Establishing on demand connections to intermediary nodes with advance information for performance improvement

The invention claimed is: 1. A method, comprising: deploying an intermediary node on a network such that the intermediary node is accessible, over the public Internet, to a first node; at the intermediary node: receiving one or more messages from the first node, determining that the first node desires a private service provided by a second node, the second node located in a private network that is separate and distinct from the network in which the intermediary node is deployed, responsive to the determination, sending a signal that instructs an agent in the private network to make an on-demand connection from inside the private network across a boundary of the private network to the intermediary node; establishing the on-demand connection with the agent, and subsequent to establishing the on-demand connection with the agent, relaying application layer data between the first node to the second node through the on-demand connection, and in response to establishing the on-demand connection with the agent, providing the private service to the first node; including, in the signal, information for use by the agent to accelerate a time necessary to begin said providing of the private service; wherein each of the first node, the intermediary node, and the second node comprises, respectively, computer program instructions executing on at least one hardware processor. 2. The method of claim 1 , further comprising: prior to receiving the one or more messages from the first node, selecting the intermediary node from amongst a plurality of intermediary nodes that form an overlay network on the public Internet, and directing the first node to the intermediary node. 3. The method of claim 1 , wherein the agent comprises software running on the second node. 4. The method of claim 1 , further comprising: the intermediary node publishes the signal on a channel to which the agent is subscribed. 5. The method of claim 1 , wherein sending the signal comprises sending the signal to a message broker located outside of the private network, which delivers the one or more messages into the private network via a secure channel. 6. The method of claim 1 , wherein the information for use by the agent to accelerate the time necessary to begin said providing of the private service comprises at least one of: a connection handshake message for the on-demand connection; key material used for securing the on-demand connection; and, an instruction to connect to the second node while establishing the on-demand connection. 7. The method of claim 1 , wherein the information for use by the agent to accelerate the time necessary to begin said providing of the private service comprises at least one of: a request from the first node; and, application layer data. 8. The method of claim 1 , wherein a firewall marks the boundary of the private network, the on-demand connection between the second and the intermediary nodes being established through the firewall. 9. The method of claim 1 , the private network comprising an enterprise network. 10. The method of claim 1 , wherein the signal instructs the agent in the private network to make a plurality of on-demand connections from inside the private network across a boundary of the private network to at least one of (i) the intermediary node and (ii) a plurality of intermediate nodes including the intermediary node. 11. The method of claim 1 , wherein the signal further instructs one or more additional agents in the private network to each make respective on-demand connections from inside the private network across the boundary of the private network to at least one of (i) the intermediary node and (ii) a plurality of intermediary nodes which include the intermediary node. 12. A system comprising circuitry forming at least one processor and memory storing computer program instructions for execution on the at least one processor, the computer program instructions including instructions that upon said execution will cause the system to provide first, intermediary, and second nodes to: run the intermediary node on a network such that the intermediary node is accessible, over the public Internet, to the first node; at the intermediary node: receive one or more messages from the first node, determine that the first node desires a private service provided by the second node, the second node located in a private network that is separate and distinct from the network in which the intermediary node is deployed, responsive to the determination, send a signal that instructs an agent in the private network to make an on-demand connection from inside the private network across a boundary of the private network to the intermediary node; establish the on-demand connection with the agent, and subsequent to establishing the on-demand connection with the agent, relay application layer data between the first node to the second node through the on-demand connection, and in response to establishing the on-demand connection with the agent, providing the private service to the first node; include, in the signal, information for use by the agent to accelerate a time necessary to begin said providing of the private service. 13. The system of claim 12 , the computer program instructions including instructions that upon said execution will cause the system to: prior to receiving the one or more messages from the first node, select the intermediary node from amongst a plurality of intermediary nodes that form an overlay network on the public Internet, and directing the first node to the intermediary node. 14. The system of claim 12 , wherein the agent comprises software running on the second node. 15. The system of claim 12 , the computer program instructions including instructions that upon said execution will cause the system to: have the intermediary node publish the signal on a channel to which the agent is subscribed. 16. The system of claim 12 , wherein sending the signal comprises sending the signal to a message broker located outside of the private network, which delivers the one or more messages into the private network via a secure channel. 17. The system of claim 12 , wherein the information for use by the agent to accelerate the time necessary to begin said providing of the private service comprises at least one of: a connection handshake message for the on-demand connection; key material used for securing the on-demand connection; and, an instruction to connect to the second node while establishing the on-demand connection. 18. The system of claim 12 , wherein the information for use by the agent to accelerate the time necessary to begin said providing of the private service comprises at least one of: a request from the first node; and, application layer data. 19. The system of claim 12 , wherein a firewall marks the boundary of the private network, the on-demand connection between the second and the intermediary nodes being established through the firewall. 20. The system of claim 12 , the private network comprising an enterprise network. 21. The system of claim 12 , wherein the signal instructs the agent in the private network to make a plurality of on-demand connections from inside the private network across a boundary of the private network to at least one of (i) the intermediary node and (ii) a plurality of intermediate nodes including the intermediary node. 22. The system of claim 12 , wherein the signal further instructs one or more addition