Methods for dynamically constructing a service principal name and devices thereof
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/16
H04L-012/24
H04L-029/06
출원번호
US-0731119
(2012-12-31)
등록번호
US-10230566
(2019-03-12)
발명자
/ 주소
Jain, Amit
Martynenko, Konstantin
Costlow, Jeff
Holmes, David
출원인 / 주소
F5 Networks, Inc.
대리인 / 주소
LeClairRyan PLLC
인용정보
피인용 횟수 :
0인용 특허 :
352
초록▼
A system, medium and method for dynamically constructing a service principal name is disclosed. A client request from a user to access a service is received at a network traffic management device which identifies an internet protocol (IP) address of a selected backend server to provide the requested
A system, medium and method for dynamically constructing a service principal name is disclosed. A client request from a user to access a service is received at a network traffic management device which identifies an internet protocol (IP) address of a selected backend server to provide the requested service to the client. The network traffic management device identifies a hostname of the selected backend server based at least on the identified IP address and dynamically generates a service principal name (SPN) of the selected backend server based on the determined host name. The network traffic management device obtains a service ticket from a domain controller server using at least the generated SPN of the selected backend server. The network traffic management device uses the obtained service ticket along with the client request to provide the user access to the selected backend server for the client request.
대표청구항▼
1. A method for managing access to services implemented by a network traffic management system comprising one or more network traffic management devices, client devices, backend server devices, or domain controller server devices, the method comprising: selecting one of a plurality of backend server
1. A method for managing access to services implemented by a network traffic management system comprising one or more network traffic management devices, client devices, backend server devices, or domain controller server devices, the method comprising: selecting one of a plurality of backend servers to provide a service to a client, and identifying an Internet protocol (IP) address of the selected server, in response to a received request from the client to access the service;performing a reverse domain name system (DNS) lookup with a DNS server using the identified IP address to determine a hostname of the selected server;dynamically generating a service principal name (SPN) of the selected server based on the hostname determined via the reverse DNS lookup;sending a ticket granting service (TGS) request to a domain controller server, wherein the TGS request is generated using the dynamically generated SPN and a previously obtained ticket granting ticket (TGT);andproviding access to the selected server to the client using a service ticket obtained in response to the TGS request and comprising the SPN. 2. The method of claim 1 further comprising: performing a load balancing technique for the request; andselecting the server to handle the request based on the load balancing technique. 3. The method of claim 1 wherein the generating the SPN further comprises modifying a preconfigured pattern by replacing one or more format sequences in the preconfigured pattern and applying the preconfigured pattern to the determined hostname of the selected server to convert one or more portions of the hostname to the SPN. 4. The method of claim 1 further comprising: modifying the received client request by attaching the obtained service ticket in a header of the request; andforwarding the modified request to the selected server to facilitate decrypting the modified request to confirm an identity associated with the client and providing access to the selected server to the client. 5. A non-transitory computer readable medium having stored thereon instructions for managing access to services comprising executable code which when executed by at least one processor, causes the processor to: select one of a plurality of servers to provide a service to a client, and identify an Internet protocol (IP) address of the selected server, in response to a received request from the client to access the service;perform a reverse domain name system (DNS) lookup with a DNS server using the identified IP address to determine a hostname of the selected server;dynamically generate a service principal name (SPN) of the selected server based on the hostname determined via the reverse DNS lookup;send a ticket granting service (TGS) request to a domain controller server, wherein the TGS request is generated using the dynamically generated SPN and a previously obtained ticket granting ticket (TGT);andprovide access to the selected server to the client using a service ticket obtained in response to the TGS request and comprising the SPN. 6. The non-transitory computer readable medium of claim 5, wherein the executable code when executed by the processor further causes the processor to: perform a load balancing technique for the request; andselect the server to handle the request based on the load balancing technique. 7. The non-transitory computer readable medium of claim 5, wherein the executable code when executed by the processor further causes the processor to modify a preconfigured pattern by replacing one or more format sequences in the preconfigured pattern and apply the preconfigured pattern to the determined hostname of the selected server to convert one or more portions of the hostname to the SPN. 8. The non-transitory computer readable medium of claim 5, wherein the executable code when executed by the processor further causes the processor to: modify the received request by attaching the obtained service ticket in a header of the request; andforward the modified client request to the selected server to facilitate decrypting the modified request to confirm an identity associated with the client and providing access to the selected server to the client. 9. A network traffic management device comprising a memory comprising programmed instructions stored thereon and at least one processor configured to be capable of executing the stored programmed instructions to: select one of a plurality of backend servers to provide a service to a client, and identify an Internet protocol (IP) address of the selected server, in response to a received request from the client to access the service;perform a reverse domain name system (DNS) lookup with a DNS server using the identified IP address to determine a hostname of the selected server;dynamically generate a service principal name (SPN) of the selected server based on the hostname determined via the reverse DNS lookup;send a ticket granting service (TGS) request to a domain controller server, wherein the TGS request is generated using the dynamically generated SPN and a previously obtained ticket granting ticket (TGT);andprovide access to the selected server to the client using a service ticket obtained in response to the TGS request and comprising the SPN. 10. The network traffic management device of claim 9, wherein the processor is further configured to be capable of executing the stored programmed instructions to: perform a load balancing technique for the request; andselect the server to handle the request based on the load balancing technique. 11. The network traffic management device of claim 9, wherein the processor is further configured to be capable of executing the stored programmed instructions to modify preconfigured pattern by replacing one or more format sequences in the preconfigured pattern and apply the preconfigured pattern to the determined hostname of the selected server to convert one or more portions of the hostname to the SPN. 12. The network traffic management device of claim 9, wherein the processor is further configured to be capable of executing the stored programmed instructions to: modify the received request by attaching the obtained service ticket in a header of the request; andforward the modified request to the selected server to facilitate decrypting the modified request to confirm an identity associated with the client and providing access to the selected server to the client. 13. A network traffic management system, comprising one or more traffic management devices, client devices, server devices, or domain controller server devices, the network traffic management system comprising memory comprising programmed instructions stored thereon and at least one processor configured to be capable of executing the stored programmed instructions to: select one of a plurality of backend servers to provide a service to a client, and identify an Internet protocol (IP) address of the selected server, in response to a received request from the client to access the service;perform a reverse domain name system (DNS) lookup with a DNS server using the identified IP address to determine a hostname of the selected server;dynamically generate a service principal name (SPN) of the selected server based on the hostname determined via the reverse DNS lookup;send a ticket granting service (TGS) request to a domain controller server, wherein the TGS request is generated using the dynamically generated SPN and a previously obtained ticket granting ticket (TGT);andprovide access to the selected server to the client using a service ticket obtained in response to the TGS request and comprising the SPN. 14. The system of claim 13, wherein the processor is further configured to be capable of executing the stored programmed instructions to: perform a load balancing technique for the request; andselect the backend server to handle the request based on the load balancing technique. 15. The system of claim 13, wherein the processor is further configured to be capable of executing the stored programmed instructions to modify a preconfigured pattern by replacing one or more format sequences in the preconfigured pattern and apply the preconfigured pattern to the determined hostname of the selected server to convert one or more portions of the hostname to the SPN. 16. The system of claim 13, wherein the processor is further configured to be capable of executing the stored programmed instructions to: modify the received client request by attaching the obtained service ticket in a header of the request; andforward the modified client request to the selected server to facilitate decrypting the modified request to confirm an identity associated with the client and providing access to the selected server to the client.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (352)
Wobber, Edward P.; Birrell, Andrew; Abadi, Martin, Access control based on program properties.
Kim, Hye-Jeong, Apparatus and method for controlling slotted mode of several systems using one sleep controller in a hybrid terminal of a mobile communication system.
