Method and system for providing remote access to resources in a secure data center over a network
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-009/00
G06F-015/16
G06F-017/00
출원번호
US-0755736
(2007-05-31)
등록번호
US-8141143
(2012-03-20)
발명자
/ 주소
Lee, Jaushin
출원인 / 주소
Imera Systems, Inc.
대리인 / 주소
Dergosits & Noah LLP
인용정보
피인용 횟수 :
17인용 특허 :
2
초록▼
Methods, computer products, and systems are described for providing remote access to resources in a secure data center protected by at least one firewall. One method includes sending by an internal server within the secure data center a request to an external server outside of the secure data center
Methods, computer products, and systems are described for providing remote access to resources in a secure data center protected by at least one firewall. One method includes sending by an internal server within the secure data center a request to an external server outside of the secure data center to establish a secure data transport channel between the internal server and the external server. The request travels through at least one firewall protecting the secure data center and over a public network, a private network, and/or a second firewall. The internal server receives a reply to the request from the external server granting the request and confirming the establishment of the secure data transport channel. When a first message from the external server instructing the internal server to create a first data access point associated with a first session is received via the established secure data transport channel, the internal server instantiates the first data access point for the first session and visual data corresponding to the resources in the secure data center is sent from the first data access point to the external server via the secure data transport channel. The visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center.
대표청구항▼
1. A method for providing remote access to resources in a secure data center protected by at least one firewall, the method comprising: sending by an internal server within the secure data center a request to an external server outside of the secure data center through the at least one firewall prot
1. A method for providing remote access to resources in a secure data center protected by at least one firewall, the method comprising: sending by an internal server within the secure data center a request to an external server outside of the secure data center through the at least one firewall protecting the secure data center and at least one of a public network, a private network, and a second firewall, the request for establishing a secure data transport channel between the internal server and the external server;receiving by the internal server a reply to the request from the external server, the reply granting the request and confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the internal server and the external server over at least one of the public network, the private network, and the second firewall and through the at least one firewall protecting the secure data center;receiving by the internal server a first message from the external server via the established secure data transport channel, the first message including an instruction to create a first data access point associated with a first session;in response to receiving the first message, instantiating the first data access point for the first session;sending from the first data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center;receiving by the internal server a second message from the external server via the established secure data transport channel, the second message including a control command from the first client and associated with the first session, wherein the control command includes one or more mouse actions;routing the control command to the first data access point for the first session;processing the control command by the first data access point;sending from the first data access point visual data corresponding to a result of the processing of the control command to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to the first client;at least one of recording the control command in a command log and recording the visual data corresponding to the result of the processing of the control command in a result log; andstoring at least one of the command log and the result log for auditing purposes. 2. The method of claim 1 wherein processing the control command by the first data access point includes: sending, by the first data access point, an instruction based on the control command to at least one resource identified in the second message via a secure internal network, wherein the secure internal network supports internal TCP/IP network traffic between the first data access point and the resources; andreceiving, from the at least one identified resource, the result of the processing of the instruction via the secure internal network, wherein all internal TCP/IP network traffic received by the first data access point from the at least one identified resource terminates at the first data access point. 3. The method of claim 1 wherein prior to transmitting the request to establish the secure data transport channel, the method further includes: identifying and locating the external server, wherein the external server is associated with the internal server. 4. The method of claim 1 further including: receiving by the internal server a second message from the external server via the established secure data transport channel, the second message including an instruction to create a second data access point associated with a second session;in response to receiving the second message, instantiating the second data access point for the second session; andtransmitting from the second data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to a second client associated with the second session so that the second client is provided visual access to the resources in the secure data center. 5. The method of claim 1 wherein instantiating the first data access point for the first session includes: determining which resources a first client associated with the first session is authorized to access; andtransmitting visual data corresponding to authorized resources in the secure data center to the external server via the secure data transport channel, wherein the resources include enterprise computer systems, applications, data bases, and network equipment. 6. A non-transitory computer readable medium containing a computer program, executable by a machine, for providing remote access to resources in a secure data center protected by at least one firewall, the computer program comprising executable instructions for: sending by an internal server within the secure data center a request to an external server outside of the secure data center through the at least one firewall protecting the secure data center and at least one of a public network, a private network, and a second firewall, the request for establishing a secure data transport channel between the internal server and the external server;receiving by the internal server a reply to the request from the external server, the reply granting the request and confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the internal server and the external server over at least one of the public network, the private network, and the second firewall and through the at least one firewall protecting the secure data center;receiving by the internal server a first message from the external server via the established secure data transport channel, the first message including an instruction to create a first data access point associated with a first session;instantiating the first data access point for the first session in response to receiving the first message;sending from the first data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center;receiving by the internal server a second message from the external server via the established secure data transport channel, the second message including a control command from the first client and associated with the first session, wherein the control command includes one or more mouse actions;routing the control command to the first data access point for the first session;processing the control command by the first data access point;sending from the first data access point visual data corresponding to a result of the processing of the control command to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to the first client;at least one of recording the control command in a command log and recording the visual data corresponding to the result of the processing of the control command in a result log; andstoring at least one of the command log and the result log for auditing purposes. 7. The computer readable medium of claim 6 wherein the instructions for processing the control command by the first data access point include: sending, by the first data access point, an instruction based on the control command to at least one resource identified in the second message via a secure internal network, wherein the secure internal network supports internal TCP/IP network traffic between the first data access point and the resources; andreceiving, from the at least one identified resource, the result of the processing of the instruction via the secure internal network, wherein all internal TCP/IP network traffic received by the first data access point from the at least one identified resource terminates at the first data access point.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (2)
Shaw, Andrew; McEwen, Michael Thomas; Burgess, Karl Richard, Authentication of tunneled connections.
Karaoguz, Jeyhan; Behzad, Arya; Buer, Mark; MacInnis, Alexander G.; Quigley, Thomas; Walley, John, System and method for allocating spare system resources.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.