the proxy node receiving client requests or messages targeted at the failed server may instead route such requests or messages to a backup server/mirror server/peer server providing the same functionality as the failed server. The configuration of proxy nodes withinproxy cluster 304 ensures that such re-routing may be effected regardless of whether the failed server and backup server/mirror server/peer server are located within the same server rack or the same data center, or are located across multiple server racks and/or across multiple data centers. In an embodiment of the invention,proxy cluster 304 may be configured to respond to server failure by re-routing client messages or requests to a backup server/mirror server/peer server despite simultaneous failure of the proxy node that was previously receiving client requests or messages targeted at the failed server.Proxy cluster 304 may achieve this by substituting an operational proxy node within the proxy cluster for the failed proxy node—and may in an embodiment (discussed in more detail hereinafter) implement such substitution of proxy nodes and consequent re-routing of client messages or requests to a backup server/mirror server/peer server without having to re-initialize a client or user session (i.e. without loss of session data). - As in the case of
FIG. 2 , selection of a target server (within server backend 306) by a proxy node withinproxy cluster 304 may be determined based on routing logic or routing policies provisioned for the proxy node. In a preferred embodiment, a plurality of proxy nodes within proxy cluster 304 (and preferably all proxy nodes within proxy cluster 304) are provisioned with identical routing policies for selecting a target server. -
FIG. 4 illustrates an embodiment of a proxy node configured for implementation within a scalable proxy cluster of the present invention.Proxy node 400 comprises aproxy router 402 and asynchronization controller 404.Proxy node 400 may additionally include or enable access to one or more repositories of data associated withproxy node 400, said repositories of data comprising (i) servercharacteristic data 406, (ii)session data 408, (iii)security data 410, (iv)configuration data 412, and (v)proxy node data 414. One or more repositories comprising the above data may in various embodiment of the invention be accessible by one or both ofproxy router 402 andsynchronization controller 404. - Server
characteristic data 406 comprises information identifying one or more characteristics of one or more servers within the server backend i.e. information that is descriptive of configuration, interfaces, and/or functionality of one or more servers within the server backend to which a proxy node is configured to route client requests or messages. In an embodiment of the invention, servercharacteristic data 406 includes one or more of (i) network sockets corresponding to servers, (ii) TCP, HTTP/WebSocket, Request/Response, streaming and/or Publish/Subscribe message patterns for accessing servers (iii) business logic execution engine(s) implemented within servers (iv) backend connectivity between a server and other servers, (v) applications implemented on servers, and/or (vi) database systems relied on or implemented within servers. -
Session data 408 comprises information identifying one or more characteristics of users/clients communicating through a proxy node. In an embodiment of the invention,session data 408 comprises one or more of (i) cookies, (ii) tokens, (iii) client ids and/or (iv) device ids. In a more specific embodiment of the invention,session data 408 may be limited to information that is active (i.e. that has not expired) in accordance with session expiry policies of one or more servers within the server backend to which a proxy node is configured to route client requests or messages. -
Security data 410 comprises Transport Layer Security/Secure Sockets Layer (TLS/SSL) security data corresponding to each session that is active (i.e. that has not expired) in accordance with applicable session expiry policies. In an embodiment of the invention,security data 410 may comprise one or more of cipher suites, digital certificates (including one or more of server name, a trusted certificate authority (CA) and a backend server's public encryption key), session keys and/or asymmetric and symmetric ciphers that have been received atproxy node 400. -
Configuration data 412 comprises configuration information that a proxy node requires to effect routing of incoming client requests or messages to a server within the server backend in one or more data centers. In an embodiment of the invention,configuration data 412 may comprise one or more of (i) data port information and/or other routing information corresponding to one or more servers within a server backend, (ii) load balancing or routing policies, (iii) load balancing and/or routing techniques (iv) management ports, (v) maximum number of processes/threads for each port, (vi) policies for generating logs (i.e. policies regarding what events or information to log, event triggers for logging and log persistence and/or management policies) and/or (vii) firewall settings corresponding to one or more servers within the server backend. -
Proxy node data 414 comprises information identifying live or active proxy nodes (other than proxy node 400) within the proxy cluster. In an embodiment of the inventionproxy node data 414 may comprise one or more of hardware identification information, IP address information and/or network routing information corresponding to such live or active proxy nodes within the proxy cluster. -
Proxy router 402 comprises a processor based controller that is configured to (i) receive client requests or client messages, and (ii) responsive to received requests or messages satisfying one or more predefined criteria, transmitting said requests or messages onward to one or more server(s) withinserver backend Proxy router 402 is a controller configured to implement predefined routing logic or routing policies on client requests or messages received at a proxy node—to ensure that legitimate client requests or messages are transmitted onwards to a server configured to respond to such requests or messages. In an embodiment of the invention, in implementing onward transmission of received client requests or messages to one or more servers,proxy router 402 may rely on one or more of servercharacteristic data 406,session data 408,security data 410 andconfiguration data 412 that is associated with and accessible toproxy node 400. -
Synchronization controller 404 comprises a processor based controller that is configured to respond to a predefined synchronization event or synchronization trigger by synchronizing (i) a data state of one or more of servercharacteristic data 406,session data 408,security data 410,configuration data 412 andproxy node data 414 that is associated with said proxy node, with (ii) a data state of corresponding server characteristic data, session data, security data, configuration data and/or proxy node data associated with another proxy node withinproxy cluster synchronization controller 404 is configured to synchronize data states of one or more (and preferably all) of servercharacteristic data 406,session data 408,security data 410,configuration data 412 andproxy node data 414 associated with said proxy node, with (ii) data states of corresponding server characteristic data, session data, security data, configuration data and proxy node data associated with every other proxy node withinproxy cluster synchronization controller 404 may be configured to establish distinct read and write connections with each proxy node that it synchronizes with. In an embodiment, the distinct read and write connections with each proxy node that asynchronization controller 404 synchronizes with, may be implemented by initializing separate read and write pipe endpoints for each such proxy node. - In a preferred embodiment of the invention, every proxy node within
proxy cluster proxy node 400. Sincesynchronization controller 404 of each proxy node within the cluster is configured to ensure synchronization of the above mentioned proxy node data states with corresponding data states of every other proxy node within the cluster, the synchronization process results in all proxy nodes within the cluster having an identical data state corresponding to one or more (and preferably all) of server characteristic data, session data, security data, configuration data and proxy node data. - As discussed above, in implementing onward transmission of received client requests or messages to one or more servers,
proxy router 402 within eachproxy node 400 may rely on one or more of server characteristic data, session data, security data and configuration data that is associated with or accessible toproxy node 400. By configuringsynchronization controller 404 within eachproxy node 400 to ensure synchronization of each set of data thatproxy router 402 relies on for implementing routing/onward transmission functionality,proxy cluster -
FIG. 5 illustrates the embodiment of the invention whereproxy cluster 504 comprises fourproxy nodes 500 a to 500 d. WhileFIG. 5 illustrates a proxy cluster comprising only four proxy nodes, it will be understood that the four proxy nodes are only illustrative and that the proxy cluster may be scaled up or down to include any number of proxy nodes. Eachproxy node 500 a to 500 d withinproxy cluster 504 may comprise an instance ofproxy node 400. Accordingly, the synchronization process betweenproxy nodes 500 a to 500 d may result in all proxy nodes within the cluster having identical data states corresponding to one or more (and preferably all) of servercharacteristic data 406,session data 408,security data 410,configuration data 412 andproxy node data 414. As illustrated inFIG. 5 , the synchronization of data states between proxy nodes results in a peer-to-peer synchronization configuration withinproxy cluster 504—wherein eachproxy node 500 a to 500 d is a peer node within the peer-to-peer synchronization configuration. - In an embodiment of the invention, each proxy node within a proxy cluster periodically carries out a heartbeat messaging procedure (i.e. a ping-pong message/response procedure) with all other proxy nodes and updates its list of active peer nodes (i.e. proxy node data 414) depending on whether the heartbeat messaging procedure returns an error.
-
FIG. 6 illustrates a method of achieving peer-to-peer synchronization between proxy nodes within a proxy cluster. For the purposes ofFIG. 6 , it will be understood that each peer node is aproxy node 400 of the type described in connection withFIG. 4 . Further, the method of peer-to-peer synchronization inFIG. 6 is described in terms of achieving data state synchronization between a proxy node and all peer proxy nodes (i.e. all other proxy nodes) within the proxy cluster. - Step 602 of
FIG. 6 comprises detection of a predefined synchronization trigger event at a proxy node. The synchronization trigger event may comprise any predefined event based trigger—and in an embodiment may comprise a time based event trigger. In an embodiment of the invention, the synchronization trigger event may comprise a trigger instruction generated at a proxy node upon expiry of a predefined time period from the last trigger instruction. In an embodiment of the invention, the synchronization trigger event may comprise a trigger instruction generated when a proxy node is bootstrapped into a proxy cluster, or when a proxy node resumes operations within a proxy cluster subsequent to recovery from a state of failure. - At
step 604, responsive to detection of a trigger event atstep 602, the proxy node retrieves information identifying peer nodes within the proxy cluster. In an embodiment of the invention, information identifying peer nodes within the proxy cluster may be retrieved fromproxy node data 414 associated withproxy node 400. - Step 606 comprises selecting a peer node from among the identified peer nodes. Step 608 thereafter comprises initiating data synchronization at the proxy node—to achieve synchronization of (i) a data state of one or more of server characteristic data, session data, security data, configuration data and proxy node data associated with the proxy node, with (ii) a data state of corresponding server characteristic data, session data, security data, configuration data and proxy node data associated with the selected peer node. In an embodiment of the invention, initiating data synchronization at a proxy node comprises establishing distinct read and write connections with every other proxy node that said proxy node synchronizes with. In an embodiment, the distinct read and write connections with every other proxy node that the proxy node synchronizes with, may be implemented by initializing separate read and write pipe endpoints for every such other proxy node.
- Step 610 comprises repeating
steps - By implementing method steps of
FIG. 6 across all peer proxy nodes within a proxy cluster, the method ensures that all proxy nodes within the proxy cluster have synchronized data states corresponding to one or more of server characteristic data, session data, security data, configuration data and proxy node data. By appropriately selecting parameters for synchronization of data states across proxy nodes, the method ofFIG. 6 can ensure that every proxy node within the proxy cluster performs routing/onward transmission functions identically. -
FIG. 7 illustrates an exemplary method for bootstrapping a new processing node and adding the new processing node as a proxy node within an existing proxy cluster. It would be understood that the method ofFIG. 7 may be used for scaling the proxy cluster up in response to an increased demand for proxy nodes within the cluster. - Step 702 comprises configuring the new processing node for operating as a proxy node within a proxy cluster. Configuring the new processing node may comprise configuring one or more processors associated with the new processing node to implement functions of
proxy router 402 andsynchronization controller 404 that have been illustrated and described in connection withFIG. 4 . In an embodiment, configuring the new processing node may comprise providing program instructions that enable the one or more processors associated with the new processing node to implement one or both of proxy router functionality and synchronization controller functionality. - Step 704 comprises provisioning the new processing node with an identifier of at least one existing peer proxy node within the proxy cluster. In an embodiment of the method, the identifier information provisioned at
step 704 may comprise an IP address (or any other information described previously in connection withproxy node data 414 ofFIG. 4 ) corresponding to at least one live or active peer node within the proxy cluster. - Step 706 comprises bootstrapping the new node into the overlay network formed by peer nodes in the proxy cluster, and initiating at the new node, a data state synchronization with at least one peer node of which the new node is aware. The data state synchronization between the new node and the peer node may in a preferred embodiment involve synchronization of data states of the new node with data states of the one peer node—in respect of one or more (and preferably all) of server characteristic data, session data, security data, configuration data and proxy node data associated with said proxy node.
- In the process of data state synchronization either (i) the new node receives information regarding all other peer nodes identified within the
proxy node data 414 corresponding to the peer node, or (ii) the peer node broadcasts address information corresponding to the new node to every other peer node identified withinproxy node data 414 corresponding to said peer node—both of which methods (when coupled with the step of data synchronization between all proxy nodes within the proxy cluster) result in data state synchronization between the new node and all other peer nodes within the proxy cluster. By implementation of data state synchronization between the new node and every peer node within the proxy cluster, the new node achieves data state synchronization with all pre-existing peer nodes within the proxy cluster—thereby achieving the status of a fully synchronized peer node within the proxy cluster. - While not specifically illustrated, it would also be understood that each pre-existing peer node within the proxy cluster updates its
proxy node data 414 to include received identifier or address information corresponding to each new peer node, thereby adding to its own list of active peer nodes with which data state synchronization requires to be implemented in response to the next synchronization event or synchronization trigger. - In a preferred embodiment, bootstrapping the new node into the proxy cluster may additionally include adding or modifying (automatically or manually) one or more DNS server entries corresponding to one or more servers within the server backend that is serviced by the proxy cluster, wherein the added or modified DNS server entries comprises address information corresponding to the new node, and may also include data that is determinative of routing policies that may be applied by the DNS server for routing client requests or messages to the new node.
- It would likewise be understood that one or more nodes may be removed from the proxy cluster to scale the proxy cluster down in response to a decreased demand for proxy nodes. In one embodiment, this process may comprise removal of a peer node from network communication with the remaining peer nodes, and updating proxy node data in at least one of the remaining peer nodes—which updating comprises removal of the removed peer node from the list of active peer nodes. By virtue of periodic data synchronization, this updating of proxy node data will be communicated to (and updated at) all other peer nodes within the proxy network in response to the next synchronization event or synchronization trigger. In another embodiment, failure of any peer node to response to a predefined number of heartbeat messages (ping messages) may result in the peer node being marked as inactive and/or deleted from
proxy node data 414 within each proxy node. Likewise DNS server entries corresponding to a removed peer node may be automatically modified to reflect the inactive/removed status in response to one or more error messages received in response to requests or messages routed to the removed peer node. In another embodiment, DNS server entries may be updated by a proxy node within the proxy cluster (or by the proxy cluster) in response to a new proxy node being added to the proxy cluster or a previously operational proxy node being removed from the proxy cluster. In case of removal or failure of a previously operational proxy node, data traffic workload previously being handled by the removed or failed node will be handled by one or more of the remaining proxy nodes within the proxy cluster—until the removed or failed proxy node resumes operations, at which time it synchronizes with one or more of the remaining proxy nodes in the proxy cluster and resumes operations as before. - In an embodiment of the invention, the proxy cluster may be accessible through a command-line-interpreter (CLI) or a RESTful API (REST API) which permits configuration inputs and/or configuration modifications at any one or more proxy nodes within the proxy cluster. In an embodiment of the invention, any additions or modifications to any one of server characteristic data, session data, security data, configuration data and proxy node data associated with proxy nodes within the proxy cluster, may be implemented at any one of the proxy nodes through the CLI or REST API—which additions or modifications will be automatically communicated to and implemented within all other proxy nodes within the proxy cluster by way of data state synchronizations implemented by each proxy node within the proxy cluster. It would accordingly be understood that implementation of data state synchronizations between proxy nodes within a proxy cluster presents significant advantages in terms of ease of administration and configuration of nodes within the proxy cluster.
- In an embodiment of the invention, the proxy cluster can support multiple communication and/or messaging protocols, both at the node level and at the cluster level. Exemplary non-limiting examples of protocols that can be supported at the node level or at the cluster level within the proxy cluster include (i) HTTP/HTTPS, (ii) WebSocket/WebSocket over SSL, (iii) MQTT/WebSocket, (iv) MQTT/WebSocket over SSL, (v) MQTT/TCP, (vi) MQTT/TLS, and (vii) CoAP.
- Based on the above, it would be understood that proxy clusters in accordance with the teachings of the present invention offer multiple advantages over solutions known in the prior art.
- A primary advantage comprises scalability or elasticity in terms of (i) a number of users/clients that can be served, (ii) type of client devices that can be served within the same or across different data centers, (iii) a number of servers within the server backend that can be served, and/or (iv) a number of protocols that can be served or accommodated.
- The invention also enables proxy nodes to be added to or removed from a proxy cluster with minimal configuration overheads. By enabling ready upward and downward scaling, the invention presents significant cost advantages over the prior art. The invention further avoids dependence on a master-slave or a centralized control model—which makes proxy clusters of the present invention simpler to configure as well as to scale.
- In addition to the above, proxy clusters of the present invention avoid any single point of failure—by providing alternative proxy nodes for routing of client requests or messages in case of failure of one or more proxy nodes. This natural resiliency ensures high availability. Additionally, assuming a specific proxy node fails but later comes back online, the data state synchronization process ensures that the revived proxy node is synchronized with all other peer proxy nodes in the course of the next synchronization event—and that such proxy node can therefore resume full functionality upon conclusion of the next synchronization event.
- The resilience and data state synchronization aspects of the proxy cluster also enable real time and “live” reconfiguration or updates of the proxies to reflect changes to APIs or API servers within the server backend or to provide new routing instructions. In the process of reconfiguration or updating of one or more servers, corresponding server
characteristic data 408 within one of theproxy nodes 400 is updated. While such updating of information occurs at theproxy node 400, the proxy node is unable to continue providing functionality as a proxy node within the proxy cluster —during which period the remaining proxy nodes in the proxy cluster continue to route information between clients and servers and thereby ensure high availability. Once the updating of information is complete, the updated proxy node is rebooted and brought back online within the proxy cluster. The updated information now available at the updated proxy node may be propagated to all other proxy nodes within the proxy cluster during the next data state synchronization event—which ensures updating of information throughout the proxy cluster, without the proxy cluster suffering a system failure or outage at any point of time. It would be understood that functioning of the proxy cluster, and transmission of client requests or messages between clients and the server backend can continue without observable disruption while the above described server updates/reconfiguration, proxy node updating and proxy node synchronization is implemented. - Since in certain embodiments, synchronization of data states includes synchronization of
session data 408 andsecurity data 410, a user or client device may be shifted from one proxy node within a proxy cluster to another proxy node within the cluster (for example, in response to failure of a proxy node, or in response to a shift due to a change in state of a user or client device) without having to reinitialize a user session or client session. - In an embodiment of the invention, the proxy cluster is a non-symmetric cluster, in that at least two proxy nodes within the proxy cluster have different operating specifications in terms of one or more of hardware, operating systems and/or application software.
- It would be understood that proxy clusters in accordance with the teachings of the present invention can be configured to span one or more server backends that are implemented across a plurality of server racks and/or a plurality of datacenters. In addition to enabling scalability of the proxy cluster, the invention enables geography specific scaling of proxy clusters based on local demand, as well as setting up of cross-border datacenters. The data state synchronizations of the invention additionally ensure persistence of data and metadata across all proxy nodes within a proxy cluster—which data and metadata may span a server backend that has been set up across multiple datacenters. Persistence of data and metadata across data centers has been found to present significant advantages over the earlier state of art—particularly in view that synchronizing session state data ensures true session recovery (for high availability and/or disaster recovery) by servers in a second datacenter in case of failure of servers within a first datacenter—thereby ensuring that an ongoing session and/or business logic within an ongoing session can be continued without having to re-initialize the session.
- The proxy cluster may be configured to span at least two data centers, wherein the secondary data center (and servers therein) is configured to provide disaster recovery support for the primary data center. In an embodiment, the proxy cluster is configured such that in case of a disaster event causing entire failure of the primary data center (including one or more proxy nodes corresponding to said primary data center), the DNS server (or other name server) is reconfigured (automatically or manually) to route client requests or messages to the secondary data center without causing disruption to the end user(s). In another embodiment, the proxy cluster is configured such that in the event the primary data center (or servers therein) fails without a corresponding failure of proxy nodes servicing said primary data center, client requests or messages corresponding to client sessions that were previously being serviced by the primary data center are subsequently routed to one or more servers within the secondary data center.
-
FIG. 8 illustrates an exemplary system in which various embodiments of the invention, including one or more proxy nodes within a proxy cluster, may be implemented. - The
system 802 comprises at-least oneprocessor 804 and at-least onememory 806. Theprocessor 804 executes program instructions and may be a real processor. Theprocessor 804 may also be a virtual processor. Thecomputer system 802 is not intended to suggest any limitation as to scope of use or functionality of described embodiments. For example, thecomputer system 802 may include, but not limited to, one or more of a general-purpose computer, a programmed microprocessor, a micro-controller, an integrated circuit, and other devices or arrangements of devices that are capable of implementing the steps that constitute the method of the present invention. In an embodiment of the present invention, thememory 806 may store software for implementing various embodiments of the present invention. Thecomputer system 802 may have additional components. For example, thecomputer system 802 includes one ormore communication channels 808, one ormore input devices 810, one ormore output devices 812, andstorage 814. An interconnection mechanism (not shown) such as a bus, controller, or network, interconnects the components of thecomputer system 802. In various embodiments of the present invention, operating system software (not shown) provides an operating environment for various softwares executing in thecomputer system 802, and manages different functionalities of the components of thecomputer system 802. - The communication channel(s) 808 allow communication over a communication medium to various other computing entities. The communication medium provides information such as program instructions, or other data in a communication media. The communication media includes, but not limited to, wired or wireless methodologies implemented with an electrical, optical, RF, infrared, acoustic, microwave, bluetooth or other transmission media.
- The input device(s) 810 may include, but not limited to, a touch screen, a keyboard, mouse, pen, joystick, trackball, a voice device, a scanning device, or any another device that is capable of providing input to the
computer system 802. In an embodiment of the present invention, the input device(s) 810 may be a sound card or similar device that accepts audio input in analog or digital form. The output device(s) 812 may include, but not limited to, a user interface on CRT or LCD, printer, speaker, CD/DVD writer, or any other device that provides output from thecomputer system 802. - The
storage 814 may include, but not limited to, magnetic disks, magnetic tapes, CD-ROMs, CD-RWs, DVDs, any types of computer memory, magnetic stripes, smart cards, printed barcodes or any other transitory or non-transitory medium which can be used to store information and can be accessed by thecomputer system 802. In various embodiments of the present invention, thestorage 814 contains program instructions for implementing the described embodiments. - While not illustrated in
FIG. 8 , the system ofFIG. 8 may further include some or all of the components of a proxy node of the type more fully described in connection withFIG. 4 herein above. - The present invention may be implemented in numerous ways including as a system, a method, or a computer program product such as a computer readable storage medium or a computer network wherein programming instructions are communicated from a remote location.
- The present invention may suitably be embodied as a computer program product for use with the
computer system 802. The method described herein is typically implemented as a computer program product, comprising a set of program instructions which is executed by thecomputer system 802 or any other similar device. The set of program instructions may be a series of computer readable codes stored on a tangible medium, such as a computer readable storage medium (storage 814), for example, diskette, CD-ROM, ROM, flash drives or hard disk, or transmittable to thecomputer system 802, via a modem or other interface device, over either a tangible medium, including but not limited to optical or analogue communications channel(s) 808. The implementation of the invention as a computer program product may be in an intangible form using wireless techniques, including but not limited to microwave, infrared, bluetooth or other transmission techniques. These instructions can be preloaded into a system or recorded on a storage medium such as a CD-ROM, or made available for downloading over a network such as the Internet or a mobile telephone network. The series of computer readable instructions may embody all or part of the functionality previously described herein. - While the exemplary embodiments of the present invention are described and illustrated herein, it will be appreciated that they are merely illustrative. It will be understood by those skilled in the art that various modifications in form and detail may be made therein without departing from or offending the spirit and scope of the invention as defined by the appended claims.
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/051,026 US20180337894A1 (en) | 2015-05-27 | 2018-07-31 | Scalable proxy clusters |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201562167165P | 2015-05-27 | 2015-05-27 | |
US15/164,512 US10701037B2 (en) | 2015-05-27 | 2016-05-25 | Scalable proxy clusters |
US16/051,026 US20180337894A1 (en) | 2015-05-27 | 2018-07-31 | Scalable proxy clusters |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/164,512 Division US10701037B2 (en) | 2015-05-27 | 2016-05-25 | Scalable proxy clusters |
Publications (1)
Publication Number | Publication Date |
---|---|
US20180337894A1 true US20180337894A1 (en) | 2018-11-22 |
Family
ID=57397672
Family Applications (10)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/164,512 Active 2036-09-24 US10701037B2 (en) | 2015-05-27 | 2016-05-25 | Scalable proxy clusters |
US15/164,587 Active 2036-07-31 US10193867B2 (en) | 2015-05-27 | 2016-05-25 | Methods and systems for API proxy based adaptive security |
US15/164,555 Active 2038-05-18 US10834054B2 (en) | 2015-05-27 | 2016-05-25 | Systems and methods for API routing and security |
US16/051,026 Abandoned US20180337894A1 (en) | 2015-05-27 | 2018-07-31 | Scalable proxy clusters |
US16/050,915 Active US10666621B2 (en) | 2015-05-27 | 2018-07-31 | Methods and systems for API proxy based adaptive security |
US16/050,996 Abandoned US20180337893A1 (en) | 2015-05-27 | 2018-07-31 | Scalable proxy clusters |
US16/050,958 Active US10484337B2 (en) | 2015-05-27 | 2018-07-31 | Scalable proxy clusters |
US16/686,885 Active US11140135B2 (en) | 2015-05-27 | 2019-11-18 | Scalable proxy clusters |
US16/881,376 Active 2036-11-20 US11641343B2 (en) | 2015-05-27 | 2020-05-22 | Methods and systems for API proxy based adaptive security |
US17/491,946 Active US11582199B2 (en) | 2015-05-27 | 2021-10-01 | Scalable proxy clusters |
Family Applications Before (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/164,512 Active 2036-09-24 US10701037B2 (en) | 2015-05-27 | 2016-05-25 | Scalable proxy clusters |
US15/164,587 Active 2036-07-31 US10193867B2 (en) | 2015-05-27 | 2016-05-25 | Methods and systems for API proxy based adaptive security |
US15/164,555 Active 2038-05-18 US10834054B2 (en) | 2015-05-27 | 2016-05-25 | Systems and methods for API routing and security |
Family Applications After (6)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/050,915 Active US10666621B2 (en) | 2015-05-27 | 2018-07-31 | Methods and systems for API proxy based adaptive security |
US16/050,996 Abandoned US20180337893A1 (en) | 2015-05-27 | 2018-07-31 | Scalable proxy clusters |
US16/050,958 Active US10484337B2 (en) | 2015-05-27 | 2018-07-31 | Scalable proxy clusters |
US16/686,885 Active US11140135B2 (en) | 2015-05-27 | 2019-11-18 | Scalable proxy clusters |
US16/881,376 Active 2036-11-20 US11641343B2 (en) | 2015-05-27 | 2020-05-22 | Methods and systems for API proxy based adaptive security |
US17/491,946 Active US11582199B2 (en) | 2015-05-27 | 2021-10-01 | Scalable proxy clusters |
Country Status (1)
Country | Link |
---|---|
US (10) | US10701037B2 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10484337B2 (en) | 2015-05-27 | 2019-11-19 | Ping Identity Corporation | Scalable proxy clusters |
US10587580B2 (en) | 2016-10-26 | 2020-03-10 | Ping Identity Corporation | Methods and systems for API deception environment and API traffic control and security |
US10699010B2 (en) | 2017-10-13 | 2020-06-30 | Ping Identity Corporation | Methods and apparatus for analyzing sequences of application programming interface traffic to identify potential malicious actions |
US11496475B2 (en) | 2019-01-04 | 2022-11-08 | Ping Identity Corporation | Methods and systems for data traffic based adaptive security |
US11516116B2 (en) * | 2020-03-30 | 2022-11-29 | EMC IP Holding Company LLC | Domain name system multipathing distributed applications |
Families Citing this family (230)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8903973B1 (en) | 2008-11-10 | 2014-12-02 | Tanium Inc. | Parallel distributed network management |
US8560604B2 (en) | 2009-10-08 | 2013-10-15 | Hola Networks Ltd. | System and method for providing faster and more efficient data communication |
US11863529B2 (en) * | 2011-09-09 | 2024-01-02 | Kingston Digital, Inc. | Private cloud routing server connection mechanism for use in a private communication architecture |
US11172470B1 (en) | 2012-12-21 | 2021-11-09 | Tanium Inc. | System, security and network management using self-organizing communication orbits in distributed networks |
US9246977B2 (en) | 2012-12-21 | 2016-01-26 | Tanium Inc. | System, security and network management using self-organizing communication orbits in distributed networks |
US10454714B2 (en) | 2013-07-10 | 2019-10-22 | Nicira, Inc. | Method and system of overlay flow control |
US10749711B2 (en) | 2013-07-10 | 2020-08-18 | Nicira, Inc. | Network-link method useful for a last-mile connectivity in an edge-gateway multipath system |
US9887960B2 (en) | 2013-08-14 | 2018-02-06 | Nicira, Inc. | Providing services for logical networks |
US9241044B2 (en) | 2013-08-28 | 2016-01-19 | Hola Networks, Ltd. | System and method for improving internet communication by using intermediate nodes |
US9769275B2 (en) | 2014-03-24 | 2017-09-19 | Tanium Inc. | Data caching and distribution in a local network |
US10873645B2 (en) | 2014-03-24 | 2020-12-22 | Tanium Inc. | Software application updating in a local network |
US10628186B2 (en) * | 2014-09-08 | 2020-04-21 | Wirepath Home Systems, Llc | Method for electronic device virtualization and management |
US10148748B2 (en) * | 2015-02-26 | 2018-12-04 | Microsoft Technology Licensing, Llc | Co-locating peer devices for peer matching |
US10425382B2 (en) | 2015-04-13 | 2019-09-24 | Nicira, Inc. | Method and system of a cloud-based multipath routing protocol |
US10498652B2 (en) | 2015-04-13 | 2019-12-03 | Nicira, Inc. | Method and system of application-aware routing with crowdsourcing |
US10135789B2 (en) | 2015-04-13 | 2018-11-20 | Nicira, Inc. | Method and system of establishing a virtual private network in a cloud service for branch networking |
US11461208B1 (en) | 2015-04-24 | 2022-10-04 | Tanium Inc. | Reliable map-reduce communications in a decentralized, self-organizing communication orbit of a distributed network |
US9910752B2 (en) | 2015-04-24 | 2018-03-06 | Tanium Inc. | Reliable map-reduce communications in a decentralized, self-organizing communication orbit of a distributed network |
US11057446B2 (en) | 2015-05-14 | 2021-07-06 | Bright Data Ltd. | System and method for streaming content from multiple servers |
AU2016204072B2 (en) * | 2015-06-17 | 2017-08-03 | Accenture Global Services Limited | Event anomaly analysis and prediction |
US10243848B2 (en) | 2015-06-27 | 2019-03-26 | Nicira, Inc. | Provisioning logical entities in a multi-datacenter environment |
US10298561B2 (en) * | 2015-06-30 | 2019-05-21 | Vmware, Inc. | Providing a single session experience across multiple applications |
US10721328B2 (en) * | 2015-08-26 | 2020-07-21 | International Business Machines Corporation | Offering application program interfaces (APIs) for sale in cloud marketplace |
US9948521B2 (en) | 2016-01-11 | 2018-04-17 | Equinix, Inc. | Architecture for data center infrastructure monitoring |
US9866637B2 (en) | 2016-01-11 | 2018-01-09 | Equinix, Inc. | Distributed edge processing of internet of things device data in co-location facilities |
US10498744B2 (en) | 2016-03-08 | 2019-12-03 | Tanium Inc. | Integrity monitoring in a local network |
US10095864B2 (en) | 2016-03-08 | 2018-10-09 | Tanium Inc. | System and method for performing event inquiries in a network |
US11153383B2 (en) * | 2016-03-08 | 2021-10-19 | Tanium Inc. | Distributed data analysis for streaming data sources |
US10929345B2 (en) * | 2016-03-08 | 2021-02-23 | Tanium Inc. | System and method of performing similarity search queries in a network |
US11886229B1 (en) * | 2016-03-08 | 2024-01-30 | Tanium Inc. | System and method for generating a global dictionary and performing similarity search queries in a network |
US11372938B1 (en) * | 2016-03-08 | 2022-06-28 | Tanium Inc. | System and method for performing search requests in a network |
US11609835B1 (en) | 2016-03-08 | 2023-03-21 | Tanium Inc. | Evaluating machine and process performance in distributed system |
US10841273B2 (en) | 2016-04-29 | 2020-11-17 | Nicira, Inc. | Implementing logical DHCP servers in logical networks |
US10484515B2 (en) * | 2016-04-29 | 2019-11-19 | Nicira, Inc. | Implementing logical metadata proxy servers in logical networks |
US10320898B2 (en) * | 2016-06-06 | 2019-06-11 | Verizon Patent And Licensing Inc. | Automated multi-network failover for data centers |
US10270815B1 (en) * | 2016-06-07 | 2019-04-23 | Amazon Technologies, Inc. | Enabling communications between a controlling device and a network-controlled device via a network-connected device service over a mobile communications network |
US10778718B2 (en) * | 2016-09-16 | 2020-09-15 | Salesforce.Com, Inc. | Phishing detection and prevention |
US10135916B1 (en) | 2016-09-19 | 2018-11-20 | Amazon Technologies, Inc. | Integration of service scaling and external health checking systems |
