Invention for Virtual private network (VPN), as a service, with optimizations in delivery while maintaining data security from end to end

Invented by Brandon O. Williams, Martin K. Lohner, Kevin Harmon, Jeffrey Bower, Akamai Technologies Inc

end.

In recent years, the use of Virtual Private Networks (VPNs) has become increasingly popular. VPNs are a type of service that allows users to connect to the internet through a secure and encrypted connection. This means that all data transmitted between the user and the internet is protected from prying eyes, making it an essential tool for those who value their privacy and security.

The market for VPNs has grown significantly in recent years, with more and more people using them to protect their online activities. This growth has led to an increase in the number of VPN providers, each offering their own unique features and benefits.

One of the key factors driving the growth of the VPN market is the increasing demand for online privacy and security. With the rise of cybercrime and the increasing amount of personal data being shared online, people are becoming more aware of the need to protect their online activities.

Another factor driving the growth of the VPN market is the increasing number of people working remotely. With more and more companies adopting remote working policies, employees need to be able to access company resources securely from anywhere in the world. VPNs provide a secure way for remote workers to access company resources without compromising security.

To remain competitive in the VPN market, providers need to optimize their delivery while maintaining data security from end to end. This means offering fast and reliable connections, while also ensuring that user data is protected at all times.

One way that VPN providers are optimizing their delivery is by using advanced encryption technologies. This allows them to offer fast and secure connections, even when users are accessing the internet from remote locations.

Another way that VPN providers are optimizing their delivery is by offering a range of server locations. This allows users to connect to servers in different countries, giving them access to content that may be restricted in their own country.

In conclusion, the market for VPNs is growing rapidly, driven by increasing demand for online privacy and security, as well as the rise of remote working. To remain competitive, VPN providers need to optimize their delivery while maintaining data security from end to end. This means offering fast and reliable connections, advanced encryption technologies, and a range of server locations. As the demand for online privacy and security continues to grow, the VPN market is set to become even more important in the years to come.

The Akamai Technologies Inc invention works as follows

A mechanism for facilitating a VPN-as-a service, preferably in the context of a overlay IP routing system implemented within an overlay network. The overlay IP (OIP), routing mechanism is used by a network-as a service customer to connect endpoints securely and privately. The overlay delivers packets from endpoint to end between overlay network appliances. The appliances are configured so that during delivery the TCP/IP and data portions of each packet have a different encryption context. The overlay network is able to decrypt the TCP/IP stream by establishing and maintaining distinct encryption contexts. The overlay network provider can then apply one or more TCP-optimizations. The separate encryption contexts also ensure that the data portion of every packet is never in plain sight at any time during transport.

Background for Virtual private network (VPN), as a service, with optimizations in delivery while maintaining data security from end to end

Technical Field

This application is a general overlay network routing of the public-routed Internet.

Brief description of the related art

The prior art is well aware of distributed computer systems. A ‘content delivery network’ is one such distributed computer system. One such distributed computer system is a?content delivery network? It is managed and operated by a service-provider. The service provider provides content delivery services on behalf of customers who share the shared infrastructure. This type of distributed system is a collection autonomous computers connected by a network, along with software, systems and protocols designed to support various services such as content delivery or web application acceleration. CDN providers typically deliver services through digital properties, such as websites. These are created in a portal for the customer and then deployed on the network. A digital property is typically bound to one or multiple edge configurations, which allow the service provider’s billing and accounting for traffic.

Wide area networks (WANs) are telecommunications networks that cover a large geographical area. They typically use leased telephone lines. Businesses and government agencies use WANs for data relaying between employees, clients and buyers from different geographical locations. A WAN is commonly used to connect local networks (LANs), and other types, together so that computers and users in one place can communicate with computers and users in another location. Many WANs were built by a single organization for their own use. Internet service providers can also build WANs that connect an organization’s local area network to the Internet. “When a WAN using leased lines is constructed, a router at either end of the line connects both LANs.

Multi-Protocol Label Switching is a common WAN solution that uses leased lines. MPLS is an industry standard technology that speeds up network traffic. MPLS creates a path (identified with a label), which is used to set up a packet sequence. This eliminates the need to lookup an address for the next router to send a packet. MPLS is compatible with a variety of network protocols such as IP and ATM. Although MPLS delivery is secure and efficient, it is also expensive due to the cost associated with the leased lines. As an alternative to expensive packet switching, WANs can also be built by using methods that take full advantage the Internet’s packet switched network.

In fact, enterprises want to use Internet links to connect branches, data centres, teleworkers, and mobile users to Internet-based applications. Cloud computing and mobility are also driving enterprises to seek a network service which can provide a predictable and optimal cloud experience for users. This network should be low-cost, simple-to-install, global, with built-in security and optimization.

This disclosure provides various mechanisms to facilitate a virtual private network (VPN)-as-a-service (or more generally, ?network-as-a-service? “This disclosure provides various mechanisms to facilitate a virtual private network (VPN)-as-a service (or more generally,?network as if service? The CDN (or “content delivery network”) is a network that provides content to users. The concept of networking “as a Service” The concept of networking?as a service?

In this approach, we assume that a customer of network-as a service operates endpoints, such as local area networks, that they wish to connect securely and privately by using the overlay IP routing mechanism. The overlay delivers packets from end-to end between overlay network appliances located at the endpoints. The appliances must be configured so that during delivery the TCP/IP and data portions of each packet have a different encryption context. The overlay network is able to decrypt the TCP/IP flows by establishing and maintaining distinct encryption contexts. The overlay network provider can then apply one or several TCP optimizations on the TCP flow. The separate encryption context for each data flow, on the other hand, ensures that data portions of packets are never in plain sight at any time during transport across the overlay.

This approach is very advantageous, as it allows the overlay network to take advantage of the TCP optimizations and routing provided by the routing mechanism of the overlay network while avoiding (in part or whole) the high costs associated with conventional transport mechanisms such as MPLS. The customer’s data can be protected by establishing and enforcing separate encryption contexts on the data and packet headers. It may also include additional authentication and encryption to protect against the discovery of information about the internal network by packets traveling on the public Internet.

The above has highlighted some of the most pertinent features of disclosed subject matter. These features are merely indicative. “Many other beneficial outcomes can be achieved by applying the disclosed material in a different way or by modifiying the material as described.

In a well-known system, as in the example shown in FIG. A distributed computer system 100 configured as a Content Delivery Network (CDN) is assumed to be distributed across the Internet. Most of the machines will be servers that are located at the edge of Internet, or near end-user access networks. A network operations control center (NOCC), 104, manages the operations of all the machines in the system. Third-party sites, like web site 106 offload content delivery (e.g. HTML, embedded pages objects, streaming media and software downloads) to the distributed computing system 100 and in particular to “edge” servers. servers. Content providers typically offload content delivery via aliasing domains and subdomains managed by authoritative domain name services of service providers. The distributed computer system is used to deliver content to end users more efficiently and reliably. The distributed computer system can also include infrastructure that is not shown, for example, a distributed data-collection system 108, which collects data on usage, billing and other administrative functions from edge servers and aggregates it across regions or sets of regions. Distributed network agents (118) monitor the network and server loads, and provide data on network traffic, load, and network to a DNS query-handling mechanism (115), which is authoritative for the content domains managed by the CDN. A distributed data transfer mechanism 120 can be used to distribute information to edge servers (e.g. metadata for managing content, load balancing and the like).

As shown in FIG. “As illustrated in FIG. A given machine 200 in the content delivery network comprises commodity hardware (e.g., an Intel Pentium processor) 202 running an operating system kernel (such as Linux or variants) 204 that supports one or more applications 206 a-n. The machine may include a media server (such as a Windows Media Server (WMS) or Flash server), a nameserver 208, a monitoring process local 210, distributed data collection process 122, and similar processes. The machine can include one or several media servers such as Windows Media Server (WMS), Flash, and other media formats as required, or use HTTP-based delivery to chunked fragments of content that make up a stream.

A CDN Edge Server is configured to provide extended content delivery, preferentially on a customer-specific or domain-specific basis. This configuration is done using configuration files distributed via a configuration system to the edge servers. The configuration file is preferably XML based and contains a set content handling rules and instructions that facilitate advanced content handling. The configuration file can be sent to the CDN edge servers via the data transfer mechanism. U.S. Pat. No. No.

The CDN can include a subsystem for storage, as described in U.S. Pat. No. No.

The U.S. Patent describes a cache hierarchy subsystem that the CDN can use to cache intermediate content for customers. No. No.

The CDN can provide secure content distribution between a client’s browser, an edge server and a customer origin server as described in U.S. Publication No. 20040093419. As described in the article, secure content delivery enforces SSL-based connections between the client process and the edge servers process on one side, and the edge servers process and origin server processes on the other. This allows an SSL-protected website and/or its components to be delivered by the edge server.

In a typical CDN operation, the content provider will identify a domain or subdomain of its content provider that they wish to be served by. The CDN service provides a canonical or CNAME name that associates the domain of the content provider with the edge network (CDN). The CDN provider then gives the edge network hostname back to the content providers. The edge network hostname is returned by the domain name servers of the content provider when a DNS request to the domain or subdomain of the content provider is received. The edge network hosts points to the CDN. This edge network hosts is then resolved by the CDN name services. The CDN name service will return one or more IP address. The client browser makes a request for content (e.g. via HTTP or HTTPS), and sends it to the edge server that is associated with this IP address. The request contains a host header containing the domain or subdomain of the original content provider. The edge server will check its configuration file upon receiving the request and the host header to see if the requested content domain or subdomain is handled by the CDN. The edge server then applies the content handling directives and rules specified in the configuration for the domain or subdomain. These content handling directives and rules may be found in an XML-based’metadata’ configuration file. These content handling rules and directives may be located within an XML-based?metadata?

As a further explanation, CDN subscribers may subscribe to an ‘behind-the-firewall? Managed service product for accelerating Intranet web apps that are hosted behind a customer’s enterprise firewall. Also, to accelerate web apps that bridge users behind the firewall with an application hosted on the internet cloud. CDN software can be installed on virtual machines in customer data centers and remote branch offices to achieve these two uses cases. CDN software running in the data center of a customer typically performs functions such as service configuration, management, reporting, remote access, SSL certificate management and other web application configurations. Software running in branch offices accelerates web traffic for users who are located there. CDNs typically provide CDN hardware in CDN datacenters to act as a gateway for nodes behind the firewall of the customer and other service provider infrastructure, such as network and operations facilities. This managed solution allows an enterprise to benefit from CDN technologies in relation to the Company’s intranet.

As an overlay, the CDN resources such as described above also may be used to facilitate wide area network (WAN) acceleration services between enterprise data centers (which may be privately-managed) and third party software-as-a-service (SaaS) providers. This section provides more information about this solution.

In particular, FIG. “In particular, FIG. The?overlay3 network solution is a known?overlay3 solution, where an?overlay3 network layer is placed on top of the publicly-routable Internet. The?overlay? is placed on top of publicly-routable Internet. This architecture is also known as a “routing overlay”. This architecture is sometimes referred to as a?routing overlay? The routing overlay network can leverage existing content distribution network (CDN), such as that shown in FIGS. As provided by commercial service providers like Akamai Technologies, Inc., of Cambridge, Mass. This type of overlay network can significantly improve the performance of any application using Internet Protocol (IP), as it will find the shortest path or avoid downlinks. Internet Protocol (IP), as is widely known, works by exchanging packets. Packets are small sequences of bytes that include a header and body. The header contains the destination of the packet, and is used by Internet routers to send the packet on until it reaches its destination. The application data is contained in the body. IP packets are typically sent over Transmission Control Protocol, which ensures reliable delivery of a stream in order. TCP rearranges packets that are out of order, reduces congestion on the network, and retransmits packets that have been discarded.

Click here to view the patent on Google Patents.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *