Permission based access control for offloaded services
First Claim
1. A method for network access control, comprising:
- sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers;
monitoring requests by the offloaded services to access back-end services in one or more on-premise systems;
redirecting and locally executing the service request to generate logs of the back-end services used to perform the service request if the access requests are denied; and
updating a permission mapping in a firewall between the offloaded services and the logged back-end services to permit or deny future access requests.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for network access control, including sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers. The requests by the offloaded services to access back-end services in one or more on-premise systems are monitored, and access requests by the offloaded services for unauthorized back-end services are denied. The service request is redirected and locally executed to generate logs of the back-end services used to perform the service request if the access requests are denied. A permission mapping in a firewall between the offloaded services and the logged back-end services is updated to permit future access requests by the offloaded services.
-
Citations
20 Claims
-
1. A method for network access control, comprising:
-
sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers; monitoring requests by the offloaded services to access back-end services in one or more on-premise systems; redirecting and locally executing the service request to generate logs of the back-end services used to perform the service request if the access requests are denied; and updating a permission mapping in a firewall between the offloaded services and the logged back-end services to permit or deny future access requests. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for network access control, comprising:
-
a controller for sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers; a network monitor for detecting requests by the offloaded services to access back-end services in one or more on-premise systems, wherein the controller redirects and locally executes the service request to generate logs of the back-end services used to perform the service request if the access requests are denied; and a firewall configured to permit or deny future access requests by updating a permission mapping in the firewall between the offloaded services and the logged back-end services. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer readable storage medium comprising a computer readable program for providing access to one or more back-end services in a private cloud by one or more offloaded services in a public cloud, wherein the computer readable program when executed on a computer causes the computer to perform the steps of:
-
sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers; monitoring requests by the offloaded services to access back-end services in one or more on-premise systems; redirecting and locally executing the service request to generate logs of the back-end services used to perform the service request if the access requests are denied; and updating a permission mapping in a firewall between the offloaded services and the logged back-end services to permit or deny future access requests. - View Dependent Claims (20)
-
Specification