US10182033B1 (en) * | 2016-09-19 | 2019-01-15 | Amazon Technologies, Inc. | Integration of service scaling and service discovery systems |
US10565016B2 (en) * | 2016-09-20 | 2020-02-18 | International Business Machines Corporation | Time frame bounded execution of computational algorithms |
US10996997B2 (en) * | 2017-01-23 | 2021-05-04 | International Business Machines Corporation | API-based service command invocation |
US11252079B2 (en) | 2017-01-31 | 2022-02-15 | Vmware, Inc. | High performance software-defined core network |
US20180219765A1 (en) | 2017-01-31 | 2018-08-02 | Waltz Networks | Method and Apparatus for Network Traffic Control Optimization |
US20200036624A1 (en) | 2017-01-31 | 2020-01-30 | The Mode Group | High performance software-defined core network |
US10992568B2 (en) | 2017-01-31 | 2021-04-27 | Vmware, Inc. | High performance software-defined core network |
US11121962B2 (en) | 2017-01-31 | 2021-09-14 | Vmware, Inc. | High performance software-defined core network |
US10992558B1 (en) | 2017-11-06 | 2021-04-27 | Vmware, Inc. | Method and apparatus for distributed data network traffic optimization |
US11706127B2 (en) | 2017-01-31 | 2023-07-18 | Vmware, Inc. | High performance software-defined core network |
CN106657393A (en) * | 2017-02-08 | 2017-05-10 | 浪潮(苏州)金融技术服务有限公司 | Device remote interaction system and method based on Websocket |
US10778528B2 (en) | 2017-02-11 | 2020-09-15 | Nicira, Inc. | Method and system of connecting to a multipath hub in a cluster |
CN108462731B (en) * | 2017-02-20 | 2021-04-09 | 阿里巴巴集团控股有限公司 | Data proxy method and device and electronic equipment |
US10613994B2 (en) * | 2017-03-29 | 2020-04-07 | Intel Corporation | Methods and apparatus to establish a connection between a supplicant and a secured network |
US10511574B2 (en) * | 2017-03-31 | 2019-12-17 | Hyland Software, Inc. | Methods and apparatuses for utilizing a gateway integration server to enhance application security |
US20180288179A1 (en) * | 2017-04-03 | 2018-10-04 | Randeep S. Bhatia | Proxy for serving internet-of-things (iot) devices |
US10402241B1 (en) | 2017-04-27 | 2019-09-03 | EMC IP Holding Company LLC | Forwarding metadata proxy server for asynchronous metadata operations |
CN107276872A (en) * | 2017-06-05 | 2017-10-20 | 杭州电子科技大学 | The multiple signals processing method of Embedded PLC and Embedded PLC system |
US10904173B2 (en) | 2017-06-09 | 2021-01-26 | Equinix, Inc. | Near real-time messaging service for data center infrastructure monitoring data |
US11050607B2 (en) | 2017-06-21 | 2021-06-29 | Red Hat, Inc. | Proxy with a function as a service (FAAS) support |
US10523539B2 (en) | 2017-06-22 | 2019-12-31 | Nicira, Inc. | Method and system of resiliency in cloud-delivered SD-WAN |
US11023300B2 (en) * | 2017-06-30 | 2021-06-01 | Oracle International Corporation | Governing access to third-party application programming interfaces |
US10824729B2 (en) | 2017-07-14 | 2020-11-03 | Tanium Inc. | Compliance management in a local network |
US10419460B2 (en) * | 2017-07-21 | 2019-09-17 | Oath, Inc. | Method and system for detecting abnormal online user activity |
CN109302435B (en) * | 2017-07-25 | 2021-03-16 | 腾讯科技(深圳)有限公司 | Message publishing method, device, system, server and computer readable storage medium |
US11582291B2 (en) | 2017-07-28 | 2023-02-14 | Kong Inc. | Auto-documentation for application program interfaces based on network requests and responses |
US11171842B2 (en) | 2019-09-05 | 2021-11-09 | Kong Inc. | Microservices application network control plane |
LT3767493T (en) | 2017-08-28 | 2023-03-10 | Bright Data Ltd. | Method for improving content fetching by selecting tunnel devices |
US11190374B2 (en) | 2017-08-28 | 2021-11-30 | Bright Data Ltd. | System and method for improving content fetching by selecting tunnel devices |
CN107682406B (en) * | 2017-09-08 | 2020-08-25 | 北京三快在线科技有限公司 | Method, device and system for processing service |
US10810099B2 (en) * | 2017-09-11 | 2020-10-20 | Internatinal Business Machines Corporation | Cognitive in-memory API logging |
CN109561226B (en) * | 2017-09-26 | 2020-06-26 | 华为技术有限公司 | API (application program interface) mixed multi-tenant routing method and system and API gateway |
US10805114B2 (en) | 2017-10-02 | 2020-10-13 | Vmware, Inc. | Processing data messages of a virtual network that are sent to and received from external service machines |
US10999100B2 (en) | 2017-10-02 | 2021-05-04 | Vmware, Inc. | Identifying multiple nodes in a virtual network defined over a set of public clouds to connect to an external SAAS provider |
US10959098B2 (en) | 2017-10-02 | 2021-03-23 | Vmware, Inc. | Dynamically specifying multiple public cloud edge nodes to connect to an external multi-computer node |
US11115480B2 (en) | 2017-10-02 | 2021-09-07 | Vmware, Inc. | Layer four optimization for a virtual network defined over public cloud |
US11089111B2 (en) | 2017-10-02 | 2021-08-10 | Vmware, Inc. | Layer four optimization for a virtual network defined over public cloud |
US10999165B2 (en) | 2017-10-02 | 2021-05-04 | Vmware, Inc. | Three tiers of SaaS providers for deploying compute and network infrastructure in the public cloud |
US10819556B1 (en) | 2017-10-16 | 2020-10-27 | Equinix, Inc. | Data center agent for data center infrastructure monitoring data access and translation |
EP3704846B1 (en) * | 2017-11-03 | 2021-08-04 | Todyl, Inc. | Cloud-based multi-function firewall and zero trust private virtual network |
US11223514B2 (en) | 2017-11-09 | 2022-01-11 | Nicira, Inc. | Method and system of a dynamic high-availability mode based on current wide area network connectivity |
US10541924B2 (en) | 2017-12-01 | 2020-01-21 | International Business Machines Corporation | Load balancing in data hosting systems |
US11665241B1 (en) * | 2017-12-28 | 2023-05-30 | Itential, Inc. | Systems and methods for dynamic federated API generation |
CN108173860A (en) * | 2017-12-29 | 2018-06-15 | 深圳市泛海三江科技发展有限公司 | A kind of MQTT connection methods, system, terminal and the server of low side constrained devices |
CN108536535A (en) * | 2018-01-24 | 2018-09-14 | 北京奇艺世纪科技有限公司 | A kind of dns server and its thread control method and device |
CN110166267B (en) * | 2018-02-13 | 2023-05-30 | 北京京东尚科信息技术有限公司 | Content distribution network configuration method and system, master control server and node server |
US10609163B2 (en) * | 2018-02-26 | 2020-03-31 | Servicenow, Inc. | Proxy application supporting multiple collaboration channels |
US10542124B2 (en) | 2018-02-27 | 2020-01-21 | Servicenow, Inc. | Systems and methods of rate limiting for a representational state transfer (REST) application programming interface (API) |
CN108650285B (en) * | 2018-03-08 | 2020-04-21 | 深圳市盛铂科技有限公司 | Method for interconnecting network applications and network access device |
CN111386676B (en) * | 2018-03-21 | 2022-01-21 | 华为技术有限公司 | Control method of application programming interface API gateway cluster and API gateway cluster |
US10951693B2 (en) | 2018-04-02 | 2021-03-16 | T-Mobile Usa, Inc. | Data prioritization and scheduling system |
US10834181B2 (en) * | 2018-04-02 | 2020-11-10 | T-Mobile Usa, Inc. | Load balancing and data prioritization system |
US10601942B2 (en) | 2018-04-12 | 2020-03-24 | Pearson Management Services Limited | Systems and methods for automated module-based content provisioning |
US10791056B2 (en) * | 2018-04-16 | 2020-09-29 | Citrix Systems, Inc. | Policy based service routing |
CN108712467A (en) * | 2018-04-19 | 2018-10-26 | 宁波三掌柜新商业有限公司 | A kind of exchange method realized Internet of Things real time high-speed and stablize high concurrent |
US10628581B2 (en) | 2018-04-24 | 2020-04-21 | Dell Products, Lp | System and method for forced data leakage prevention |
US11062315B2 (en) | 2018-04-25 | 2021-07-13 | At&T Intellectual Property I, L.P. | Fraud as a service |
CN112136301A (en) * | 2018-05-16 | 2020-12-25 | 诺基亚技术有限公司 | Error handling framework for security management in a communication system |
US11265332B1 (en) * | 2018-05-17 | 2022-03-01 | Securly, Inc. | Managed network content monitoring and filtering system and method |
US11709946B2 (en) | 2018-06-06 | 2023-07-25 | Reliaquest Holdings, Llc | Threat mitigation system and method |
US11108798B2 (en) | 2018-06-06 | 2021-08-31 | Reliaquest Holdings, Llc | Threat mitigation system and method |
US11546405B2 (en) * | 2018-06-18 | 2023-01-03 | Jpmorgan Chase Bank, N.A. | Methods for exposing mainframe data as a web service and devices thereof |
US10911460B2 (en) * | 2018-07-02 | 2021-02-02 | Juniper Networks, Inc. | Methods and devices for blocking, detecting, and/or preventing malicious traffic |
US10841365B2 (en) | 2018-07-18 | 2020-11-17 | Tanium Inc. | Mapping application dependencies in a computer network |
US11343355B1 (en) | 2018-07-18 | 2022-05-24 | Tanium Inc. | Automated mapping of multi-tier applications in a distributed system |
US11089093B2 (en) * | 2018-08-31 | 2021-08-10 | Sap Se | Validation of a traffic management pool |
CN109088731B (en) * | 2018-09-04 | 2021-09-21 | 杭州涂鸦信息技术有限公司 | Internet of things cloud communication method and device |
US11017028B2 (en) | 2018-10-03 | 2021-05-25 | The Toronto-Dominion Bank | Systems and methods for intelligent responses to queries based on trained processes |
CN109558223A (en) * | 2018-10-11 | 2019-04-02 | 珠海许继芝电网自动化有限公司 | A kind of multi-process promotes workflow dispositions method and system |
US11271846B2 (en) | 2018-10-22 | 2022-03-08 | Oracle International Corporation | Methods, systems, and computer readable media for locality-based selection and routing of traffic to producer network functions (NFs) |
CN109218445A (en) * | 2018-10-22 | 2019-01-15 | 苏州达威尔物联网科技有限公司 | A kind of wireless steel mill's pipeline pressure balanced energy conservation method |
US10778527B2 (en) * | 2018-10-31 | 2020-09-15 | Oracle International Corporation | Methods, systems, and computer readable media for providing a service proxy function in a telecommunications network core using a service-based architecture |
US10778595B2 (en) * | 2018-11-01 | 2020-09-15 | International Business Machines Corporation | Operating a message queue cluster having multiple nodes |
US11553047B2 (en) * | 2018-11-30 | 2023-01-10 | International Business Machines Corporation | Dynamic connection capacity management |
US10977095B2 (en) * | 2018-11-30 | 2021-04-13 | Microsoft Technology Licensing, Llc | Side-by-side execution of same-type subsystems having a shared base operating system |
CN109639790A (en) * | 2018-12-06 | 2019-04-16 | 上海美亦健健康管理有限公司 | A kind of distributed Internet of Things software architecture |
US11153281B2 (en) | 2018-12-06 | 2021-10-19 | Bank Of America Corporation | Deploying and utilizing a dynamic data stenciling system with a smart linking engine |
CN113261259B (en) * | 2018-12-18 | 2022-12-02 | 华为云计算技术有限公司 | System and method for transparent session handoff |
US10955831B2 (en) * | 2018-12-26 | 2021-03-23 | Nozomi Networks Sagl | Method and apparatus for detecting the anomalies of an infrastructure |
