Computer servers such as web servers provide access to information and services for computer clients separately located from the computer server. Many computer servers operate on a publicly accessible network, such as the Internet. Such servers can send and receive requests from other machines, clients or servers, operating on the same public network. For example, most commercial businesses operate a website that customers may use to locate information about the business or to contact the business. It is thus desirable for such websites to be accessible to the public. Accordingly, the computer server hosting the business website must be addressable via the public network.
Other computer servers, however, provide access to services and information that are not intended for public consumption. Thus, it is not desirable for such computer servers to operate on a public network. For example, many companies operate “internal” computer networks, or “intranets,” on which many client and server machines communicate and interact, outside of the public view. Information and services provided by internal computer servers may include confidential information pertaining to the operations of the company, intended for use by company employees, but not intended to be accessible to the general public.
Computer servers operating on the Internet are said to have a “routable” address, meaning that another computing device on the public network can send information to the server over the Internet, and that information can be successfully routed to the computer server. This routing is performed primarily on the basis of an Internet Protocol (IP) address that is uniquely assigned to the computer server. Conversely, computer servers operating within an internal or “private” network are said to have “non-routable” addresses, meaning a computing device operating on the Internet cannot successfully send information to the computer server on the basis of the non-routable address alone. A computer server operating within a private network may not possess a globally unique IP address by which information may be routed.
Generally, communications between two computing devices operating on the Internet flow freely, as do communications between two computing devices operating within the same private or internal network. However, obstacles and restrictions arise when a computing device operating on the public Internet attempts to initiate communications with a computing device operating within a private network, as the computing device operating within the private network may not have a public IP address with which information may be routed to it.
These problems are exacerbated in situations where a private network is protected by network security mechanisms, such as firewalls, proxy-servers, and routing policies that reject or drop incoming traffic to a private network. Such mechanisms protect the network from unauthorized access, for example, a competitor attempting to access sensitive business data, or a computer hacker attempting to steal or damage information stored on the network. Unfortunately, the same security mechanisms designed to keep out unauthorized persons just as effectively keep out those persons having a legitimate and authorized purpose for accessing information and services available on computer servers within the private network (e.g., a company employee working from home or a traveling sales person attempting to access a company email account outside of the private network).
Some potential solutions do exist; however, they require administrative privileges and access to the hardware and software that controls access to the private network. Generally speaking, individuals, such as employees of a company or students on a school campus, do not have administrative level permissions and access to a private network, and thus it is not feasible for such individuals to implement existing solutions.
Potential solutions that require administrative access to network hardware include “boundary” or “edge” servers that provide an interface between the private network and a public network. Boundary servers may allow access to internal private networks from computing devices operating within external networks, if those computing devices can traverse a variety of access restrictions. However, as stated above, implementation of such boundary servers require administrative access to the private network and thus are not practical for many users. Even where boundary servers do exist within a private network, they are not always available due to reliability problems or security concerns. For example, a boundary server may be intentionally configured to drop client connections periodically, be taken offline or out of service temporarily for maintenance purposes, or suffer from hardware or software crashes, thus preventing access. When these problems occur, a user is helpless to solve the problem and must instead wait for resolution by the network administrators responsible for the private network.