Remote application presentation over a public network connection

US 8,370,510 B2
Filed: 12/18/2009
Issued: 02/05/2013
Est. Priority Date: 12/18/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving at a first server a request over a public network from a user computer, the request including a user identification;

querying, by the first server, a directory service for an identity of a virtual machine on a second server that is assigned to the user identification;

in response to the query, receiving by the first server, a remote desktop protocol file from the directory service, the remote desktop protocol file corresponding to the virtual machine;

sending, by the first server, the remote desktop protocol file and the user identification to the second server;

identifying, by the second server, the virtual machine based on the remote desktop protocol file;

determining, by the second server, that the virtual machine is configured to execute a first application and a second application, the second server being configured to enumerate to the first server each application that the virtual machine is configured to execute in response to receiving a remote desktop protocol file;

sending, by the second server and to the first server, an indication that the virtual machine is configured to execute the first application and the second application;

determining, by the first server, that the user identification is authorized to access the first application, and not authorized to access the second application based on the indication that the virtual machine is configured to execute a first application and a second application; and

in response to determining that that the user identification is authorized to access the first application, and not authorized to access the second application, returning to the user computer an indicator for the first application but not the second application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Web access over a public network for applications that operate on virtual desktops on a plurality of servers is facilitated. Through the web access the user is provided with the information necessary to establish a connection with an application by way of the virtual desktop. Applications that the user is authorized to access are determined and those applications that the user is not authorized to access are filtered out. The applications associated access control list is used for determining the user'"'"'s access to discover an application.

Citations

16 Claims

1. A method comprising:
- receiving at a first server a request over a public network from a user computer, the request including a user identification;
  
  querying, by the first server, a directory service for an identity of a virtual machine on a second server that is assigned to the user identification;
  
  in response to the query, receiving by the first server, a remote desktop protocol file from the directory service, the remote desktop protocol file corresponding to the virtual machine;
  
  sending, by the first server, the remote desktop protocol file and the user identification to the second server;
  
  identifying, by the second server, the virtual machine based on the remote desktop protocol file;
  
  determining, by the second server, that the virtual machine is configured to execute a first application and a second application, the second server being configured to enumerate to the first server each application that the virtual machine is configured to execute in response to receiving a remote desktop protocol file;
  
  sending, by the second server and to the first server, an indication that the virtual machine is configured to execute the first application and the second application;
  
  determining, by the first server, that the user identification is authorized to access the first application, and not authorized to access the second application based on the indication that the virtual machine is configured to execute a first application and a second application; and
  
  in response to determining that that the user identification is authorized to access the first application, and not authorized to access the second application, returning to the user computer an indicator for the first application but not the second application.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as recited in claim 1, further comprising:
    - providing, by the first server, an IP address to the user computer identifying the network location for the first application.
  - 3. The method as recited in claim 1, wherein the request is an HTTP request.
  - 4. The method as recite in claim 1, wherein the second server comprises a plurality of virtual machines.
  - 5. The method according to claim 1, wherein determining that the user identification is authorized to access the first application, and not authorized to access the second application comprises:
    - comparing the user identification to an access control list associated with the first and second applications.

6. A computer-readable storage device having stored thereon computer-readable instructions that when executed by a computing device cause:
- receiving at a first server a request over a public network from a user computer, the request including a user identification;
  
  querying, by the first server, a directory service for an identity of a virtual machine on a second server that is assigned to the user identification;
  
  in response to the query, receiving by the first server, a remote desktop protocol file from the directory service, the remote desktop protocol file corresponding to the virtual machine;
  
  sending, by the first server, the remote desktop protocol file and the user identification to the second server;
  
  identifying, by the second server, the virtual machine based on the remote desktop protocol file;
  
  determining, by the second server, that the virtual machine is configured to execute a first application and a second application, the second server being configured to enumerate to the first server each application that the virtual machine is configured to execute in response to receiving a remote desktop protocol file;
  
  sending, by the second server and to the first server, an indication that the virtual machine is configured to execute the first application and the second application;
  
  determining, by the first server, that the user identification is authorized to access the first application, and not authorized to access the second application based on the indication that the virtual machine is configured to execute a first application and a second application; and
  
  in response to determining that that the user identification is authorized to access the first application, and not authorized to access the second application, returning to the user computer an indicator for the first application but not the second application.
- View Dependent Claims (7, 8, 9)
- - 7. The computer-readable storage device as recited in claim 6, further comprising:
    - providing an IP address to the user computer identifying the network location for the first application.
  - 8. The computer-readable storage device as recited in claim 6, wherein the indicator is an icon that is displayable on a web page.
  - 9. The computer-readable storage device as recited in claim 6, further comprising computer-readable instructions that when executed by the computing device cause determining that the user identification is authorized to access the first application, and not authorized to access the second application further cause:
    - comparing the user identification to an access control list associated with the first and second applications.

