The invention generally relates to providing remote-access to manageable devices across different operating systems, and more specifically, to using certificates with embedded cryptographic data to validate operator identity and access rights to remotely manageable devices.
With the advent of low-cost computers and computing devices, typical corporations have hundreds or thousands of such systems. This results in significant maintenance and support requirements. For example, for traditional computer systems, typical maintenance and support includes checking (testing and validating) installed software, application program upgrades, performing hardware diagnostics, system resets, and the like. If every computer in a corporation has to be personally visited by a technician to perform routine maintenance, then significant resources are required.
In an effort to reduce such requirements, various remote management suites have been developed. The term xe2x80x9cmanagement suitexe2x80x9d means a combination of hardware and software tools for managing and maintaining networked manageable devices (e.g., computer systems, printers, or other hardware or software responsive to the management suite). One exemplary remote management system is the Intel(copyright) LANDesk(copyright) Management Suite by Intel Corporation of Santa Clara, Calif. The Intel suite provides operations such as hardware, software, and configuration file inventory and monitoring; remote control; remote diagnostics; software distribution; software metering; server management; etc.
However, a common problem with management suites is that they are not designed to operate within heterogeneous environments, such as mixtures of Windows 9x, Windows NT, Macintosh, Unix, Linux, Sun, etc operating systems. In particular, management suites are currently limited by their ability to validate one""s right to perform a management action. Different operating systems track different user-related information and use different methods to store the tracked data. This can prevent interoperation between a management suite designed for a Unix environment and one designed for a Macintosh environment.
For example, management suites attempt to determine a console operator""s identity (e.g., a network administrator seeking to control a manageable device), and then grant the operator rights accordingly. The term xe2x80x9cconsolexe2x80x9d refers to a device (or program) attempting to manage another device (or program). An xe2x80x9coperatorxe2x80x9d is a user or program executing with the credentials of a particular user identity (e.g., a Unix set user-ID (SUID) program). Identity determination is different for different operating systems. This difference can prevent proper operator identification in heterogeneous environments.
In addition, some management operations, like remote control, require network operating system specific user account information, such as user access rights (e.g., access control lists) in order to perform the remote control operations. Such information is not accessible by identical means in different operating system environments. Even if different operating systems provide corresponding functionality, such as implementing the concept of access control lists or group memberships, the corresponding functionality may not be equivalent functionality. For example, different operating system implementations may be significantly limited or constrained in differing environments. If non-common features are necessary to perform the function, then the function is not portable across the differing operating systems. One such example are access control lists. Although well-known, access control lists are extensible under Unix, but not under Windows 95; under Windows 95 user groups and access control only exists in coordination with other network agents (such as a Windows NT domain controller). Stand-alone Windows 95 computers have no operating system level access control. Under Windows NT, user groups and access control lists exist and the membership rules are quite flexible. However, the operating system only applies access control to certain pre-defined objects like files, shares, and printers. The operating system does not enforce access control to objects outside of the pre-defined set (such as remote control). Even if such access control list support was available on all manageable device platforms, authentication and authorization based a network operating system user account identity requires both controller and manageable device to be logged into the same network operating system, file server, domain, NDS tree, etc. This is inconvenient in a heterogeneous networked environment.
An operating system independent method for an operator of a console to manage a device. An operating system independent session certificate is obtained by the operator of the console executing a first operating system, from a trusted core of the device executing a second operating system, to authenticate identity and group membership of the operator. The operating system independent session certificate is provided by the operator to the device executing a third operating system, along with a management request. And, the device determines whether the authenticated operator has necessary access privilege to perform the management request based at least in part on the authenticated group membership of the operator set forth in the operating system independent session certificate.