Wireless Networking Communication
The invention relates to apparatus and method suitable for use in network computing. More particularly, but not exclusively, it relates to aspects of server-centric computing.
Server-centric computing is a centralised approach to computing in which applications and data hosted on a central server are offered to a user by means of a client device. This concept has evolved with the advent of applications such as Virtual Network Computing (VNC), in which the server provides an entire desktop environment to the client user.
"Virtual Network Computing", (T. Richardson, Q. Stafford-Fraser, K. R. Wood & A. Hopper, IEEE Internet Computing, Vol.2, No.l, Jan/Feb 1998 pp. 33-38) provides an overview of the VNC architecture.
In essence, VNC implements a Remote FrameBuffer (RFB) protocol, a display protocol that allows the server to remotely update the framebuffer displayed on a client device. User input actions at the client, such as keystrokes and mouse movements, are simply transmitted as a corresponding signal to the server where they are processed.
As the VNC protocol operates at the framebuffer level, it is versatile across a range of operating systems and applications. These may include Unix, Windows from Microsoft, Inc., Redmond, WA and the Macintosh OS from Apple, Inc. of Cupertino, CA, but might also include Personal Digital Assistants (PDAs), and indeed any device with some form of communications link. The protocol will operate over any reliable transport such as TCP/IP, thus providing excellent mobility for the client device user.
Since the client device does not process applications locally, but merely displays to the user applications that are being managed by the server, display protocols make very few demands of the client. In this way, client devices can run on the widest range of
hardware and the task of implementing a client device is made as simple as possible. Such client devices may therefore be stateless (no local storage) and may not be required to know how to interpret and display objects much more complex than menus and plain text. Such client devices are often referred to as "thin clients."
Because thin-client/server architectures centralise resources at the server, more efficient resource control and management is provided. Updates, adjustments and new resources may be offered to users without the need to configure individual client devices. Furthermore, security and reliability are greatly enhanced since 'permissions' to add and adjust applications may not extend to client device users and are restricted to server administrators.
Alternative exemplary thin client protocols include the Remote Display Protocol (RDP) from Microsoft, Inc., Redmond, WA and the Independent Computing Architecture (ICA) from Citrix Systems, Inc., Ft. Lauderdale, FL. However, these protocols are available only on Microsoft-based platforms.
Although the VNC protocol does not provide encryption of data traffic, a secure data transport channel can be attained by means of a Virtual Private Network (VPN) or Secure Sockets Layer (SSL), for example. Digital certificates or preshared keys can be used to authenticate client devices.
Thin-client/server systems are well known in the art. US Patent 6941382, for example, discloses a thin client device operable to communicate wirelessly with a remote host computer, which may also be a Web server. The host computer generates bit map or raster images of a virtual desktop, which may also be a virtual Web browser and which is hosted on the host computer, and transmits these images to the thin client for the user of the client to view. Client user input commands are simply transmitted from the client to the host computer where they are subsequently executed. Updated virtual desktop images are transmitted to the client in return. However, this system does not disclose a configurable server offering a wide variety of applications to client device users.
It is desirable to provide a thin-client/server system having a highly rationalised security model, which, by eliminating unnecessary complexity, provides security and maintainability, as well as providing simpler, more rapid deployment to users of the system. Additionally, it is desirable that the system allows simultaneous access from each client device to multiple operating systems and multiple applications, the system further providing precise management through a single point of control of the applications and data that a user has access to, independent of the actual client device the user is using at any point in time.
Therefore, according to the invention, there is provided a server operable to offer resources to a client device, the server comprising: client negotiation means for establishing a communications link between said server and a client device; user input action signal receiving means for receiving a signal indicative of a user input action at said client device; user session management means operable to establish and operate a user session in response to receipt of a user input action signal indicative of a user request therefor, said user session management means being operable to request application facilities as required; facility hosting means operable to host an instance of an application or a proxy thereof, and operable thereby to provide an application facility to said user session management means in response to a request therefor; wherein said user session management means further comprises: display rendering means operable to render data defining a display output to be displayed at a cooperating client device; and display data transmitting means for transmitting, to said client device, on said communications link, display data for direct representation at said client device as a user output.
In another aspect of the invention there is provided a server operable to offer resources to a client device, the server comprising: client negotiation means for establishing a secure communications link between said server and a client device; user input action signal receiving means for receiving a signal indicative of a user input action at said client device; user session management means operable to establish and operate a user session in response to receipt of a user input action signal indicative of a user request therefor and in accordance with client device user authentication, said user session management means being operable to request application facilities as required; facility
hosting means operable to host a proxy of an application, and operable thereby to provide an application facility to said user session management means in response to a request therefor; host negotiation means for establishing a communications link between said server and a host of an instance of said application; wherein said user session management means further comprises: display rendering means operable to render data defining a display output to be displayed at a cooperating client device; and display data transmitting means for transmitting, to said client device, on said secure communications link, display data for direct representation at said client device as a user output.
