Centralized publishing of network resources

US 8,683,062 B2
Filed: 02/28/2008
Issued: 03/25/2014
Est. Priority Date: 02/28/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method, comprising:

maintaining a centralized allow list to control access to applications of a computer network in a computer-readable central database;

receiving an update to the centralized allow list in the computer-readable central database from a terminal server that hosts one or more network applications that are access controlled according to the centralized allow list and remotely executable from a client computing device, the update being uploaded to the terminal server from an administrative tool that communicates with the terminal server;

receiving an access query for access from the client computing device to a particular application that is on the one or more terminal servers at the computer-readable central database, the access query including an alias for a name of the particular application, the alias specifying a communication protocol for accessing the particular application;

evaluating information in the access query against the centralized allow list to ascertain whether access privilege exists for accessing the particular application using the client computing device; and

when the access privilege is affirmative, granting access to the particular application on a specified terminal server at the client computing device, the granting including providing an identity of the specified terminal server from which to access the particular application.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for centralized publishing of network resources within computer networks are described. Publication of and access to the network resources are controlled from a single, centralized location, advantageously improving the uniformity of network administration responsibilities, and overall robustness of the network.

163 Citations

15 Claims

1. A computer implemented method, comprising:
- maintaining a centralized allow list to control access to applications of a computer network in a computer-readable central database;
  
  receiving an update to the centralized allow list in the computer-readable central database from a terminal server that hosts one or more network applications that are access controlled according to the centralized allow list and remotely executable from a client computing device, the update being uploaded to the terminal server from an administrative tool that communicates with the terminal server;
  
  receiving an access query for access from the client computing device to a particular application that is on the one or more terminal servers at the computer-readable central database, the access query including an alias for a name of the particular application, the alias specifying a communication protocol for accessing the particular application;
  
  evaluating information in the access query against the centralized allow list to ascertain whether access privilege exists for accessing the particular application using the client computing device; and
  
  when the access privilege is affirmative, granting access to the particular application on a specified terminal server at the client computing device, the granting including providing an identity of the specified terminal server from which to access the particular application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the maintaining the centralized allow list includes maintaining the centralized allow list in the computer-readable central database that is separate from the one or more terminal servers.
  - 3. The method of claim 1, wherein the receiving the access query includes receiving the access query via a broker that performs a load balancing determination between a plurality of terminal servers.
  - 4. The method of claim 1, wherein the granting access includes performing a load balancing determination between a plurality of terminal servers, and granting access to the particular application on a specified one of the plurality of terminal servers based on the load balancing determination.
  - 5. The method of claim 1, wherein the evaluating information in the access query against the centralized allow list to ascertain whether access privilege exists for the particular application includes checking a data record that specifies an access privilege based on a user-group.
  - 6. The method of claim 1, wherein the granting access further includes providing a communication protocol setting for communicating with the specified terminal server.
  - 7. The method of claim 1, further comprising storing a local access list at each of the one or more terminal servers, each local access list controlling access to the applications solely on a corresponding terminal server.
  - 8. The method of claim 1, wherein the receiving the access query includes receiving the access query via a data server abstraction layer.
  - 9. The method of claim 8, wherein the receiving the access query further includes receiving the access query via a communication protocol layer having a plurality of protocol providers that enable communications using a plurality of communication protocols.
  - 10. The method of claim 1, wherein receiving the access query includes receiving a request to access the particular application via a brokering component that determines which portion of the network is suitable for access to the particular application, the method further comprising identifying available applications to a requester via a communication portal other than the brokering component prior to ascertaining the access privilege.

11. One or more non-transmissible computer-readable storage media containing instructions that, when executed by a computer, perform acts for providing access to network resources in a computer network having a plurality of resource hosts, the acts comprising:
- maintaining an allow list in a centralized database operatively coupled to the plurality of resource hosts, the allow list controlling access to each of the network resources stored on the plurality of resource hosts;
  
  receiving an update to the allow list in the centralized database from a resource host that hosts one or more network applications that are access controlled according to the allow list and remotely executable from a client computing device, the update being uploaded to the resource host from an administrative tool that communicates with the resource host;
  
  receiving an access query for a requester to access a network resource from the client computing device;
  
  determining an access privilege based on the allow list of the centralized database for the requester; and
  
  granting access to the network resource stored on a specified resource host at the client computing device using a communication protocol in response to determining the allow list authorizes access by the requester, the granting access including performing a load balancing determination between the plurality of resource hosts to select the specified resource host and identifying the specified resource host to the requester.
- View Dependent Claims (12, 13)
- - 12. The non-transmissible computer-readable storage media of claim 11, wherein the maintaining the allow list in the centralized database includes maintaining the allow list in the centralized database that is separate from the plurality of resource hosts.
  - 13. The non-transmissible computer-readable storage media of claim 11, wherein the receiving the access query to includes receiving the access query via a brokering component, further comprising identifying available network resources to the requester via a communication portal other than the brokering component.

14. A computer implemented method, comprising:
- providing a list of network applications available on a computer network having a plurality of resource hosts to one or more client computing devices;
  
  maintaining an access record in a computer-readable centralized database server, the computer-readable centralized database server being distinct from the plurality of resource hosts;
  
  receiving an update to the access record from a resource host that provides one or more network applications that are access controlled according to the access record and remotely executable from a client device, the update being uploaded to the resource host from an administrative tool that communicates with the resource host;
  
  receiving an access query from a requester at a client computing device for access to a network application;
  
  determining an access privilege of the requester to access the network application using the access record in the centralized database server;
  
  determining one of the plurality of resource hosts that include the network application as a suitable resource host to launch the network application and a communication protocol setting for accessing the network application, the suitable resource host being selected through a load balancing determination between the plurality of resource hosts; and
  
  granting or denying access to the network application on the suitable resource host based on the access privilege, the granting including providing an identity of the suitable resource host from which to access the network application, and providing the communication protocol setting for communicating with the suitable resource host.
- View Dependent Claims (15)
- - 15. The method of claim 14, wherein the providing the list of network applications includes providing a list of network applications to the requester via a portal that is communicatively coupled between the one or more client computing devices and the computer-readable centralized database server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ben-Shachar, Ido, Erdogan, Ersev Samim, Parsons, John E., London, Kevin Sott
Primary Examiner(s)
KHAJURIA, SHRIPAL K

Application Number

US12/039,732
Publication Number

US 20090222565A1
Time in Patent Office

2,217 Days
Field of Search

709/229
US Class Current

709/229
CPC Class Codes

H04L 63/101 Access control lists [ACL]

Centralized publishing of network resources

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

163 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Centralized publishing of network resources

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

163 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others