Telecommunication systems have changed the way business is conducted. These systems have made it possible to access applications without regard to the physical location of those applications. The ability to remotely-access applications has prompted the migration of complicated applications, such as, voice applications, internet telephony, client management, etc., to remote locations. This provides cost, management, maintenance and other advantages.
There are a number of methods for distributing, accessing and integrating applications. Software as a Service (SaaS) is one such method. SaaS is a model in which a first domain accesses an application that is hosted in a second domain. Or, the application hosted in the second domain accesses the resources of the first domain. For example, a text-processing application could be hosted in the second domain and a text file could be edited using that application but without having to install it in the first domain. Also, the text processing application could control a display located in the first domain for displaying the text file that is being edited. For these models to function properly, it is of the utmost importance that the first and the second domains communicate effectively with each other.
Often, one or more of the domains are protected by a firewall. A firewall is a part of a computer system or network designed to block unauthorized access while permitting authorized communications. Maintaining uninterrupted communication between domains, wherein at least one of the domains is protected by a firewall, becomes a complex issue.
One way to enable uninterrupted communication with a firewall-protected domain is to “poke a hole” in the firewall. A hole can be poked through a firewall by opening a port through the firewall. But doing so defeats the purpose of the firewall because the hole exposes the otherwise protected domain to external threats. Furthermore, poking holes in the firewall requires additional burden of configuring the firewall according to the holes. Another way to enable uninterrupted communication is to establish a “tunnel” that runs from one domain to another domain across the firewall/s. In this solution, each application requires its own tunnel for communications. A large number of applications require a large number of tunnels. Managing a large number of tunnels is complex and ultimately affects the integrity of a firewall. This approach, therefore, becomes unworkable if many applications are being accessed by a domain or the application is being accessed by multiple domains.