Method and system for providing remote access to resources in a secure data center over a network
First Claim
1. A method for providing remote access to resources in a secure data center protected by at least one firewall, the method comprising:
- sending by an internal server within the secure data center a request to an external server outside of the secure data center through the at least one firewall protecting the secure data center and at least one of a public network, a private network, and a second firewall, the request for establishing a secure data transport channel between the internal server and the external server;
receiving by the internal server a reply to the request from the external server, the reply granting the request and confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the internal server and the external server over at least one of the public network, the private network, and the second firewall and through the at least one firewall protecting the secure data center;
receiving by the internal server a first message from the external server via the established secure data transport channel, the first message including an instruction to create a first data access point associated with a first session;
in response to receiving the first message, instantiating the first data access point for the first session;
sending from the first data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center;
receiving by the internal server a second message from the external server via the established secure data transport channel, the second message including a control command from the first client and associated with the first session, wherein the control command includes one or more mouse actions;
routing the control command to the first data access point for the first session;
processing the control command by the first data access point;
sending from the first data access point visual data corresponding to a result of the processing of the control command to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to the first client;
at least one of recording the control command in a command log and recording the visual data corresponding to the result of the processing of the control command in a result log; and
storing at least one of the command log and the result log for auditing purposes.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, computer products, and systems are described for providing remote access to resources in a secure data center protected by at least one firewall. One method includes sending by an internal server within the secure data center a request to an external server outside of the secure data center to establish a secure data transport channel between the internal server and the external server. The request travels through at least one firewall protecting the secure data center and over a public network, a private network, and/or a second firewall. The internal server receives a reply to the request from the external server granting the request and confirming the establishment of the secure data transport channel. When a first message from the external server instructing the internal server to create a first data access point associated with a first session is received via the established secure data transport channel, the internal server instantiates the first data access point for the first session and visual data corresponding to the resources in the secure data center is sent from the first data access point to the external server via the secure data transport channel. The visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center.
59 Citations
7 Claims
-
1. A method for providing remote access to resources in a secure data center protected by at least one firewall, the method comprising:
-
sending by an internal server within the secure data center a request to an external server outside of the secure data center through the at least one firewall protecting the secure data center and at least one of a public network, a private network, and a second firewall, the request for establishing a secure data transport channel between the internal server and the external server; receiving by the internal server a reply to the request from the external server, the reply granting the request and confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the internal server and the external server over at least one of the public network, the private network, and the second firewall and through the at least one firewall protecting the secure data center; receiving by the internal server a first message from the external server via the established secure data transport channel, the first message including an instruction to create a first data access point associated with a first session; in response to receiving the first message, instantiating the first data access point for the first session; sending from the first data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center; receiving by the internal server a second message from the external server via the established secure data transport channel, the second message including a control command from the first client and associated with the first session, wherein the control command includes one or more mouse actions; routing the control command to the first data access point for the first session; processing the control command by the first data access point; sending from the first data access point visual data corresponding to a result of the processing of the control command to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to the first client; at least one of recording the control command in a command log and recording the visual data corresponding to the result of the processing of the control command in a result log; and storing at least one of the command log and the result log for auditing purposes. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer readable medium containing a computer program, executable by a machine, for providing remote access to resources in a secure data center protected by at least one firewall, the computer program comprising executable instructions for:
-
sending by an internal server within the secure data center a request to an external server outside of the secure data center through the at least one firewall protecting the secure data center and at least one of a public network, a private network, and a second firewall, the request for establishing a secure data transport channel between the internal server and the external server; receiving by the internal server a reply to the request from the external server, the reply granting the request and confirming the establishment of the secure data transport channel, wherein the secure data transport channel communicatively connects the internal server and the external server over at least one of the public network, the private network, and the second firewall and through the at least one firewall protecting the secure data center; receiving by the internal server a first message from the external server via the established secure data transport channel, the first message including an instruction to create a first data access point associated with a first session; instantiating the first data access point for the first session in response to receiving the first message; sending from the first data access point visual data corresponding to the resources in the secure data center to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to a first client associated with the first session so that the first client is provided visual access to the resources in the secure data center while the resources remain protected within the secure data center; receiving by the internal server a second message from the external server via the established secure data transport channel, the second message including a control command from the first client and associated with the first session, wherein the control command includes one or more mouse actions; routing the control command to the first data access point for the first session; processing the control command by the first data access point; sending from the first data access point visual data corresponding to a result of the processing of the control command to the external server via the secure data transport channel, wherein the visual data is received by the external server and then sent to the first client; at least one of recording the control command in a command log and recording the visual data corresponding to the result of the processing of the control command in a result log; and storing at least one of the command log and the result log for auditing purposes. - View Dependent Claims (7)
-
Specification