Who is the assignee on this patent?

Fork Michael J, Gloe Christopher T, Paterson Kevin G, and 1 more

What technology area does this patent fall under?

Primary CPC classification H04L61/2592. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Aug 29 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Securing applications on public facing systems

US9749291B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9749291-B2
Application number	US-201113183884-A
Country	US
Kind code	B2
Filing date	Jul 15, 2011
Priority date	Jul 15, 2011
Publication date	Aug 29, 2017
Grant date	Aug 29, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Techniques are disclosed for configuring a virtual machine instance accessed over a publically routable network address to host intranet applications. A virtual (or “dummy”) interface on the virtual machine instance is assigned an IP address that is inaccessible from the public interface. An application executed on the virtual machine instance is bound to a port on the network address assigned to this dummy interface. A virtual private network server assigns client's IP addresses that can be routed to the dummy interface. When a client computing system connects to the VPN server over the virtual machine instance's public interface, the client forwards traffic destined for the dummy interface's inaccessible network over the VPN connection.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method of providing secured access to an intranet application via an external network, the computer-implemented method comprising: configuring a dummy interface on a virtual machine (VM) instance being hosted in a computing cloud and including virtualized hardware, the VM instance having an external interface accessible via the external network, wherein the intranet application executes on the VM instance, wherein the dummy interface is assigned a network address that is inaccessible from the external interface, wherein the dummy interface provides an interface for a virtual network that exists only on the VM instance; binding the intranet application to the dummy interface and by operation of one or more computer processors; and establishing, over the external network, a virtual private network (VPN) connection between a VPN server on the VM instance and a VPN client executing on a remote computing system, wherein a VPN interface on the VPN client is assigned a network address that is routable to the dummy interface, whereafter a client application, executing on the VPN client, forwards packets to the intranet application bound to the dummy interface over the VPN connection. 2. The computer-implemented method of claim 1 , wherein the VPN server is accessed using a public network address assigned to a virtual network interface on the VM instance. 3. The computer-implemented method of claim 2 , wherein the VPN connection encrypts network packets forwarded over a public network address of the remote computing system to the public network address of the VM instance. 4. The computer-implemented method of claim 1 , wherein the VPN server is configured to authenticate a request to establish the VPN connection. 5. The computer-implemented method of claim 1 , wherein the remote computing system is a VPN gateway. 6. The computer-implemented method of claim 5 , wherein the VPN gateway is part of a private network subnet, wherein network packets addressed to the dummy interface on the VM instance are routed to the VPN gateway. 7. The computer-implemented method of claim 1 , further comprising: metering use of the VM instance associated with a request; and generating an invoice based on the metered use. 8. A system to provide secured access to an intranet application via an external network, the system comprising: one or more computer processors; and a memory storing a hypervisor configured to execute a virtual machine (VM) instance by operation of the one or more computer processors to perform an operation, the VM instance being hosted in a computing cloud and including virtualized hardware, the operation comprising: configuring a dummy interface on the VM instance, the VM instance having an external interface accessible via the external network, wherein the intranet application executes on the VM instance, wherein the dummy interface is assigned a network address that is inaccessible from the external interface, wherein the dummy interface creates an interface for a virtual network that exists only on the VM instance, binding the intranet application to the dummy interface, and establishing, over the external network, a virtual private network (VPN) connection between a VPN server on the VM instance and a VPN client executing on a remote computing system, wherein a VPN interface on the VPN client is assigned a network address that is routable to the dummy interface, whereafter a client application, executing on the VPN client, forwards packets to the intranet application bound to the dummy interface over the VPN connection. 9. A non-transitory computer-readable medium containing a program executable to perform an operation for providing secured access to an intranet application via an external network, the operation comprising: configuring a dummy interface on a virtual machine (VM) instance being hosted in a computing cloud and including virtualized hardware, the VM instance having an external interface accessible via the external network, wherein the intranet application executes on the VM instance, wherein the dummy interface is assigned a network address that is inaccessible from the external interface, wherein the dummy interface provides an interface for a virtual network that exists only on the VM instance; binding the intranet application to the dummy interface and by operation of one or more computer processors; and establishing, over the external network, a virtual private network (VPN) connection between a VPN server on the VM instance and a VPN client executing on a remote computing system, wherein a VPN interface on the VPN client is assigned a network address that is routable to the dummy interface, whereafter a client application, executing on the VPN client, forwards packets to the intranet application bound to the dummy interface over the VPN connection. 10. The non-transitory computer-readable medium of claim 9 , wherein the VPN server is accessed using a public network address assigned to a virtual network interface on the VM instance. 11. The non-transitory computer-readable medium of claim 9 , wherein the VPN connection encrypts network packets forwarded over a public network address of the remote computing system to the public network address of the VM instance. 12. The non-transitory computer-readable medium of claim 9 , wherein the VPN server is configured to authenticate a request to establish the VPN connection. 13. The non-transitory computer-readable medium of claim 9 , wherein the remote computing system is a VPN gateway. 14. The non-transitory computer-readable medium of claim 13 , wherein the VPN gateway is part of a private network subnet, wherein network packets addressed to the dummy interface on the VM instance are routed to the VPN gateway. 15. The system of claim 8 , wherein the system is of providing secured access to the intranet application via the external network and without requiring modification to the intranet application, wherein the network address assigned to the dummy interface is inaccessible from the external network, wherein the dummy interface comprises a virtual network interface. 16. The system of claim 8 , wherein the VPN server is accessed using a public network address assigned to a virtual network interface on the VM instance. 17. The system of claim 16 , wherein the VPN connection encrypts network packets forwarded over a public network address of the remote computing system to the public network address of the VM instance. 18. The system of claim 8 , wherein the VPN server is configured to authenticate a request to establish the VPN connection. 19. The system of claim 8 , wherein the remote computing system is a VPN gateway. 20. The system of claim 19 , wherein the VPN gateway is part of a private network subnet, wherein network packets addressed to the dummy interface on the VM instance are routed to the VPN gateway. 21. The system of claim 8 , the intranet application and the client application are distinct applications, wherein the intranet application was designed to be accessed from the intranet, wherein the intranet application was not designed to be accessed over the external network, wherein the operation further comprises: enforcing a predefined security policy, by at least one of the VPN server and the VPN client, in order to provide secured access to the intranet application via the external network and without requiring modification to the intranet application. 22.

Assignees

Inventors

Classifications

H04L67/10
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
G06F9/45558
Hypervisor-specific management and integration aspects · CPC title
H04L61/2578
without involvement of the NAT server · CPC title
H04L61/2592Primary
using tunnelling or encapsulation · CPC title
H04L63/0272
Virtual private networks · CPC title

Patent family

Related publications grouped by family.

View patent family 47519474

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9749291B2 cover?: Techniques are disclosed for configuring a virtual machine instance accessed over a publically routable network address to host intranet applications. A virtual (or “dummy”) interface on the virtual machine instance is assigned an IP address that is inaccessible from the public interface. An application executed on the virtual machine instance is bound to a port on the network address assigned …
Who is the assignee on this patent?: Fork Michael J, Gloe Christopher T, Paterson Kevin G, and 1 more
What technology area does this patent fall under?: Primary CPC classification H04L61/2592. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Aug 29 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).