Susai, Michel K.; Sinha, Rajiv; Shetty, Anil, Apparatus, method and computer program product for efficiently pooling connections between clients and servers.
Sohn Sung Won,KRX ; Doh Yoon Mi,KRX ; Kim Jong Oh,KRX, Asynchronous transfer mode (ATM) layer function processing apparatus with an enlarged structure.
Schmidt,Donald E.; Van Dyke,Clifford P.; Leach,Paul J.; Garg,Praerit; Satagopan,Murli D., Authentication and authorization across autonomous network systems.
Sathaye Shirish S. (North Chelmsford MA) Hannigan Brendan (West Newton MA) Hawe William R. (Pepperell MA), Automatic assignment of addresses in a computer communications network.
Chow Yen-whei ; Hayes-Roth Frederick A. ; Jacobstein Neil A. ; Manley James E. ; McMahan Christopher B., Automatic retrieval of changed files by a network software agent.
Yang Henry S. (Andover MA) Sathaye Shirish S. (North Chelmsford MA) Ben-Nun Michael (Jerusalem ILX) De-Leon Moshe (Jerusalem ILX) Ben-Michael Simoni (Givaat Zeev ILX), Buffer descriptor prefetch in network and I/O design.
Dunlap, David Alexander; Saraf, Tal; Maniscalco, Nicholas J.; Redman, Benjamin W. S.; Slot, Martin Cornelis Frederik; Marshall, Bradley E., Client based opportunistic routing.
Murashita Kimitaka,JPX, Compression/decompression of tags in markup documents by creating a tag code/decode table based on the encoding of tags in a DTD included in the documents.
Richardson, David R.; Marshall, Bradley E.; Sivasubramanian, Swaminathan; Saraf, Tal, DNS query processing using resource identifiers specifying an application broker.
Fitzgerald Albion J. (Ridgewood NJ) Fitzgerald Joseph J. (New Paltz NY), Distributed computer network including hierarchical resource information structure and related method of distributing re.
Dobbins Kurt ; Grant Thomas A. ; Ruffen David J. ; Kane Laura ; Len Theodore ; Andlauer Philip ; Bahi David H. ; Yohe Kevin ; Fee Brendan ; Oliver Chris ; Cullerot David L. ; Skubisz Michael, Distributed connection-oriented services for switched communications networks.
Shi Shaw-Ben ; Ault Michael Bradford ; Plassmann Ernst Robert ; Rich Bruce Arland ; Rosiles Mickella Ann ; Shrader Theodore Jack London, Distributed file system web server user authentication with cookies.
Couland Ghislaine,FRX ; Hunt Guerney Douglass Holloway ; Levy-Abegnoli Eric Michel,FRX ; Jean-Marie Mauduit Daniel Georges,FRX, Distributed scalable device for selecting a server from a server cluster and a switched path to the selected server.
Frank Steven J. (Hopkinton MA) Burkhardt ; III Henry (Manchester MA) Rothnie James B. (Brookline MA) Epstein David I. (Boxborough MA) Morss Stephen W. (Somerville MA) Kelly Dana R. (Westland MA) Bind, Dynamic packet routing network.
Erickson, Grant M.; Logue, Jay D.; Boross, Christopher A.; Smith, Zachary B.; Hardison, Osborne B.; Schultz, Richard J.; Gujjaru, Sunny P.; Neeley, Matthew G., Efficient communication for devices of a home network.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Handling packet fragments in a distributed network service environment.
Tokuyo, Masanaga; Nakagawa, Itaru; Chikuma, Satoru; Fujino, Nobutsugu; Taniguchi, Tetsuya; Hisanaga, Takanori; Chikada, Michiyasu; Kuwata, Daisuke, IP router device having a TCP termination function and a medium thereof.
