Dynamic virtual private network (VPN) resource provisioning using a dynamic host configuration protocol (DHCP) server, a domain name system (DNS) and/or static IP assignment

US 8,249,081 B2
Filed: 09/29/2006
Issued: 08/21/2012
Est. Priority Date: 09/29/2006
Status: Active Grant

First Claim

Patent Images

1. A method of provisioning resources comprising:

hosting at least one application on a first network;

establishing at least one secure connection between the first network and a second network using a virtual private network gateway associated with each of the first and the second networks;

exporting a listing of available applications from the first network to the second network, wherein the second network publishes the listing of available applications to at least one client on the second network;

enabling the at least one client on the second network to access the at least one application hosted on the first network by assigning a local IP address on the second network to the at least one application without revealing a network topology of the first network to the at least one client;

provisioning the at least one application from the first network to the second network by providing the at least one client with the local IP address of the at least one application;

transmitting a request from the at least one client on the second network through the at least one secure connection between the virtual private network gateways to the first network for the at least one application hosted on the first network;

assigning a local IP address on the first network to the at least one client without revealing a network topology of the second network to the at least one application and transmitting the request from the at least one client to the at least one application using the assigned local IP address on the first network; and

transmitting any response from the at least one application on the first network received on the at least one client'"'"'s assigned local IP address on the first network through the at least one secure connection between the virtual private gateways to the at least one client on the second network using the at least one application'"'"'s assigned local IP address on the second network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of provisioning resources, which includes hosting at least one resource at a first site. A secure connection is established between the first site and a second site, and a listing of available resources is exported to the second site. The second site publishes the listing of available resources to at least one client and at least one resource from the first site to second site is provisioned by providing the at least one client with an IP address of the at least one resource.

Citations

22 Claims

1. A method of provisioning resources comprising:
- hosting at least one application on a first network;
  
  establishing at least one secure connection between the first network and a second network using a virtual private network gateway associated with each of the first and the second networks;
  
  exporting a listing of available applications from the first network to the second network, wherein the second network publishes the listing of available applications to at least one client on the second network;
  
  enabling the at least one client on the second network to access the at least one application hosted on the first network by assigning a local IP address on the second network to the at least one application without revealing a network topology of the first network to the at least one client;
  
  provisioning the at least one application from the first network to the second network by providing the at least one client with the local IP address of the at least one application;
  
  transmitting a request from the at least one client on the second network through the at least one secure connection between the virtual private network gateways to the first network for the at least one application hosted on the first network;
  
  assigning a local IP address on the first network to the at least one client without revealing a network topology of the second network to the at least one application and transmitting the request from the at least one client to the at least one application using the assigned local IP address on the first network; and
  
  transmitting any response from the at least one application on the first network received on the at least one client'"'"'s assigned local IP address on the first network through the at least one secure connection between the virtual private gateways to the at least one client on the second network using the at least one application'"'"'s assigned local IP address on the second network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 20, 21, 22)
- - 2. The method of claim 1, wherein the IP address of the at least one application is assigned by a dynamic host configuration protocol (DHCP) server configured on the second network.
  - 3. The method of claim 1, wherein the IP address of the at least one client is assigned by a dynamic host configuration protocol (DHCP) server configured on the first network.
  - 4. The method of claim 1, wherein the IP address of the at least one application is assigned by using an IP pool of addresses configured on the second network.
  - 5. The method of claim 1, wherein the IP address of the at least one client is assigned by using an IP pool of addresses configured on the first network.
  - 6. The method of claim 1, wherein the IP address of the at least one application is assigned using an actual IP address of the at least one application.
  - 7. The method of claim 1, wherein the IP address of the at least one client is assigned by using an actual IP address of the at least one client.
  - 8. The method of claim 1, wherein the listing of available applications includes only an application name, a server port and an identifier for each of the applications.
  - 9. The method of claim 1, wherein the second network further comprises a domain name system (DNS) server.
  - 10. The method of claim 1, further comprising providing information identifying the at least one client to the first network.
  - 11. The method of claim 10, wherein the information identifying the at least one client is an arbitrary and random identifier.
  - 12. The method of claim 1, further comprising providing information identifying the at least one client to the at least one application.
  - 13. The method of claim 1, wherein the at least one secure connection is generated using a secure socket layer (SSL) or transport layer security (TLS) protocol.
  - 14. The method of claim 1, further comprising at least one intermediate network, wherein the at least one intermediate network is between the first network and the second network.
  - 15. The method of claim 1, wherein the second network includes a primary name server for the listing of available applications on the second network.
  - 16. The method of claim 1, wherein the second network includes a zone authority server for the listing of available applications.
  - 17. The method of claim 1, wherein the second network is configured to send updates to an existing name server (DNS) of hostnames for the listing of available applications.
  - 18. The method of claim 1, wherein each of the available applications is identified by only an application name, a server port, and a dynamically generated identifier.
  - 20. The method of claim 1, further comprising:
    - updating a domain name system (DNS) server on the second network with the IP address of the at least one application; and
      
      receiving a DNS query from the at least one client for the local IP address on the second network of the at least one application.
  - 21. The method of claim 1, wherein the at least one client is a plurality of clients, and wherein each of the plurality of clients does not have access to each and every application within the listing of available applications.
  - 22. The method of claim 1, wherein the second network includes a plurality of networks, and wherein each of the plurality of networks does not have access to each and every application within the listing of available applications.

19. A method of provisioning resources comprising:
- hosting at least one application on a first network;
  
  establishing at least one secure connection between the first network and a second network;
  
  exporting a list of available applications from the first network to the second network, wherein the first and second networks each include a virtual private network gateway;
  
  publishing the list of available applications to at least one client on the second network;
  
  enabling the at least one client on the second network to access the at least one application hosted on the first network by assigning a local IP address on the second network to the at least one application without revealing a network topology of the first network to the at least one client;
  
  provisioning the at least one application from the first network to the second network by providing the at least one client with the local IP address of the at least one application on the second network;
  
  transmitting a request from the at least one client on the second network through the at least one secure connection between the virtual private network gateways to the first network for the at least one application hosted on the first network;
  
  assigning a local IP address on the first network to the at least one client without revealing a network topology of the second network to the at least one application and transmitting the request from the at least one client to the at least one application using the assigned local IP address on the first network;
  
  transmitting any response from the at least one application on the first network received on the at least one client'"'"'s assigned local IP address on the first network through the at least one secure connection between the virtual private gateways to the at least one client on the second network using the at least one application'"'"'s assigned local IP address on the second network; and
  
  wherein each of the available applications is identified only by a resource name, a server port, and a dynamically generated identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Array Networks Incorporated (Hitachi, Ltd.)
Original Assignee
Array Networks Incorporated (Hitachi, Ltd.)
Inventors
Chang, Arthur, Hsu, Nai-Ting, Wu, Michael, Yen, Leemay, Zhao, Lingyan
Primary Examiner(s)
Ton, Dang
Assistant Examiner(s)
KAVLESKI, RYAN C

Application Number

US11/541,179
Publication Number

US 20080082640A1
Time in Patent Office

2,153 Days
Field of Search

370/351, 370/395.1, 370/395.3, 370/397, 379/15, 709/219, 725/15
US Class Current

370/397
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 61/4511   using domain name system [DNS]

H04L 61/5014   using dynamic host configur...

H04L 63/0272   Virtual private networks

Dynamic virtual private network (VPN) resource provisioning using a dynamic host configuration protocol (DHCP) server, a domain name system (DNS) and/or static IP assignment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic virtual private network (VPN) resource provisioning using a dynamic host configuration protocol (DHCP) server, a domain name system (DNS) and/or static IP assignment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links