| 摘要 |
Aspects of the present disclosure relate to providing secure access to resources R-1, R-2, R-3, R-4 of a private network 160. For example, a client device 110, 130, 140 may transmit a request 310 identifying the protected resource R-l, R-2, R-3, R-4 to an authentication server 120. The authentication server 120 queries a network address lookup table to identify a network address of the protected resource R-1, R-2, R-3, R-4 based on the identifying information of the request 310. If the network address denotes a network location that is not generally accessible, the authentication server 120 generates a resource record that identifies a bastion host 170, 180, 190, a port, and a connection method for accessing the protected resource R-1, R-2, R-3, R-4. The resource record and the network address may then be transmitted to the client device 110, 130, 140. In response, the client device 110, 130, 140 may use the information in the resource record to establish a tunnel connection 510 with the bastion host 170, 180, 190, and the client device 110, 130, 140 uses the tunnel connection 510 to access the protected resource R-1, R-2, R-3, R-4 via the bastion host 170, 180, 190. |