In another aspect of the invention there is provided a server operable to offer resources to a plurality of client devices, wherein one or more client devices and/or one or more client device users define respective groups, the server comprising: client negotiation means for establishing a respective secure communications link between said server and a plurality of client devices; user input action signal receiving means for receiving a respective signal indicative of a user input action at said plurality of client devices; host negotiation means for establishing a communications link between said server and a host of an instance of an application; for each defined group, user session management means operable to establish and operate a user session in response to receipt of a user input action signal indicative of a user request therefor and in accordance with client device authentication and/or client device user authentication, said user session management means being operable to request application facilities as required, and facility hosting means operable to host a proxy of said application, and operable thereby to provide an application facility to said user session management means in response to a request therefor; wherein the or each user session management means further comprises: display rendering means operable to render data defining a display output to be displayed at a cooperating client device; and display data transmitting means for transmitting, to said client devices, on said respective secure communications link, respective display data for direct representation at said client devices as user output.
In another aspect of the invention there is provided a server operable to offer resources to a client device, the server comprising: client negotiation means for establishing a secure communications link between said server and a client device; user input action
signal receiving means for receiving a signal indicative of a user input action at said client device; user session management means operable to establish and operate a user session in response to receipt of a user input action signal indicative of a user request therefor and in accordance with client device user authentication, said user session management means being operable to request application facilities as required; facility hosting means operable to host a browser application or another application, and operable thereby to provide an application facility to said user session management means in response to a request therefor; wherein said user session management means further comprises: display rendering means operable to render data defining a display output to be displayed at a cooperating client device; and display data transmitting means for transmitting, to said client device, on said secure communications link, display data for direct representation at said client device as a user output.
In another aspect of the invention there is provided a server operable to offer resources to a client device, wherein the server comprises a router in a local area network, the server further comprising: client negotiation means for establishing a communications link between said server and a client device; user input action signal receiving means for receiving a signal indicative of a user input action at said client device; user session management means operable to establish and operate a user session in response to receipt of a user input action signal indicative of a user request therefor and in accordance with client device authentication, said user session management means being operable to request application facilities as required; facility hosting means operable to host a browser application, and operable thereby to provide an application facility to said user session management means in response to a request therefor; wherein said user session management means further comprises: display rendering means operable to render data defining a display output to be displayed at a cooperating client device; and display data transmitting means for transmitting, to said client device, on said communications link, display data for direct representation at said client device as a user output.
Another aspect of the invention provides a method of offering services to a client in a client/server network, the method comprising: establishing a communications link between a client device and a server; and at the server: establishing a user session in
response to receipt of a signal indicative of a user request therefor, and during a current user session: receiving a user input action signal indicative of a user input action at said client; executing, by an instance of an application or a proxy thereof hosted on the server, said user input action, said application or proxy having been requested by a user session management means as required; rendering data indicative of said executed action and defining a display output to be displayed at a cooperating device; and transmitting, to said client device, on said communications link, display data for direct representation at said client device as a user output.
Another aspect of the invention provides a method of offering services to a client in a client/server network, the method comprising: establishing a secure communications link between a client device and a server; and at the server: establishing a user session in response to receipt of a signal indicative of a user request therefor and in accordance with client device user authentication, and during a current user session: receiving a user input action signal indicative of a user input action at said client; executing, by a proxy of an application, said user input action, said proxy being hosted on the server and having been requested by a user session management means as required; rendering data indicative of said executed action and defining a display output to be displayed at a cooperating device; and transmitting, to said client device, on said secure communications link, display data for direct representation at said client device as a user output; wherein said step of executing comprises the step of: establishing a communications link between said server and a host of an instance of said application.
Another aspect of the invention provides a method of offering services to a plurality of client devices in a client/server network, wherein one or more client devices and/or one or more client device users define respective groups, and wherein the server comprises a user session management means and a facility hosting means for each defined group, the method comprising: establishing a respective secure communications link between said server and a plurality of client devices; and at the server for each communicating device: establishing a user session in response to receipt of a signal indicative of a user request therefor and in accordance with client device authentication and/or client device user authentication, and during a current user session: receiving a user input action signal indicative of a user input action at said client; executing, by a proxy of an
application, said user input action, said proxy being hosted on the server and having been requested by a user session management means as required; rendering data indicative of said executed action and defining a display output to be displayed at a cooperating device; and transmitting, to said client device, on said secure communications link, display data for direct representation at said client device as a user output; wherein said step of executing comprises the step of: establishing a communications link between said server and a host of an instance of said application.
Another aspect of the invention provides a method of offering services to a client in a client/server network, the method comprising: establishing a secure communications link between a client device and a server; and at the server: establishing a user session in response to receipt of a signal indicative of a user request therefor and in accordance with client device user authentication, and, during a current user session: receiving a user input action signal indicative of a user input action at said client; executing, by a browser application or another application, said user input action, said application being hosted on the server and having been requested by a user session management means as required; rendering data indicative of said executed action and defining a display output to be displayed at a cooperating device; and transmitting, to said client device, on said secure communications link, display data for direct representation at said client device as a user output.
Another aspect of the invention provides a method of offering services to a client in a local area network, wherein the server comprises a router, the method comprising: establishing a communications link between a client device and a server; and at the server: establishing a user session in response to receipt of a signal indicative of a user request therefor and in accordance with client device user authentication, and, during a current user session: receiving a user input action signal indicative of a user input action at said client; executing, by a browser application, said user input action, said application being hosted on the server and having been requested by a user session management means as required; rendering data indicative of said executed action and defining a display output to be displayed at a cooperating device; and transmitting, to said client device, on said communications link, display data for direct representation at said client device as a user output.
In another aspect of the invention there is provided a resource offering system, the system comprising: a server operable to offer a resource to a client device, the server comprising: client negotiation means for establishing a communications link between said server and a client device; user input action signal receiving means for receiving a signal indicative of a user input action at said client device; user session management means operable to establish and operate a user session in response to receipt of a user input action signal indicative of a user request therefor, said user session management means being operable to request application facilities as required; facility hosting means operable to host an instance of an application or a proxy thereof, and operable thereby to provide an application facility to said user session management means in response to a request therefor; wherein said user session management means further comprises: display rendering means operable to render data defining a display output to be displayed at a cooperating client device; and display data transmitting means for transmitting, to said client device, on said communications link, display data for direct representation at said client device as a user output; and a client operable to request resources from a server, the client comprising: server negotiation means for establishing a communications link between said client and the server; user input action receiving means for receiving a user input action; user input action signal transmitting means for transmitting, to said server, on said communications link, a signal indicative of said user input action; user output data receiving means for receiving, from said server in response to a received signal, said display data; user output representation means for direct representation of said display data as a user output; wherein said user input action signal receiving means further comprises a single server port.
In another aspect of the invention there is provided a resource offering system comprising a server and one or more client devices configured as described above or a resource offering system operable to implement a method as described above.
In yet another aspect of the invention, a general purpose computer is configured by computer executable instructions to operate as a server as described above. The computer executable instructions can be introduced as a computer program product, storing information defining such computer executable instructions. The product can
comprise a storage medium, such as an optical or magnetic disk, or a signal, such as an internet based download.
In yet another aspect of the invention there is provided a method of offering a service to a user of client device, the method comprising: establishing a communications link between a client device and a server; and at the server: establishing a user session in response to receipt of a signal indicative of a user request therefor, and during a current user session: receiving a user input action signal indicative of a user input action at said client; executing, by an instance of an application or a proxy thereof hosted on the server, said user input action, said application or proxy having been requested by a user session management means as required; rendering data indicative of said executed action and defining a display output to be displayed at a cooperating device; and transmitting, to said client device, on said communications link, display data for direct representation at said client device as a user output.
Further preferred features of these aspects of the invention will now be set forth by the following description of specific embodiments of the invention, provided by way of example only, with reference to the accompanying drawings in which:
Figure 1 illustrates schematically a server in accordance with an embodiment of the invention;
Figure 2 illustrates a method of offering services to a client device in a client/server system by means of the server illustrated in figure 1;
Figure 3 illustrates a sub-routine of the method illustrated in figure 2;
Figure 4 illustrates a client/server system including a server in accordance with a second embodiment of the invention, together with a client device suitable for use therewith;
Figure 5 illustrates a client/server system including a server in accordance with a third embodiment of the invention, together with a client device suitable for use therewith;
Figure 6 illustrates a client/server system including a server in accordance with a fourth embodiment of the invention, together with a client device suitable for use therewith;
Figure 7 illustrates a client/server system including a server in accordance with a fifth embodiment of the invention, together with a client device suitable for use therewith;
Figure 8 illustrates a client/server system including a server in accordance with a sixth embodiment of the invention, together with a client device suitable for use therewith;
With reference to the drawings, a first embodiment of the invention is illustrated- in figure 1. A simplified server 10 is depicted, comprising a processor 12 operable to execute machine code instructions stored in a user session management means 14 and/or retrievable from a mass storage device 16.
