Securely publishing applications from private networks

Assignee

• Palo Alto Networks, Inc. · US

Inventors

• Jayant Jain · Cupertino, US
• Brian Kean · Cincinnati, US
• Aditya Srinivasa Ivaturi · Santa Clara, US
• Mohit Sahni · Fremont, US
• Mingfei Peng · Pleasanton, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2101/668
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A controller can securely publish an application of a tenant by securely extending a network fabric into the networks of the tenant with virtual private networks and NAT. After a tenant deploys an application into one or more networks of the tenant, the tenant can indicate select applications to publish. The network controller assigns a network address from the routable address space of the network fabric to the application and a network address aggregate to each application connector that will front an instance of the application, which securely extends the network fabric into the tenant network. The network controller configures NAT rules in the network fabric and on the application connector to create a route for traffic of the application through the network fabric to the application instance using a fully qualified domain name assigned to the application without exposing a private network address of the application instance and preserving security of other resource on the tenant network.