The invention relates to communication between a remote computer and a computer or a computer network.
Users of remote computers, such as mobile lap-top computers, can often access computers permanently connected to a local corporate network (local computers) using a variety of communication paths. For instance, a user of a remote computer can use a dialed telephone connection to establish a modem-based data link between the remote computer and a remote communication server on the corporate network. Alternatively, the user can use a dialed telephone connection to an access point of a public wide area network, such as the Internet, and then communicate with the corporate network through the wide area network. A user may often have a choice of several different telephone access numbers which he can use to establish a communication path between the remote computer and the corporate network.
When a remote user has a choice of multiple telephone numbers through which he may connect his remote computer to a local computer or a local area network, the remote user faces several problems. These problems include first knowing what numbers and access methods (e.g., connection speeds and communication protocols) he has a choice of, and knowing the cost of using those numbers and access methods. This first problem is exasperated by the large number of access points available, changes of access telephone numbers, changes in telephone and network access rates, and changes in quality of service provided by various service providers. Distributing, storing, and searching a comprehensive directory of access numbers and associated costs would, in general, be prohibitive on remote computers with limited storage and computation capacity, such as portable computers typically used by mobile workers.
Having chosen a desired access telephone number, the user may not be successful in establishing a data communication channel using that telephone number. Establishing a communication channel requires proper operation and interaction of a large number of software and hardware elements. A hardware or software failure, misconfiguration, or incompatibility, in one or more elements in the communication path can prevent a connection from being successfully established. Failures can also occur at any of a number of steps which must be carried out to establish a communication channel. These include failure to properly connect to a telephone line, improper dialing due to an incorrect telephone number or incorrect dialing prefix, unsuccessful connection to an ISP due to hardware or software problems at the POP, unsuccessful or poor data transfer over the Internet, unsuccessful connection to a tunnel server, unsuccessful communication between the remote computer and software executing on the tunnel server, and unsuccessful communication between a tunnel server and other computers on the LAN.
If a user is not successful in establishing a desired communication path, several courses of action may be available to the user. For example, he may attempt to connect using the same telephone number again, or connect using another telephone number. In addition, he may correct a software or hardware problem on the remote computer before reconnecting.
Choosing the appropriate course of action, in general, requires a diagnosis of the problem encountered in making the desired connection. Different users of remote computers may have different levels of expertise and ability to diagnose the problem.
Another aspect of remote communication that often introduces complexity, and may be a source of errors, relates to security. In order to control access to wide area and local area networks, and access to particular computers or systems accessible over those networks, a user must typically interact with multiple authentication and authorization systems. It is not uncommon for a remote user to have to supply one password when connecting to a wide area network, another to establish a connection to a corporate network, and yet another when finally accessing a computer system, such as a mail server.
Aspects of the invention, in general, provide a comprehensive system which identifies, models, and automates aspects of establishing remote access to a local computer network. The system involves several inter-related components. The system provides support for determining appropriate telephone access numbers for use by a remote user, and provides support to that user if a connection cannot be successfully established. Difficulties associated with distribution and searching of telephone access number data are overcome, in part, by organizing data that is stored on a remote computer to be both compact and easily searched, and by incrementally downloading that data as a background communication task. A software infrastructure supports authentication and authorization functions, and permits diagnosis and correction of most problems that a remote user may encounter in attempting to establish communication with a local computer. Using this system, lowest cost telephone access numbers are automatically determined for a user based on his location without requiring the user to assess the relative costs of using different telephone numbers. Also, little or no computer-related expertise is required of the remote user to establish a connection, even in the face of correctable hardware or software failures.
In one aspect, in general, the invention provides software, stored on a computer readable medium, for causing a remote computer to establish a data communication path to a computing resource, such as a data network. The method includes determining a set of access paths for communicating between the remote computer and the computing resource, and evaluating a cost function which characterizes the cost of communicating between the remote computer and the computing resource over that access path. The cost function can includes both monetary and performance related factors. The method also includes selecting a best one of the access paths according to the evaluated cost functions for the access paths, for example selecting the lowest cost path, and then initiating establishment of communication over the selected best access path. The access path can feature a dialed telephone channel to a telephone access number associated with that access path, and establishment of communication over the access path can include dialing the telephone access number.
The method can also feature accepting an identification of a location of the remote computer determining a set of access paths according to the telephone charges associated with use of dialed telephone channels to each of the telephone access numbers from the location of the remote computer.
The method can also feature accepting an identification of a user of the remote computer and the cost function can includes weighting terms chosen according to the identification of the user.
The method can also feature the remote computer accepting a dialing database which includes telephone access numbers, and accepting an identification of the computing resource with which a communication channel is to be established. The remote computer then accesses the dialing database to determine the set of access paths for communicating with the computing resource.
The method can also feature selecting a next best access path according to the evaluated cost functions for the access paths, if communication over the selected best access path is not established. If communication over an access path cannot be successfully established, the method can also feature performing diagnostics related to the unsuccessful establishment of the communication path, for example, by interpreting a diagnostic script, accepted from another computer, which implements a procedure to determine a cause for the unsuccessful connection. A diagnostic procedure can include contacting a reference site not on the remote computer and verifying that the remote computer can communicate with the reference site. Contacting a reference site can include establishing a dialed telephone connection to a reference telephone number or contacting a network device a data network coupling the remote computer and the network device. The diagnostic procedure can also include determining whether a software module on the remote computer requires installation, and if so, installing that software module.
The method can also feature accepting credentials which identify a user of the remote computer. The user is authenticated by the remote computer using an authentication service on another computer. The method can also feature establishing a management communication path to the other computer and accepting information including information for a dialing database over the management communication path.
In anther aspect of the invention, in general, the invention provides software for causing a computer, such as a management server, to store a dialing database, including telephone access numbers for access paths, and establish an authenticated management communication path between the computer and a remote computer. The computer then provides information from the dialing database to a remote computer, for use on the remote computer in selecting an access path between the remote computer and a computing resource.
The execution of the software can also feature accepting master dialing information and accepting local information, including information related to computing resources accessible from the remote computer, and maintaining the dialing database using the master dialing information and the local information. The master dialing information can include telephone access numbers for access paths, and information related to a cost of communicating over dialed telephone connections to those access numbers from remote locations.
The execution of the software can also feature accepting performance related logging information from remote computers and updating the performance related cost factors based on the logging information.
Other features and advantages of the invention will be apparent from the following description, and from the claims.