Extending an internet content delivery network into an enterprise
First Claim
1. A method operative in an Internet content delivery network (ICDN) having a set of content servers organized into regions and that provides delivery of Internet content on behalf of participating content providers, wherein the Internet content delivery network is managed by an Internet content delivery network service provider distinct from the participating content providers, comprising:
- having the Internet content delivery network service provider establish a set of one or more enterprise CDN regions topologically near a firewall of an enterprise, wherein each enterprise CDN region has one or more surrogate origin servers, wherein the set of one or more enterprise CDN regions are managed by the Internet content delivery network service provider as part of the ICDN, and wherein a given surrogate origin server in an enterprise CDN region is adapted to host both Internet content that has been tagged by at least one participating content provider for delivery over the ICDN and intranet content that has been tagged by the enterprise for delivery over the ICDN;
responsive to a request for given Internet or intranet content originating from an end user within the enterprise, mapping the end user to a preferred enterprise CDN region that is likely to host the given Internet or intranet content;
serving the given Internet or intranet content from the preferred enterprise CDN region; and
responsive to a DNS query or connection request originating from outside the enterprise and associated with a piece of intranet content that has been tagged by the enterprise for delivery over the ICDN, preventing the DNS query or connection request from being processed within a enterprise CDN region to restrict access to the piece of intranet content from the enterprise CDN region.
2 Assignments
0 Petitions
Accused Products
Abstract
An Internet content delivery network deploys one or more CDN server regions in an enterprise and manages those regions as part of the Internet CDN. In one aspect of the invention, a CDN service provider (CDNSP) deploys one or more CDN regions behind an enterprise'"'"'s corporate firewall(s). The regions are used to deliver Internet content—content that has been tagged or otherwise made available for delivery over the Internet from the CDN'"'"'s content servers. This content includes, for example, content that given content providers have identified is to be delivered by the CDN. In addition, the enterprise may tag intranet content, which is then also served from the CDN regions behind the firewall. Intranet content remains secure by virtue of using the enterprise'"'"'s existing security infrastructure. In accordance with another aspect of the invention, the CDNSP implements access controls and deploys one or more CDN regions outside an enterprise'"'"'s firewall(s) such that intranet content can be served from regions located outside the firewall(s). In this embodiment, the CDNSP can provide granular control, such as permissions per groups of users. In this way, the CDNSP, in effect, extends a conventional virtual private network (VPN) to all or a portion of the ICDN, thereby enabling the CDNSP to use multiple regions and potentially thousands of content servers available to serve the enterprise'"'"'s internal content. In addition to making internal content available from the edge of the network, the CDNSP provides a mechanism by which an enterprise may share secure data with its business partner(s) without setting up any special infrastructure.
-
Citations
8 Claims
-
1. A method operative in an Internet content delivery network (ICDN) having a set of content servers organized into regions and that provides delivery of Internet content on behalf of participating content providers, wherein the Internet content delivery network is managed by an Internet content delivery network service provider distinct from the participating content providers, comprising:
-
having the Internet content delivery network service provider establish a set of one or more enterprise CDN regions topologically near a firewall of an enterprise, wherein each enterprise CDN region has one or more surrogate origin servers, wherein the set of one or more enterprise CDN regions are managed by the Internet content delivery network service provider as part of the ICDN, and wherein a given surrogate origin server in an enterprise CDN region is adapted to host both Internet content that has been tagged by at least one participating content provider for delivery over the ICDN and intranet content that has been tagged by the enterprise for delivery over the ICDN;
responsive to a request for given Internet or intranet content originating from an end user within the enterprise, mapping the end user to a preferred enterprise CDN region that is likely to host the given Internet or intranet content;
serving the given Internet or intranet content from the preferred enterprise CDN region; and
responsive to a DNS query or connection request originating from outside the enterprise and associated with a piece of intranet content that has been tagged by the enterprise for delivery over the ICDN, preventing the DNS query or connection request from being processed within a enterprise CDN region to restrict access to the piece of intranet content from the enterprise CDN region. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method operative in an Internet content delivery network (ICDN) having a set of content servers organized into regions and that provides delivery of Internet content on behalf of participating content providers, wherein the Internet content delivery network is managed by an Internet content delivery network service provider distinct from the participating content providers, comprising:
-
having the Internet content delivery network service provider establish a set of one or more enterprise CDN regions topologically near a firewall of an enterprise, wherein each enterprise CDN region has one or more servers and is identified by a public IP address, wherein the set of one or more enterprise CDN regions are managed by the Internet content delivery network service provider as part of the ICDN, and wherein a given server in an enterprise CDN region is adapted to host both Internet content that has been tagged by at least one participating content provider for delivery over the ICDN and intranet content that has been tagged by the enterprise for delivery over the ICDN;
responsive to a request for given Internet or intranet content originating from an end user within the enterprise, mapping the end user to a preferred enterprise CDN region that is likely to host the given Internet or intranet content;
serving the given Internet or intranet content to the requesting end user; and
responsive to a DNS query or connection request originating from outside the enterprise and associated with a request for a piece of intranet content that has been tagged by the enterprise for delivery over the ICDN, preventing the DNS query or connection request from being processed within an enterprise CDN region to restrict access to the piece of intranet content from the enterprise CDN region. - View Dependent Claims (7)
-
-
8. A method operative in an Internet content delivery network (ICDN) having a set of surrogate origin servers that provide delivery of Internet content on behalf of participating content providers, wherein the Internet content delivery network is managed by an Internet content delivery network service provider distinct from the participating content providers, comprising:
-
having the Internet content delivery network service provider locate at least one ICDN-aware server topologically near a firewall of an enterprise, wherein the at least one ICDN-aware server is managed by the Internet content delivery network service provider as part of the ICDN, and wherein a given ICDN-aware server is adapted to host both Internet content that has been tagged by at least one participating content provider for delivery over the ICDN and intranet content that has been tagged by the enterprise for delivery over the ICDN;
associating the at least one ICDN-aware server with a public IP address irrespective of its location within the enterprise firewall;
responsive to a request for given Internet or intranet content originating from an end user within the enterprise, selectively mapping the end user to the ICDN-aware server to enable the end user to attempt to retrieve the given Internet or intranet content;
serving the given Internet or intranet content from the ICDN-aware server; and
responsive to a DNS query or connection request originating from outside the enterprise and associated with a request for a piece of intranet content that has been tagged by the enterprise for delivery over the ICDN, preventing the DNS query or connection request from being processed to restrict access to the piece of intranet content from the ICDN-aware server.
-
Specification