SYSTEMS AND METHODS FOR AAA-TRAFFIC MANAGEMENT INFORMATION SHARING ACROSS CORES IN A MULTI-CORE SYSTEM

US 20110154443A1
Filed: 12/22/2010
Published: 06/23/2011
Est. Priority Date: 12/23/2009
Status: Active Grant

First Claim

Patent Images

1. A method of propagating authentication session information to a plurality of cores of a multi-core device, the method comprising:

a) establishing, by an authentication virtual server executing on a first core of a plurality of cores of a device intermediary to a plurality of clients and one or more servers, a session for a user, the authentication virtual server authenticating the session;

b) receiving, by a traffic management virtual server executing on a second core of the plurality of cores, a first request to access a server of the one or more servers via the session;

c) identifying, by the traffic management virtual server responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session;

d) sending, by the second core to the first core, a second request for data for the session identified by the identifier; and

e) receiving, by the second core from the first core, a response to the second request, the response identifying whether the session is valid.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for propagating authentication session information to a plurality of cores of a multi-core device includes establishing, by an authentication virtual server executing on a first core of a device intermediary to at least one client and server, a session for a user, the authentication virtual server authenticating the session. A traffic management virtual server executes on a second core of device, and receives a request to access a server via the session. The traffic management virtual server may identify, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session. The second core may send to the first core a request for data for the session identified by the identifier. The second core may receive from the first core a response to the second request identifying whether the session is valid.

Citations

20 Claims

1. A method of propagating authentication session information to a plurality of cores of a multi-core device, the method comprising:
- a) establishing, by an authentication virtual server executing on a first core of a plurality of cores of a device intermediary to a plurality of clients and one or more servers, a session for a user, the authentication virtual server authenticating the session;
  
  b) receiving, by a traffic management virtual server executing on a second core of the plurality of cores, a first request to access a server of the one or more servers via the session;
  
  c) identifying, by the traffic management virtual server responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session;
  
  d) sending, by the second core to the first core, a second request for data for the session identified by the identifier; and
  
  e) receiving, by the second core from the first core, a response to the second request, the response identifying whether the session is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises setting, by the authentication virtual server, a cookie for the session, the cookie comprising a domain session cookie.
  - 3. The method of claim 1, wherein step (c) further comprises determining, by the traffic management virtual server, that the session is not stored in memory local to the second core.
  - 4. The method of claim 1, wherein step (c) further comprises decoding, by the second core, a core identifier of the first core encoded in the identifier of the session.
  - 5. The method of claim 1, wherein step (d) comprises generating, by the second core, a core-to-core message specifying the identifier of the session.
  - 6. The method of claim 1, wherein step (e) further comprises receiving, by the second core from the first core, the response comprising a failure message identifying that the first core determined the identifier of the session is invalid.
  - 7. The method of claim 1, wherein step (e) further comprises receiving, by the second core from the first core, the response comprising data to create the session on the requesting core.
  - 8. The method of claim 7, further comprising creating, by the second core, the session in memory local to the second core.
  - 9. The method of claim 7, further comprising determining, by the second core, that the cookie for the session received from the first core, is invalid and responsive to the determination, sending a redirect to the authentication virtual server.
  - 10. The method of claim 1, wherein step (e) further comprises receiving, by the second core from the first core, the response comprising a successful message and responsive to the successful message, performing a local session lookup using the identifier of the session.

11. A system for propagating authentication session information via a plurality of cores of a multi-core device, the system comprising:
- a device intermediary to a plurality of clients and one or more servers, the device comprising a plurality of cores;
  
  an authentication virtual server executing on a first core of the plurality of cores establishing a session for a user, the authentication virtual server authenticating the session;
  
  a traffic management virtual server, executing on a second core of the plurality of cores, receiving a first request to access a server of the one or more servers via the session, and identifying, responsive to a determination that the session is not stored by the second core, from an identifier of the session that the first core established the session;
  
  wherein the second core sends to the first core, a second request for data for the session identified by the identifier; and
  
  receives from the first core, a response to the second request, the response identifying whether the session is valid.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the authentication virtual server sets a cookie for the session, the cookie comprising a domain session cookie.
  - 13. The system of claim 11, wherein the traffic management virtual server determines that the session is not stored in memory local to the second core.
  - 14. The system of claim 11, wherein the second core decodes a core identifier of the first core encoded in the identifier of the session.
  - 15. The system of claim 11, wherein the second core generates a core-to-core message specifying the identifier of the session.
  - 16. The system of claim 11, wherein the second core receives from the first core the response comprising a failure message identifying that the first core determined the identifier of the session is invalid.
  - 17. The system of claim 11, wherein the second core receives from the first core the response comprising data to create the session on the requesting core.
  - 18. The method of claim 17, wherein the second core creates the session in memory local to the second core.
  - 19. The system of claim 17, wherein the second core determines that the cookie for the session received from the first core, is invalid and responsive to the determination, sending a redirect to the authentication virtual server.
  - 20. The system of claim 11, wherein the second core receives from the first core the response comprising a successful message and responsive to the successful message, performing a local session lookup using the identifier of the session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Agarwal, Puneet, Li, Rui, THAKUR, RAVINDRANATH, Kumar, Arkesh

Granted Patent

US 8,667,575 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/41 where a single sign-on prov...

SYSTEMS AND METHODS FOR AAA-TRAFFIC MANAGEMENT INFORMATION SHARING ACROSS CORES IN A MULTI-CORE SYSTEM

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR AAA-TRAFFIC MANAGEMENT INFORMATION SHARING ACROSS CORES IN A MULTI-CORE SYSTEM

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links