Nisbet, James Donald; Wiese, James Christopher; Reizes, David Alexander; Hoyt, Stephen Crosby, Inferring document and content sensitivity from public account accessibility.
Snyder, II, Wilson P.; Tompkins, Joseph B.; Lussier, Daniel J., Integrated circuit that processes communication packets with scheduler circuitry having multiple priority levels.
Slaughter, Gregory L.; Saulpaugh, Thomas E.; Traversat, Bernard A.; Abdelaziz, Mohamed M., Mechanism and apparatus for returning results of services in a distributed computing environment.
Shorey, Rajev; Saran, Huzur; Kamra, Abhinav; Kapila, Sundeep; Khurana, Varun; Yadav, Vikas, Method an congestion control system to allocate bandwidth of a link to dataflows.
Sengupta, Uttam; Gandhi, Prashant; Varshney, Shobhit; Joshi, Mandar; Thakkar, Shreekant, Method and apparatus for a power-efficient framework to maintain data synchronization of a mobile personal computer to simulate a connected scenario.
Daniel Arthur A. (Rochester MN) Moore Robert E. (Durham NC) Anderson Catherine J. (Raleigh NC) Gelm Thomas J. (Raleigh NC) Kiter Raymond F. (Poughkeepsie NY) Meeham John P. (Raleigh NC) Stevenson Joh, Method and apparatus for communication network alert message construction.
Pani, Diana; Marinier, Paul; Cave, Christopher R., Method and apparatus for layer 2 processing and creation of protocol data units for wireless communications.
Attanasio Clement R. (Peekskill NY) Smith Stephen E. (Mahopac NY), Method and apparatus for making a cluster of computers appear as a single host on a network.
David M. Brownell ; Pavani Diwanji ; Neguine Navab ; Peter Vanderbilt, Method and apparatus for managing connections for communication among objects in a distributed object system.
Mao, Jianchang; Mukherjee, Rajat; Raghavan, Prabhakar; Tsaparas, Panayiotis, Method and apparatus for merging result lists from multiple search engines.
Wendt James Gordon ; Clough James Eugene ; Beninga John David, Method and apparatus for providing increased content from a resource constrained device.
Chou Stephen T. ; Fenger Russell J. ; Kumar Mohan J. ; Lortz Victor B. ; Manny Benjamin L. ; Travnicek Mil ; Wang Chih-Kan, Method and apparatus for providing unattended on-demand availability of a computer system.
Mohaban, Shai; Parnafes, Itzhak; Ramberg, Yoram; Snir, Yoram; Strassner, John, Method and apparatus for storing policies for policy-based management of network quality of service.
Tang, Wenting; Cherkasova, Ludmila; Russell, Lance Warren, Method and system for a front-end modular transmission control protocol (TCP) handoff design in a streams based transmission control protocol/internet protocol (TCP/IP) implementation.
Walter A. Hubis ; William G. Deitz, Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access .
Colby Steven ; Krawczyk John J. ; Nair Raj Krishnan ; Royce Katherine ; Siegel Kenneth P. ; Stevens Richard C. ; Wasson Scott, Method and system for directing a flow between a client and a server.
Waldspurger, Carl; Craig, Michael; Dharan, Ramesh; Kambo, Rajit S.; Mann, Timothy P.; Muckle, Stephen A.; Weissman, Boris; Zedlewski, John, Method and system for improving the accuracy of timing and process accounting within virtual machines.
Pardee,Peter; Dillon,Douglas; Border,John; Bartlett,Nigel, Method and system for integrating performance enhancing functions in a virtual private network (VPN).
Linville John Walter ; Makrucki Brad Alan ; Suffern Edward Stanley ; Warren Jeffrey Robert, Method and system for monitoring and controlling data flow in a network congestion state by changing each calculated pause time by a random amount.
Leighton Frank T. (459 Chestnut Hill Ave. Newtonville MA) Micali Silvio (459 Chestnut Hill Ave. Brookline MA 02146), Method for enabling users of a cryptosystem to generate and use a private pair key for enciphering communications betwee.
Zhang,Hui; de la Iglesia,Erik; Gomez,Miguel; Liu,Liang; Lowe,Rick K.; Wallace,Mark Aaron; Wang,Wei, Method of and system for allocating resources to resource requests.
Wang, Wei; Zhang, Hui; De La Iglesia, Erik; Lowe, Ricky K.; Tran, Kiet; Wallace, Mark Aaron, Method of and system for allocating resources to resource requests based on application of persistence policies.
Choquier Philippe,FRX ; Peyroux Jean-Francios ; Griffin William J., Method of redirecting a client service session to a second application server without interrupting the session by forwa.
DeSimone Antonio ; Shur David Hilton ; Sibal Sandeep, Method of transferring connection management information in world wideweb requests and responses.
Shukla, Amit; Venkatramani, Anjan, Methods and apparatus for provisioning at a network device in response to a virtual resource migration notification.
Lowell, Jr., George Michael, Methods for inlining content externally referenced in a web page prior to providing the web page to a requestor and devices thereof.
Kanode, Mark Edward; Marsico, Peter J., Methods, systems, and computer readable media for providing dynamic origination-based routing key registration in a diameter network.
Craig, Jeffrey Alan; Kanode, Mark Edward; Karmarkar, Kedar Kashinath; Sprague, David Michael; Tomar, Mahesh; Wallace, Donald E., Methods, systems, and computer readable media for providing peer routing at a diameter node.
Ridel, Leonid; Nas, Petrus Wilhelmus Andrianus Jacobus Maria, National traffic steering device for a better control of a specific wireless/LTE network.
Althaus, Gregory Scott; Chang, Tai-Chien Daisy; Dierks, Jr., Herman Dietrich; Sharma, Satya Prakesh, Network adapter utilizing a hashing function for distributing packets to multiple processors for parallel processing.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; McGuire, Jacob Mark; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Network address translation using a forwarding agent.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Calvignac, Jean Louis; Gaur, Santosh Prasad; Heddes, Marco C.; Siegel, Michael Steven; Verplanken, Fabrice Jean, Network processor interface for building scalable switching systems.
Koponen, Teemu; Casado, Martin; Ingram, Paul S.; Lambeth, W. Andrew; Balland, III, Peter J.; Amidon, Keith E.; Wendlandt, Daniel J., Network virtualization.
Cummings Kevin D. (Phoenix AZ) Johnson William A. (Paradise Valley AZ) Laird Daniel L. (Madison WI), Pattern writing method during X-ray mask fabrication.
Smith R. Steven (Saratoga CA) Hanlon Mike S. (San Jose CA) Bailey Robert L. (San Jose CA), Power management for a laptop computer with slow and sleep modes.
Lim,Vincent Cheekiat; Raghuvanshi,Preetham, Power save management with customized range for user configuration and tuning value based upon recent usage.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Protection of data accessible by a mobile device.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Davis, Gordon Taylor; Jeffries, Clark Debs; Nair, Jitesh Ramachandran; Sabhikhi, Ravinder Kumar; Siegel, Michael Steven; Yedavalli, Rama Mohan, Retro flow control for arriving traffic in computer networks.
Klein, Johannes; Garcia, Aurelio Navarro Belletti; da Silva, Ernesto Miranda Pedrosa; Torres, Rafael Alberto Marques; Qian, William; Ostrovsky, Eduard; Colbert, Oliver Bruno; Raman, Ganapathy; Alves, Edgar Pereira, Securing out-of-band messages.
Arora Sanjeev (Berkeley CA) Knight ; Jr. Thomas F. (Belmont MA) Leighton Frank T. (Newton Center MA) Maggs Bruce M. (Princeton NJ) Upfal Eliezer (Palo Alto CA), Switching networks with expansive and/or dispersive logical clusters for message routing.
