Apparatus, systems and methods for secure and selective access to services in hybrid public-private infrastructures
First Claim
Patent Images
1. A processor-implemented method comprising:
- establishing at least one secure tunnel between a first proxy, wherein the first proxy is identified by a first network address and a first port number on a private infrastructure, and a second proxy associated with a distributed computing application executing on a public cloud infrastructure, wherein the second proxy is identified by a second network address and a second port number;
limiting access requests received from the distributed application to at least one selected application service from a plurality of application services available on the private infrastructure, wherein the access requests are initiated using the second network address and second port number, wherein limiting access comprises;
receiving by the first proxy, the access requests from the distributed computing application, wherein the distributed computing application is configured with access information comprising the second network address and the second port number to access the at least one selected application service through the second proxy over the secure tunnel upon verification that the distributed computing application is authorized to access the second network address and second port number, the access requests comprising the first network address and first port number, whereinthe first proxy determines if the access requests are for the at least one selected application service and limits the forwarding of access requests to those access requests specifically directed to the at least one selected service by disabling forwarding of access requests not directed to the at least one selected application service.
4 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of apparatus, systems and methods facilitate deployment of distributed computing applications on hybrid public-private infrastructures by facilitating secure access to selected services running on private infrastructures by distributed computing applications running on public cloud infrastructures. In some embodiments, a secure tunnel may be established between proxy processes on the public and private infrastructures and communication between the distributed computing application and the selected services may occur through the proxy processes over the secure tunnel.
52 Citations
16 Claims
-
1. A processor-implemented method comprising:
-
establishing at least one secure tunnel between a first proxy, wherein the first proxy is identified by a first network address and a first port number on a private infrastructure, and a second proxy associated with a distributed computing application executing on a public cloud infrastructure, wherein the second proxy is identified by a second network address and a second port number; limiting access requests received from the distributed application to at least one selected application service from a plurality of application services available on the private infrastructure, wherein the access requests are initiated using the second network address and second port number, wherein limiting access comprises; receiving by the first proxy, the access requests from the distributed computing application, wherein the distributed computing application is configured with access information comprising the second network address and the second port number to access the at least one selected application service through the second proxy over the secure tunnel upon verification that the distributed computing application is authorized to access the second network address and second port number, the access requests comprising the first network address and first port number, wherein the first proxy determines if the access requests are for the at least one selected application service and limits the forwarding of access requests to those access requests specifically directed to the at least one selected service by disabling forwarding of access requests not directed to the at least one selected application service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a private infrastructure comprising a processor and memory, the private infrastructure capable of hosting at least one selected application service of a plurality of application services available on the first infrastructure; a first proxy accessible over a public network, the first proxy being identified by a first network address and a first port number on a private infrastructure; a secure tunnel between the first proxy and a second proxy associated with a distributed computing application executing on a public cloud infrastructure, wherein the second proxy is identified by a second network address and a second port number;
wherein;the first proxy receives access requests comprising the first network address and first port number over the secure tunnel from a distributed computing application, wherein the distributed computing application is configured with access information comprising the second network address and the second port number to access at least one selected application service upon verification that the distributed computing application is authorized to access the second network address and second port number, and the first proxy determines if the access requests are for the at least one selected application service and limits the forwarding of access requests to those directed to the at least one selected application service by disabling forwarding of access requests not directed to the at least one selected application service. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium comprising instructions, which when executed by a computer perform steps in a method , the computer implemented steps comprising:
-
establishing at least one secure tunnel between a first proxy, wherein the first proxy is identified by a first network address and a first port number on a private infrastructure, and a second proxy associated with a distributed computing application executing on a public cloud infrastructure wherein the second proxy is identified by a second network address and a second port number; limiting access requests by the distributed computing application to at least one selected application service from a plurality of services available on the private infrastructure, wherein the access requests are initiated using the second network address and the second port number, wherein limiting access further comprises; receiving by the first proxy, the access requests from the distributed computing application, wherein the distributed computing application is configured with access information comprising the second network address and the second port number to access the at least one selected application service through the second proxy over the secure tunnel upon verification that the distributed computing application is authorized to access the second network address and second port number, the access requests comprising the first network address and the first port number, and wherein the first proxy determines if the access requests are for the at least one selected application service and limits the forwarding of access requests specifically to the to those access requests directed to the at least one selected one application service by disabling forwarding of access requests not directed to the at least one selected application service. - View Dependent Claims (16)
-
Specification