Modern enterprises expend substantial capital to maintain an IT infrastructure. A significant percentage of the expenditure stems from equipping individual users with dedicated computing resources in the form of desktop computers. There is a nearly universal mandate in corporations, governments and academic institutions to better control the escalating costs and complexity of managing desktops in large numbers and across widely disparate geographies. In addition, most companies continue to deploy traditional physical desktop computers running at less than 10% capacity, resulting in enormous waste of time, money and energy. In the computer realm, there is a continuing shift from initial deployment costs to ongoing maintenance costs. Traditionally, a computing infrastructure was marked with substantial up-front costs due to the high cost of computing hardware and memory resources. However, with the ongoing trend of reduced costs for computing hardware, and the converse trend of increased compensation for skilled personnel to support and maintain computer systems, a typical enterprise spends more to maintain a user then the cost to initially outfit the user.
Consistent with this view of reducing IT infrastructure costs, a provisioning approach that selectively provides users with only the computer services they need for a predetermined interval is more cost effective than outfitting each user with a largely idle PC. Early computing environments implemented a “mainframe” computing approach that allowed user access to the mainframe from a terminal device that performed only input and output. A multiprogramming operating system on the mainframe performed rapid context switching between a multitude of users to give each user the impression that the mainframe computer was dedicated to that user. Each user shared the memory, disk storage, and CPU capabilities for usage of the installed applications, giving each user a similar user experience. The mainframe was generally accessed from local terminals via a so-called “front end”, or via telecommunications lines that were specific to a facility or dedicated POTS (plain old telephone service) voice lines, thus consuming expensive dedicated lines (i.e. not packet switched) for each remote user.
The modern equivalent of this paradigm is often referred to as Virtual Desktop computing as opposed to the more conventional deployment of PCs that have CPU, memory and storage and execute all of the software locally. Virtual Desktops are hosted on central servers that share the memory and CPU with multiple virtual desktop sessions. Users connect to these Virtual Desktops over the network using thin clients that are used to provide the keyboard and display for the virtual desktop session. Identification of each individual virtual desktop and thin client typically requires a specific network identifier such as an IP address on the local network.
Technologies such as virtual private network (VPN) arrangements are often employed to provide connectivity between virtual desktops on the LAN (local area network) and remote devices accessing the virtual desktops over the public internet. A VPN addresses security and also solves the problem of the private LAN address used for the virtual desktops by extending the local network to the remote user. A common vehicle for performing translation between local and global IP addresses is Network Address Translation techniques. Network Address Translation (NAT) is introduced in RFC 3022 promulgated by the IETF, promulgated by the IETF (Internet Engineering Task Force), as is known in the art, and specifies a format for translating local IP addresses to global IP addresses, however, it lacks the security and session management necessary for virtual desktops.