Connection leasing for hosted services
First Claim
1. A session host apparatus, comprising:
- a processor controlling operations of the session host apparatus; and
memory storing computer readable instructions that, when executed by the processor, cause the session host apparatus to establish a session with a session client by;
providing, to the session client and based on a resource assignment of a connection broker apparatus, one or more resources hosted by the session host apparatus;
receiving a lease token associated with the session client, wherein the lease token is a self-sustaining package of cryptographically signed connection lease data from which the session host apparatus can determine, regardless of an outage of the connection broker apparatus, whether the session client is authorized to access one or more resources hosted by the session host apparatus, the lease token configured based on one or more resources previously assigned to the session client by the connection broker apparatus;
determining, based on the lease token, one or more resources, hosted by the session host apparatus, that the session client is authorized to access;
sending connection information to the session client based on the one or more determined resources, after determining that the session client is authorized to access the one or more resources hosted by the session host apparatus; and
establishing a session with the session client to provide access to the one or more determined resources.
7 Assignments
0 Petitions
Accused Products
Abstract
Aspects herein describe techniques for brokering hosted resources in a virtual desktop infrastructure (VDI) using connection leases to reduce demand on connection brokers and to allow hosted services to be maintained even in the event of a broker outage. When a client device desires to connect to a hosted resource (e.g., a hosted desktop or a hosted application), the client device may present a lease token to the session host. The lease token is a self-sustaining package of data from which a session host can determine whether the requesting client device is authorized to access one or more resources hosted by that session host. The lease token may be cryptographically signed to ensure its contents have not been altered, and further that the lease token originated from a trusted source. Lease tokens may be stored independently from a connection broker, thereby still being usable if the connection broker goes offline.
21 Citations
20 Claims
-
1. A session host apparatus, comprising:
-
a processor controlling operations of the session host apparatus; and memory storing computer readable instructions that, when executed by the processor, cause the session host apparatus to establish a session with a session client by; providing, to the session client and based on a resource assignment of a connection broker apparatus, one or more resources hosted by the session host apparatus; receiving a lease token associated with the session client, wherein the lease token is a self-sustaining package of cryptographically signed connection lease data from which the session host apparatus can determine, regardless of an outage of the connection broker apparatus, whether the session client is authorized to access one or more resources hosted by the session host apparatus, the lease token configured based on one or more resources previously assigned to the session client by the connection broker apparatus; determining, based on the lease token, one or more resources, hosted by the session host apparatus, that the session client is authorized to access; sending connection information to the session client based on the one or more determined resources, after determining that the session client is authorized to access the one or more resources hosted by the session host apparatus; and establishing a session with the session client to provide access to the one or more determined resources. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A connection broker apparatus, comprising:
-
a processor controlling operations of the connection broker apparatus; and memory storing computer readable instructions that, when executed by the processor, cause the connection broker apparatus to administer a connection lease by; receiving a connection request from a session client; based on the session client, determining; one or more session hosts the session client is authorized to establish a session with, and one or more resources the session client is authorized to access on said one or more session hosts; assigning the one or more determined resources to the session client; generating, based on one or more resources previously assigned to the session client by the connection broker apparatus, a lease token as a self-sustaining package of cryptographically signed connection lease data from which each of the one or more session hosts can determine, regardless of an outage of the connection broker apparatus, whether the session client is authorized to access one or more resources hosted by that session host, the self-sustaining package having a first data field identifying a lease number, a second data field identifying the one or more session hosts, a third data field identifying one or more resources the session client is authorized to access, and a fourth data field identifying the session client; cryptographically signing the lease token to verify that the lease token originated at the connection broker apparatus; and sending the signed lease token to a lease store for storage. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
providing, to a session client and based on a resource assignment of a connection broker apparatus, one or more resources hosted by a session host apparatus; receiving, by the session host apparatus, a lease token associated with the session client, wherein the lease token is a self-sustaining package of cryptographically signed connection lease data from which the session host apparatus can determine, regardless of an outage of the connection broker apparatus, whether the session client is authorized to access one or more resources hosted by the session host apparatus, the lease token configured based on one or more resources previously assigned to the session client by the connection broker apparatus; determining, based on the lease token, one or more resources, hosted by the session host apparatus, that the session client is authorized to access; sending connection information to the session client based on the one or more determined resources, after determining that the session client is authorized to access the one or more resources hosted by the session host apparatus; and establishing a session with the session client to provide access to the one or more determined resources. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification