Systems and methods for bypassing an appliance

US 8,677,007 B2
Filed: 08/03/2006
Issued: 03/18/2014
Est. Priority Date: 08/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for bypassing by a client an appliance gateway used for communicating to a server upon determining the appliance gateway is not useable to communicate to the server, the method comprising the steps of:

establishing, by a client agent, a first transport layer connection between a client and a first appliance, the first appliance providing access to a server;

receiving, by the client agent from the first appliance, an application routing table identifying a plurality of client applications and, for each client application, at least one alternate network destination of another appliance;

establishing, by the client agent, a second transport layer connection between the client and a second appliance, the second appliance identified in the application routing table as an alternate network destination for a first application executing on the client, the client agent intercepting a first communication directed to the server from the first application responsive to the first application being identified in the application routing table;

establishing, by the client agent, a third transport layer connection between the client and a third appliance, the third appliance identified in the application routing table as an alternate network destination for a second application executing on the client, the client agent intercepting a second communication directed to the server from the second application responsive to the second application being identified in the application routing table;

communicating, by the client agent on behalf of the first application and the second application, with the server via the first transport layer connection between the client and the first appliance, while maintaining the second transport layer connection and the third transport layer connection;

monitoring, by the client agent via the respective transport layer connection, a status of the first appliance, a status of the second appliance, and a status of the server;

determining, by the client agent via monitoring, (i) the status of the first appliance indicates the first appliance is not useable by the client to communicate to the server, (ii) the status of the second appliance indicates the second appliance is useable by the client to communicate to the server, and (iii) the status of the server indicates the server is available; and

communicating, by the client agent automatically in response to the determination, with the server via the second transport layer connection on behalf of the first application, and communicating with the server via the third transport layer connection on behalf of the second application, to bypass the first appliance.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for redirecting, on a client, a communication of the client to a server to upon determining the server is not useable to communicate to the client include the steps of: establishing, by an client agent on a client, a transport layer connection between the client and an intermediary appliance, the intermediary appliance providing access to one or more servers; receiving, by the client agent from the intermediary appliance, address information identifying at least one of the one or more servers available to communicate; determining, by the client agent, the transport layer connection is unusable to communicate; establishing, by the client agent, a second transport layer connection between the client and one of the identified available servers to bypass the appliance. Corresponding systems are also described.

155 Citations

19 Claims

1. A method for bypassing by a client an appliance gateway used for communicating to a server upon determining the appliance gateway is not useable to communicate to the server, the method comprising the steps of:
- establishing, by a client agent, a first transport layer connection between a client and a first appliance, the first appliance providing access to a server;
  
  receiving, by the client agent from the first appliance, an application routing table identifying a plurality of client applications and, for each client application, at least one alternate network destination of another appliance;
  
  establishing, by the client agent, a second transport layer connection between the client and a second appliance, the second appliance identified in the application routing table as an alternate network destination for a first application executing on the client, the client agent intercepting a first communication directed to the server from the first application responsive to the first application being identified in the application routing table;
  
  establishing, by the client agent, a third transport layer connection between the client and a third appliance, the third appliance identified in the application routing table as an alternate network destination for a second application executing on the client, the client agent intercepting a second communication directed to the server from the second application responsive to the second application being identified in the application routing table;
  
  communicating, by the client agent on behalf of the first application and the second application, with the server via the first transport layer connection between the client and the first appliance, while maintaining the second transport layer connection and the third transport layer connection;
  
  monitoring, by the client agent via the respective transport layer connection, a status of the first appliance, a status of the second appliance, and a status of the server;
  
  determining, by the client agent via monitoring, (i) the status of the first appliance indicates the first appliance is not useable by the client to communicate to the server, (ii) the status of the second appliance indicates the second appliance is useable by the client to communicate to the server, and (iii) the status of the server indicates the server is available; and
  
  communicating, by the client agent automatically in response to the determination, with the server via the second transport layer connection on behalf of the first application, and communicating with the server via the third transport layer connection on behalf of the second application, to bypass the first appliance.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, comprises establishing, by the client agent, via one of the first appliance and the second appliance an SSL connection to the server.
  - 3. The method of claim 1, comprising monitoring, by the client agent, the status of the third appliance.
  - 4. The method of claim 1, further comprising monitoring, by the client agent subsequent to communicating with the server via the second transport layer connection, the status of the second appliance and the status of the server.
  - 5. The method of claim 4, further comprising:
    - determining, by the client agent via monitoring, (i) the status of the second appliance indicates the second appliance is not useable by the client to communicate to the server and (ii) the status of the server indicates the server is available; and
      
      communicating, by the client agent automatically in response to the determination, with the server via the third transport layer connection on behalf of the first application.
  - 6. The method of claim 1, comprising performing, by one of the first appliance, second appliance, or the client agent, one of the following acceleration techniques on communications transmitted via one of the first transport layer connection or second transport layer connection:
    - compression;
      
      TCP connection pooling;
      
      TCP connection multiplexing;
      
      TCP buffering; and
      
      caching.
  - 7. The method of claim 1, comprising executing, by the client agent, transparently to one of a network layer, a session layer, or application layer of a network stack of the client.
  - 8. The method of claim 1, comprising executing, by the client, the client agent, transparently to one of an application or a user of the client.
  - 9. The method of claim 1, comprising identifying, by the client agent, the server by intercepting a network communication of the client.

10. A system for bypassing by a client an appliance gateway used for communicating to a server upon determining the appliance gateway is not useable to communicate to the server, the system comprising:
- a first appliance for providing one or more clients access to a server; and
  
  a client, executing;
  
  a client agent configured for;
  
  receiving from the first appliance an application routing table comprising identifying a plurality of client applications and, for each client application, at least one alternate network destination of another appliance,establishing a first transport layer connection between the client and the first appliance,establishing a second transport layer connection between the client and a second appliance, the second appliance identified in the application routing table as an alternate network destination for a first application executing on the client, the client agent intercepting a first communication directed to the server from the first application responsive to the first application being identified in the application routing table,establishing a third transport layer connection between the client and a third appliance, the third appliance identified in the application routing table as an alternate network destination for a second application executing on the client, the client agent intercepting a second communication directed to the server from the second application responsive to the second application being identified in the application routing table, andcommunicating on behalf of the first application and the second application with the server via the first transport layer connection between the client and the first appliance, while maintaining the second transport layer connection and the third transport layer connection; and
  
  a monitor of the client agent configured for;
  
  monitoring a status of the first appliance, a status of the second appliance, and a status of the server, anddetermining (i) the status of the first appliance indicates the first appliance is not useable by the client to communicate to the server, (ii) the status of the second appliance indicates the second appliance is useable by the client to communicate to the server, and (iii) the status of the server indicates the server is available;
  
  wherein the client agent communicates automatically in response to the determination by the monitor with the server via the second transport layer connection on behalf of the first application, and communicates with the server via the third transport layer connection on behalf of the second application to bypass the first appliance.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the client agent establishes via the one of the first appliance and the second appliance an SSL connection to the server.
  - 12. The system of claim 10, wherein the monitor monitors the status of the third appliance.
  - 13. The system of claim 10, wherein the monitor, subsequent to the client agent communicating with the server via the second transport layer connection, monitors the status of the second appliance and the status of the server.
  - 14. The system of claim 13, wherein the monitor determines (i) the status of the second appliance indicates the second appliance is not useable by the client to communicate to the server and (ii) the status of the server indicates the server is available, and the client agent communicates with the server via the third transport layer connection on behalf of the first application, automatically in response to the determination.
  - 15. The system of claim 10, wherein one of the first appliance, second appliance, or the client agent performs one of the following acceleration techniques on communications transmitted via one of the first transport layer connection or second transport layer connection:
    - compression;
      
      TCP connection pooling;
      
      TCP connection multiplexing;
      
      TCP buffering; and
      
      caching.
  - 16. The system of claim 10, wherein the client agent executes transparently to one of a network layer, a session layer, or application layer of a network stack of the client.
  - 17. The system of claim 10, wherein the client agent executes, transparently to one of an application or a user of the client.
  - 18. The system of claim 10, wherein the client agent identifies the server by intercepting a network communication of the client.

19. A method for bypassing by a client an appliance used for communicating to a server upon determining the appliance is not useable to communicate to the server, the method comprising:
- establishing, by a client agent executing on a client, a first virtual private network (VPN) connection with a first appliance to communicate via the first appliance to a server;
  
  receiving, by the client agent from the first appliance, an application routing table identifying a plurality of client applications and, for each client application, at least one alternate network destination of another appliance;
  
  intercepting, by the client agent, a first communication directed to the server from a first application executing on the client, responsive to the first application being identified in the application routing table;
  
  establishing, by the client agent, a second VPN connection with a second appliance to communicate to the server, responsive to identification in the application routing table of the second appliance as an alternate network destination for the first application;
  
  transmitting, by the client agent, the first communication via the first VPN connection, while maintaining the second VPN connection;
  
  intercepting, by the client agent, a second communication directed to the server from a second application executing on the client, responsive to the second application being identified in the application routing table;
  
  establishing, by the client agent, a third VPN connection with a third appliance distinct from the second appliance to communicate to the server, responsive to identification in the application routing table of the third appliance as an alternate network destination for the second application;
  
  transmitting, by the client agent, the second communication via the first VPN connection, while maintaining the third VPN connection;
  
  intercepting, by the client agent, a third communication directed to the server from the first application and a fourth communication directed to the server from the second application;
  
  determining, by the client agent, responsive to monitoring a status of the first appliance, that the first appliance is not useable to communicate to the server; and
  
  transmitting the intercepted third communication via the second VPN connection and the intercepted fourth communication via the third VPN connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
He, Junxiao, Suganthi, Josephine, Verzunov, Sergey, Shetty, Anil, Venkatraman, Charu
Primary Examiner(s)
Feild, Lynn
Assistant Examiner(s)
COX, NATISHA D

Application Number

US11/462,202
Publication Number

US 20080034072A1
Time in Patent Office

2,784 Days
Field of Search

709/238
US Class Current

709/232
CPC Class Codes

H04L 41/06   Management of faults, event...

H04L 41/5009   Determining service level p...

H04L 43/0811   by checking connectivity

H04L 67/1001   for accessing one among a p...

H04L 67/1008   based on parameters of serv...

H04L 67/1012   based on compliance of requ...

H04L 67/1029   using data related to the s...

Systems and methods for bypassing an appliance

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for bypassing an appliance

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others