Embodiments of the invention relate generally to providing controlled access to software applications and, more particularly, to providing controlled access to software applications resident on servers external to an enterprise network.
In a large enterprise, it often becomes necessary to segregate the application access rights of certain users in a domain from all other users in the domain. For example, in electric power companies, the Federal Energy Regulatory Commission has mandated that certain power company employees be segmented from the rest of the power company's data network to prevent those employees from gaining inside information about electricity generation and/or transmission. However, those same employees would still need to be able to access a number of different software applications to perform their day to day jobs. Since the firewall rules that would have to be put in place to allow these employees to access the software applications from their desktops would have been very broad, and there was no way for them to be fully segregated from the rest of the power company's computer data network, these applications are run from remote servers located outside the power company's primary and non-segregated network.