By means of a general-purpose bus 18, client device communications unit 20 is in communication with the processor 12. The communications unit 20 is capable of establishing a communications link with a client device via a separate communications module (not shown), such as a wireless network adaptor, which is located externally to the server 10. The communications unit 20 is operable to transmit data passed thereto on the bus 18 to the external communications module for subsequent transmission in accordance with a communications protocol previously established for use by a system in which the server 10 is appropriate for use.
In the server 10 of figure 1, a single TCP port of client device communications unit 20 acts as receiver and dispatcher of data, thereby defining a single point of entry. By utilising just a single server port, firewall 22, which may be a software program or hardware, may be readily implemented to increase server 10 security.
The user session management means 14 has the task of establishing and operating user sessions 24 at the behest of a user of a client device, which may entail requesting applications 26 hosted at the facility hosting means 28. The server 10 is also able to accept login's from different users on a single TCP port and then direct the client access to a specific session 24 based on the login. This eliminates the need to assign each user
a unique TCP port, which would have to be known in advance. The benefit is that this allows all users to connect on the same invariant TCP port and automatically be connected to the correct session based on the login details they give.
User session management means further comprises rendering means 30 for rendering image data representative of a user session 24, and compression means 32 for compressing the image data prior to transmission to a client device via communications unit 20.
While the server 10 of the present invention is configured to render and compress data in accordance with a VNC protocol, it will be understood that alternate remote display protocols could be utilised.
Each user session may utilise a single application 26 or multiple applications 26, depending on client device user requirements, and each application 26 may comprise an instance of an application or a proxy thereof.
Required data may be requested from a further server or host by user session management means 14 by means of network communications unit 34, which incorporates a firewall 35 that, in combination with firewall 22, provides the server 10 with a high level of security.
The user session management means 14 is further operable to record any output generated during a user session, which may be stored in mass storage 16. This data may subsequently be requested by a further user session. Preferably, the user session management means 14 is operable to offer the retrieved data in such a manner that periods where there are few or no changes to the screen picture may be skipped at a higher rate than periods where there are a significant amount of changes to the screen picture. This ability to fast forward generated data at variable rates allows accurate review of long periods of recordings to be performed both rapidly and with greater accuracy. Further benefits of such a playback mechanism include enhanced security, technical support and error assessment, training and presentation.
The function of the server 10 will now be described in further detail in accordance with figure 2. This method as illustrated commences with step S 1-2, the establishment of a Communications link between a client device and the server. This step includes the process of authenticating a client device against the server to determine that they have previously been 'paired' to work together, thereby ensuring the integrity of data and applications held at the server.
In a preferred embodiment of the server of the present invention operable in accordance with this method, the server makes use of a VPN client device authentication list to authenticate a client device to the server.
Preferably, the manner in which a communications link is achieved is by means of a wireless communications protocol including, but not limited to, Wi-Fi, Wi-Max, G3 or GPRS. However, the link may also be effected over land-based channels using a communications protocol such as ADSL, or over a local area network (LAN). Furthermore, given more than one communications protocol, the client/server system will preferably operate over the lowest latency link.
In step S 1-4, a client device user session is established in response to a client device user request therefor. A single user session is typically associated with a single client device user (but not necessarily a single client device), and is accessed on the basis of authentication data provided by the client device user. Client device user authentication is used to re-connect the user to their previous session and any associated applications, thereby facilitating persistent sessions for each user independent of the particular client device that is actually being used. More preferably, authentication data is also encrypted in order to deter misuse by third parties.
In a preferred embodiment of the client device of the present invention operable in accordance with this method, a finite quantity of user authentication data may be held at the client device. More specifically, and by way of example only, the client device stores the last three used user authentication data, wherein the authentication data may take the form of alphanumeric user names and passwords and/or client device user biometric data.
Once a user session has been established, and for each action corresponding to the user input action signal received at the server during a current session, as indicated by step S 1-6, the server executes the action (step S 1-8). Once the action has been executed, the process continues in step Sl-IO, wherein display data indicative of the executed action is generated in accordance with a remote display protocol.
In a preferred aspect of the present invention, the remote display protocol comprises a VNC protocol, which can remotely update the framebuffer displayed on a client device, as discussed earlier. The display data may comprise an updated screen image of the application or virtual desktop indicative of the executed action, or just a portion of the screen image.
