A hybrid cloud computing system includes computing devices both in an “off-premise” location (also referred to as cloud computer systems) and in an “on-premise” location (referred to as on-premise computer systems). The off-premise location (or cloud location) generally includes computer systems managed or controlled by a provider of “cloud” computing services and the on-premise location includes computer systems that function in one or more locations managed or controlled by a single entity that may subscribe to and utilize the cloud computing services. On-premise and off-premise computer systems may cooperate to provide services. In one example, hybrid cloud computing systems handle requests incoming from “external” computer systems (such as computer systems controlled by an end user or administrator), where at least part of the request is to be processed by an on-premise computer system.
For security, on-premise computer systems may be configured to reject incoming network connections and may only communicate with off-premise computer systems via outgoing connections. Thus, external computer systems typically send traffic to the off-premise servers, which transmit associated traffic to the on-premise servers for processing. Though several techniques exist for allowing communication from off-premise to on-premise computer systems despite the “no incoming connection” limitation, this type of communication is not straightforward.
Communication is further complicated due to the presence of load balancers within the hybrid cloud computing system that operate to redirect traffic to specific off-premise computer systems based on processing load (e.g., to prevent any particular system from being over- or under-burdened). Specifically, load balancers do not typically inspect incoming traffic deeply. Thus, load balancers may be unaware that traffic incoming from any particular external computer is destined for a particular on-premise computer. For this reason, load balancers may select an off-premise computer system to receive traffic from an external computer system, where the selected off-premise computer is different than the off-premise computer that has an open connection to the destination on-premise computer system. This further complicates the handling of traffic between external computer systems and on-premise computer systems.