CN109922053A (en) * | 2019-02-22 | 2019-06-21 | 北京三快在线科技有限公司 | Data transmission method, device, electronic equipment and readable storage medium storing program for executing |
LT4075304T (en) | 2019-02-25 | 2023-07-25 | Bright Data Ltd. | System and method for url fetching retry mechanism |
CN109756522A (en) * | 2019-03-25 | 2019-05-14 | 苏州达塔库自动化科技有限公司 | Support the Message Agent method of various protocols |
US10791044B1 (en) | 2019-03-29 | 2020-09-29 | Oracle International Corporation | Methods, system, and computer readable media for handling multiple versions of same service provided by producer network functions (NFs) |
USD926810S1 (en) | 2019-06-05 | 2021-08-03 | Reliaquest Holdings, Llc | Display screen or portion thereof with a graphical user interface |
USD926809S1 (en) | 2019-06-05 | 2021-08-03 | Reliaquest Holdings, Llc | Display screen or portion thereof with a graphical user interface |
USD926811S1 (en) | 2019-06-06 | 2021-08-03 | Reliaquest Holdings, Llc | Display screen or portion thereof with a graphical user interface |
USD926200S1 (en) | 2019-06-06 | 2021-07-27 | Reliaquest Holdings, Llc | Display screen or portion thereof with a graphical user interface |
USD926782S1 (en) | 2019-06-06 | 2021-08-03 | Reliaquest Holdings, Llc | Display screen or portion thereof with a graphical user interface |
US11190514B2 (en) * | 2019-06-17 | 2021-11-30 | Microsoft Technology Licensing, Llc | Client-server security enhancement using information accessed from access tokens |
US10986172B2 (en) * | 2019-06-24 | 2021-04-20 | Walmart Apollo, Llc | Configurable connection reset for customized load balancing |
US10819636B1 (en) | 2019-06-26 | 2020-10-27 | Oracle International Corporation | Methods, systems, and computer readable media for producer network function (NF) service instance wide egress rate limiting at service communication proxy (SCP) |
US11252093B2 (en) | 2019-06-26 | 2022-02-15 | Oracle International Corporation | Methods, systems, and computer readable media for policing access point name-aggregate maximum bit rate (APN-AMBR) across packet data network gateway data plane (P-GW DP) worker instances |
US11159359B2 (en) | 2019-06-26 | 2021-10-26 | Oracle International Corporation | Methods, systems, and computer readable media for diameter-peer-wide egress rate limiting at diameter relay agent (DRA) |
US11635990B2 (en) | 2019-07-01 | 2023-04-25 | Nutanix, Inc. | Scalable centralized manager including examples of data pipeline deployment to an edge system |
US11501881B2 (en) | 2019-07-03 | 2022-11-15 | Nutanix, Inc. | Apparatus and method for deploying a mobile device as a data source in an IoT system |
US11698891B2 (en) * | 2019-07-30 | 2023-07-11 | Salesforce.Com, Inc. | Database systems and related multichannel communication methods |
US10833938B1 (en) | 2019-07-31 | 2020-11-10 | Oracle International Corporation | Methods, systems, and computer readable media for network function (NF) topology synchronization |
CN110460618B (en) * | 2019-08-26 | 2022-06-07 | 南京国电南自轨道交通工程有限公司 | Safe communication method in integrated monitoring system based on EN50159 standard |
US11310170B2 (en) | 2019-08-27 | 2022-04-19 | Vmware, Inc. | Configuring edge nodes outside of public clouds to use routes defined through the public clouds |
US11082393B2 (en) | 2019-08-29 | 2021-08-03 | Oracle International Corporation | Methods, systems, and computer readable media for actively discovering and tracking addresses associated with 5G and non-5G service endpoints |
US11323413B2 (en) | 2019-08-29 | 2022-05-03 | Oracle International Corporation | Methods, systems, and computer readable media for actively discovering and tracking addresses associated with 4G service endpoints |
US11201897B1 (en) * | 2019-09-03 | 2021-12-14 | Rapid7, Inc. | Secure multiplexed routing |
US11595272B2 (en) | 2019-09-05 | 2023-02-28 | Kong Inc. | Microservices application network control plane |
US11218450B2 (en) * | 2019-09-11 | 2022-01-04 | Commvault Systems, Inc. | Data protection component scaling in a cloud-based data storage system |
CN110602136B (en) * | 2019-09-25 | 2021-09-14 | 华为技术有限公司 | Cluster access method and related product |
US11425598B2 (en) | 2019-10-14 | 2022-08-23 | Oracle International Corporation | Methods, systems, and computer readable media for rules-based overload control for 5G servicing |
US11018971B2 (en) | 2019-10-14 | 2021-05-25 | Oracle International Corporation | Methods, systems, and computer readable media for distributing network function (NF) topology information among proxy nodes and for using the NF topology information for inter-proxy node message routing |
US11102138B2 (en) | 2019-10-14 | 2021-08-24 | Oracle International Corporation | Methods, systems, and computer readable media for providing guaranteed traffic bandwidth for services at intermediate proxy nodes |
US11044190B2 (en) | 2019-10-28 | 2021-06-22 | Vmware, Inc. | Managing forwarding elements at edge nodes connected to a virtual network |
US11853450B2 (en) * | 2019-11-05 | 2023-12-26 | Saudi Arabian Oil Company | Detection of web application anomalies using machine learning |
CN110995656B (en) * | 2019-11-06 | 2022-08-05 | 深信服科技股份有限公司 | Load balancing method, device, equipment and storage medium |
US11831670B1 (en) | 2019-11-18 | 2023-11-28 | Tanium Inc. | System and method for prioritizing distributed system risk remediations |
US11546251B2 (en) * | 2019-11-20 | 2023-01-03 | Securing Sam Ltd. | System and method for securing communication between devices on a network with multiple access points |
CN110971685B (en) * | 2019-11-29 | 2021-01-01 | 腾讯科技(深圳)有限公司 | Content processing method, content processing device, computer equipment and storage medium |
US10715484B1 (en) * | 2019-12-11 | 2020-07-14 | CallFire, Inc. | Domain management and synchronization system |
US11394640B2 (en) | 2019-12-12 | 2022-07-19 | Vmware, Inc. | Collecting and analyzing data regarding flows associated with DPI parameters |
US11489783B2 (en) | 2019-12-12 | 2022-11-01 | Vmware, Inc. | Performing deep packet inspection in a software defined wide area network |
US11463416B1 (en) * | 2019-12-13 | 2022-10-04 | Amazon Technologies, Inc. | Automatic detection of personal information in cloud-based infrastructure configurations |
US11224009B2 (en) | 2019-12-30 | 2022-01-11 | Oracle International Corporation | Methods, systems, and computer readable media for enabling transport quality of service (QoS) in 5G networks |
US11689959B2 (en) | 2020-01-24 | 2023-06-27 | Vmware, Inc. | Generating path usability state for different sub-paths offered by a network link |
US11799726B2 (en) | 2020-04-06 | 2023-10-24 | Vmware, Inc. | Multi-site security groups |
US11777793B2 (en) | 2020-04-06 | 2023-10-03 | Vmware, Inc. | Location criteria for security groups |
US11088902B1 (en) | 2020-04-06 | 2021-08-10 | Vmware, Inc. | Synchronization of logical network state between global and local managers |
US11088919B1 (en) * | 2020-04-06 | 2021-08-10 | Vmware, Inc. | Data structure for defining multi-site logical network |
US11303557B2 (en) | 2020-04-06 | 2022-04-12 | Vmware, Inc. | Tunnel endpoint group records for inter-datacenter traffic |
US11297110B2 (en) * | 2020-04-08 | 2022-04-05 | Arista Networks, Inc. | Load balancing for control session and media session in a communication flow |
US11755620B1 (en) * | 2020-04-09 | 2023-09-12 | Amazon Technologies, Inc. | Invoking supported non-relational database operations to provide results consistent with commands specified in a relational query language |
CN113542122B (en) * | 2020-04-16 | 2022-10-18 | 中移物联网有限公司 | Internet of things equipment data forwarding method and system |
US11425028B2 (en) * | 2020-04-28 | 2022-08-23 | Cisco Technology, Inc. | Priority based automated network selection for micro-services in service mesh |
US20210377240A1 (en) * | 2020-06-02 | 2021-12-02 | FLEX Integration LLC | System and methods for tokenized hierarchical secured asset distribution |
CN111818136B (en) * | 2020-06-24 | 2023-08-22 | 深圳中集智能科技有限公司 | Data processing method, device, electronic equipment and computer readable medium |
US11461470B2 (en) | 2020-06-26 | 2022-10-04 | Bank Of America Corporation | System and method for providing an application programming interface (API) based on performance and security |
CN111858628B (en) | 2020-06-30 | 2024-08-27 | 北京百度网讯科技有限公司 | Database-based management method, platform, electronic device and storage medium |
US11695787B2 (en) | 2020-07-01 | 2023-07-04 | Hawk Network Defense, Inc. | Apparatus and methods for determining event information and intrusion detection at a host device |
US11245641B2 (en) | 2020-07-02 | 2022-02-08 | Vmware, Inc. | Methods and apparatus for application aware hub clustering techniques for a hyper scale SD-WAN |
US20220014545A1 (en) * | 2020-07-09 | 2022-01-13 | Jpmorgan Chase Bank, N.A. | Systems and methods for automated cyber security and control monitoring |
US11709710B2 (en) | 2020-07-30 | 2023-07-25 | Vmware, Inc. | Memory allocator for I/O operations |
US11528334B2 (en) | 2020-07-31 | 2022-12-13 | Oracle International Corporation | Methods, systems, and computer readable media for preferred network function (NF) location routing using service communications proxy (SCP) |
US10951738B1 (en) | 2020-08-06 | 2021-03-16 | Bank Of America Corporation | Automatic API integration |
US11563764B1 (en) | 2020-08-24 | 2023-01-24 | Tanium Inc. | Risk scoring based on compliance verification test results in a local network |
US11290549B2 (en) | 2020-08-24 | 2022-03-29 | Oracle International Corporation | Methods, systems, and computer readable media for optimized network function (NF) discovery and routing using service communications proxy (SCP) and NF repository function (NRF) |
US11153412B1 (en) * | 2020-08-26 | 2021-10-19 | Software Ag | Systems and/or methods for non-intrusive injection of context for service mesh applications |
US11483694B2 (en) | 2020-09-01 | 2022-10-25 | Oracle International Corporation | Methods, systems, and computer readable media for service communications proxy (SCP)-specific prioritized network function (NF) discovery and routing |
US11601474B2 (en) | 2020-09-28 | 2023-03-07 | Vmware, Inc. | Network virtualization infrastructure with divided user responsibilities |
US11381564B2 (en) * | 2020-10-09 | 2022-07-05 | Sap Se | Resource security integration platform |
WO2022074439A1 (en) * | 2020-10-09 | 2022-04-14 | Telefonaktiebolaget Lm Ericsson (Publ) | Overload protection for edge cluster using two tier reinforcement learning models |
US11677778B2 (en) * | 2020-10-19 | 2023-06-13 | Oracle International Corporation | Protecting data in non-volatile storages provided to clouds against malicious attacks |
US11570262B2 (en) | 2020-10-28 | 2023-01-31 | Oracle International Corporation | Methods, systems, and computer readable media for rank processing for network function selection |
