End-to-end security in data networks
First Claim
1. A method for managing a data transmission in a network, the network having a client, a load balancing node and a server cluster, the method comprising the steps of:
- monitoring a port on the load balancing node, the port using a security protocol;
receiving a client connection, the connection being based on the security protocol, and having TCP/IP information of the client;
establishing handshake between the client and the load balancing node based on the security protocol, the handshake resulting in session information and working keys;
selecting a real server from the server cluster by the load balancing node based on a load balancing policy;
exporting a context to the real server, the context comprising the TCP/IP information of the client, the session information, and the working keys;
extending a logical end point of the client connection from the load balancing node to the real server to form a real server connection;
splicing the client connection and the real server connection to relay a traffic, the traffic being encrypted using the security protocol, between the client and the real server; and
establishing a direct communication between the client end the real server for subsequent connections having the context.
23 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for managing a data transmission in a network is provided, which has a client, a real server and a load-balancing node (virtual server). The load-balancing node includes a handshake executor for handling a security protocol to establish a handshake between a client and a server, and a communication executor for establishing a direct communication between the client and the server using a session information in respect to the established handshake. The handshake executor establishes the handshake with the client. When the handshake is established, the communication executor exports session information in respect to the established handshake. The client establishes TCP/IP connection with the server. The client and server communicate each other directly.
49 Citations
16 Claims
-
1. A method for managing a data transmission in a network, the network having a client, a load balancing node and a server cluster, the method comprising the steps of:
-
monitoring a port on the load balancing node, the port using a security protocol; receiving a client connection, the connection being based on the security protocol, and having TCP/IP information of the client; establishing handshake between the client and the load balancing node based on the security protocol, the handshake resulting in session information and working keys; selecting a real server from the server cluster by the load balancing node based on a load balancing policy; exporting a context to the real server, the context comprising the TCP/IP information of the client, the session information, and the working keys; extending a logical end point of the client connection from the load balancing node to the real server to form a real server connection; splicing the client connection and the real server connection to relay a traffic, the traffic being encrypted using the security protocol, between the client and the real server; and establishing a direct communication between the client end the real server for subsequent connections having the context. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A load balancing node for managing a data transmission in a network, the network having a client and a cluster of servers, the load balancing node comprising:
-
a monitor for monitoring a port on the load balancing node, the port using a security protocol; a receiver for receiving a client connection, the client connection being encrypted using the security protocol, and having TCP/IP information of the client; a handshake executor for establishing a handshake between the client and the load balancing node based on the security protocol, the handshake resulting in session information and working keys; a selector for selecting a real server from the server cluster based on a load balancing policy; a sender for exporting a context to the real server, the context comprising the TCP/IP information of the client, the session information and the working keys; an elongator for extending a logical end point of the client connection to the real server to form a real server connection; a splicer for splicing the connection and the real server connection to relay a traffic, the traffic being encrypted using the security protocol, between the client and the real server; and a communicator for establishing a direct communication between the client and the real server for subsequent connections having the context. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification