A method is disclosed including establishing a browser session in response to receiving a request from a browser application in a public network. The browser session is assigned to a dedicated network service running in a dedicated network name space. Requests received from the browser application are proxied to a dedicated network service. A local web session in the dedicated network service authenticates a user of the browser application for access to at least one private webservice. A security client in the dedicated network service establishes a networking tunnel between the proxy and a remote gateway to the private network, thereby obtaining network access to the private webservice from the dedicated network name space. Within the dedicated network name space, proxied requests addressing the private webservice are forwarded over the networking tunnel to the private network.

A system and method for optimizing processing of keyboard/video/mouse (KVM) data in an internet protocol (IP) network environment receives via public interface access requests from users directed to KVM targets. The system includes a public and private virtual local area network (VLAN) linked by a bonded interface and general-purpose and optimized application containers. The general-purpose container initiates a KVM session and creates a network address translation (NAT) route (associated with an IP address visible to the user) and a dedicated interface via which the user may send KVM data directly and through the optimized application container, which prioritizes KVM data so it can pass without preemption through the private VLAN and to its intended KVM target in real-time or near real-time. The NAT route and external IP address may be reused for multiple access sessions to different KVM targets from the same user.

A system and method for optimizing processing of keyboard/video/mouse (KVM) data in an internet protocol (IP) network environment receives via public interface access requests from users directed to KVM targets. The system includes a public and private virtual local area network (VLAN) linked by a bonded interface and general-purpose and optimized application containers. The general-purpose container initiates a KVM session and creates a network address translation (NAT) route (associated with an IP address visible to the user) and a dedicated interface via which the user may send KVM data directly and through the optimized application container, which prioritizes KVM data so it can pass without preemption through the private VLAN and to its intended KVM target in real-time or near real-time. The NAT route and external IP address may be reused for multiple access sessions to different KVM targets from the same user.

A method of setting a user-defined virtual network is disclosed. A method of setting a virtual network includes configuring a virtual network including a controller, at least one network address translation (NAT) and at least one edge node, checking an operation type of the at least one edge node, setting a tunnel between the at least one edge node based on the operation type, and performing data transmission between the at least one edge node through the set tunnel.

A method of setting a user-defined virtual network is disclosed. A method of setting a virtual network includes configuring a virtual network including a controller, at least one network address translation (NAT) and at least one edge node, checking an operation type of the at least one edge node, setting a tunnel between the at least one edge node based on the operation type, and performing data transmission between the at least one edge node through the set tunnel.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

Systems and methods for determining network topology by implementing the security parameter index (“SPI”) to map network nodes that are behind a network address translation (“NAT”) address are disclosed.

Techniques for utilizing dual-stack network addressing for compute instances hosted in an edge location of a cloud provider network along with communications service provider (CSP) network addresses are described. A first network address is assigned to the compute instance from a pool of network addresses of the cloud provider network, and a second network address is associated with the compute instance that is provided by the CSP network. A gateway of the edge location is updated to direct packets addressed to the second network address to the compute instance via use of the first network address.

Techniques for utilizing dual-stack network addressing for compute instances hosted in an edge location of a cloud provider network along with communications service provider (CSP) network addresses are described. A first network address is assigned to the compute instance from a pool of network addresses of the cloud provider network, and a second network address is associated with the compute instance that is provided by the CSP network. A gateway of the edge location is updated to direct packets addressed to the second network address to the compute instance via use of the first network address.