The advent of powerful microprocessors and supporting peripherals has allowed microprocessor-based systems to approach or, in some instances, to exceed the power of mainframes. Such microprocessor-based systems have evolved to support a wide variety of configurations with varying bus topology, memory configurations, I/O controllers and peripheral devices. Further, such computers can be networked over wide area networks such as the Internet as well as local area networks.
As microprocessor-based systems become the mainstay of businesses, the ability to maintain and manage the hardware, software, networks, operating systems, middleware and applications becomes important. In the past, a mainframe in a computing center performed centralized system management tasks, including library and configuration management and software version control, among others. Remote maintenance and management facilities are common features in mainframes, whose architectures are generally designed specifically to accommodate remote maintenance and management. However, microprocessor-based systems have evolved without such considerations and, as a consequence, they typically do not provide remote maintenance and management features.
In a computer network with diverse microprocessors, peripherals, and software applications, the range of possible configurations is staggering. Not surprisingly, system failures occur when incompatible hardware and software coexist. Acknowledging the challenge in maintaining computer hardware and software products, many manufacturers provide customers with technical support personnel who can assist users in deploying their products. The staffing of skilled software support personnel can be expensive, particularly when sufficient personnel need to be fielded to provide real time support during peak inquiry times. To limit support costs, manufacturers rely on on-line help over the Internet as a viable alternative to telephone calls as a tool for providing product support.
However, due to devices that enhance the security of networks such as firewalls, the ability to support on-line help over the Internet is typically limited to one-way communications initiated by one or more clients to a server. The firewall selectively permits the communications to pass from one network to the other, to provide bidirectional security. Firewalls have typically relied on a combination of two techniques to protect the networks: packet filtering and proxy services. In packet filtering, the firewall selectively controls the flow of data to and from a network using rules established by a network administrator that specify what types of packets such as those to or from a particular IP address or port are to be allowed to pass and what types are to be blocked. Alternatively, a proxy may be used. The proxy is a program, running on an intermediate system, that deals with servers such as Web servers and FTP servers on behalf of clients. Clients, e.g. computer applications that are attempting to communicate with a network that is protected by a firewall, send requests for connections to proxy-based intermediate systems. Proxy-based intermediate systems relay approved client requests to target servers and relay answers back to clients.
The firewalls prevent the transmission of information required to perform remote maintenance and management for computer systems. However, a detailed knowledge of a computer""s dynamic environment and its system configuration is needed to prevent computer failures. For example, these situations include cases where modifications to one component to correct one problem may introduce other errors if the modifications are improperly installed. Further, an accurate knowledge of system configuration is required in order to verify compatibility and to ensure integrity across multiple operating environments and across diverse processors.
Some of the configuration information is hardware specific, such as disk controller port addresses, communication port addresses and video port addresses. Further, software specific configuration parameters may be set within configuration files for each application. For example, a configuration file stored within an IBM-compatible personal computer known as an autoexec.bat file may include path statements. Additionally, specific application software may require specific initialization information to run effectively. Typically, this information may be set in an initialization (.ini) file or in the system registry.
Once installed, the computer configuration does not remain static, however. For example, certain peripherals may be replaced, added or removed. Further, during use, users may personalize the software and thus change the state information. The difference in state information between software installation and software operation leads to an unpredictable operation and may require more support from information system personnel. The complexity of system maintenance becomes even more challenging for component-based software in which each software application is a collection of many separate files generated by unrelated software developers who may be more conscious of each component""s integrity than the integrity of the assembled package. As the pace of changes increases and complexity of the software assembly process grows, the external representation of the correct state relationship between components becomes prone to error and to system failures. Moreover, as networks grow and become more heterogeneous and complex, the management of computers attached to networks becomes more challenging.
