Extending an Internet content delivery network into an enterprise
First Claim
1. A method operative in an Internet content delivery network (ICDN) having a set of content servers organized into regions and that provides delivery of Internet content on behalf of participating content providers, wherein the Internet content delivery network is managed by an Internet content delivery network service provider distinct from the participating content providers, comprising:
- having the Internet content delivery network service provider establish for the enterprise a set of two or more enterprise CDN regions, wherein each enterprise CDN region has one or more surrogate origin servers, wherein the set of one or more enterprise CDN regions are managed by the Internet content delivery network service provider as part of the ICDN, and wherein a given surrogate origin server in an enterprise CDN region is adapted to host both Internet content that has been tagged by at least one participating content provider for delivery over the ICDN and intranet content that has been tagged by the enterprise for delivery over the ICDN;
wherein at least a first enterprise CDN region is associated with a first enterprise network portion and is located within a firewall of the enterprise, and at least a second enterprise CDN region is associated with a second enterprise network portion and is located outside but within or electronically close to a demilitarized zone (DMZ) associated with a firewall of the enterprise, the second enterprise network portion being remote from the first enterprise network portion, and wherein the first and second enterprise network portions are un-connected by a physical or private network connection;
responsive to a request for given Internet or intranet content originating from an end user associated with the first enterprise network portion, mapping the end user to the first enterprise CDN region, and attempting to serve the given Internet or intranet content from the first enterprise CDN region; and
responsive to a request for given Internet or intranet content originating from an end user outside of the first enterprise network portion, mapping the end user to the second enterprise CDN region, and attempting to serve the given Internet or intranet content from the second enterprise CDN region.
2 Assignments
0 Petitions
Accused Products
Abstract
An Internet content delivery network deploys one or more CDN server regions in an enterprise and manages those regions as part of the Internet CDN. In one aspect of the invention, a CDN service provider (CDNSP) deploys one or more CDN regions behind an enterprise'"'"'s corporate firewall(s). The regions are used to deliver Internet content—content that has been tagged or otherwise made available for delivery over the Internet from the CDN'"'"'s content servers. This content includes, for example, content that given content providers have identified is to be delivered by the CDN. In addition, the enterprise may tag intranet content, which is then also served from the CDN regions behind the firewall. Intranet content remains secure by virtue of using the enterprise'"'"'s existing security infrastructure. In accordance with another aspect of the invention, the CDNSP implements access controls and deploys one or more CDN regions outside an enterprise'"'"'s firewall(s) such that intranet content can be served from regions located outside the firewall(s). In this embodiment, the CDNSP can provide granular control, such as permissions per groups of users. In this way, the CDNSP, in effect, extends a conventional virtual private network (VPN) to all or a portion of the ICDN, thereby enabling the CDNSP to use multiple regions and potentially thousands of content servers available to serve the enterprise'"'"'s internal content. In addition to making internal content available from the edge of the network, the CDNSP provides a mechanism by which an enterprise may share secure data with its business partner(s) without setting up any special infrastructure.
253 Citations
9 Claims
-
1. A method operative in an Internet content delivery network (ICDN) having a set of content servers organized into regions and that provides delivery of Internet content on behalf of participating content providers, wherein the Internet content delivery network is managed by an Internet content delivery network service provider distinct from the participating content providers, comprising:
-
having the Internet content delivery network service provider establish for the enterprise a set of two or more enterprise CDN regions, wherein each enterprise CDN region has one or more surrogate origin servers, wherein the set of one or more enterprise CDN regions are managed by the Internet content delivery network service provider as part of the ICDN, and wherein a given surrogate origin server in an enterprise CDN region is adapted to host both Internet content that has been tagged by at least one participating content provider for delivery over the ICDN and intranet content that has been tagged by the enterprise for delivery over the ICDN; wherein at least a first enterprise CDN region is associated with a first enterprise network portion and is located within a firewall of the enterprise, and at least a second enterprise CDN region is associated with a second enterprise network portion and is located outside but within or electronically close to a demilitarized zone (DMZ) associated with a firewall of the enterprise, the second enterprise network portion being remote from the first enterprise network portion, and wherein the first and second enterprise network portions are un-connected by a physical or private network connection; responsive to a request for given Internet or intranet content originating from an end user associated with the first enterprise network portion, mapping the end user to the first enterprise CDN region, and attempting to serve the given Internet or intranet content from the first enterprise CDN region; and responsive to a request for given Internet or intranet content originating from an end user outside of the first enterprise network portion, mapping the end user to the second enterprise CDN region, and attempting to serve the given Internet or intranet content from the second enterprise CDN region. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification
-
- Resources
-
Current AssigneeAkamai Technologies, Inc.
-
Original AssigneeAkamai Technologies, Inc.
-
InventorsNeerdaels, Charles J., Lewin, Anne E., Lewin, Daniel M.
-
Application NumberUS12/573,323Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current709/218CPC Class CodesH04L 63/0218 Distributed architectures, ...H04L 63/0227 Filtering policies mail mes...H04L 63/0245 Filtering by information in...H04L 63/0272 Virtual private networksH04L 63/029 Firewall traversal, e.g. tu...H04L 63/0428 wherein the data content is...H04L 63/08 for authentication of entit...H04L 63/104 Grouping of entitiesH04L 65/1101 Session protocolsH04L 65/613 for the control of the sour...H04L 67/306 User profilesH04L 69/329 in the application layer [O...H04L 9/40 Network security protocols
