Securing applications on public facing systems
First Claim
1. A computer-implemented method of providing secured access to an intranet application via an external network, the computer-implemented method comprising:
- configuring a dummy interface on a virtual machine (VM) instance being hosted in a computing cloud and including virtualized hardware, the VM instance having an external interface accessible via the external network, wherein the intranet application executes on the VM instance, wherein the dummy interface is assigned a network address that is inaccessible from the external interface, wherein the dummy interface provides an interface for a virtual network that exists only on the VM instance;
binding the intranet application to the dummy interface and by operation of one or more computer processors; and
establishing, over the external network, a virtual private network (VPN) connection between a VPN server on the VM instance and a VPN client executing on a remote computing system, wherein a VPN interface on the VPN client is assigned a network address that is routable to the dummy interface, whereafter a client application, executing on the VPN client, forwards packets to the intranet application bound to the dummy interface over the VPN connection.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are disclosed for configuring a virtual machine instance accessed over a publically routable network address to host intranet applications. A virtual (or “dummy”) interface on the virtual machine instance is assigned an IP address that is inaccessible from the public interface. An application executed on the virtual machine instance is bound to a port on the network address assigned to this dummy interface. A virtual private network server assigns client'"'"'s IP addresses that can be routed to the dummy interface. When a client computing system connects to the VPN server over the virtual machine instance'"'"'s public interface, the client forwards traffic destined for the dummy interface'"'"'s inaccessible network over the VPN connection.
-
Citations
25 Claims
-
1. A computer-implemented method of providing secured access to an intranet application via an external network, the computer-implemented method comprising:
-
configuring a dummy interface on a virtual machine (VM) instance being hosted in a computing cloud and including virtualized hardware, the VM instance having an external interface accessible via the external network, wherein the intranet application executes on the VM instance, wherein the dummy interface is assigned a network address that is inaccessible from the external interface, wherein the dummy interface provides an interface for a virtual network that exists only on the VM instance; binding the intranet application to the dummy interface and by operation of one or more computer processors; and establishing, over the external network, a virtual private network (VPN) connection between a VPN server on the VM instance and a VPN client executing on a remote computing system, wherein a VPN interface on the VPN client is assigned a network address that is routable to the dummy interface, whereafter a client application, executing on the VPN client, forwards packets to the intranet application bound to the dummy interface over the VPN connection. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system to provide secured access to an intranet application via an external network, the system comprising:
-
one or more computer processors; and a memory storing a hypervisor configured to execute a virtual machine (VM) instance by operation of the one or more computer processors to perform an operation, the VM instance being hosted in a computing cloud and including virtualized hardware, the operation comprising; configuring a dummy interface on the VM instance, the VM instance having an external interface accessible via the external network, wherein the intranet application executes on the VM instance, wherein the dummy interface is assigned a network address that is inaccessible from the external interface, wherein the dummy interface creates an interface for a virtual network that exists only on the VM instance, binding the intranet application to the dummy interface, and establishing, over the external network, a virtual private network (VPN) connection between a VPN server on the VM instance and a VPN client executing on a remote computing system, wherein a VPN interface on the VPN client is assigned a network address that is routable to the dummy interface, whereafter a client application, executing on the VPN client, forwards packets to the intranet application bound to the dummy interface over the VPN connection. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
9. A non-transitory computer-readable medium containing a program executable to perform an operation for providing secured access to an intranet application via an external network, the operation comprising:
-
configuring a dummy interface on a virtual machine (VM) instance being hosted in a computing cloud and including virtualized hardware, the VM instance having an external interface accessible via the external network, wherein the intranet application executes on the VM instance, wherein the dummy interface is assigned a network address that is inaccessible from the external interface, wherein the dummy interface provides an interface for a virtual network that exists only on the VM instance; binding the intranet application to the dummy interface and by operation of one or more computer processors; and establishing, over the external network, a virtual private network (VPN) connection between a VPN server on the VM instance and a VPN client executing on a remote computing system, wherein a VPN interface on the VPN client is assigned a network address that is routable to the dummy interface, whereafter a client application, executing on the VPN client, forwards packets to the intranet application bound to the dummy interface over the VPN connection. - View Dependent Claims (10, 11, 12, 13, 14)
-
Specification