10. A system adapted to connect a client computer to one of a plurality of virtual machines executing on a plurality of servers, comprising:
- at least one computing device comprising a processor; and
  
  at least one memory communicatively coupled to said at least one computing device when the system is operational, the memory having stored therein computer-executable instructions that when executed cause the system to at least;
  
  receive at a first server a request over a public network from a user computer, the request including a user identification;
  
  query, by the first server, a directory service for an identity of a virtual machine on a second server that is assigned to the user identification;
  
  in response to the query, receive by the first server, a remote desktop protocol file from the directory service, the remote desktop protocol file corresponding to the virtual machine;
  
  send, by the first server, the remote desktop protocol file and the user identification to the second server;
  
  identify, by the second server, the virtual machine based on the remote desktop protocol file;
  
  determine, by the second server, that the virtual machine is configured to execute a first application and a second application, the second server being configured to enumerate to the first server each application that the virtual machine is configured to execute in response to receiving a remote desktop protocol file;
  
  send, by the second server and to the first server, an indication that the virtual machine is configured to execute the first application and the second application;
  
  determine, by the first server, that the user identification is authorized to access the first application, and not authorized to access the second application based on the indication that the virtual machine is configured to execute a first application and a second application; and
  
  in response to determining that that the user identification is authorized to access the first application, and not authorized to access the second application, return to the user computer an indicator for the first application but not the second application.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system as recited in claim 10, wherein the first server is configured to communicate with the user computer on a public network, and is configured to communicate with the second server on a private network behind a firewall.
  - 12. The system as recited in claim 10, wherein the computer-executable instructions that, when executed, cause the system to at least return to the user computer the indicator for the first application but not the second application further cause the system to at least:
    - provide an IP address to the user computer identifying the network location for the first application.
  - 13. The system as recited in claim 10, wherein the computer-executable instructions that, when executed, cause the system to at least receive at a first server a request over a public network from a user computer, the request including a user identification further cause the system to at least:
    - receive the request, the request including the user identification provided in a cookie.
  - 14. The system as recited in claim 10, wherein the second server comprises a plurality of virtual machines.
  - 15. The system as recited in claim 10, wherein the computer-executable instructions that, when executed, cause the system to at least determine, by the second server, that the user identification is authorized to access the first application, and not authorized to access the second application further cause the system to at least:
    - compare the user identification to an access control list associated with the first and second applications.
  - 16. The system as recited in claim 10, wherein the computer-executable instructions that, when executed, cause the system to at least determine that the user identification is authorized to access the first application, and not authorized to access the second application further cause the system to at least:
    - receive, by the first server and from the second server the indicator for the first application and an indicator for the second application;
      
      determine, by the first server, that the user identification is authorized to access the first application, and not authorized to access the second application based on an identification of applications that the user is authorized to access stored an access control list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
London, Kevin S., Howe, Travis M., Ben-Shachar, Ido, Zhu, Ruiquing, Erdogan, Ersev Samim
Primary Examiner(s)
Dailey, Thomas
Assistant Examiner(s)
UTREJA, NEERAJ K

Application Number

US12/642,720
Publication Number

US 20110153853A1
Time in Patent Office

1,145 Days
Field of Search

709/229
US Class Current

709/229
CPC Class Codes

G06F 21/128   involving web programs, i.e...

G06F 9/452   Remote windowing, e.g. X-Wi...

G06F 9/455   Emulation; Interpretation; ...

H04L 63/101   Access control lists [ACL]

H04L 67/08   specially adapted for termi...

H04L 67/51   Discovery or management the...

Remote application presentation over a public network connection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Remote application presentation over a public network connection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links