When failures occur, one option is to request a computer technician to be dispatched on-site to repair the computer. Other options include removing the computer from its normal working environment and delivering it to a computer repair facility, or fixing the computer through either adjustment or replacement of hardware, re-installation of software, modification of software parameters and the like. For large businesses having hundreds or thousands of computers interconnected together through an internal network or having a large, stand-alone computer such as a mainframe experiencing a boot error, the second option of removing the computer is not viable. Likewise, the third option is not viable if the computer user is unfamiliar with the internal workings of his or her computer. Additionally, as time is a precious resource, users typically do not like to browse manuals on-line. Since replies to emailed questions can take days, a reliance on technical support through emails is not an acceptable option for many system administrators.
Companies can maintain on-site computer technicians and other IT personnel. However, the use of on-site computer technicians poses a number of disadvantages, including high service costs due to the large overhead costs such as transportation costs, gas and insurance assumed by the computer service provider in providing on-site servicing. On occasions, on-site servicing can be a time-consuming process if the technicians are not properly trained to diagnose the problem and to perform the requisite repair. In view of the computer repair and maintenance cost, it would be advantageous to provide a remote servicing of computers in an automated fashion, to allow remote servicing by expert support staff, whether in-house or out-sourced.
In one aspect, a system maintains a first computer using a second computer and a central computer by: receiving a request for maintenance from a first computer; opening first and second secured connections to the first and second computers through the central computer; transferring a request for data from the second computer; storing data and a destination instruction sent from the second computer in a central computer buffer; and forwarding the buffered data to the first computer.
Implementations of the invention includes one or more of the following. The central computer is a nexus. The secured connection of the first computer can remain open without network traffic. The first computer can reside in a secured area. A process can be spawned on the first computer in response to the request from the second computer. The spawned process can collect data on the first computer in accordance with the request from the second computer. The request can execute diagnostic software on the first computer. The request can also execute repair software on the first computer, or can provide information on configuration, state or screen display to the second computer. The request can also cause software to be downloaded or uploaded to the first computer. One of the first computer or the second computer can reestablish a connection in the case that the connection is interrupted. The first computer can reside inside a firewall.
In a second aspect, an apparatus provides maintenance for one or more computers connected to a nexus. The apparatus includes a first computer connected to the nexus, the first computer residing inside a secured area. A second computer can be connected to the nexus. The nexus supports a secured communication session between the first and second computers, the communication session being related to the operation of the first computer and established in response to a request from the first computer.
Advantages of the present invention include the following. The system supports convenient and transparent maintenance operations across an enterprise""s networks. These operations are supported using a nexus, which allows a service provider to service a user computer even if a firewall exists. By allowing the transmission of the user computer""s configurational and state information over the Internet, the system reduces state relationship errors and, in the event one crops up, the system can automatically correct these errors. The system can be used to diagnose problems by comparing an existing state on a user computer to both a previously working state and a reference state known by the system. Further, the system can be used to allow applications which have been damaged to self-heal by automatically restoring previously working states or reinstalling components from reference states. A further advantage of the system is reduced network traffic. The system avoids the need to poll servers and can handle the synchronous communication and require little network bandwidth to connect to the remote system.
The system can also support remote and disconnected users by protecting applications on their desktop and ensuring that software is configured appropriately. The system can also synchronize user desktops by automatically updating all application components and configuration settings while still allowing custom settings for the user. The system also automates custom computer setups/upgrades by providing replication of working states from client machines. Information transmitted through the nexus may be used to provide vital application information including system values and resource conflicts to help information systems personnel.
Further, the system decreases network overhead and increases scalability of electronic software distribution by eliminating delivery of duplicate files that make up software packages. The flexible architecture of the invention protects user investment in existing solutions for enterprise-wide systems management, network management, and application management.
The system also assists manufacturers in meeting their expected service levels to customers. Computer system configuration costs are reduced, while system failures are reduced. The invention also improves systems security management. The invention also provides timely notification that a change is available, identification of which systems require updates and updates of all systems in a timely and efficient manner. The network monitoring allows users to identify potential problems before they occur and provides administrators an opportunity to fix systems before they fail. Thus, computer systems work more efficiently with less down time and at a potentially lower total cost.