Reducing network traffic is achieved by means of a data compression technique implemented in step S 1-12 and may be carried out by the VNC protocol, though it will be understood that alternative data compression techniques known in the art may also be implemented.
Finally, the compressed data is transmitted over the established client/server communications link to the client device in step S 1-14, whereupon it is decompressed and displayed to the client device user.
Figure 3 provides a flow diagram of a sub-routine of step S 1-8. The execute action routine starts with step S2-2, wherein a decision is made as to whether an application, or proxy thereof, operable to execute the action indicative of the user input action signal is hosted at the server. If this is not the case, the server will establish a communications link with a further server or host computer offering the application, as indicated by step S2-4. Nevertheless, all data traffic is routed through the server, thereby increasing security and strengthening data management control.
It will be understood by the skilled reader that step S2-2 will be obviated if the client device is operable only to request a predetermined application facility hosted at the server.
Next, the user session management means determines, in step S2-6, whether the required application is running and, if not, the application is started, as indicated by step S2-8. Subsequently, in step S2-10, it is determined whether the requested action relates to terminating the application. If so, then this action is performed in step S2-12.
Figure 4 schematically illustrates a client/server system 310 in accordance with one embodiment of the present invention. The system 310 comprises clients 312 and server 10, the server 10 being in communication with one or more communications networks 319, 320 (e.g. the Internet, the Web, other wide area networks, local area networks and so on) that may comprise one or more hosts 316, 317.
A client 312 comprises at least a user operable input device 322 and a client device output 324. In the described embodiment, output 324 comprises a display unit, such as a LCD (liquid crystal display) or LED (light emitting diode) screen, and is operable to display output data received from the server 10.
A user operable input device 322 may include a keyboard, a mouse or other pointing device such as a touchpad, a contact sensitive surface on a display unit of the device, a writing tablet, speech recognition means, haptic input means, or any other means by which a use input action can be interpreted and converted into data signals. It may be integrally formed with client device output 324, comiected by means of a cable or other physical connection, or entirely detached. In the latter case, communication between input 322 and any other portion of the client device may be accomplished by means of a short range wireless connectivity link 326, such as Bluetooth.
In operation, client 312 establishes a communications link 328 with server 10, which, although being operable to function as a server in accordance with figure 1, is only depicted with user sessions 24, applications 26 and firewalls 22, 35 for the sake of clarity.
In this particular embodiment of the system, suitable for use as a major private or public LAN and/or WAN for example, one application 26 may comprise a web browser. In
this way, browser based resource facilities on private network 319 or the web 320 become available to the client device 312. Alternatively, operation system specific applications 26 may be hosted at the server 10. Advantageously, these applications may be added or removed as required. Thus, a direct communications link between the server 10 and an appropriate host 316, 317 of communications network 319 may be established.
Further configurations of the client/server system will now be described with reference to figures 5 to 8 for the assistance of the reader in understanding the scope of the invention. Where system components have substantially the same function as those illustrated in figure 4, they are given the same reference numbers.
In figure 5, for example, the hosts 317 of system 510 comprise only personal computers, which do not necessarily form a communications network. It will be understood that the communications links 420, 520 shown in figure 4 and 5, respectively, are each but one server-host link arrangement. It will be further understood that since the VNC protocol is not limited to one particular operating system, hosts 316 may comprise servers and/or personal computers running a variety of operating systems such as Microsoft Windows, Linux and the like. Personal computers may be accessed with the use of a remote display protocol.
Meanwhile, in the system 610 shown in figure 6, the server 10 comprises a personal computer operable to offer applications to a client device 312. In this particular schematic, each client device 312 is shown to communicate with a single server 10, though the system is not limited thereto. In contrast, the server 10 of system 710 (figure 7) comprises an Internet router, wherein application 26 may comprise a web browser. This type of system is ideally suited for a home network, wherein the communications network 328 comprises a wired or wireless home LAN network. Finally, in figure 8, the server 10 is deployed on the Internet as an application service provider (ASP) 810, and the client devices 312 connect via the Internet to that service. In the latter implementation in particular, the client device 312 connects to the server 10 via a secure method such that unauthorised clients will be denied access.
The reader will appreciate that the foregoing are but several example implementations of the present invention, and that further aspects, features, variations and advantages may arise from using the invention in different embodiments. The scope of the protection is intended to be provided by the claims appended hereto, which are to be interpreted in the light of the description with reference to the drawings and not to be limited thereto.