Secure server architecture for web based data management

摘要

A double firewalled system is disclosed for protecting remote enterprise servers that provide communication services to telecommunication network customers from unauthorized third parties. A first router directs all connection requests to one or more secure web servers, which may utilize a load balancer to efficiently distribute the session connection load among a high number of authorized client users. On the network side of the web servers, a second router directs all connection requests to a dispatcher server, which routes application server calls to a proxy server for the application requested. A plurality of data security protocols are also employed. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system.

主权项

1. A method comprising:
receiving a service request over a private data network from a server within a secure network area that employs a plurality of firewalls, the server receiving the service request from a client via a communication session over a public data network, wherein the communication session is associated with a session identifier stored at the client; and dispatching the service request, via a back-end server to a proxy service linking to one of a plurality of applications; wherein a first one of the plurality of firewalls accepts the service request from the client and routes the service request from the client to at least one of a plurality of preselected addresses behind the first one of the firewalls in accordance with a first set of filtering rules; and a second one of the plurality of firewalls accepts the service request from the server and routes the service request from the server to at least one of a plurality of preselected addresses behind the second one of the firewalls in accordance with a second set of filtering rules.