Abstract: Security of a protected computer that is accessible via a public network is enhanced by eliminating or reducing open network ports on the protected computer. To reduce open network ports, the protected computer initiates a control connection to an enterprise controller. A request for service from a client device is made to the enterprise controller. If appropriate, the request is then forwarded by the enterprise controller to the protected computer over the control connection. If the request is accepted by the protected computer, the protected computer opens an additional connection to the enterprise controller to provide for streaming of input and output between the task performed on the protected computer and the enterprise controller. This input and output is forwarded by the enterprise controller to the client device and/or protected computer.

Abstract: Active Directory (AD) configuration file management described herein provides technical solutions for technical problems facing management of Linux/Unix and other Unix-like open source operating systems that use configuration files to manage systems, resources, and settings. This configuration file management may use a network-internal AD Group Policy Object (GPO) to manage these configuration files, where the configuration file management may convert the configuration files into GPOs for deployment via the AD. The use of GPO-based configuration files via AD provides the ability to manage external Linux/Unix systems. When the configuration file management agent detects a change, the configuration file is replaced with a known good configuration file based on the criterion GPO or criterion configuration file. This provides persistence of the configuration GPO and the corresponding Linux/Unix system configuration, such as to implement and enforce information security.

Abstract: An Active Directory Bridge (AD Bridge) provides the ability to register, represent, and manage external network resources on an internal network. The external network resources may include cloud resources, such as Internet of Things (IoT) devices, Software-as-a-Service applications (SaaS apps), cloud-hosted virtual machines (VMs), cloud-hosted computers, and other networked cloud resources. The external network resources may be unable to communicate directly with or join the internal network due to various network connection obstacles. The AD Bridge includes an AD Bridge Gateway, an AD Bridge Gatekeeper, and an AD Bridge Agent. The AD Bridge Agent resides on each external network resource, and provides the connection of the host external network resource through the AD Bridge Gatekeeper and through the AD Bridge Gateway to the internal network. The AD Bridge provides the ability to register, represent, and manage these external network resources on an internal network.

Abstract: An Active Directory Bridge (AD Bridge) provides the ability to register, represent, and manage external network resources on an internal network using Group Policy Objects (GPOs). The AD bridge provides the ability to create GPOs in native Active Directory, where the settings are managed within the GPO and can be associated with Active Directory Organizational Units. The AD bridge provides the ability to manage, monitor, and enforce these settings for external cloud resources by Group Policy. The GPOs may be read from the Domain Controller (e.g., Sysvol) by the AD bridge, then translated and delivered to the cloud resource being managed. As GPOs are updated and deployed, the settings are detected and delivered to the cloud resource. When the cloud resource settings are changed outside of the GPO, the AD bridge monitors and reacts to any changes, making Group Policy the enforcement mechanism for the cloud resources.

Abstract: A system for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the system including a directory service managing authentication and authorization operations for the internal resource, a gatekeeper device residing in the external network, and a gateway device residing in an internal network. The gatekeeper device is configured to receive a resource operation request from the endpoint, the resource operation request is associated with a user and transmit the resource operation request to the gateway device. The gateway device is configured to receive the resource operation request from the gatekeeper device, authenticate with the directory service as the user, using credentials of the user, authorize the resource operation request with the directory service, and initiate the resource operation request with the internal resource.

Abstract: A system for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the system including a directory service managing authentication and authorization operations for the internal resource, a gatekeeper device residing in the external network, and a gateway device residing in an internal network. The gatekeeper device is configured to receive a resource operation request from the endpoint, the resource operation request is associated with a user and transmit the resource operation request to the gateway device. The gateway device is configured to receive the resource operation request from the gatekeeper device, authenticate with the directory service as the user, using credentials of the user, authorize the resource operation request with the directory service, and initiate the resource operation request with the internal resource.