US11726764B2 (en) | 2020-11-11 | 2023-08-15 | Nutanix, Inc. | Upgrade systems for service domains |
US11665221B2 (en) | 2020-11-13 | 2023-05-30 | Nutanix, Inc. | Common services model for multi-cloud platform |
US11444865B2 (en) | 2020-11-17 | 2022-09-13 | Vmware, Inc. | Autonomous distributed forwarding plane traceability based anomaly detection in application traffic for hyper-scale SD-WAN |
US11575600B2 (en) | 2020-11-24 | 2023-02-07 | Vmware, Inc. | Tunnel-less SD-WAN |
US11601356B2 (en) | 2020-12-29 | 2023-03-07 | Vmware, Inc. | Emulating packet flows to assess network links for SD-WAN |
US11792127B2 (en) | 2021-01-18 | 2023-10-17 | Vmware, Inc. | Network-aware load balancing |
US11470544B2 (en) | 2021-01-22 | 2022-10-11 | Oracle International Corporation | Methods, systems, and computer readable media for optimized routing of messages relating to existing network function (NF) subscriptions using an intermediate forwarding NF repository function (NRF) |
US11979325B2 (en) | 2021-01-28 | 2024-05-07 | VMware LLC | Dynamic SD-WAN hub cluster scaling with machine learning |
US11245748B1 (en) | 2021-02-24 | 2022-02-08 | International Business Machines Corporation | Proxied nodes in a container orchestration environment for scalable resource allocation |
US11736585B2 (en) | 2021-02-26 | 2023-08-22 | Nutanix, Inc. | Generic proxy endpoints using protocol tunnels including life cycle management and examples for distributed cloud native services and applications |
US11496954B2 (en) | 2021-03-13 | 2022-11-08 | Oracle International Corporation | Methods, systems, and computer readable media for supporting multiple preferred localities for network function (NF) discovery and selection procedures |
CN113312159A (en) * | 2021-03-30 | 2021-08-27 | 阿里巴巴新加坡控股有限公司 | Processing method and device for load balancing of Kubernetes cluster and storage medium |
US11582144B2 (en) | 2021-05-03 | 2023-02-14 | Vmware, Inc. | Routing mesh to provide alternate routes through SD-WAN edge forwarding nodes based on degraded operational states of SD-WAN hubs |
US12009987B2 (en) | 2021-05-03 | 2024-06-11 | VMware LLC | Methods to support dynamic transit paths through hub clustering across branches in SD-WAN |
US11729065B2 (en) | 2021-05-06 | 2023-08-15 | Vmware, Inc. | Methods for application defined virtual network service among multiple transport in SD-WAN |
US11888956B2 (en) | 2021-06-11 | 2024-01-30 | Microsoft Technology Licensing, Llc | Paginated data transfer techniques |
US11489720B1 (en) | 2021-06-18 | 2022-11-01 | Vmware, Inc. | Method and apparatus to evaluate resource elements and public clouds for deploying tenant deployable elements based on harvested performance metrics |
US12015536B2 (en) | 2021-06-18 | 2024-06-18 | VMware LLC | Method and apparatus for deploying tenant deployable elements across public clouds based on harvested performance metrics of types of resource elements in the public clouds |
US11895080B2 (en) | 2021-06-23 | 2024-02-06 | Oracle International Corporation | Methods, systems, and computer readable media for resolution of inter-network domain names |
CN113347269A (en) * | 2021-06-24 | 2021-09-03 | 江苏创源电子有限公司 | Data updating method of industrial system, electronic equipment and storage medium |
US11689642B2 (en) * | 2021-07-15 | 2023-06-27 | Cisco Technology, Inc. | Routing application control and data-plane traffic in support of cloud-native applications |
US12047282B2 (en) | 2021-07-22 | 2024-07-23 | VMware LLC | Methods for smart bandwidth aggregation based dynamic overlay selection among preferred exits in SD-WAN |
US11375005B1 (en) | 2021-07-24 | 2022-06-28 | Vmware, Inc. | High availability solutions for a secure access service edge application |
US11950178B2 (en) | 2021-08-03 | 2024-04-02 | Oracle International Corporation | Methods, systems, and computer readable media for optimized routing of service based interface (SBI) request messages to remote network function (NF) repository functions using indirect communications via service communication proxy (SCP) |
US12032855B2 (en) | 2021-08-06 | 2024-07-09 | Commvault Systems, Inc. | Using an application orchestrator computing environment for automatically scaled deployment of data protection resources needed for data in a production cluster distinct from the application orchestrator or in another application orchestrator computing environment |
US11943146B2 (en) | 2021-10-01 | 2024-03-26 | VMware LLC | Traffic prioritization in SD-WAN |
US11849506B2 (en) | 2021-10-08 | 2023-12-19 | Oracle International Corporation | Methods, systems, and computer readable media for routing inter-public land mobile network (inter-PLMN) messages related to existing subscriptions with network function (NF) repository function (NRF) using security edge protection proxy (SEPP) |
US12034752B2 (en) | 2021-10-20 | 2024-07-09 | Noname Gate Ltd | System and method for traffic-based computing interface misconfiguration detection |
US11373000B1 (en) * | 2021-10-22 | 2022-06-28 | Akoya LLC | Systems and methods for managing tokens and filtering data to control data access |
CN114048046B (en) * | 2021-11-08 | 2022-10-11 | 马上消费金融股份有限公司 | Service calling method and device and load balancing equipment |
US20230171099A1 (en) * | 2021-11-27 | 2023-06-01 | Oracle International Corporation | Methods, systems, and computer readable media for sharing key identification and public certificate data for access token verification |
CN114117401B (en) * | 2022-01-22 | 2022-05-27 | 深圳竹云科技股份有限公司 | API (application program interface) secure calling method, device, equipment and computer storage medium |
US11855956B2 (en) | 2022-02-15 | 2023-12-26 | Oracle International Corporation | Methods, systems, and computer readable media for providing network function (NF) repository function (NRF) with configurable producer NF internet protocol (IP) address mapping |
US20230289263A1 (en) * | 2022-03-14 | 2023-09-14 | Rubrik, Inc. | Hybrid data transfer model for virtual machine backup and recovery |
US11882057B2 (en) | 2022-03-28 | 2024-01-23 | Bank Of America Corporation | Pluggable cloud security system |
CN114827274B (en) * | 2022-04-15 | 2024-10-15 | 支付宝(杭州)信息技术有限公司 | Request processing method and device |
US11909815B2 (en) | 2022-06-06 | 2024-02-20 | VMware LLC | Routing based on geolocation costs |
US12107722B2 (en) | 2022-07-20 | 2024-10-01 | VMware LLC | Sharing network manager between multiple tenants |
US11972310B1 (en) * | 2023-01-16 | 2024-04-30 | Sap Se | Multi-resource operations in an analytics computing system |
WO2024176250A1 (en) * | 2023-02-24 | 2024-08-29 | Jio Platforms Limited | System and method for communicating 5g nas messages using short message service function |
US12057993B1 (en) | 2023-03-27 | 2024-08-06 | VMware LLC | Identifying and remediating anomalies in a self-healing network |
US12034587B1 (en) | 2023-03-27 | 2024-07-09 | VMware LLC | Identifying and remediating anomalies in a self-healing network |
KR102680984B1 (en) * | 2023-03-31 | 2024-07-04 | 쿠팡 주식회사 | Operating method for electronic apparatus for providing information and electronic apparatus supporting thereof |
CN116668465B (en) * | 2023-07-31 | 2023-10-03 | 成都卓拙科技有限公司 | Data synchronization method, device, computer equipment and storage medium |
Family Cites Families (133)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8078727B2 (en) | 1998-10-09 | 2011-12-13 | Netmotion Wireless, Inc. | Method and apparatus for providing mobile and other intermittent connectivity in a computing environment |
US6336117B1 (en) | 1999-04-30 | 2002-01-01 | International Business Machines Corporation | Content-indexing search system and method providing search results consistent with content filtering and blocking policies implemented in a blocking engine |
US6970913B1 (en) * | 1999-07-02 | 2005-11-29 | Cisco Technology, Inc. | Load balancing using distributed forwarding agents with application based feedback for different virtual machines |
US7743089B2 (en) | 1999-10-13 | 2010-06-22 | Intel Corporation | Method and system for dynamic application layer gateways |
AU4717901A (en) * | 1999-12-06 | 2001-06-25 | Warp Solutions, Inc. | System and method for dynamic content routing |
US7171475B2 (en) | 2000-12-01 | 2007-01-30 | Microsoft Corporation | Peer networking host framework and hosting API |
FI20010267A0 (en) | 2001-02-13 | 2001-02-13 | Stonesoft Oy | Synchronization of security gateway status information |
US7209962B2 (en) | 2001-07-30 | 2007-04-24 | International Business Machines Corporation | System and method for IP packet filtering based on non-IP packet traffic attributes |
US20030115292A1 (en) | 2001-10-24 | 2003-06-19 | Griffin Philip B. | System and method for delegated administration |
US7650416B2 (en) | 2003-08-12 | 2010-01-19 | Riverbed Technology | Content delivery for client-server protocols with user affinities using connection end-point proxies |
US20050027862A1 (en) | 2003-07-18 | 2005-02-03 | Nguyen Tien Le | System and methods of cooperatively load-balancing clustered servers |
US20050015471A1 (en) | 2003-07-18 | 2005-01-20 | Zhang Pu Paul | Secure cluster configuration data set transfer protocol |
US7426737B2 (en) * | 2004-01-26 | 2008-09-16 | Lucent Technologies Inc. | Method and apparatus for operating an open API network having a proxy |
US7716274B1 (en) * | 2004-04-14 | 2010-05-11 | Oracle America, Inc. | State data persistence in a distributed computing environment |
US8458467B2 (en) | 2005-06-21 | 2013-06-04 | Cisco Technology, Inc. | Method and apparatus for adaptive application message payload content transformation in a network infrastructure element |
US7515551B2 (en) | 2005-01-18 | 2009-04-07 | Cisco Technology, Inc. | Techniques for reducing adjacencies in a link-state network routing protocol |
US8886778B2 (en) * | 2005-04-29 | 2014-11-11 | Netapp, Inc. | System and method for proxying network management protocol commands to enable cluster wide management of data backups |
US7694011B2 (en) * | 2006-01-17 | 2010-04-06 | Cisco Technology, Inc. | Techniques for load balancing over a cluster of subscriber-aware application servers |
US8700800B2 (en) * | 2006-02-15 | 2014-04-15 | Tropos Networks, Inc. | Roaming of clients between gateways of clusters of a wireless mesh network |
US7783763B2 (en) * | 2006-06-06 | 2010-08-24 | International Business Machines Corporation | Managing stateful data in a partitioned application server environment |
US20080016339A1 (en) | 2006-06-29 | 2008-01-17 | Jayant Shukla | Application Sandbox to Detect, Remove, and Prevent Malware |
US20080276234A1 (en) * | 2007-04-02 | 2008-11-06 | Sugarcrm Inc. | Data center edition system and method |
US8079074B2 (en) * | 2007-04-17 | 2011-12-13 | Microsoft Corporation | Dynamic security shielding through a network resource |
US8782771B2 (en) | 2007-06-19 | 2014-07-15 | Rockwell Automation Technologies, Inc. | Real-time industrial firewall |
