1. Field of the Invention
The present invention relates to distributed computing, and deals more particularly with a method, system, and computer program product for sending TCP (Transmission Control Protocol) messages through a network using the HyperText Transfer Protocol (HTTP) and HTTP-based systems.
2. Description of the Related Art
Business and consumer use of distributed computing, also commonly referred to as network computing, has gained tremendous popularity in recent years. In this computing model, the data and/or programs to be used to perform a particular computing task typically reside on (i.e. are “distributed” among) more than one computer, where these multiple computers are connected by a network of some type. The Internet, and the part of the Internet known as the World Wide Web (hereinafter, “Web”), are well-known examples of this type of environment wherein the multiple computers are connected using a public network. Other types of network environments in which distributed computing may be used include intranets, which are typically private networks accessible to a restricted set of users (such as employees of a corporation), and extranets (e.g., a corporate network which is accessible to other users than just the employees of the company which owns and/or manages the network, such as the company's business partners).
While businesses are eager to enable their business partners and customers to interact with their computing resources for business-to-business and business-to-consumer electronic commerce, those resources must be protected from unintended and malicious intrusion, and use of computing resources must be made as efficient as possible. Many business enterprises have therefore installed firewall systems and/or proxy systems in their enterprise networks. Firewall systems are used to limit access to computing resources. A firewall system typically limits incoming network traffic in an enterprise, as well as outgoing network traffic. Proxy systems act as an intermediary between end users or clients connected to a network and a remote server which is reachable through the network. Proxy systems are often associated with firewall systems, and these functions may be combined in some server implementations. Firewall and proxy functionality is typically implemented using a network traffic filtering approach. That is, incoming traffic may be filtered to determine whether it originates from a source which is permitted to access the enterprise's computing resources, and outgoing traffic may be filtered to determine whether it is destined for a remote location which meets certain predefined criteria. Firewall and proxy systems may also perform other services directed toward maximizing the efficiency of an enterprise's resources, such as caching and message logging.
The HyperText Transport Protocol (HTTP) is the communications protocol typically used for transmitting messages and data in the Web environment (and may be used in other networking environments as well). When a proxy is implemented for use with Web traffic or HTTP-based networks, it may be referred to as an “HTTP proxy”.
Firewall and proxy systems, and the benefits they provide, are well known in the art. However, these systems may introduce undesirable limitations for an enterprise as well. Many firewall systems place a limitation on the number of ports which may be opened, and severely restrict the number of ports which may be opened for non-HTTP traffic such as TCP (Transmission Control Protocol) traffic. TCP was developed long before HTTP, and many applications exist which are designed for use with TCP. End users within an enterprise have a continuing need to access these applications, which may be remotely located and therefore require access through an external network. Similarly, an enterprise may have many TCP-based applications to which it would like to provide access for external users. Because of the security benefits which result from limiting the number of open TCP connections on a firewall, simply providing more TCP ports is not a viable way to address this problem. Furthermore, when HTTP proxies are in place, these proxies often restrict the traffic which flows through them to HTTP-based traffic, thereby adding further complications to those introduced by the firewall restrictions for transmitting TCP messages.
TCP is designed using a bi-directional computing model, wherein either party to a connection may initiate a message to the other. HTTP, on the other hand, is designed for communication using a transactional client/server model wherein requests are initiated by a client and responded to by a server: the protocol does not provide for server-initiated messages. The prior art therefore does not provide a technique for supporting TCP traffic as messages flowing through HTTP networks, nor for enabling TCP traffic to flow through an HTTP proxy of the type which has been discussed. At the same time, it is necessary to continue to provide end users with access to existing TCP-based applications. Rewriting or retrofitting the existing TCP-based application software to use a client/server model, and to use HTTP messages natively, would be extremely costly, time-consuming, and error-prone. This approach is therefore not a viable solution for most businesses.
Accordingly, what is needed is a technique for enabling TCP messages to be exchanged using HTTP networks and systems. This technique must not require change to existing client and server TCP-based software.