The present invention relates to computer networks, and deals more particularly with dynamically selecting a tunnel endpoint for connecting to an enterprise computing infrastructure.
An enterprise may provide applications that are accessible to users whose computing devices connect to the enterprise computing infrastructure over a public network, such as the public Internet. Public networks are generally considered to be inherently unsecure. To provide a measure of security for data transmitted over the public network to and from such enterprise applications, a virtual private network (commonly referred to as a “VPN”) is often used. A client application operating on a user's computing device typically connects to a server application on a boundary device (such as a firewall, router, or other security gateway) located in the enterprise computing infrastructure, where this boundary device logically separates the unsecured public network from security-sensitive computing resources of the enterprise. The connection between the client application and the boundary device is commonly referred to as a “tunnel” or “VPN tunnel”, and the boundary device may be referred to (inter alia) as a “VPN gateway”, “VPN endpoint”, “VPN server”, or “tunnel endpoint”.