Shah,Vipul; Rao,N.S.S. Narasimha; Agrawal,Alka; Sarkar,Subrata; Subramanian,Kumar; Shukla,Himanshu, System and method for balancing TCP/IP/workload of multi-processor system based on hash buckets.
Whalen, Jon S.; Whittington, David; Zabolotzky, Scott; Zurcher, Rodd; Biersach, David, System and method for delivery of information over narrow-band communications links.
Liu, Fu-Hua; Cheng, Shih-An; Chang, Chen-Huei; Lee, Chih-Ping, System and method for determining a connectionless communication path for communicating audio data through an address and port translation device.
Gnagy,Matthew R.; Champagne,Jean Philippe; Aviani,James A.; Lueckenhoff,Bruce Arthur; O'Toole, Jr.,James W., System and method for generalized URL-rewriting.
Kranawetter, Greg A.; Chen, Iue-Shuenn I.; Schoner, Brian F.; Neuman, Darren D., System and method for generating pseudo MPEG information from digital video information.
Chen, Jonathan; Amdahl, Saxon; Shigapov, Andrey, System and method for handling TCP performance in network access with driver initiated application tunnel.
Hussain,Zahid; Desai,Sachin; Alam,Naveed; Cheng,Joseph; Millet,Tim, System and method for hierarchical metering in a virtual router based network switch.
Brezak, Jr.,John E.; Ward,Richard B.; Leach,Paul J.; Swift,Michael M., System and method for managing and authenticating services via service principal names.
Labio,Wilburt Juan; Nguyen,Giao Thanh; Liu,Winston Wencheng; Manku,Gurmeet Singh, System and method for optimizing access to information in peer-to-peer computer networks.
Marce, Jean-Pierre; Thubert, Pascal; Esteve, Denis; Denecheau, Lionel, System and method for providing an adaptive streaming flow control mechanism between the TCP and IP layers of the TCP/IP suite of protocols.
Bommareddy, Satish; Kale, Makarand; Chaganty, Srinivas, System and method for routing message traffic using a cluster of routers sharing a single logical IP address distinct from unique IP addresses of the routers.
Chang Albert (Austin TX) Neuman Grover H. (Austin TX) Shaheen-Gouda Amal A. (Austin TX) Smith Todd A. (Austin TX), System and method for using cached data at a local node after re-opening a file at a remote node in a distributed networ.
Kramer,Andre; Harwood,Will, System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel.
Pitts William M. (780 Mora Dr. Los Altos CA 94024), System for accessing distributed data cache channel at each network node to pass requests and data.
O'Toole, Jr.,James W., System using idle connection metric indicating a value based on connection characteristic for performing connection drop sequence.
Lin,YeeJang James, System using stream specification and action specification stored in policy cache to process the flow of data packets by appropriate action processor.
Rao, Goutham P.; Rodriguez, Robert; Brueggemann, Eric, Systems and methods for communicating a lossy protocol via a lossless protocol using false acknowledgements.
Short, Joel E.; Delley, Frederic; Logan, Mark F.; Pagan, Florence C. I., Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability.
Cappiello,Scott; Du,Yi; Le,Dyung V.; Li,Benjamin Z.; Li,Wenfeng; Polana,Ramprasad; Vinton,Patrick, Technique for handling server session requests in a system having a plurality of servers.
DeLiberato,Daniel; Urquizo,Alex; Melhorn,Nathan Richmond, Using modem profiles to improve connectivity, connect timing, and compression performance on a modem relay (MR) gateway.
Brown Charles Allan ; Burns John Martin ; Nagaraj Holavanahally Seshachar ; O'Neill James Joseph ; Ullah Muhammad Inayet ; Volpe Leo ; Wendt Herman Russell, Vacuum baking process.
Brendel Juergen ; Kring Charles J. ; Liu Zaide ; Marino Christopher C., World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-n.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.