Many business enterprises typically maintain sensitive digital resources, e.g., computers, confidential information, data, applications, etc., in secure data centers. An internal network of a secure data center is typically protected by at least one high security firewall, and access to the internal network, and to the sensitive resources coupled thereto, is restricted to authorized users and authorized client devices. Such authorized client devices are typically local clients, that is, they are directly coupled to the internal network inside the secure data center. Physical access to the local clients is controlled by physical means, e.g., locked doors and security personnel, and electronic access to the local clients is controlled by security software in the local clients that authenticate and/or authorize any user attempting to access the internal network. External access to the local clients and to the internal network is controlled by the high security firewalls. In a lock-down environment, direct external access is security sensitive and typically not allowed. The access from internal clients to external devices is selectively open.
Many large modern business enterprises have sales offices, business centers, secure data centers, and/or manufacturing sites distributed throughout the country and/or worldwide. In addition, employees of such enterprises are often mobile and not necessarily associated with an office or building controlled by the enterprise. For example, sales and service personnel regularly travel to and from customer sites, and may work from their respective residences. Some of these workers require access to the sensitive resources, and can be authorized to access such resources, but cannot physically access a local client that is connected to the internal network.
In such instances, the worker might be granted access to a virtual private network (VPN), which uses tunneling technology to establish a secure tunnel from the worker's remote client device to a VPN gateway, which is deployed to the edge of the data center and connected to the internal network. The deployment of such a VPN infrastructure is complicated, because the VPN tunnel must travel over a public network, such as the Internet, then traverse through the enterprise intranet, and finally reach the data center of interest. Once a VPN infrastructure is deployed, with access to the VPN, the worker can gain remote access to the internal network and send and receive TCP/IP network traffic. In effect, the worker's client device becomes a local client with full access to the internal network and the sensitive resources connected thereto.
Because traditional tunnel-based VPN technology provides virtually total network connectivity and access by remote users, serious security issues arise. For example, such unfettered access presents a potential risk of exposing proprietary information, weakening intrusion safeguards, or infecting the internal network with outside viruses. Of particular concern is the risk of “information leakage,” which refers to the extraction and misappropriation of confidential data from the secure data center. Moreover, because the traffic traveling within a VPN tunnel is typically unmonitored, an authorized, but malicious, remote user can introduce harmful data to the internal network and/or extract and misappropriate sensitive data without being identified. Accordingly, some enterprises choose to limit VPN access to a particular subset of trusted employees. Other enterprises adopt other VPN solutions based on secure sockets layer (SSL) technology that improve security protection but are limited to a very small set of web based enterprise applications such as email, web pages, Windows folders, and so forth.
Because of the security concerns mentioned above, few organizations give VPN access to users not affiliated with the enterprise, e.g., partners, suppliers, contract workers and/or customers. Nevertheless, in today's climate of joint ventures, multi-enterprise/cross domain collaboration, and remote administration, access to sensitive resources within an enterprise's secure data center by non-enterprise users is essential. Requiring non-affiliated personnel to be physically connected to the internal network via a local client is not feasible when some users are located in another city, state, country or continent.
One approach to addressing this problem involves providing the end user with a view of the resource, thereby restricting the end user's ability to extract and insert data. For example, a presentation server developed by Citrix Systems, Inc., and based on a terminal services tool developed by Microsoft Corporation, allows an end user to use a client device to view, but not receive, the data within the secure data center. The end user can use the client device to submit control commands against the resources via the presentation server, but is not allowed to transmit data or executables stored on the client device. The presentation server returns visual data, e.g., pixel data, which when displayed, shows the result of the control command. The end user's client device effectively becomes a “thin client” with respect to the resources in the secure data center.
While this approach gives the end user access to the resources and protects the resources from misappropriation or corruption, it is not designed to provide access to end users who are not affiliated with the enterprise, across domains and through firewalls. In other words, this approach is an internal network solution and generally available only for users who have direct access to the presentation server, which is typically within the secure data center for security reasons. As stated above, most non-affiliated users and/or remote users will not have direct access to the internal network, let alone to the presentation server. In order to allow non-affiliated users or remote users to utilize this approach, the enterprise must implement additional security measures, which require complicated infrastructure work.
For example, in one known system, shown in FIG. 1, a secure data center 15 includes a portal client 17, a web server 18, and a presentation server 19 behind at least one enterprise firewall 16a, 16b, 16c in a perimeter network or DMZ. The portal client 17 can be a thin client that includes a web browser and an Independent Computing Architecture (ICA) client that allows the portal client 17 to communicate with the presentation server 19 via the web server 18. An internal user (not shown) can access the resources 54 in the secure data center 15 by launching a session on the portal client 17. Remote users/clients 12, however, generally cannot access the portal client 17 over the Internet 11 because the portal client 17 is behind the enterprise's external firewalls 16a. To address this, the remote client 12 is required to establish a VPN tunnel 20 over the Internet 11 to traverse the external firewalls 16a in order to reach the portal client 17.
While this approach is functional, it is not suitable for security-sensitive enterprises for several reasons. First, this approach requires providing VPN access to the remote client 12, which is generally undesirable when the remote client 12 and its user are not affiliated with the enterprise. Moreover, such a VPN based solution raises serious security concerns in many enterprise security practices because it requires opening ports in each firewall to allow access into the secure data center 15. Moreover, such a VPN based solution is relatively complicated to deploy because it requires configuring every remote client 12 and configuring or constraining the VPN gateway to limit the access for each remote client 12. This is not feasible for large enterprises which may have hundreds, if not thousands, of employees and partners around the world. In addition, current enterprise network environments require scalability and flexibility around data centers, and current VPN based solutions cannot provide these features.
Another disadvantage of current VPN based solutions is that the remote access to the secure resources 54 through the VPN gateway, portal client 17, and presentation server 19, typically is not monitored or recorded for auditing purposes. Such monitoring and recording is critical when non-affiliated users and/or remote users are granted remote access to the secure resources 54. Without such monitoring and auditing capabilities, security sensitive enterprises cannot determine who accessed the secure data center 15, which secure resources 54 were accessed, at what time such access was granted, and/or what commands were executed. Thus, for this additional reason, the current VPN based solutions are unsuitable for security sensitive enterprises.
Accordingly, there exists a need for methods, systems, and computer program products for providing remote access to resources in a secure data center over a network. The methods, systems and computer program products should provide monitoring and recording capabilities so that changes applied to the internal network and to the secure resources 54 can be recorded for auditing purposes.