Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly
1 Assignment
0 Petitions
Accused Products
Abstract
An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.
-
Citations
21 Claims
-
1-7. -7. (canceled)
-
8. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to enable an application deployed in a cloud to access an on-premises resource, wherein the application normally accesses the on-premises resource over a native, non-HTTP-based protocol, the computer program instructions comprising; program code to provide a policy data set having at least one condition, and an associated action, wherein the condition identifies a service name, and the action identifies a location of the on-premises resource, together with a security requirement needed to establish a secure connection to the on-premises resource; program code responsive to a determination that the application needs to access the on-premises resource, to issue a communication request from a cloud gateway associated with the application to an on-premises gateway, the communication request issued over a socket-based communication channel established between the cloud gateway and the on-premises gateway, the communication request provided over an HTTP-based protocol and including the policy data set to enable the on-premises gateway to locate the on-premises resource and to establish a proxy connection thereto according to the security requirement; and program code to deliver application data over the native, non-HTTP-based protocol from the application to the on-premises resource. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions executed by the data processing system to enable an application deployed in a cloud to access an on-premises resource, wherein the application normally accesses the on-premises resource over a native, non-HTTP-based protocol, the computer program instructions comprising:
-
program code to provide a policy data set having at least one condition, and an associated action, wherein the condition identifies a service name, and the action identifies a location of the on-premises resource, together with a security requirement needed to establish a secure connection to the on-premises resource; program code responsive to a determination that the application needs to access the on-premises resource, to issue a communication request from a cloud gateway associated with the application to an on-premises gateway, the communication request issued over a socket-based communication channel established between the cloud gateway and the on-premises gateway, the communication request provided over an HTTP-based protocol and including the policy data set to enable the on-premises gateway to locate the on-premises resource and to establish a proxy connection thereto according to the security requirement; and program code to deliver application data over the native, non-HTTP-based protocol from the application to the on-premises resource. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification