| CPC H04L 63/0281 (2013.01) [H04L 61/302 (2013.01); H04L 63/029 (2013.01); H04L 63/20 (2013.01); H04L 41/12 (2013.01); H04L 63/0272 (2013.01)] | 20 Claims |
|
1. A non-transitory computer readable medium comprising computer executable code that, when executing on one or more computing devices, causes the one or more computing devices to perform the steps of:
receiving a request from a customer that is hosting an application on a customer premises to register a domain for zero trust network access to the application by agentless applications through a service hosted on a cloud computing platform, wherein the cloud computing platform is a multi-tenant resource configured to provide a zero trust network access data plane for a plurality of applications associated with a plurality of different domain names, each of the plurality of applications hosted at a different one of the plurality of domain names;
providing a token to the customer;
checking for a presence of the token in a domain name system text record stored for the domain at the domain name system host; and
in response to locating the token in the domain name system text record, performing the steps of:
registering the domain to the customer at one or more service proxies of the cloud computing platform by associating the domain with access through the cloud computing platform to the application hosted by the customer on the customer premises,
creating a secure tunnel from the cloud computing platform to the application on the customer premises, and
in response to a request from a client to the domain, providing zero trust network access for the client to the application through the cloud computing platform.
|
|
6. A method comprising: receiving a request from a customer to register a domain for zero trust network access to an application hosted on a customer premises;
providing a token to the customer;
locating the token in a record stored at a domain name system host for the domain; and
in response to locating the record at the domain name system host, performing the steps of:
registering the domain to the customer at one or more service proxies of a cloud computing platform by associating the domain with access through the cloud computing platform to the application hosted by the customer on the customer premises, wherein the cloud computing platform is a multi-tenant resource configured to provide a zero trust network access data plane for a plurality of applications associated with a plurality of different domain names,
creating a secure tunnel from the cloud computing platform to the application hosed on the customer premises, and
configuring a service proxy at the cloud computing platform to respond to requests for the application directed to the domain.
|
|
16. A system comprising:
a customer premises hosting an application;
a cloud computing platform coupled to the customer premises through a secure tunnel, the cloud computing platform configured to provide zero trust network access to the application through the secure tunnel, wherein the cloud computing platform is a multi-tenant resource configured to provide a zero trust network access data plane for a plurality of applications associated with a plurality of different domain names; and
a threat management facility providing a control plane for the zero trust network access, the threat management facility configured to:
receive a request from a customer to register a domain for zero trust network access to the application;
provide a token to the customer;
locate the token in a record stored at a domain name system host for the domain; and
register the domain to the customer at one or more service proxies of the cloud computing platform by associating the domain with access through the cloud computing platform to the application hosted by the customer on the customer premises.
|