A virtual private network (VPN) server connected to a client device within a VPN obtains data for delivery to the client device. The VPN server selects a data stream from a set of data streams of the VPN connection with the client device, where each data stream of the set of data streams has a different encryption context. The VPN server generates a data packet based on the data such that the data packet is encrypted using the encryption context specific to the selected data stream. The VPN server transmits the data packets to the client device via the selected data stream.

A method including retrieving, by a processor associated with a virtual private network (VPN) server, an initial operating system stored in a non-volatile memory, the initial operating system being associated with the VPN server providing VPN services; storing, by the processor, the initial operating system in a volatile memory; executing, by the processor, the initial operating system from the volatile memory to obtain a VPN operating system; storing, by the processor, the VPN operating system in the volatile memory; and executing, by the processor, the VPN operating system from the volatile memory to provide the VPN services. Various other aspects are contemplated.

A communication/collaboration system enables a first user at a first entity to define a collaboration object, and to invite a second entity to collaborate on the collaboration object in accordance with a hierarchy with corresponding permissions. A second user at a second entity is enabled to collaborate on the collaboration object. A communications log regarding the collaboration between the first user and the second user is maintained. A communications log between the first user and other users at the first entity is maintained. A communication interface is displayed on the first user computer system that displays the log of communications between the first user and the second user on the collaboration object, together with the log of communications regarding the collaboration object between the first user and other users at the first entity, and excluding communications regarding the collaboration object between the second user and other users at the second entity.

A system for managing and controlling a mesh VPN includes a management computing platform, a control computing platform, teleworker computing subsystems, and an office computing subsystem. The management computing platform provides deployment and management services to an organization for operation of a mesh VPN in a WAN in accordance with a service profile. The mesh VPN includes a hub node and a plurality of end nodes. Each end node communicates with the VPN hub node and with other end nodes via peer-to-peer paths. The control computing platform is the hub node and provide a control service for operation of the mesh VPN based on the service profile. The teleworker and office computing subsystems are end nodes. Various methods for operation of the computing platforms and subsystems in the mesh VPN are also provided.

Methods and systems for cross cluster replication are provided. Exemplary methods include: periodically requesting by a follower cluster history from a leader cluster, the history including at least one operation and sequence number pair, the operation having changed data in a primary shard of the leader cluster; receiving history and a first global checkpoint from the leader cluster; when a difference between the first global checkpoint and a second global checkpoint exceeds a user-defined value, concurrently making multiple additional requests for history from the leader cluster; and when a difference between the first global checkpoint and the second global checkpoint is less than a user-defined value, executing the at least one operation, the at least one operation changing data in a primary shard of the follower cluster, such that an index of the follower cluster replicates an index of the leader cluster.

Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

An apparatus and method for a power-efficient framework to maintain data synchronization of a mobile personal computer (MPC) are described. In one embodiment, the method includes the detection of a data synchronization wakeup event while the MPC is operating according to a sleep state. Subsequent to wakeup event, at least one system resource is disabled to provide a minimum number of system resources required to re-establish a network connection. In one embodiment, user data from a network server is synchronized on the MPC without user intervention; the mobile platform system resumes operation according to the sleep state. In one embodiment, a wakeup alarm is programmed according to a user history profile regarding received e-mails. In a further embodiment, data synchronizing involves disabling a display, and throttling the system processor to operate at a reduced frequency. Other embodiments are described and claimed.

A discovery computing system may receive an account identifier (ID) and a set of credentials required to access a first service account. The discovery computing system may transmit a first API query to a remote computing system. The discovery computing system may receive an organization identifier (ID) of the organization from the remote computing system. The discovery computing system may further transmit a second API query to the remote computing system. The discovery computing system may be further configured to receive information about a set of projects, in the organization, from the remote computing system. The discovery computing system may further generate a set of service accounts and further determine the set of resources, in the remote computing system, associated with each of the generated set of service accounts. The discovery computing system may further store the determined set of resources, as configuration items in a persistent storage.

A system, a method, and a computer program are provided for securely connecting a main network to one or more subnetworks in an enterprise network through a group of enterprise routers has all data traffic routed between the main network and the subnetwork through an encrypted virtual private network (VPN) tunnel. The data traffic is monitored for a cyberthreat indication in the enterprise network, and any cyberthreat indication is has the cyberthreat remediated by modifying a policy in a firewall or one of the group of enterprise routers to stop routing exchange or cease encryption or transmission of data between the main network and the one or more subnetworks. In part, a key server and each router and the group of enterprise routers is configured with an Internet Protocol address, a group security association value, and a group profile which are employed by the technological solution for secure enterprise connectivity.

In one embodiment, a service receives a device registration request sent by an endpoint device, wherein the endpoint device executes an onboarding agent that causes the endpoint device to send the device registration request via a cellular connection to a private access point name (APN) associated with the service. The service verifies that a network address of the endpoint device from which the device registration request was sent is associated with an integrated circuit card identifier (ICCID) or international mobile equipment identity (IMEI) indicated by the device registration request. The service identifies a tenant identifier associated with the ICCID or IMEI. The service sends, based on the tenant identifier, a device registration response to the endpoint device via the private APN.