| CPC H04L 63/0281 (2013.01) [G06F 21/53 (2013.01); G06F 21/64 (2013.01); H04L 61/302 (2013.01); H04L 63/0236 (2013.01); H04L 63/029 (2013.01); H04L 63/0823 (2013.01); H04L 63/083 (2013.01); H04L 63/0884 (2013.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01); H04L 67/1008 (2013.01); H04L 67/1036 (2013.01); G06F 2221/033 (2013.01); H04L 41/12 (2013.01); H04L 63/0272 (2013.01)] | 20 Claims |
|
1. A system for routing zero trust network access to a customer application, the system comprising:
a customer premises including:
an application, and
a first zero trust network access appliance configured to authenticate users for access to the application, the first zero trust network access appliance including a first reverse proxy client;
a cloud computing platform remote from the customer premises, the cloud computing platform including:
a service proxy providing a network access point for the application, and
a first reverse proxy server configured to establish a first secure tunnel to the first reverse proxy client of the first zero trust network access appliance;
a threat management facility remote from the customer premises and the cloud computing platform, the threat management facility configured to monitor a resource usage for the first reverse proxy server and, when the resource usage for the first reverse proxy server meets a predetermined threshold, to perform the steps of:
instantiating a second reverse proxy server on the cloud computing platform,
configuring a second zero trust network access appliance on the customer premises, and
coupling the second zero trust network access appliance to the second reverse proxy server to establish a second secure tunnel; and
a network load balancer configured to allocate requests among the first secure tunnel and the second secure tunnel reduce the resource usage by the first reverse proxy server.
|