This invention relates to remotely establishing network communications. More particularly, the invention is directed to traversing a network firewall to effect network communications where such activity would be otherwise frustrated by common security configurations.
Generally speaking, a computer network is made up of a number of interconnected devices such as desktop computers, servers, and peripherals including printers, copiers, scanners, fax machines, multifunction devices, and electronic storage devices. Each device has a number of settings to be configured from time to time. These settings include IP (Internet Protocol) addresses; subnet masks; IP gateway addresses; proxy server assignments; community names; device passwords; location descriptions; system contact; frame type selections; protocol stack selections; print resolution; duplexing; and paper tray selection just to name a few. A single setting for certain attributes, such as the IP gateway and subnet mask, may be applied across multiple devices. For devices such as printers, different settings for paper tray output and print resolution are applied to each device individually. Many network devices such as printers also have operating parameters that can be monitored. Examples of operating parameters include toner levels, number of pages printed, and the current operational status of the device.
In the past, configuration required physically accessing each device and entering the desired settings though a control panel or other interface provided by the device. As the number of devices on the network increases, so does the difficulty in managing the configuration of the devices. This is especially true as the geography of the network expands. In today's businesses, it is not uncommon for a network to expand across buildings, across states, or even across countries—making physical access to many devices difficult if not impossible. Consequently, methods and systems have evolved for remotely accessing and configuring network devices.
One solution involves embedding a web server in each device for managing the configuration of that device. Using a conventional web browser, a system administrator can browse to the address of a particular device. The embedded web server returns a web page allowing the administrator to select configuration settings for that device. While this allows remote configuration, it requires the administrator to manually browse to and configure each device one at a time.
A second solution involves placing network devices under the control of a device management application such as Hewlett-Packard Company's “Web JetAdmin”®. The software is usually installed on a network server or workstation. Using a conventional browser, a system administrator can browse to the device management application which in turn communicates with network devices allowing the administrator to monitor operating parameters as well as select the configuration settings to be applied to a device individually or to a group of devices simultaneously.
From within a local network, using a browser to access a web server embedded in a device or to access a device management application is relatively simple. Each is typically accessed through a private IP (Internet Protocol) address. It is often desirable to monitor or configure a device from outside the local network. However, a firewall is often employed that prevents a browser from establishing a connection from outside the local network. A firewall often implements network proxies as a kind of one-way door through the firewall between the local network and the Internet. Browsers and other applications are allowed to initiate outbound connections, but outside browsers and other applications are generally not allowed to initiate inbound connections. A prominent exception to this pattern is electronic mail messages, which are typically allowed to flow freely in both directions.
For example, a business may lease a multifunction network peripheral such as a digital copier/printer/scanner from an office supply service. The business connects the device to its local network. The device includes an embedded web server that enables it to be configured and monitored remotely. Under the terms of the lease, the office supply service may be responsible for supplying toner and maintaining the device. However, the business employs a firewall to protect its local network. That firewall prevents the office supply service from accessing the device from outside the local network thus increasing the costs involved with maintaining the device.