Highly scalable architecture for application network appliances
First Claim
1. A method comprising:
- at a client host machine, establishing a secure control channel for data traffic between the client host machine and a gateway device;
negotiating security parameters with the gateway device;
downloading a policy from the gateway device via the secure control channel;
analyzing the policy to identify portions of the data traffic that is to be sent over the secure control channel;
selecting the portions of the data traffic for transmission over the secure channel based on the analyzing;
encrypting payloads of the selected portions of the data traffic; and
establishing a proxy connection to provide a security service for the selected portions of the data traffic.
0 Assignments
0 Petitions
Accused Products
Abstract
A highly scalable application network appliance is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second service module coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network to access a server of a data center having multiple servers over a second network, the first service module is configured to perform a first portion of OSI (open system interconnection) compatible layers of network processes on the packets while the second service module is configured to perform a second portion of the OSI compatible layers of network processes on the packets. The first portion includes at least one OSI compatible layer that is not included in the second portion. Other methods and apparatuses are also described.
-
Citations
20 Claims
-
1. A method comprising:
-
at a client host machine, establishing a secure control channel for data traffic between the client host machine and a gateway device; negotiating security parameters with the gateway device; downloading a policy from the gateway device via the secure control channel; analyzing the policy to identify portions of the data traffic that is to be sent over the secure control channel; selecting the portions of the data traffic for transmission over the secure channel based on the analyzing; encrypting payloads of the selected portions of the data traffic; and establishing a proxy connection to provide a security service for the selected portions of the data traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more computer-readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to:
-
establish a secure control channel for data traffic between a client host machine and a gateway device; negotiate security parameters with the gateway device; download a policy from the gateway device via the secure control channel; analyze the policy to identify portions of the data traffic that is to be sent over the secure control channel; select the portions of the data traffic for transmission over the secure channel based on the analysis of the policy; encrypt payloads of the selected portions of the data traffic; and establish a proxy connection to provide a security service for the selected portions of the data traffic. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a network interface unit configured to enable communications over a network; and a processor configured to execute instructions associated with an application server and an agent server, and configured to; establish a secure control channel for data traffic between a client host machine and a gateway device; negotiate security parameters with the gateway device; download a policy from the gateway device via the secure control channel; analyze the policy to identify portions of the data traffic that is to be sent over the secure control channel; select the portions of the data traffic for transmission over the secure channel based on the analysis of the policy; encrypt payloads of the selected portions of the data traffic; and establish a proxy connection to provide a security service for the selected portions of the data traffic. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification