Many companies and other organizations operate computer networks that interconnect numerous computing systems to support their operations, such as with the computing systems being co-located (e.g., as part of a local network) or instead located in multiple distinct geographical locations (e.g., connected via one or more private or public intermediate networks). For example, data centers housing significant numbers of interconnected computing systems have become commonplace, such as private data centers that are operated by and on behalf of a single organization, and public data centers that are operated by entities as businesses to provide computing resources to customers. Some public data center operators provide network access, power, and secure installation facilities for hardware owned by various customers, while other public data center operators provide “full service” facilities that also include hardware resources made available for use by their customers. However, as the scale and scope of typical data centers has increased, the tasks of provisioning, administering, and managing the computing resources have become increasingly complicated.
In some data centers customers of the data center operators may set up elaborate multi-tier architectures to implement a variety of applications. For example, a banking-related application may be set up using a tier of web servers, another tier of application servers, and a final tier of database servers. Each of these layers may have its own performance, availability and security requirements. As the customer base for the provided service expands, the number of instances of servers at each tier may grow; in fact, easy provisioning of expanded compute and storage facilities is one of the main reasons for the recent explosion in cloud computing. As the number of resources being used to provide a given service expands, network intermediary devices such as load balancers may be set up to ensure that the workload is distributed appropriately among the resources, to avoid the performance problems that may otherwise arise. Intermediaries may be set up between several application tiers—e.g., in the above example of a three-tier banking application, load balancers may be set up between external clients and the web server tier, between the web server tier and the application server tier, and between the application server tier and the database tier. Network intermediaries may also be used for security reasons—e.g., for mitigating denial-of-service attacks, request pre-filtering, or as proxy servers that may provide anonymity to the actual servers doing the work.
Some application environments may require that no matter how intermediaries and application tiers are used in the implemented application architecture, the identity of the source of a service request be determined at the server providing the service. For example, a service provider may wish to ensure that the appropriate security policies are enforced, that the correct entities are billed for the service, and so on. In such environments, it may be advisable to take measures to ensure that the identity of service requesters is accurately determined, and that attempts to disguise the origin of service requests are defeated.
While embodiments are described herein by way of example for several embodiments and illustrative drawings, those skilled in the art will recognize that embodiments are not limited to the embodiments or drawings described. It should be understood, that the drawings and detailed description thereto are not intended to limit embodiments to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope as defined by the appended claims. The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word “may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include,” “including,” and “includes” mean including, but not limited to.