| 主权项 |
1. A computer system for supporting multiple enterprises, comprising:
a plurality of host machines, each host machine hosting a plurality of virtual desktops; a server provider computer network interconnecting the plurality of host machines; wherein each host machine is dynamically assigned to a single enterprise from among the multiple enterprises including a first host machine assigned to a first enterprise and a second host machine assigned to a second enterprise, and each virtual desktop in the plurality of virtual desktops hosted on the host machine is assigned a unique network address in a network address space of the single enterprise; a virtual local area network for each enterprise of the multiple enterprises, each virtual local area network for an enterprise incorporating computer resources on an enterprise computer network of the enterprise and the virtual desktops for the enterprise on one or more of the plurality of host machines, wherein the virtual desktops for the enterprise are configured to access the computer resources for the enterprise on the enterprise computer network through the enterprise's virtual local area network to which the virtual desktops are connected; and wherein the enterprise computer networks have overlapping network address spaces and wherein the virtual desktops on the first host machine assigned to the first enterprise and the virtual desktops on the second host machine assigned to the second enterprise can have network addresses in the overlapping network address spaces; a single router connected to the service provider computer network and the enterprise computer networks though a gateway node, wherein the single router comprises a plurality of virtual routers, each virtual router being associated with a corresponding enterprise of the multiple enterprises, wherein the virtual router for each enterprise includes a distinct routing table for the network address space of the enterprise, configured to route traffic between the virtual desktops hosted on the plurality of host machines and the computer resources on each of the enterprise computer networks; the gateway node connected to a public access network, the public access network allowing communication with user devices; wherein the gateway node, in response to requests from user devices for access to virtual desktops hosted on the host machines, is configured to establish, for each request associated with a user belonging to one of the enterprises, a connection between the user device making the request and one of the virtual desktops on one of the host machines assigned to the enterprise corresponding to the user associated with the request and wherein the gateway node establishes the connection using a temporary network address table (NAT) routing rule and, once the connection is established, generates an entry in a firewall state table that replaces the NAT routing rule, the firewall state table for controlling access to the gateway node, the generated entry defining an allowed connection between the user device address and the address of the virtual desktop. |
