Systems and methods for bypassing an appliance
First Claim
1. A method for bypassing by a client an appliance gateway used for communicating to a server upon determining the appliance gateway is not useable to communicate to the server, the method comprising the steps of:
- establishing, by a client agent, a first transport layer connection between a client and a first appliance, the first appliance providing access to a server;
receiving, by the client agent from the first appliance, an application routing table identifying a plurality of client applications and, for each client application, at least one alternate network destination of another appliance;
establishing, by the client agent, a second transport layer connection between the client and a second appliance, the second appliance identified in the application routing table as an alternate network destination for a first application executing on the client, the client agent intercepting a first communication directed to the server from the first application responsive to the first application being identified in the application routing table;
establishing, by the client agent, a third transport layer connection between the client and a third appliance, the third appliance identified in the application routing table as an alternate network destination for a second application executing on the client, the client agent intercepting a second communication directed to the server from the second application responsive to the second application being identified in the application routing table;
communicating, by the client agent on behalf of the first application and the second application, with the server via the first transport layer connection between the client and the first appliance, while maintaining the second transport layer connection and the third transport layer connection;
monitoring, by the client agent via the respective transport layer connection, a status of the first appliance, a status of the second appliance, and a status of the server;
determining, by the client agent via monitoring, (i) the status of the first appliance indicates the first appliance is not useable by the client to communicate to the server, (ii) the status of the second appliance indicates the second appliance is useable by the client to communicate to the server, and (iii) the status of the server indicates the server is available; and
communicating, by the client agent automatically in response to the determination, with the server via the second transport layer connection on behalf of the first application, and communicating with the server via the third transport layer connection on behalf of the second application, to bypass the first appliance.
7 Assignments
0 Petitions
Accused Products
Abstract
Methods for redirecting, on a client, a communication of the client to a server to upon determining the server is not useable to communicate to the client include the steps of: establishing, by an client agent on a client, a transport layer connection between the client and an intermediary appliance, the intermediary appliance providing access to one or more servers; receiving, by the client agent from the intermediary appliance, address information identifying at least one of the one or more servers available to communicate; determining, by the client agent, the transport layer connection is unusable to communicate; establishing, by the client agent, a second transport layer connection between the client and one of the identified available servers to bypass the appliance. Corresponding systems are also described.
155 Citations
19 Claims
-
1. A method for bypassing by a client an appliance gateway used for communicating to a server upon determining the appliance gateway is not useable to communicate to the server, the method comprising the steps of:
-
establishing, by a client agent, a first transport layer connection between a client and a first appliance, the first appliance providing access to a server; receiving, by the client agent from the first appliance, an application routing table identifying a plurality of client applications and, for each client application, at least one alternate network destination of another appliance; establishing, by the client agent, a second transport layer connection between the client and a second appliance, the second appliance identified in the application routing table as an alternate network destination for a first application executing on the client, the client agent intercepting a first communication directed to the server from the first application responsive to the first application being identified in the application routing table; establishing, by the client agent, a third transport layer connection between the client and a third appliance, the third appliance identified in the application routing table as an alternate network destination for a second application executing on the client, the client agent intercepting a second communication directed to the server from the second application responsive to the second application being identified in the application routing table; communicating, by the client agent on behalf of the first application and the second application, with the server via the first transport layer connection between the client and the first appliance, while maintaining the second transport layer connection and the third transport layer connection; monitoring, by the client agent via the respective transport layer connection, a status of the first appliance, a status of the second appliance, and a status of the server; determining, by the client agent via monitoring, (i) the status of the first appliance indicates the first appliance is not useable by the client to communicate to the server, (ii) the status of the second appliance indicates the second appliance is useable by the client to communicate to the server, and (iii) the status of the server indicates the server is available; and communicating, by the client agent automatically in response to the determination, with the server via the second transport layer connection on behalf of the first application, and communicating with the server via the third transport layer connection on behalf of the second application, to bypass the first appliance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for bypassing by a client an appliance gateway used for communicating to a server upon determining the appliance gateway is not useable to communicate to the server, the system comprising:
-
a first appliance for providing one or more clients access to a server; and a client, executing; a client agent configured for; receiving from the first appliance an application routing table comprising identifying a plurality of client applications and, for each client application, at least one alternate network destination of another appliance, establishing a first transport layer connection between the client and the first appliance, establishing a second transport layer connection between the client and a second appliance, the second appliance identified in the application routing table as an alternate network destination for a first application executing on the client, the client agent intercepting a first communication directed to the server from the first application responsive to the first application being identified in the application routing table, establishing a third transport layer connection between the client and a third appliance, the third appliance identified in the application routing table as an alternate network destination for a second application executing on the client, the client agent intercepting a second communication directed to the server from the second application responsive to the second application being identified in the application routing table, and communicating on behalf of the first application and the second application with the server via the first transport layer connection between the client and the first appliance, while maintaining the second transport layer connection and the third transport layer connection; and a monitor of the client agent configured for; monitoring a status of the first appliance, a status of the second appliance, and a status of the server, and determining (i) the status of the first appliance indicates the first appliance is not useable by the client to communicate to the server, (ii) the status of the second appliance indicates the second appliance is useable by the client to communicate to the server, and (iii) the status of the server indicates the server is available; wherein the client agent communicates automatically in response to the determination by the monitor with the server via the second transport layer connection on behalf of the first application, and communicates with the server via the third transport layer connection on behalf of the second application to bypass the first appliance. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for bypassing by a client an appliance used for communicating to a server upon determining the appliance is not useable to communicate to the server, the method comprising:
-
establishing, by a client agent executing on a client, a first virtual private network (VPN) connection with a first appliance to communicate via the first appliance to a server; receiving, by the client agent from the first appliance, an application routing table identifying a plurality of client applications and, for each client application, at least one alternate network destination of another appliance; intercepting, by the client agent, a first communication directed to the server from a first application executing on the client, responsive to the first application being identified in the application routing table; establishing, by the client agent, a second VPN connection with a second appliance to communicate to the server, responsive to identification in the application routing table of the second appliance as an alternate network destination for the first application; transmitting, by the client agent, the first communication via the first VPN connection, while maintaining the second VPN connection; intercepting, by the client agent, a second communication directed to the server from a second application executing on the client, responsive to the second application being identified in the application routing table; establishing, by the client agent, a third VPN connection with a third appliance distinct from the second appliance to communicate to the server, responsive to identification in the application routing table of the third appliance as an alternate network destination for the second application; transmitting, by the client agent, the second communication via the first VPN connection, while maintaining the third VPN connection; intercepting, by the client agent, a third communication directed to the server from the first application and a fourth communication directed to the server from the second application; determining, by the client agent, responsive to monitoring a status of the first appliance, that the first appliance is not useable to communicate to the server; and transmitting the intercepted third communication via the second VPN connection and the intercepted fourth communication via the third VPN connection.
-
Specification