Enabling terminal services through a firewall

US 7,810,148 B2
Filed: 02/25/2005
Issued: 10/05/2010
Est. Priority Date: 02/25/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for enabling terminal services through a firewall, the method comprising:

wrapping data with an RPC-based protocol, wherein the data to be wrapped is configured according to a stream-based protocol consistent with establishing a server/client relationship;

wrapping the RPC-based protocol with HTTPS;

passing the wrapped data through the firewall, wherein passing the wrapped data comprises;

moving screen data to a terminal server client, from a terminal server and through a proxy server, wherein the proxy server and terminal server are located inside the firewall; and

moving mouse-clicks and keyboard keystrokes from the terminal server client to the terminal server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described that provide terminal services through a firewall. In one implementation, data is wrapped with an RPC-based protocol, wherein the data to be wrapped is configured according to a stream-based protocol consistent with establishing a server/client relationship. The RPC-based protocol is then layered over HTTPS. The wrapped data is then passed through the firewall.

24 Citations

View as Search Results

19 Claims

1. A computer-implemented method for enabling terminal services through a firewall, the method comprising:
- wrapping data with an RPC-based protocol, wherein the data to be wrapped is configured according to a stream-based protocol consistent with establishing a server/client relationship;
  
  wrapping the RPC-based protocol with HTTPS;
  
  passing the wrapped data through the firewall, wherein passing the wrapped data comprises;
  
  moving screen data to a terminal server client, from a terminal server and through a proxy server, wherein the proxy server and terminal server are located inside the firewall; and
  
  moving mouse-clicks and keyboard keystrokes from the terminal server client to the terminal server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein wrapping data with an RPC-based protocol comprises layering RDP over RPC protocol.
  - 3. The method of claim 1, wherein wrapping data with an RPC-based protocol comprises:
    - operating a plug-in to a terminal server client located outside the firewall, wherein stream-based protocol is wrapped with the RPC protocol by the plug-in; and
      
      operating a service, wherein the service is located on the proxy server inside the firewall, wherein the service is in communication with the plug-in, and wherein stream-based protocol is wrapped with the RPC protocol by the service.
  - 4. The method of claim 3, wherein the service is configured according to instructions that implement an asynchronous pipe mechanism.
  - 5. The method of claim 3, wherein the service is located in front of a terminal server farm'"'"'s load-balancer.
  - 6. The method of claim 1, further comprising:
    - operating a plug-in configured for operation with a terminal server client operating outside the firewall, wherein, upon removal of the RPC-based protocol, the plug-in provides stream-based protocol to the terminal services client; and
      
      operating a service on the proxy server, wherein, upon removal of the RPC-based protocol, the service routes data configured according to a stream-based protocol to an indicated terminal server inside the firewall.
  - 7. The method of claim 6, wherein the client plug-in is configured to utilize an RPC API to wrap data configured as RDP/RPC over HTTPS for transmission through the firewall.
  - 8. The method of claim 1, further comprising:
    - accessing an RPC API with the terminal server client located outside the firewall, wherein the accessing is performed by a plug-in configured to wrap and unwrap the stream-based protocol with RPC and wherein the accessing wraps or unwraps the data in HTTPS.
  - 9. The method of claim 1, further comprising:
    - routing the data within the stream-based protocol to an appropriate server after passing the data inside the firewall; and
      
      displaying the data as screen information on the client after passing the data outside the firewall.
  - 10. The method of claim 1, further comprising:
    - removing the HTTP-based protocol from the wrapped data;
      
      removing the RPC-based protocol from the wrapped data.

11. A system configured for enabling terminal services through a firewall, comprising:
- a client plug-in, wherein the client plug-in is configured to utilize an RPC API to wrap data configured as RDP/RPC over HTTPS for transmission through the firewall, wherein the client plug-in is configured for communication with a terminal service client located outside the firewall, and wherein the client plug-in is configured for adding RPC protocol to outgoing data and for removing the RPC protocol from incoming data; and
  
  a service, wherein the service is located in front of a terminal server farm'"'"'s load-balancer, wherein the service is configured to run on a proxy server located inside the firewall, and wherein the service is configured to reconstruct packets sent by the client plug-in and to forward them to an appropriate terminal server.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein the service is configured for sending and receiving data according to an asynchronous pipe mechanism.
  - 13. The system of claim 12, wherein the asynchronous pipe mechanism is configured to make a send call for each packet, but utilizes only one receive call for a plurality of packets.
  - 14. The system of claim 11, wherein the service is configured for sending and receiving data according to a multiple-asynchronous mechanism.

15. One or more computer storage memories storing computer-executable instructions for enabling terminal services through a firewall, the computer-executable instructions comprising instructions for:
- communicating between a client plug-in, configured for operation with a terminal server client, and a service, configured for operation on a proxy server;
  
  wrapping data sent between the client plug-in and the service with a first layer of protocol to provide access to tools and a second layer of protocol to provide security;
  
  wherein wrapping data with a first layer of protocol to provide access to tools comprises instructions for wrapping RDP over RPC (remote procedure call);
  
  wherein providing access to tools comprises instructions for accessing an RPC API (application programming interface); and
  
  wherein wrapping data with a second layer of protocol to provide security comprises instructions for wrapping RDP (remote desktop protocol)/RPC over HTTPS (hypertext transfer protocol secure);
  
  passing the wrapped data through the firewall;
  
  accessing an RPC API with the terminal server client, wherein the terminal server client is located outside the firewall, wherein the accessing is performed by a plug-in configured to wrap and unwrap the stream-based protocol with RPC and wherein the accessing wraps or unwraps the data in HTTPS;
  
  moving screen data to the terminal server client, from a terminal server and through the proxy server, wherein the proxy server and terminal server are located inside the firewall; and
  
  moving mouse-clicks and keyboard keystrokes from the terminal server client to the terminal server, through the proxy server and the firewall.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The one or more computer storage memories of claim 15, wherein communicating between the client plug-in and the service comprises instructions for:
    - sending commands according to an asynchronous pipe mechanism, wherein a single packet is associated with each send call, but a receive call is associated with a plurality of packets.
  - 17. The one or more computer storage memories of claim 15, wherein communicating between the client plug-in and the service comprises instructions for:
    - sending commands according to a multiple-asynchronous mechanism, wherein a single packet is associated with each send call and each receive call.
  - 18. The one or more computer storage memories of claim 15, wherein wrapping data sent between the client plug-in and the service comprises instructions for:
    - layering terminal server protocol over RPC/HTTPS protocol.
  - 19. The one or more computer storage memories of claim 15, wherein the service is additionally configured for merging Get and Put channels that do not arrive on the same proxy server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Moutafov, Kamen K, Malakapalli, Meher P, Parsons, John E. Jr., Ben-Shachar, Ido
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Wyszynski; Aubrey H

Application Number

US11/067,125
Publication Number

US 20060195895A1
Time in Patent Office

2,048 Days
Field of Search

726/11
US Class Current

726/11
CPC Class Codes

H04L 63/029 Firewall traversal, e.g. tu...

Enabling terminal services through a firewall

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling terminal services through a firewall

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links