US8130747B2 (en) | 2007-08-06 | 2012-03-06 | Blue Coat Systems, Inc. | System and method of traffic inspection and stateful connection forwarding among geographically dispersed network appliances organized as clusters |
US8621573B2 (en) | 2007-08-28 | 2013-12-31 | Cisco Technology, Inc. | Highly scalable application network appliances with virtualized services |
US8908700B2 (en) | 2007-09-07 | 2014-12-09 | Citrix Systems, Inc. | Systems and methods for bridging a WAN accelerator with a security gateway |
US8533453B2 (en) | 2008-03-12 | 2013-09-10 | Go Daddy Operating Company, LLC | Method and system for configuring a server and dynamically loading SSL information |
US8339959B1 (en) * | 2008-05-20 | 2012-12-25 | Juniper Networks, Inc. | Streamlined packet forwarding using dynamic filters for routing and security in a shared forwarding plane |
US7925785B2 (en) * | 2008-06-27 | 2011-04-12 | Microsoft Corporation | On-demand capacity management |
US8453163B2 (en) | 2009-06-29 | 2013-05-28 | Software Ag Usa, Inc. | Systems and/or methods for policy-based JMS broker clustering |
WO2011025975A1 (en) | 2009-08-28 | 2011-03-03 | Zynga Game Network, Inc. | Apparatuses, methods and systems for a distributed object renderer |
US8645936B2 (en) * | 2009-09-30 | 2014-02-04 | Zynga Inc. | Apparatuses, methods and systems for an a API call abstractor |
US8601499B2 (en) | 2009-12-15 | 2013-12-03 | At&T Intellectual Property I, L.P. | Systems, methods and computer readable media for routing requests from an application |
US8700892B2 (en) | 2010-03-19 | 2014-04-15 | F5 Networks, Inc. | Proxy SSL authentication in split SSL for client-side proxy agent resources with content insertion |
US8880725B2 (en) * | 2010-05-26 | 2014-11-04 | Microsoft Corporation | Continuous replication for session initiation protocol based communication systems |
US8412810B1 (en) * | 2010-07-02 | 2013-04-02 | Adobe Systems Incorporated | Provisioning and managing a cluster deployed on a cloud |
US9342793B2 (en) | 2010-08-31 | 2016-05-17 | Red Hat, Inc. | Training a self-learning network using interpolated input sets based on a target output |
US8856350B2 (en) * | 2010-09-07 | 2014-10-07 | Microsoft Corporation | Efficient connection management and data synchronization |
US8756329B2 (en) * | 2010-09-15 | 2014-06-17 | Oracle International Corporation | System and method for parallel multiplexing between servers in a cluster |
US8819437B2 (en) * | 2010-09-30 | 2014-08-26 | Microsoft Corporation | Cryptographic device that binds an additional authentication factor to multiple identities |
JP5175915B2 (en) | 2010-10-29 | 2013-04-03 | 株式会社東芝 | Information processing apparatus and program |
US8499336B2 (en) * | 2010-11-23 | 2013-07-30 | Cisco Technology, Inc. | Session redundancy among a server cluster |
US8789138B2 (en) | 2010-12-27 | 2014-07-22 | Microsoft Corporation | Application execution in a restricted application execution environment |
US8949828B2 (en) | 2011-01-11 | 2015-02-03 | International Business Machines Corporation | Single point, scalable data synchronization for management of a virtual input/output server cluster |
US9141410B2 (en) * | 2011-03-08 | 2015-09-22 | Rackspace Us, Inc. | Pluggable allocation in a cloud computing system |
US20130205028A1 (en) * | 2012-02-07 | 2013-08-08 | Rackspace Us, Inc. | Elastic, Massively Parallel Processing Data Warehouse |
US8898091B2 (en) | 2011-05-11 | 2014-11-25 | Ari M. Frank | Computing situation-dependent affective response baseline levels utilizing a database storing affective responses |
US9047441B2 (en) | 2011-05-24 | 2015-06-02 | Palo Alto Networks, Inc. | Malware analysis system |
US8973088B1 (en) | 2011-05-24 | 2015-03-03 | Palo Alto Networks, Inc. | Policy enforcement using host information profile |
US8892665B1 (en) | 2011-05-24 | 2014-11-18 | Palo Alto Networks, Inc. | Encrypted peer-to-peer detection |
US8954786B2 (en) * | 2011-07-28 | 2015-02-10 | Oracle International Corporation | Failover data replication to a preferred list of instances |
US10091028B2 (en) | 2011-08-17 | 2018-10-02 | Nicira, Inc. | Hierarchical controller clusters for interconnecting two or more logical datapath sets |
US9344494B2 (en) * | 2011-08-30 | 2016-05-17 | Oracle International Corporation | Failover data replication with colocation of session state data |
WO2013086225A1 (en) | 2011-12-06 | 2013-06-13 | Seven Networks, Inc. | A mobile device and method to utilize the failover mechanisms for fault tolerance provided for mobile traffic management and network/device resource conservation |
WO2013103897A1 (en) | 2012-01-05 | 2013-07-11 | Adept Cloud, Inc. | System and method for decentralized online data transfer and synchronization |
US9350644B2 (en) | 2012-04-13 | 2016-05-24 | Zscaler. Inc. | Secure and lightweight traffic forwarding systems and methods to cloud based network security systems |
US9027024B2 (en) * | 2012-05-09 | 2015-05-05 | Rackspace Us, Inc. | Market-based virtual machine allocation |
US10097642B2 (en) * | 2012-05-29 | 2018-10-09 | Openet Telecom Ltd. | System and method for using VoLTE session continuity information using logical scalable units |
US9898317B2 (en) * | 2012-06-06 | 2018-02-20 | Juniper Networks, Inc. | Physical path determination for virtual network packet flows |
US9794219B2 (en) | 2012-06-15 | 2017-10-17 | Citrix Systems, Inc. | Systems and methods for ARP resolution over an asynchronous cluster network |
US9231892B2 (en) * | 2012-07-09 | 2016-01-05 | Vmware, Inc. | Distributed virtual switch configuration and state management |
US9344458B2 (en) | 2012-07-16 | 2016-05-17 | eZuce, Inc. | Providing unified communications services |
US8904224B2 (en) * | 2012-07-20 | 2014-12-02 | International Business Machines Corporation | Providing replication and fail-over as a network service in data centers |
US8613089B1 (en) | 2012-08-07 | 2013-12-17 | Cloudflare, Inc. | Identifying a denial-of-service attack in a cloud-based proxy service |
US9563480B2 (en) * | 2012-08-21 | 2017-02-07 | Rackspace Us, Inc. | Multi-level cloud computing system |
US20140149605A1 (en) * | 2012-11-26 | 2014-05-29 | Saravana Annamalaisami | Systems and methods for dictionary based compression |
US10394611B2 (en) * | 2012-11-26 | 2019-08-27 | Amazon Technologies, Inc. | Scaling computing clusters in a distributed computing system |
US9979739B2 (en) * | 2013-01-16 | 2018-05-22 | Palo Alto Networks (Israel Analytics) Ltd. | Automated forensics of computer systems using behavioral intelligence |
US8990942B2 (en) * | 2013-02-18 | 2015-03-24 | Wipro Limited | Methods and systems for API-level intrusion detection |
US9699034B2 (en) | 2013-02-26 | 2017-07-04 | Zentera Systems, Inc. | Secure cloud fabric to connect subnets in different network domains |
US20140258771A1 (en) | 2013-03-06 | 2014-09-11 | Fortinet, Inc. | High-availability cluster architecture and protocol |
US20140280595A1 (en) * | 2013-03-15 | 2014-09-18 | Polycom, Inc. | Cloud Based Elastic Load Allocation for Multi-media Conferencing |
US9692820B2 (en) | 2013-04-06 | 2017-06-27 | Citrix Systems, Inc. | Systems and methods for cluster parameter limit |
US9038015B1 (en) | 2013-04-23 | 2015-05-19 | Clearblade, Inc. | System and method for creating a development and operational platform for mobile applications |
US9430534B2 (en) * | 2013-05-09 | 2016-08-30 | Wipro Limited | Systems and methods for improved security and precision in executing analytics using SDKS |
US9519518B2 (en) * | 2013-05-15 | 2016-12-13 | Citrix Systems, Inc. | Systems and methods for deploying a spotted virtual server in a cluster system |
US9537756B2 (en) * | 2013-06-10 | 2017-01-03 | Check Point Software Technologies Ltd | Method for synchronized BGP and VRRP failover of a network device in a network |
US9110864B2 (en) * | 2013-06-25 | 2015-08-18 | International Business Machines Corporation | Fault tolerance solution for stateful applications |
US9461967B2 (en) | 2013-07-18 | 2016-10-04 | Palo Alto Networks, Inc. | Packet classification for network routing |
CN103442049B (en) | 2013-08-22 | 2016-08-31 | 浪潮电子信息产业股份有限公司 | The mixed clouds operating system architecture of a kind of component-oriented and communication means thereof |
US9280665B2 (en) | 2013-09-13 | 2016-03-08 | Airwatch Llc | Fast and accurate identification of message-based API calls in application binaries |
US9547581B2 (en) | 2013-10-01 | 2017-01-17 | Wipro Limited | Systems and methods for fixing software defects in a binary or executable file |
WO2015066604A1 (en) * | 2013-11-04 | 2015-05-07 | Crypteia Networks S.A. | Systems and methods for identifying infected network infrastructure |
US9210183B2 (en) * | 2013-12-19 | 2015-12-08 | Microsoft Technology Licensing, Llc | Detecting anomalous activity from accounts of an online service |
US9264347B2 (en) | 2013-12-27 | 2016-02-16 | Dell Products L.P. | N-node virtual link trunking (VLT) systems control plane |
US9276815B2 (en) | 2013-12-27 | 2016-03-01 | Dell Products L.P. | N-node virtual link trunking (VLT) systems management plane |
US8929856B1 (en) | 2014-02-07 | 2015-01-06 | Cassidian Communications, Inc. | Emergency services routing proxy cluster management |
US10057378B2 (en) | 2014-02-10 | 2018-08-21 | Bigcommerce Pty. Ltd. | Systems and methods for API rate limiting and distribution |
US20150312102A1 (en) | 2014-02-18 | 2015-10-29 | Seven Networks, Inc. | Policy management for signaling optimization in a wireless network for traffic utilizing proprietary and non-proprietary protocols |
WO2015128613A1 (en) | 2014-02-28 | 2015-09-03 | British Telecommunications Public Limited Company | Malicious encrypted network traffic identification |
US10025873B2 (en) | 2014-04-18 | 2018-07-17 | Walmart Apollo, Llc | System and method for storing and processing database requests |
US10205760B2 (en) | 2014-05-05 | 2019-02-12 | Citrix Systems, Inc. | Task coordination in distributed systems |
US9413560B2 (en) | 2014-05-15 | 2016-08-09 | Cisco Technology, Inc. | Differentiated quality of service using security as a service |
US10530854B2 (en) | 2014-05-30 | 2020-01-07 | Box, Inc. | Synchronization of permissioned content in cloud-based environments |
US10439953B2 (en) * | 2014-06-23 | 2019-10-08 | Oracle International Corporation | System and method for partition migration in a multitenant application server environment |
US10044795B2 (en) * | 2014-07-11 | 2018-08-07 | Vmware Inc. | Methods and apparatus for rack deployments for virtual computing environments |
US20160011732A1 (en) | 2014-07-11 | 2016-01-14 | Shape Security, Inc. | Disrupting automated attacks on client-server interactions using polymorphic application programming interfaces |
US20160057173A1 (en) * | 2014-07-16 | 2016-02-25 | Genband Us Llc | Media Playback Synchronization Across Multiple Clients |
US10324702B2 (en) | 2014-09-12 | 2019-06-18 | Microsoft Israel Research And Development (2002) Ltd. | Cloud suffix proxy and a method thereof |
