METHOD AND SYSTEM FOR PROVIDING REMOTE ACCESS TO RESOURCES IN A SECURE DATA CENTER OVER A NETWORK

US 20080301794A1
Filed: 05/31/2007
Published: 12/04/2008
Est. Priority Date: 05/31/2007
Status: Active Grant

First Claim

Patent Images

1. A method for providing remote access to resources in a secure data center protected by at least one firewall, the method comprising:

sending by an internal server within the secure data center a request to an external server outside of the secure data center through the at least one firewall protecting the secure data center and at least one of a public network, a private network, and a second firewall, the request for establishing a secure data transport channel between the internal server and the external server;

receiving by the internal server a reply to the request from the external server, the reply granting the request and confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the internal server and the external server over at least one of the public network, the private network, and the second firewall and through the at least one firewall protecting the secure data center;

receiving by the internal server a first message from the external server via the established secure data transport channel, the first message including an instruction to create a first data access point associated with a first session;

in response to receiving the first message, instantiating the first data access point for the first session; and

sending from the first data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, computer products, and systems are described for providing remote access to resources in a secure data center protected by at least one firewall. One method includes sending by an internal server within the secure data center a request to an external server outside of the secure data center to establish a secure data transport channel between the internal server and the external server. The request travels through at least one firewall protecting the secure data center and over a public network, a private network, and/or a second firewall. The internal server receives a reply to the request from the external server granting the request and confirming the establishment of the secure data transport channel. When a first message from the external server instructing the internal server to create a first data access point associated with a first session is received via the established secure data transport channel, the internal server instantiates the first data access point for the first session and visual data corresponding to the resources in the secure data center is sent from the first data access point to the external server via the secure data transport channel. The visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center.

109 Citations

View as Search Results

25 Claims

1. A method for providing remote access to resources in a secure data center protected by at least one firewall, the method comprising:
- sending by an internal server within the secure data center a request to an external server outside of the secure data center through the at least one firewall protecting the secure data center and at least one of a public network, a private network, and a second firewall, the request for establishing a secure data transport channel between the internal server and the external server;
  
  receiving by the internal server a reply to the request from the external server, the reply granting the request and confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the internal server and the external server over at least one of the public network, the private network, and the second firewall and through the at least one firewall protecting the secure data center;
  
  receiving by the internal server a first message from the external server via the established secure data transport channel, the first message including an instruction to create a first data access point associated with a first session;
  
  in response to receiving the first message, instantiating the first data access point for the first session; and
  
  sending from the first data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further including:
    - receiving by the internal server a second message from the external server via the established secure data transport channel, the second message including a control command from the first client and associated with the first session;
      
      routing the control command to the first data access point for the first session;
      
      processing the control command by the first data access point; and
      
      sending from the first data access point visual data corresponding to a result of the processing of the control command to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to the first client.
  - 3. The method of claim 2 wherein processing the control command by the first data access point includes:
    - sending, by the first data access point, an instruction based on the control command to at least one resource identified in the second message via a secure internal network, wherein the secure internal network supports internal TCP/IP network traffic between the first data access point and the resources; and
      
      receiving, from the at least one identified resource, the result of the processing of the instruction via the secure internal network, wherein all internal TCP/IP network traffic received by the first data access point from the at least one identified resource terminates at the first data access point.
  - 4. The method of claim 2 wherein the control command includes one or more mouse actions and wherein the method further includes:
    - at least one of recording the control command in a command log and recording the visual data corresponding to the result of the processing of the control command in a result log; and
      
      storing at least one of the command log and the result log for auditing purposes.
  - 5. The method of claim 1 wherein prior to transmitting the request to establish the secure data transport channel, the method further includes:
    - identifying and locating the external server, wherein the external server is associated with the internal server.
  - 6. The method of claim 1 further including:
    - receiving by the internal server a second message from the external server via the established secure data transport channel, the second message including an instruction to create a second data access point associated with a second session;
      
      in response to receiving the second message, instantiating the second data access point for the second session; and
      
      transmitting from the second data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to a second client associated with the second session so that the second client is provided visual access to the resources in the secure data center.
  - 7. The method of claim 1 wherein instantiating the first data access point for the first session includes:
    - determining which resources a first client associated with the first session is authorized to access; and
      
      transmitting visual data corresponding to authorized resources in the secure data center to the external server via the secure data transport channel, wherein the resources include enterprise computer systems, applications, data bases, and network equipment.

8. A method for providing remote access to resources in at least one secure data center protected by at least one firewall, the method comprising:
- receiving by an external server over one of a public network and a private network a first request from a first internal server within a first secure data center, the first request including a request to establish a secure data transport channel between the first internal server and the external server;
  
  sending by the external server a reply to the first request, the reply confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the first internal server and the external server over one of the public and private network and through at least one firewall protecting the first secure data center;
  
  receiving by the external server a first message from a first client, the first message including a session request to establish a first session for accessing resources in the first secure data center;
  
  creating the first session and sending to the first internal server via the established secure data transport channel an instruction directing the first internal server to create a first data access point for the first session;
  
  receiving by the external server visual data associated with the first session and corresponding to the resources in the first secure data center via the secure data transport channel; and
  
  sending the visual data associated with the first session to the first client so that the first client is provided visual access to the resources in the first secure data center while the resources remain protected within the first secure data center.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8 wherein prior to creating the first session, the method further includes authenticating the first client and determining that the first client is authorized to access resources in the first secure data center based on a security policy of the first secure data center.
  - 10. The method of claim 8 further including:
    - receiving by the external server a second message from the first client, the second message including a control command associated with the first session;
      
      sending the control command to the first internal server via the secure data transport channel;
      
      receiving by the external server visual data associated with the first session and corresponding to a result of a processing of the control command via the secure data transport channel; and
      
      sending the visual data associated with the first session to the first client so that the result of the processing of the command control is displayed to the first client.
  - 11. The method of claim 8 further including:
    - receiving by the external server a second message from a second client, the second message including a session request to establish a second session for accessing resources in the first secure data center;
      
      creating the second session and sending an instruction to the first internal server via the established secure data transport channel directing the first internal server to create a second data access point for the second session;
      
      receiving by the external server visual data associated with the second session and corresponding to the resources in the first secure data center via the secure data transport channel; and
      
      sending the visual data associated with the second session to the second client so that the second client is provided visual access to the resources in the first secure data center while the resources remain protected within the first secure data center.
  - 12. The method of claim 8 further including:
    - receiving by the external server one of a second message from a second client, the second message including a request to join the first session for accessing resources in the first secure data center, and a third message from the first client, the third message including an invitation of the second client to join the first session for accessing resources in the first secure data center;
      
      associating the second client with the first session pursuant to one of the second message and the third message; and
      
      sending the visual data associated with the first session to the first client and to the second client so that the first client and the second client are provided visual access to the resources in the first secure data center.
  - 13. The method of claim 8 further including:
    - receiving by the external server a second request from a second internal server within one of the first secure data center and a second secure data center, the second request including a request to establish a second secure data transport channel between the second internal server and the external server; and
      
      sending by the external server a reply to the second request, the reply confirming the establishment of the second secure data transport channel, wherein the second secure data transport channel communicatively connects the second internal server and the external server over one of the public network and private network and through at least one firewall protecting one of the first secure data center and the second secure data center.
  - 14. The method of claim 8 wherein the external server is a first external server and the first external server, the first secure data center, and the first client are associated with a first enterprise.
  - 15. The method of claim 14 further including:
    - receiving by the first external server a second message from a second client via a second external server on the public network, the second message including a session request to establish a second session for accessing resources in the first secure data center, wherein the second client and the second external server are associated with a second enterprise and the second enterprise has a relationship with the first enterprise;
      
      creating the second session and sending an instruction to the first internal server via the established secure data transport channel directing the first internal server to create a second data access point for the second session;
      
      receiving by the first external server visual data associated with the second session and corresponding to the resources in the first secure data center via the secure data transport channel; and
      
      sending the visual data associated with the second session to the second external server, wherein the visual data is received by the second external server and sent to the second client so that the second client is provided visual access to the resources in the first secure data center while the resources remain protected within the first secure data center.

16. A method for providing access to resources in a secure data center protected by at least one firewall during a collaboration session between at least two clients, wherein at least one of the at least two clients is authorized to access the resources in the secure data center, the method comprising:
- establishing a secure data transport channel that communicatively connects an internal access server within the secure data center and a first collaboration server outside of the secure data center over one of a public and a private network and through at least one firewall protecting the first secure data center;
  
  receiving by the first collaboration server a message for a first client associated with the first collaboration server, the message sent from a second collaboration server and including an invitation for the first client to engage in a collaboration session with a second client associated with the second collaboration server, wherein the first and second collaboration servers are associated with first and second enterprises, respectively;
  
  establishing an interactive collaboration session between the first and second clients using at least one of the first and second collaboration servers;
  
  receiving by the first collaboration server a request from the first client to establish a session to access the resources in the secure data center, wherein the first client is authorized to access the resources;
  
  creating the session and sending to the internal access server via the established secure data transport channel an instruction directing the internal access server to create a data access point for the session;
  
  receiving by the first collaboration server visual data associated with the session and corresponding to the resources in the secure data center via the secure data transport channel; and
  
  sending the visual data associated with the session to the first client so that the visual data can be displayed by the first client and shared with the second client via the interactive collaboration session, wherein the first and second clients are provided visual access to the resources in the secure data center while the resources remain protected within the first secure data center.

17. A computer readable medium containing a computer program, executable by a machine, for providing remote access to resources in a secure data center protected by at least one firewall, the computer program comprising executable instructions for:
- sending by an internal server within the secure data center a request to an external server outside of the secure data center through the at least one firewall protecting the secure data center and at least one of a public network, a private network, and a second firewall, the request for establishing a secure data transport channel between the internal server and the external server;
  
  receiving by the internal server a reply to the request from the external server, the reply granting the request and confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the internal server and the external server over at least one of the public network, the private network, and the second firewall and through the at least one firewall protecting the secure data center;
  
  receiving by the internal server a first message from the external server via the established secure data transport channel, the first message including an instruction to create a first data access point associated with a first session;
  
  instantiating the first data access point for the first session in response to receiving the first message; and
  
  sending from the first data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center.
- View Dependent Claims (18, 19, 20)
- - 18. The computer readable medium of claim 17 further including instructions for:
    - receiving by the internal server a second message from the external server via the established secure data transport channel, the second message including a control command from the first client and associated with the first session;
      
      routing the control command to the first data access point for the first session;
      
      processing the control command by the first data access point; and
      
      sending from the first data access point visual data corresponding to a result of the processing of the control command to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to the first client.
  - 19. The computer readable medium of claim 18 wherein the instructions for processing the control command by the first data access point include:
    - sending, by the first data access point, an instruction based on the control command to at least one resource identified in the second message via a secure internal network, wherein the secure internal network supports internal TCP/IP network traffic between the first data access point and the resources; and
      
      receiving, from the at least one identified resource, the result of the processing of the instruction via the secure internal network, wherein all internal TCP/IP network traffic received by the first data access point from the at least one identified resource terminates at the first data access point.
  - 20. The computer readable medium of claim 18 wherein the control command includes one or more mouse actions and the computer program includes further instructions for at least one of recording the control command in a command log and recording the visual data corresponding to the result of the processing of the control command in a result log, and storing at least one of the command log and the result log for auditing purposes.

21. A computer readable medium containing a computer program, executable by a machine, for providing remote access to resources in a secure data center protected by at least one firewall, the computer program comprising executable instructions for:
- receiving by an external server over one of a public network and a private network a first request from a first internal server within a first secure data center, the first request including a request to establish a secure data transport channel between the first internal server and the external server;
  
  sending by the external server a reply to the first request, the reply confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the first internal server and the external server over one of the public and private network and through at least one firewall protecting the first secure data center;
  
  receiving by the external server a first message from a first client, the first message including a session request to establish a first session for accessing resources in the first secure data center;
  
  creating the first session and sending to the first internal server via the established secure data transport channel an instruction directing the first internal server to create a first data access point for the first session;
  
  receiving by the external server visual data associated with the first session and corresponding to the resources in the first secure data center via the secure data transport channel; and
  
  sending the visual data associated with the first session to the first client so that the first client is provided visual access to the resources in the first secure data center while the resources remain protected within the first secure data center.
- View Dependent Claims (22)
- - 22. The computer readable medium of claim 21 further including instructions for:
    - receiving by the external server a second message from the first client, the second message including a control command associated with the first session;
      
      sending the control command to the first internal server via the secure data transport channel;
      
      receiving by the external server visual data associated with the first session and corresponding to a result of a processing of the control command via the secure data transport channel; and
      
      sending the visual data associated with the first session to the first client so that the result of the processing of the command control is displayed to the first client.

23. A computer readable medium containing a computer program, executable by a machine, for providing access to resources in a secure data center protected by at least one firewall during a collaboration session between at least two clients, wherein at least one of the at least two clients is authorized to access the resources in the secure data center, the computer program comprising executable instructions for:
- establishing a secure data transport channel that communicatively connects an internal access server within the secure data center and a first collaboration server outside of the secure data center over one of a public and a private network and through at least one firewall protecting the first secure data center;
  
  receiving by the first collaboration server a message for a first client associated with the first collaboration server, the message sent from a second collaboration server and including an invitation for the first client to engage in a collaboration session with a second client associated with the second collaboration server, wherein the first and second collaboration servers are associated with first and second enterprises, respectively;
  
  establishing an interactive collaboration session between the first and second clients using at least one of the first and second collaboration servers;
  
  receiving by the first collaboration server a request from the first client to establish a session to access the resources in the secure data center, wherein the first client is authorized to access the resources;
  
  creating the session and sending to the internal access server via the established secure data transport channel an instruction directing the internal access server to create a data access point for the session;
  
  receiving by the first collaboration server visual data associated with the session and corresponding to the resources in the secure data center via the secure data transport channel; and
  
  sending the visual data associated with the session to the first client so that the visual data can be displayed by the first client and shared with the second client via the interactive collaboration session, wherein the first and second clients are provided visual access to the resources in the secure data center while the resources remain protected within the first secure data center.

24. A system for providing remote access to resources in a secure data center protected by at least one firewall, the system comprisingan internal server within the secure data center communicatively connected to a plurality of resources via a secure internal network;
- andan external server outside of the secure data center accessible by a remote client over one of a public network and a private network,wherein the internal server is configured for sending a request to the external server through the at least one firewall protecting the secure data center and at least one of a public network, a private network, and a second firewall, the request for establishing a secure data transport channel between the internal server and the external server, for receiving a reply to the request from the external server, the reply granting the request and confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the internal server and the external server over at least one of the public network, the private network, and the second firewall and through the at least one firewall protecting the secure data center, for receiving a first message from the external server via the established secure data transport channel, the first message including an instruction to create a first data access point for a first session, for instantiating the first data access point for the first session in response to receiving the first message, and for sending from the first data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, andwherein the external server is configured for receiving the request for establishing the secure data transport channel, for sending the reply confirming the establishment of the secure data transport channel, for receiving a message from the first client, the message including a session request to establish a first session for accessing resources in the secure data center, for creating the first session and sending to the internal server via the established secure data transport channel the instruction directing the internal server to create the first data access point for the first session, for receiving the visual data associated with the first session and corresponding to the resources in the secure data center via the secure data transport channel, and for sending the visual data associated with the first session to the first client so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center.
- View Dependent Claims (25)
- - 25. The system of claim 24 wherein the external server is further configured to communicate with at least one other external server over a public network and through at least one firewall and to establish an interactive collaboration session between a first client associated with the external server and a second client associated with one of the external server and the at least one other external server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imera Systems Incorporated
Original Assignee
Imera Systems Incorporated
Inventors
LEE, JAUSHIN

Granted Patent

US 8,141,143 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/102   Entity profiles

METHOD AND SYSTEM FOR PROVIDING REMOTE ACCESS TO RESOURCES IN A SECURE DATA CENTER OVER A NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

109 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PROVIDING REMOTE ACCESS TO RESOURCES IN A SECURE DATA CENTER OVER A NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links