Technical Field
This disclosure relates generally to deploying applications in a “cloud” compute environment.
Background of the Related Art
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. Cloud computing can significantly reduce IT costs and complexities while improving workload optimization and service delivery. With this approach, an application instance can be hosted and made available from Internet-based resources that are accessible through a conventional Web browser over HTTP. An example application might be one that provides a common set of messaging functions, such as email, calendaring, contact management, and instant messaging. A user would then access the service directly over the Internet. Using this service, an enterprise would place its email, calendar and/or collaboration infrastructure in the cloud, and an end user would use an appropriate system of engagement to access his or her email, or perform a calendar operation.
Cloud compute resources are typically housed in large server farms that run one or more network applications, typically using a virtualized architecture wherein applications run inside virtual servers, or so-called “virtual machines” (VMs), that are mapped onto physical servers in a data center facility. The virtual machines typically run on top of a hypervisor, which is a control program that allocates physical resources to the virtual machines.
It is known in the art to provide appliance-based or platform-based solutions to facilitate rapid adoption and deployment of cloud-based offerings. Typically, a cloud-based offering is deployed as a cloud application package. One such appliance that may be used for this purpose is IBM® Workload Deployer, which is based on the IBM DataPower® 7199/9005 product family. Typically, the appliance is positioned directly between the business workloads that many organizations use and the underlying cloud infrastructure and platform components. Alternatively, cloud application packages may be deployed using platform-as-a-service (PaaS) infrastructure, such as the IBM® SmartCloud® Orchestrator open cloud management platform, or IBM® Bluemix™, which is an open-standards, cloud-based platform for building, managing, and running apps of all types, such as web, mobile, big data, and smart devices. Bluemix capabilities include Java, mobile back-end development, and application monitoring, as well as features from ecosystem partners and open source—all provided as-a-service in the cloud. Bluemix abstracts and hides most of the complexities that are associated with hosting and managing cloud-based applications. Bluemix is based on Cloud Foundry open technology and runs on SoftLayer infrastructure.
A hybrid cloud is a composition of two or more clouds (private, community or public) that remain distinct entities but are bound together, offering the benefits of multiple deployment models. As private enterprises use the public cloud as a hybrid environment to develop and deploy new cloud-based applications (e.g., using Bluemix), access to the customer's on-premises resources (applications and data) from the public cloud application sometimes is required. In particular, application developers in this environment often desire to develop application source code that accesses these on-premises resources using certain application interfaces, many of which are addressable through non-HTTP-based interfaces. Because these non-HTTP interfaces are native, however, access to numerous transport ports on-premises may be required. Accordingly, enabling access to the on-premises resources typically requires the cloud application developer to interact with an enterprise firewall administrator to obtain permission to open the firewall to new services and ports. Such permission may take time to obtain, thereby impairing the development cycle. This requirement is not an issue with respect to HTTP-based traffic (destined to on-premises applications and servers) because, typically, HTTP-addressable resources are accessed through a security gateway or proxy using URLs over the same TCP port (e.g., port 443), where the URL allows requests to be routed to the correct server and application. In the HTTP case, the local firewall administrator only needs to allow inbound traffic to the IP address and several well-known ports.
There remains a need to provide a way for public cloud applications that use native (non-HTTP-based) protocols to access on-premises applications and data in a secure and seamless manner, and without requiring additional IP addresses and ports to be defined at an on-premises firewall.