TWI590617B (en) | 2014-09-16 | 2017-07-01 | 科勞簡尼克斯股份有限公司 | Flexibly defined communication network controller based control, operations and management of networks |
US10362059B2 (en) | 2014-09-24 | 2019-07-23 | Oracle International Corporation | Proxy servers within computer subnetworks |
US9935829B1 (en) * | 2014-09-24 | 2018-04-03 | Amazon Technologies, Inc. | Scalable packet processing service |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US20160092297A1 (en) | 2014-09-29 | 2016-03-31 | Digital River, Inc. | API Gateway System and Method |
EP3210367B1 (en) * | 2014-10-23 | 2020-07-22 | Telefonaktiebolaget LM Ericsson (publ) | System and method for disaster recovery of cloud applications |
EP3234791A4 (en) | 2014-12-16 | 2018-07-11 | Entit Software LLC | Determining permissible activity based on permissible activity rules |
US9775008B2 (en) * | 2015-01-14 | 2017-09-26 | Kodiak Networks, Inc. | System and method for elastic scaling in a push to talk (PTT) platform using user affinity groups |
US9800549B2 (en) | 2015-02-11 | 2017-10-24 | Cisco Technology, Inc. | Hierarchical clustering in a geographically dispersed network environment |
US9959109B2 (en) * | 2015-04-10 | 2018-05-01 | Avigilon Corporation | Upgrading a physical security system having multiple server nodes |
US9853996B2 (en) * | 2015-04-13 | 2017-12-26 | Secful, Inc. | System and method for identifying and preventing malicious API attacks |
US9923768B2 (en) | 2015-04-14 | 2018-03-20 | International Business Machines Corporation | Replicating configuration between multiple geographically distributed servers using the rest layer, requiring minimal changes to existing service architecture |
US9848041B2 (en) * | 2015-05-01 | 2017-12-19 | Amazon Technologies, Inc. | Automatic scaling of resource instance groups within compute clusters |
US10291726B2 (en) * | 2015-05-12 | 2019-05-14 | Equinix, Inc. | Network field unit for a cloud-based services exchange |
US9948703B2 (en) | 2015-05-14 | 2018-04-17 | Twilio, Inc. | System and method for signaling through data storage |
US10701037B2 (en) | 2015-05-27 | 2020-06-30 | Ping Identity Corporation | Scalable proxy clusters |
AU2016204072B2 (en) | 2015-06-17 | 2017-08-03 | Accenture Global Services Limited | Event anomaly analysis and prediction |
US9699205B2 (en) | 2015-08-31 | 2017-07-04 | Splunk Inc. | Network security system |
US10320905B2 (en) * | 2015-10-02 | 2019-06-11 | Oracle International Corporation | Highly available network filer super cluster |
US10726491B1 (en) | 2015-12-28 | 2020-07-28 | Plaid Inc. | Parameter-based computer evaluation of user accounts based on user account data stored in one or more databases |
US10498857B2 (en) | 2016-03-29 | 2019-12-03 | Amazon Technologies, Inc. | System interaction monitoring and component scaling |
US10938781B2 (en) | 2016-04-22 | 2021-03-02 | Sophos Limited | Secure labeling of network flows |
US10270788B2 (en) | 2016-06-06 | 2019-04-23 | Netskope, Inc. | Machine learning based anomaly detection |
US20180046475A1 (en) | 2016-08-11 | 2018-02-15 | Twitter, Inc. | Detecting scripted or otherwise anomalous interactions with social media platform |
US10587580B2 (en) | 2016-10-26 | 2020-03-10 | Ping Identity Corporation | Methods and systems for API deception environment and API traffic control and security |
WO2018124672A1 (en) | 2016-12-28 | 2018-07-05 | Samsung Electronics Co., Ltd. | Apparatus for detecting anomaly and operating method for the same |
KR101966514B1 (en) | 2017-03-23 | 2019-04-05 | 한국과학기술원 | Apparatus, method and computer program for malware detection of software defined network |
US10511574B2 (en) | 2017-03-31 | 2019-12-17 | Hyland Software, Inc. | Methods and apparatuses for utilizing a gateway integration server to enhance application security |
US11074067B2 (en) | 2017-07-27 | 2021-07-27 | Tibco Software Inc. | Auto-generation of application programming interface (API) documentation via implementation-neutral analysis of API traffic |
CN109561226B (en) | 2017-09-26 | 2020-06-26 | 华为技术有限公司 | API (application program interface) mixed multi-tenant routing method and system and API gateway |
EP3471007B1 (en) | 2017-10-13 | 2022-02-23 | Ping Identity Corporation | Methods and apparatus for analyzing sequences of application programming interface traffic to identify potential malicious actions |
US10601942B2 (en) | 2018-04-12 | 2020-03-24 | Pearson Management Services Limited | Systems and methods for automated module-based content provisioning |
EP3678348A1 (en) | 2019-01-04 | 2020-07-08 | Ping Identity Corporation | Methods and systems for data traffic based adpative security |
-
2016
- 2016-05-25 US US15/164,512 patent/US10701037B2/en active Active
- 2016-05-25 US US15/164,587 patent/US10193867B2/en active Active
- 2016-05-25 US US15/164,555 patent/US10834054B2/en active Active
-
2018
- 2018-07-31 US US16/051,026 patent/US20180337894A1/en not_active Abandoned
- 2018-07-31 US US16/050,915 patent/US10666621B2/en active Active
- 2018-07-31 US US16/050,996 patent/US20180337893A1/en not_active Abandoned
- 2018-07-31 US US16/050,958 patent/US10484337B2/en active Active
-
2019
- 2019-11-18 US US16/686,885 patent/US11140135B2/en active Active
-
2020
- 2020-05-22 US US16/881,376 patent/US11641343B2/en active Active
-
2021
- 2021-10-01 US US17/491,946 patent/US11582199B2/en active Active
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11140135B2 (en) | 2015-05-27 | 2021-10-05 | Ping Identity Corporation | Scalable proxy clusters |
US10666621B2 (en) | 2015-05-27 | 2020-05-26 | Ping Identity Corporation | Methods and systems for API proxy based adaptive security |
US10484337B2 (en) | 2015-05-27 | 2019-11-19 | Ping Identity Corporation | Scalable proxy clusters |
US11641343B2 (en) | 2015-05-27 | 2023-05-02 | Ping Identity Corporation | Methods and systems for API proxy based adaptive security |
US10701037B2 (en) | 2015-05-27 | 2020-06-30 | Ping Identity Corporation | Scalable proxy clusters |
US11582199B2 (en) | 2015-05-27 | 2023-02-14 | Ping Identity Corporation | Scalable proxy clusters |
US10834054B2 (en) | 2015-05-27 | 2020-11-10 | Ping Identity Corporation | Systems and methods for API routing and security |
US11924170B2 (en) | 2016-10-26 | 2024-03-05 | Ping Identity Corporation | Methods and systems for API deception environment and API traffic control and security |
US11075885B2 (en) | 2016-10-26 | 2021-07-27 | Ping Identity Corporation | Methods and systems for API deception environment and API traffic control and security |
US10587580B2 (en) | 2016-10-26 | 2020-03-10 | Ping Identity Corporation | Methods and systems for API deception environment and API traffic control and security |
US11411923B2 (en) | 2016-10-26 | 2022-08-09 | Ping Identity Corporation | Methods and systems for deep learning based API traffic security |
US10681012B2 (en) | 2016-10-26 | 2020-06-09 | Ping Identity Corporation | Methods and systems for deep learning based API traffic security |
US11855968B2 (en) | 2016-10-26 | 2023-12-26 | Ping Identity Corporation | Methods and systems for deep learning based API traffic security |
US10699010B2 (en) | 2017-10-13 | 2020-06-30 | Ping Identity Corporation | Methods and apparatus for analyzing sequences of application programming interface traffic to identify potential malicious actions |
US11783033B2 (en) | 2017-10-13 | 2023-10-10 | Ping Identity Corporation | Methods and apparatus for analyzing sequences of application programming interface traffic to identify potential malicious actions |
US11263321B2 (en) | 2017-10-13 | 2022-03-01 | Ping Identity Corporation | Methods and apparatus for analyzing sequences of application programming interface traffic to identify potential malicious actions |
US11496475B2 (en) | 2019-01-04 | 2022-11-08 | Ping Identity Corporation | Methods and systems for data traffic based adaptive security |
US11843605B2 (en) | 2019-01-04 | 2023-12-12 | Ping Identity Corporation | Methods and systems for data traffic based adaptive security |
US11516116B2 (en) * | 2020-03-30 | 2022-11-29 | EMC IP Holding Company LLC | Domain name system multipathing distributed applications |
Also Published As
Publication number | Publication date |
---|---|
US10701037B2 (en) | 2020-06-30 |
US20180337892A1 (en) | 2018-11-22 |
US10484337B2 (en) | 2019-11-19 |
US11140135B2 (en) | 2021-10-05 |
US20160352588A1 (en) | 2016-12-01 |
US11641343B2 (en) | 2023-05-02 |
US11582199B2 (en) | 2023-02-14 |
US20170012941A1 (en) | 2017-01-12 |
US20160352867A1 (en) | 2016-12-01 |
US20180337893A1 (en) | 2018-11-22 |
US10193867B2 (en) | 2019-01-29 |
US10834054B2 (en) | 2020-11-10 |
US20200336467A1 (en) | 2020-10-22 |
US20200162433A1 (en) | 2020-05-21 |
US20220021656A1 (en) | 2022-01-20 |
US10666621B2 (en) | 2020-05-26 |
US20180337891A1 (en) | 2018-11-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20180337894A1 (en) | Scalable proxy clusters | |
US10218782B2 (en) | Routing of communications to one or more processors performing one or more services according to a load balancing function | |
US11385975B2 (en) | Systems and methods for enabling a highly available managed failover service | |
US9659075B2 (en) | Providing high availability in an active/active appliance cluster | |
US10547693B2 (en) | Security device capability discovery and device selection | |
CN107204901B (en) | Computer system for providing and receiving state notice | |
US11341005B2 (en) | Systems and methods for enabling a highly available managed failover service | |
WO2006074023A2 (en) | Scalable distributed storage and delivery | |
US12052175B2 (en) | Controlling a destination of network traffic | |
US10291607B1 (en) | Providing real-time events to applications | |
US20210218590A1 (en) | Virtual Meetings In Ad-Hoc Networks | |
EP3095229B1 (en) | Method and nodes for configuring a communication path for a media service | |
US11582325B2 (en) | Systems and methods for routing remote application data | |
Lin et al. | WEBridge: west–east bridge for distributed heterogeneous SDN NOSes peering | |
EP3923548B1 (en) | Multilayer decentralised server network | |
US11792287B2 (en) | Broker cell for distributed message system | |
Shih et al. | Service recovery for large scale distributed publish and subscription services for cyber-physical systems and disaster management |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: PING IDENTITY CORPORATION, COLORADO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ELASTIC BEAM, LLC;REEL/FRAME:047492/0758 Effective date: 20180412 Owner name: ELASTIC BEAM, LLC, CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:ELASTIC BEAM INC.;REEL/FRAME:047512/0842 Effective date: 20180405 Owner name: ELASTIC BEAM, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SUBBARAYAN, UDAYAKUMAR;HARGUINDEGUY, BERNARD;GOPALAKRISHNAN, ANOOP KRISHNAN;AND OTHERS;REEL/FRAME:047492/0731 Effective date: 20180328 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |