Method to securely connect to and manage X11 applications on a remote system through an HTTP client

摘要

A web server authenticates a user with a web client using a database user table and provides a list of new applications, suspended application sessions, and running application sessions. In response to a request for a new application session, a connection is made from an agent server to an application server hosting the requested application, and connection information including a unique session_ID is added to a database session table such that the client can send a user selection for a session_ID to the web server, which associates the requested session_ID to an existing suspended or running application session using the connection database. For additional security, the client is determined to be trusted or untrusted, and if untrusted, connections to the client are made through a forwarding host, which makes connections to the agent server, and the agent server maintains persistent connections from the agent server to the application server.

主权项

1. A method for secure communication between a client and an application server, the method operative on at least one of:
a web server; an agent server; an application server; a database having:
a user table containing associations between a username and a password; anda session table containing one or more entries associated with a user, each entry comprising a unique session_ID, an associated session status, an associated user identifier, and an associated agent server; the method comprising: a web server connection step whereby after a client is authenticated to said web server, said web server examines said database session table and provides a list of one or more available application sessions associated with said user, said application sessions being at least one of: running application sessions, suspended application sessions, or a new application session, each said running application session and suspended application session associated with a particular said session_ID; upon selection of a new application session by a client in response to the web server connection step:
establishing an agent server connection whereby a client request for a new application session results in the generation of a unique session_ID and identification of a particular agent server, thereafter adding a record into said session table which includes a unique session_ID, agent server identification information, and an associated user identifier;establishing a connection between an application server and an agent server which is identifiable by said session_ID;said web server providing a message to the client which includes a reference to the agent server connected to the requested application and the session_ID associated from the associated application connection step, thereby providing connectivity from the client through the agent server to the application server, said connectivity providing at least one of:display information from said application server;keyboard information to said application server;mouse or pointer information to said application server; and where, upon selection of a running application or a suspended application by a client, said web server providing the client with the session_ID and agent server associated with the running application session or suspended application session.