1. Field of the Invention
The present invention generally relates to networking. In particular, the present invention relates to techniques for establishing communications with a secured enterprise network from a remote user agent.
2. Background Art
High-end mobile communication devices provide a number of services aside from simple voice telephony. One popular area of use for such devices, particularly in business applications, is as mobile user agents for e-mail communications, as well as other popular applications in device management, security, or custom applications.
In order to access corporate services such as, by way of example, e-mail, it is necessary to have an enterprise sever in addition to a traditional mail server that manages the communications between the mail server and a user agent, such as a cellular phone device. The enterprise server constantly monitors the mail server in a manner similar to other user e-mail clients within the same corporate network. When mail is received by the mail server, it is retrieved by the enterprise server and stored locally for subsequent transmission to the user agent. The mail is then transmitted to the user agent over the Internet and, in the case of wireless user agents such as cellular phones, over a wireless network.
The previous enterprise server software design suffers from the need to initiate communications from the user agent to the enterprise server. Turning to FIG. 1, enterprise servers such as enterprise server 100 are generally located behind a protective firewall 102 configured to block many incoming communications. In order to initiate communications with an enterprise server 100 located behind such a firewall 102, it is necessary to open a port for inbound communications at the firewall. Unfortunately, by opening a firewall port to accept desired inbound communications, the corporate network is opened up to undesired inbound communications, soliciting hacking attempts upon the enterprise server 100 itself and the rest of the corporate network.
One solution in the prior art is to provide a staging server in the demilitarized zone (DMZ), the area of the network outside of the firewall 102. The enterprise server 100 is still required to access the mail server (or other service) within the corporate network, and the staging server must be able to establish a connection to the enterprise server 100, so firewall ports must be opened for inbound connections. While certain security measures can be taken to ensure that only the staging server is able to communicate through those ports, the enterprise server 100 now becomes very vulnerable to attacks, as may the rest of the enterprise network. The staging server is also very vulnerable to attacks as it is located entirely within the DMZ. This is especially critical because the prior art solution requires that the staging server retrieve and store a copy of mail messages from the enterprise server 100 for subsequent transmission to a user agent 108 over the Internet 104 and a wireless communication network 106, since the user agent 108 does not have a persistent connection to the wireless communication network 106.
Accordingly, what is desired is a method, system, and computer program product for the access of corporate enterprise services without the need to breach the corporate firewall. Furthermore, it is desired that the proposed method, system, and computer program product not retain sensitive mail messages and/or other data objects on any system located within the DMZ for security reasons. Finally, it is desired that the proposed method, system, and computer program product function as seamlessly as possible with existing networking platforms.