The key idea to make service hosted in an internal network available through the Internet is to allow the external world to send a message actively and get a response. Normally this is done by the external world to connect to the service through a new TCP connection and the service accepts, but this is frequently impossible because it is blocked by the firewall.
However, most internal network do NOT block their user from connecting to somewhere else, for example, to browse the Internet. This creates an opportunity. TCP connections are actually full duplex, meaning that once a connection is established, either side can initiate to send a message. Here we will demonstrate how that can be leveraged to create an illusion that the internal network is available.
Step 1) The internal service make a TCP connection to the Azure service.
Step 2) The Azure service make itself available to the Internet.
Step 3) When Azure receives a message, it sends to the internal service through the connection it established.
Step 4) When Internal Service processing completes, it sends the response to Azure through the connection is established.
Step 5) When Azure receives the message, it send the client as a response.
Overall, to the client, it looks just like Azure is the internal service.
However, most internal network do NOT block their user from connecting to somewhere else, for example, to browse the Internet. This creates an opportunity. TCP connections are actually full duplex, meaning that once a connection is established, either side can initiate to send a message. Here we will demonstrate how that can be leveraged to create an illusion that the internal network is available.
Step 1) The internal service make a TCP connection to the Azure service.
Step 2) The Azure service make itself available to the Internet.
Step 3) When Azure receives a message, it sends to the internal service through the connection it established.
Step 4) When Internal Service processing completes, it sends the response to Azure through the connection is established.
Step 5) When Azure receives the message, it send the client as a response.
Overall, to the client, it looks just like Azure is the internal service.
No comments :
Post a Comment