Hosting a server application on multiple network tiers

US 8,484,716 B1
Filed: 08/07/2009
Issued: 07/09/2013
Est. Priority Date: 08/07/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

hosting a server application on a plurality of servers, the plurality of servers including an application server deployed in a secure tier of an enterprise network and an edge server deployed in an edge tier of the enterprise network, a first firewall isolating the secure tier from the edge tier and from a public network and a second firewall isolating the edge tier from the public network,wherein the edge server is configured to;

(a) receive requests for services provided by the server application, the requests sent by at least one client device through the public network and authenticated by the second firewall, (b) perform a first subset of the services by executing application logic of the server application stored on the edge server, and (c) relay a subset of the requests to the application server, andwherein the application server is configured to;

(a) receive the relayed subset of requests, the relayed subset of requests authenticated by the first firewall, and (b) perform a second subset of the services in response to the relayed subset of requests by executing application logic of the server application stored on the application server;

identifying latency tolerances for each of the first subset of services and for each of the second subset of services;

configuring the edge server to perform the first subset of the services based at least in part on the latency tolerances identified for the first subset of services; and

configuring the application server to perform the second subset of the services based at least in part on the latency tolerances identified for the second subset of services.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for allocating server application logic across multiple tiers of a server system are described. In one aspect, a method includes hosting a server application on multiple servers. The servers include an application server deployed in a secure tier of an enterprise network and an edge server deployed in an edge tier of the enterprise network. A primary firewall isolates the secure tier from the edge tier and from a public network. A secondary firewall isolates the edge tier from the public network. The edge server is configured to receive requests for services provided by the server application, to perform a first subset of the services, and to relay a subset of the requests to the application server. The requests received by the edge server are sent from at least one client device through the public network and authenticated by the secondary firewall. The application server is configured to receive the relayed subset of requests and perform a second subset of the services in response to the relayed subset of requests. The relayed subset of requests received by the application server are authenticated by the primary firewall.

42 Citations

View as Search Results

22 Claims

1. A method comprising:
- hosting a server application on a plurality of servers, the plurality of servers including an application server deployed in a secure tier of an enterprise network and an edge server deployed in an edge tier of the enterprise network, a first firewall isolating the secure tier from the edge tier and from a public network and a second firewall isolating the edge tier from the public network,wherein the edge server is configured to;
  
  (a) receive requests for services provided by the server application, the requests sent by at least one client device through the public network and authenticated by the second firewall, (b) perform a first subset of the services by executing application logic of the server application stored on the edge server, and (c) relay a subset of the requests to the application server, andwherein the application server is configured to;
  
  (a) receive the relayed subset of requests, the relayed subset of requests authenticated by the first firewall, and (b) perform a second subset of the services in response to the relayed subset of requests by executing application logic of the server application stored on the application server;
  
  identifying latency tolerances for each of the first subset of services and for each of the second subset of services;
  
  configuring the edge server to perform the first subset of the services based at least in part on the latency tolerances identified for the first subset of services; and
  
  configuring the application server to perform the second subset of the services based at least in part on the latency tolerances identified for the second subset of services.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the edge server supports multiple different transport protocols.
  - 3. The method of claim 1, wherein the edge tier is transparent to the at least one client device.
  - 4. The method of claim 1, further comprising:
    - configuring the edge server to perform the first subset of the services based at least in part on a first configuration file stored in a memory of the edge server, the first configuration file identifying the first subset of the services as services that the edge server is configured to perform, the edge server storing application logic for performing both the first subset of the services and the second subset of the services; and
      
      configuring the application server to perform the second subset of the services based at least in part on a second configuration file stored in a memory of the application server, the second configuration file identifying the second subset of the services as services that the application server is configured to perform, the application server storing application logic for performing both the first subset of the services and the second subset of the services.
  - 5. The method of claim 1, wherein the latency tolerances identified for the second subset of services include higher latency tolerances than the latency tolerances identified for the first subset of services.
  - 6. The method of claim 1, wherein the edge tier is included in a DMZ of the enterprise network, the secure tier is included in an internal network of the enterprise, and the DMZ isolates the internal network from the public network.
  - 7. The method of claim 1, wherein the edge server comprises a first edge server device, the application server comprises a first application server device, the plurality of servers further comprising:
    - a plurality of additional application servers deployed in the secure tier of the enterprise network; and
      
      a plurality of additional edge servers deployed in the edge tier of the enterprise network.
  - 8. The method of claim 1, further comprising:
    - identifying levels of information security required for each the first subset of services and for each of the second subset of services;
      
      configuring the edge server to perform the first subset of the services based at least in part on the levels of information security required for the first subset of services; and
      
      configuring the application server to perform the second subset of the services based at least in part on the levels of information security required for the second subset of services.
  - 9. The method of claim 8, wherein the identified levels of information security required for the second subset of services include higher levels of information security than the identified levels of information security required for the first subset of services.

10. A computer storage medium encoded with a computer program, the program comprising instructions that when executed by a data processing apparatus cause the data processing apparatus to perform the following actions:
- receiving a first request for a first service of a server application, the first request sent by a client device through a public data network and authenticated by a second firewall prior to receipt by an edge server system having a first configuration, the edge server system isolated from the public data network by the second firewall;
  
  performing the first service of the server application at the edge server system in response to the first request, wherein the edge server system is configured to perform the first service at least partially based on an identification of a latency tolerance associated with the first service;
  
  sending a first response to the client, the first response including an identification of a first result of performing the first service;
  
  receiving a second request for a second service of the server application, the second request sent by a client device through the public data network and authenticated by the second firewall prior to receipt by the edge server system;
  
  sending a third request for the second service of the server application from the edge server system through a first firewall to an application server system having a second configuration, the application server system isolated from the edge server system and from the public data network by the first firewall;
  
  performing the second service of the server application at the application server system in response to the third request, wherein the application server system is configured to perform the second service at least partially based on an identification of a latency tolerance associated with the second service;
  
  receiving at the edge server system a second response from the application server system in response to the third request, the second response comprising an identification of a second result of performing the second service of the server application system at the application server system; and
  
  sending a third response to the client, the third response comprising an identification of the second result.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer storage medium of claim 10, further comprising:
    - defining on the edge server system a first authentication state for a first client device; and
      
      sending authentication data from the edge server system to the application server system to synchronize the first authentication state with an authentication state for the first client device defined on the application server system.
  - 12. The computer storage medium of claim 10, the operations further comprising:
    - identifying at the edge server system that the edge server system is configured to perform the first service; and
      
      identifying at the edge server system that the application server system is configured to perform the second service based at least in part on application server system configuration data received from the application server system.
  - 13. The computer storage medium of claim 10, wherein the edge server system comprises a plurality of edge server devices, the third request is sent by a first one of the edge server devices, and the second response is received by a second one of the edge server devices.
  - 14. The computer storage medium of claim 10, the edge server system storing a first configuration file for the first configuration, the first configuration file including identifications of a first plurality of services of the server application that the edge server system is configured to perform, the first plurality of services comprising the first service.
  - 15. The computer storage medium of claim 14, the first server storing application logic for performing the first plurality of services.
  - 16. The computer storage medium of claim 14, the application server system storing a second configuration file for the second configuration, the second configuration file including identifications of the second plurality of services of the server application that the application server system is configured to perform, the second plurality of services including the second service.
  - 17. The computer storage medium of claim 16, wherein the second plurality of services require higher security processing than the first plurality of services, and the second plurality of services have a higher latency tolerance than the first plurality of services.

18. An enterprise network system comprising:
- an edge server deployed in a first tier of an enterprise data network and isolated from a public data network by a second firewall, the edge server configured to;
  
  receive a plurality of requests for a corresponding plurality of services provided by a server application hosted on the enterprise network system, the plurality of requests sent by at least one client device through the public network and authenticated by the second firewall;
  
  identify a first subset of the plurality of services based on latency tolerances associated with the first subset of the plurality of services;
  
  identify a second subset of the plurality of services based on latency tolerances associated with the second subset of the plurality of services;
  
  perform the first subset of services; and
  
  relay a subset of requests corresponding to the second subset of the plurality of services to the application server; and
  
  an application server deployed in a second tier of the enterprise network and isolated from the public network and from the first tier by a first firewall, the application server configured to;
  
  receive the relayed subset of requests, the relayed subset of requests authenticated by the first firewall; and
  
  perform the second subset of services in response to the subset of requests.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The enterprise network system of claim 18, the edge server including a first edge server, the application server including a first application server, the system further comprising:
    - a plurality of additional edge servers deployed in the first tier and configured as the first edge server; and
      
      a plurality of additional application servers deployed in the second tier and configured as the application server.
  - 20. The enterprise network system of claim 18, wherein the edge server and the application server store one or more configuration files that declaratively partition server application functionality between the edge server and the application server.
  - 21. The enterprise network system of claim 18, wherein the edge server is adapted to function as a reverse proxy to the application server.
  - 22. The enterprise network system of claim 18, further comprising a plurality of client devices each running a client application that generates requests for services of the server application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Hodgson, Seth, Atamel, Mete
Primary Examiner(s)
Lipman, Jacob

Application Number

US12/537,921
Time in Patent Office

1,432 Days
Field of Search

726/11
US Class Current

726/11
CPC Class Codes

H04L 63/02 for separating internal fro...

Hosting a server application on multiple network tiers

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Hosting a server application on multiple network tiers

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links