Method and system for access to development environment of another in a secure zone
First Claim
1. A method for providing a secure access of a partner to the development environment of an owner comprising the steps of:
- starting a VPN tunnel between workstations to establish a secure encrypted tunnel end to end wherein each partner is identified with a different VPN group/password;
starting a session by the partner in a Web page on a portal machine that authenticates through LDAP (Lightweight Directory Access Protocol) a user identification and password of user;
routing the session to an engagement box depending on the user where the engagement boxes each include a server with an operating system and are on network segments separated by firewall boxes with another logon/password and is validated through second LDAP and wherein all users of the same partner are all launching on the same engagement box;
accessing data and applications from an engagement box on Network File system storage authenticated second LDAP to a design zone common resource of said owner with a big compute farm composed of many high-end servers in a secure way, submitting batch or interactive jobs to said design zone; and
providing for each application host in said design zone a highly secure access to EDA licenses from license servers with dynamically changing access ports of said owner inside an Intranet of said owner without opening all such access ports for all hosts and creating a security risk comprising the steps of;
providing a license proxy server in said design zone that dynamically determines the addresses of the changing access ports of the license servers in said Intranet; and
said application hosts inside said design zone contacting the license proxy server which in turn fetches the appropriate EDA licenses from said license servers in said Intranet of said owner.
1 Assignment
0 Petitions
Accused Products
Abstract
A “Design Zones” system provides a highly secure common resource computing environment or design zone with services on the common resource or design zone being protected by multiple layers of security to engagement boxes with the computing environment where the partners can work simultaneously in multiple teams, run simulation tests, emulate software problems and share in a secure zone with just the remote display going back to the engagement box and therefore to the partner outside the owner. A method is described herein to provide access to EDA licenses managed by software daemon manager running on license servers inside an Intranet separated from the design zone by a firewall without opening all TCP inbound connections inside the TI Intranet for ports greater than 1023 from all the hosts in contractor or design zone on which EDA applications are run comprises a license proxy server inside the design zone that acts as a relay agent and route all the connections from contractor zone into the owner'"'"'s Intranet.
16 Citations
5 Claims
-
1. A method for providing a secure access of a partner to the development environment of an owner comprising the steps of:
- starting a VPN tunnel between workstations to establish a secure encrypted tunnel end to end wherein each partner is identified with a different VPN group/password;
starting a session by the partner in a Web page on a portal machine that authenticates through LDAP (Lightweight Directory Access Protocol) a user identification and password of user;
routing the session to an engagement box depending on the user where the engagement boxes each include a server with an operating system and are on network segments separated by firewall boxes with another logon/password and is validated through second LDAP and wherein all users of the same partner are all launching on the same engagement box;
accessing data and applications from an engagement box on Network File system storage authenticated second LDAP to a design zone common resource of said owner with a big compute farm composed of many high-end servers in a secure way, submitting batch or interactive jobs to said design zone; and
providing for each application host in said design zone a highly secure access to EDA licenses from license servers with dynamically changing access ports of said owner inside an Intranet of said owner without opening all such access ports for all hosts and creating a security risk comprising the steps of;providing a license proxy server in said design zone that dynamically determines the addresses of the changing access ports of the license servers in said Intranet; and said application hosts inside said design zone contacting the license proxy server which in turn fetches the appropriate EDA licenses from said license servers in said Intranet of said owner.
- starting a VPN tunnel between workstations to establish a secure encrypted tunnel end to end wherein each partner is identified with a different VPN group/password;
-
2. A method to provide secure access by application hosts in a design zone to EDA licenses managed by software daemon manager running FLEXLM on license servers behind a firewall inside an Intranet of an owner without opening all inbound ports greater than 1023 from all the hosts in the design zone on which EDA applications are run, where FLEXLM has a manager daemon and a vendor daemon and said vendor daemon has a random changing port number above 1023 for access and said manager daemon listens on a known TCP port that is greater than 1023 and when an application host makes a connection to this known port FLEXLM replies back with the port on which the vendor daemon is listening, comprising the steps of:
-
providing a license proxy server inside the design zone that listens on the FLEXLM manager port; intercepting EDA license requests by the application host by said proxy server and said proxy server initiating a connection to said manager daemon of said license server on behalf of the application host and FLEXLM responding with port number of the vendor daemon in a reply packet; said proxy server intercepting this packet and reading the port number and creating another listening socket on the same port as the vendor port, and said application host initiating a connection to the vendor port on the proxy server which in turn initiates a connection to the vendor port on the license server and relays the packets back and forth between the application hosts and the appropriate license server.
