Today, many employees of companies work at various locations, such as offices, destinations for business trips, and homes. Under such situations, preparing computers usable by the employees at the individual places involves a great deal of time and effort for the companies and the employees. Since the desktop processing units change each time the employees move, there is also a problem in that the continuity of their work is interrupted. To overcome such a problem, a service called DaaS (Desktop as a Service) is drawing attention in recent years.
The DaaS is a service in which user's desktop environments are constructed at a center and screen information to be displayed on the desktops of terminal apparatuses is supplied from the center over a network. FIG. 1 schematically illustrates a DaaS. The provider of a DaaS service is a DaaS service provider (hereinafter simply referred to as a “provider”) and a user of the DaaS service is, for example, a company or an employee in a company. FIG. 2 illustrates a schematic configuration of a system that provides a DaaS service. The provider prepares, in its center (hereinafter referred to as a DaaS center), a virtual desktop environment (hereinafter referred to as a VD (virtual desktop) processing unit) and network environments (hereinafter, “in-DaaS-center company networks”) that are physically separated for individual companies using the services. The entity of the VD processing unit includes an OS (operating system), such as Windows® OS, and a virtual machine (VM) having the OS. Upon receiving a VD-processing-unit use request from a user, the VD processing unit is started on a physical server apparatus (hereinafter referred to as a “server apparatus”).
Employees (hereinafter referred to as “users”) of a company having a subscription contract with the provider can use the DaaS service in the following manner. (1) Using the user's terminal, he or she connects to the in-DaaS-center company network. The user issues a connection request to the VPN (virtual private network) gateway apparatus located at the entrance of the DaaS center, constructs a VPN tunnel between the terminal apparatus and the VPN gateway apparatus after authentication, and logs into the in-DaaS-center company network of the company he or she belongs. Subsequently, access to the in-DaaS-center company network is made through the VPN tunnel. (2) The user accesses a server apparatus (hereinafter referred to as a “portal server apparatus”) that provides an authentication screen for use of the DaaS. The portal server apparatus then authenticates the user, starts the VD processing unit (the VM and the OS) for the user, and then reports the IP address of the VD processing unit to the terminal apparatus. (3) The terminal apparatus connects to the VD processing unit indicated by the reported IP address, in accordance with an RDP (remote desktop protocol). The RDP is a protocol that allows operation information of a keyboard, mouse, and so on of his/her terminal apparatus to be reported to the VD processing unit and also allows a screen on the VD processing unit to be supplied to his/her terminal apparatus. (4) When the terminal apparatus connects to the VD processing unit through procedures (1) to (3) described above, the user can perform work using the same desktop environment, even though he or she works using, physically, various different terminals inside and outside the company. During the work, since each VD processing unit is connected to the in-DaaS-center company network, the user who accesses the VD processing unit can use an application processing unit on the VD processing unit and thus can use an in-house application server apparatus (hereinafter simply referred to as an “application server apparatus”) without using an external network.
From the viewpoint of prevention of secret-information leakage, the company wishes to be able to realize accessibility control (hereinafter referred to as “access control”) according to the application server apparatus of a VD-processing-unit access source and an access destination, while achieving a system that enables access from the VD processing unit to the application server apparatus. For example, highly confidential applications, such as accounting applications, require access control, such as permitting access from an in-house PC (personal computer) but prohibiting access from an external terminal apparatus. The term “access source” as used herein refers to the location of the terminal apparatus accessing the VD processing unit, a terminal-apparatus type, or the user who is using the terminal apparatus.
The access source appears like a VD processing unit to the application server apparatus in each company that receives an access request from the Web on the VD processing unit, thus making the VD-processing-unit access source unknown.
Performing access control at a VPN gateway apparatus of related art will now be described. The VPN gateway apparatus can recognize access-source information during reception of a VPN connection request from a terminal apparatus. Thus, when the terminal apparatus accesses the application server apparatus without using the VD processing unit, the VPN gateway apparatus can perform access control corresponding to the access source and an URL. The information that passes through the VPN gateway apparatus during use of the DaaS service is an RDP message between the terminal apparatus and the VD processing unit, and the RDP is encrypted. Thus, as illustrated in FIG. 3, even though the known VPN gateway apparatus can obtain a message, it cannot read a destination URL and thus cannot perform access control for each destination application server apparatus.
An example in which a relay apparatus between the VD processing unit and the application server apparatus performs access control will further be described as another example of the related art. Information that passes through the relay apparatus during use of the DaaS is a message transmitted from the VD processing unit to the application server apparatus, so that the application server apparatus at the access destination can be read from the destination URL. However, since the transmission source of the message is an IP address or a port of the VD processing unit, as illustrated in FIG. 3, the relay apparatus of the related art cannot know the VD-processing-unit access source on the basis of the message and thus cannot perform access control corresponding to the access source.
As described above, typically, there is a problem in that access control corresponding to VD-processing-unit access-source information and the destination application server apparatus cannot be performed when access is made from the VD processing unit to the application server apparatus.