One of the most utilized networks for interconnecting distributed computer systems is the Internet. The Internet allows users of computer systems to exchange data throughout the world. In addition, many private networks in the form of corporate or commercial networks are connected to the Internet. These private networks are typically referred to as an “intranet.” To facilitate data exchange, the intranet generally uses the same communication protocols as the Internet. These Internet protocols (IP) dictate how data is formatted and communicated. In addition, access to corporate network or intranets is normally controlled by network gateways having a multi-layer SSL firewall system, which includes a networking architecture where the flow (associated streams of packets) are inspected both to and from the corporate network. The multi-layer SSL firewall systems are often referred to a virtual private network (VPN) gateway, such as those sold by Array Networks of Milpitas, Calif.
As the popularity of the Internet grew, businesses turned to it as a means of extending their own networks. First came intranets, which are password-protected sites designed for use only by company employees. Now, many companies are creating their own VPN (virtual private network) to accommodate the needs of remote employees and distant offices. A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses “virtual” connections routed through the Internet from the company's private network to the remote site or employee.
The VPN devices are able to prevent tampering with private resources by unauthorized users using an authentication, authorization and accounting/auditing system known as AAA. The VPN device can also restrict and track the movement of data from inside the VPN device to systems outside the VPN device. The operation of the VPN device is determined by security policies, as contained within the authentication and authorization server or an AAA server. The authentication and authorization (or AAA) servers are used for more secure access in a remote-access VPN environment. When a request to establish a session comes in from a dial-up client, the request is proxied via an authentication and authorization module or service within the VPN device to the authentication and authorization or (AAA) server. The authentication and authorization (AAA) server will check: who you are (authentication); what you are allowed to do (authorization); and what you are actually doing (accounting/auditing). Accounting information is typically used in tracking client use for security auditing, billing or reporting purposes.
In addition, the market demand for managed e-mail services has grown rapidly in recent years. Although e-mail is typically not the core activity of their business, e-mail is critically important to any corporation these days. With the rapid pace of technological changes and constant increases in usage, e-mail is becoming more and more difficult to manage. In house e-mail solutions are costly and labor intensive, and very often, corporations do not have the resources or the expertise to stay current with the latest technology developments. In addition, managed e-mail services can dramatically reduce corporations' operating expenses and boost their efficiency.
Typically, corporate e-mails are encrypted through an e-mail client software on an end user's computer, travels through the public Internet securely, and then terminates on a VPN device in the Internet Service Provider (ISP). The VPN device generates an AAA request to the AAA infrastructure or server for negotiating credentials. After the AAA responses are generated by a RADIUS/LDAP/LocalDB/AD infrastructure, clear text e-mails are exchanged between backend e-mail servers and the VPN device, which then encrypts the e-mail and sends them across the public Internet to the end user. Typically, a VPN device will include a mail proxy, which serves as an intermediary between the e-mail client or end user (i.e., Outlook Express) and the e-mail servers within the ISP network. Accordingly, it would be desirable for the mail proxy of the VPN gateway to perform intelligent load distribution for improved performance and maintenance of the e-mail servers.