-
-
3. A system for providing a secure access of one or more partners to the development environment of an owner comprising:
-
means for starting a VPN tunnel between workstations to establish a secure encrypted tunnel end to end wherein each partner is identified with a different VPN group/password; means for starting a session by the partner in a Web page on a portal machine that authenticates through LDAP (Lightweight Directory Access Protocol) a user identification and password of a user; means for routing the session to an engagement box depending on the user where the engagement boxes each include a server with an operating system and are on network segments separated by firewall boxes with another logonlpassword and is validated through second LDAP and wherein all users of the same partner are all launching on the same engagement box; means for accessing data and applications from an engagement box on Network File system storage authenticated second LDAP to a design zone common resource of said owner with a big compute farm composed of many high-end servers in a secure way; means for submitting batch or interactive jobs to said design zone; and means for providing for each application host in said design zone a highly secure access to EDA licenses from license servers with dynamically changing access ports of said owner inside an Intranet of said owner without opening all such access ports for all hosts and creating security risk comprising; a license proxy server in said design zone that determines the dynamically changing access ports of the license servers in said Intranet; and said application hosts inside said design zone contacting the license proxy server which in turn fetches the appropriate EDA licenses from said license servers in said Intranet of said owner.
-
-
4. A method for providing a secure access of one or more partners to the development environment of an owner comprising the steps of:
-
starting a VPN tunnel between workstations to establish a secure encrypted tunnel end to end wherein each partner is identified with a different VPN group/password; starting a session by the partner in a Web page on a portal machine that authenticates through LDAP (Lightweight Directory Access Protocol) a user identification and password of a user; routing the session to an engagement box depending on the user where the engagement boxes each include a server with an operating system and are on network segments separated by firewall boxes with another logonlpassword and is validated through second LDAP and wherein all users of the same partner are all launching on the same engagement box; accessing data and applications from an engagement box on Network File system storage authenticated second LDAP to a design zone common resource of said owner with a big compute farm composed of many high-end servers in a secure way; submitting batch or interactive jobs to said design zone; and
providing for each application hosts in said design zone a highly secure access to EDA licenses from FLEXLM controlled servers of said owner inside an Intranet of said owner without a security risk of opening all ports greater than 1023 for all hosts in the design zone, where FLEXLM has a manager daemon and a vendor daemon and said vendor daemon has a random changing port number above 1023 for access and said manager daemon listens on a known TCP port that is greater than 1023 and when an application host makes a connection to this known port FLEXLM replies back with the port on which the vendor daemon is, comprising the steps of;providing a license proxy server inside the design zone that listens on the FLEXLM manager port and intercepts EDA license requests by the application host and initiates a connection to a manager daemon of said license server on behalf of the application host, said license manager responding with port number of the vendor daemon in a reply packet; said proxy server intercepting said reply packet and reading the port number and creating another listening socket on the same port as the vendor port, and said application host initiating a connection to the vendor port on the proxy server and said proxy server initiating a connection to the vendor port on the license server and relays the packets back and forth between the application hosts and the appropriate license server.
-
-
5. A system for providing a secure access of one or more partners to the development environment of an owner comprising:
-
means for starting a VPN tunnel between workstations to establish a secure encrypted tunnel end to end wherein each partner is identified with a different VPN group/password; means for starting a session by the partner in a Web page on a portal machine that authenticates through LDAP (Lightweight Directory Access Protocol) a user identification and password of a user; means for routing the session to an engagement box depending on the user where the engagement boxes each include a server with an operating system and are on network segments separated by firewall boxes with another logonlpassword and is validated through second LDAP and wherein all users of the same partner are all launching on the same engagement box; means for accessing data and applications from an engagement box on Network File system storage authenticated second LDAP to a design zone common resource of said owner with a big compute farm composed of many high-end servers in a secure way; means for submitting batch or interactive jobs to said design zone; and means for providing for each application hosts in said design zone a highly secure access to EDA licenses from FLEXLM controlled servers of said owner inside an Intranet of said owner without a security risk of opening all ports greater than 1023 for all hosts in the design zone, where FLEXLM has a manager daemon and a vendor daemon and said vendor daemon has a random changing port number above 1023 for access and said manager daemon listens on a known TCP port that is greater than 1023 and when an application host makes a connection to this known port FLEXLM replies back with the port on which the vendor daemon is, comprising; a licence proxy server inside the design zone that listens on the FLEXLM manager port and intercepts EDA license requests by the application host and initiates a connection to a manager daemon of said license server on behalf of the application host, said license manager daemon responding with port number of the vendor daemon in a reply packet; said proxy server intercepting said reply packet and reading the port number and creating another listening socket on the same port as the vendor port, and said application host initiating a connection to the vendor port on the proxy server and said proxy server initiating a connection to the vendor port on the license server and relays the packets back and forth between the application hosts and the appropriate license server.
-
Specification