APPLICATION NETWORK APPLIANCE WITH BUILT-IN VIRTUAL DIRECTORY INTERFACE
First Claim
1. A method performed by a network element, the method comprising:
- receiving at a network element a packet of a network transaction from a client requesting accessing a server of a datacenter having a plurality of servers, the network element operating as a security gateway to the datacenter;
in response to the packet, obtaining user attributes associated with a user of the network transaction from a plurality of directory servers via a virtual directory interface (VDI), wherein the VDI is embedded within the network element; and
authenticating and authorizing the user of network transaction using at least the user attributes obtained via the VDI to determine whether the user is eligible to access the server of the datacenter.
3 Assignments
0 Petitions
Accused Products
Abstract
An application network appliance with a built-in virtual directory interface is described herein. According to one embodiment, a network element includes a virtual directory interface (VDI) coupled to multiple directory servers, and an authentication and authorization unit coupled to the VDI. In response to a packet of a network transaction received from a client over a first network for accessing a server of a datacenter over a second network, the authentication and authorization unit obtains user attributes from the directory servers via the VDI and performs authentication and authorization using the user attributes to determine whether a user of the client is eligible to access the server of the datacenter, where the network element operates as a security gateway to the datacenter. Other methods and apparatuses are also described.
-
Citations
24 Claims
-
1. A method performed by a network element, the method comprising:
-
receiving at a network element a packet of a network transaction from a client requesting accessing a server of a datacenter having a plurality of servers, the network element operating as a security gateway to the datacenter; in response to the packet, obtaining user attributes associated with a user of the network transaction from a plurality of directory servers via a virtual directory interface (VDI), wherein the VDI is embedded within the network element; and authenticating and authorizing the user of network transaction using at least the user attributes obtained via the VDI to determine whether the user is eligible to access the server of the datacenter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A machine-readable medium having instructions stored therein, which when executed by a machine, cause the machine to perform a method, the method comprising:
-
receiving at a network element a packet of a network transaction from a client requesting accessing a server of a datacenter having a plurality of servers, the network element operating as a security gateway to the datacenter; in response to the packet, obtaining user attributes associated with a user of the network transaction from a plurality of directory servers via a virtual directory interface (VDI), wherein the VDI is embedded within the network element; and authenticating and authorizing the user of network transaction using at least the user attributes obtained via the VDI to determine whether the user is eligible to access the server of the datacenter. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A network element, comprising:
-
a virtual directory interface (VDI) coupled to a plurality of directory servers; and an authentication and authorization unit coupled to the VDI, wherein in response to a packet of a network transaction received from a client over a first network for accessing a server of a datacenter over a second network, the authentication and authorization unit is configured to obtain one or more user attributes from at least one of the directory server via the VDI, wherein the authentication and authorization unit is configured to authenticate and/or authorize the packet based on at least the user attributes to determine whether a user of the client is eligible to access the server of the datacenter, and wherein the network element operates as a security gateway to the datacenter and each client of the first network has to go through the security gateway in order to access a server of the second network. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification