1. Field of the Invention
The present invention relates to establishing a secure connection between computer networks, and more specifically to creating secure tunnels between networks that allow for core reachability of a client network.
2. Related Art
Computers have an ever-increasing role in business operations today. As corporations become more familiar with this technology, they are also becoming more sophisticated in how their computers are organized, serviced, and protected. For some of these needs, many companies turn to outside sources for complicated or time-consuming tasks, thereby reducing the need to have a large technical support staff on-site. Such support agreements between client businesses and support companies are becoming more common.
Presently, several options exist for remote administration and support of a computer network, each with advantages and disadvantages. At one end of the spectrum of support are tools like telnet and secure shell (SSH). These tools are very limited in terms of what can be accomplished, in large part because they are simple command-line interfaces. They are, however, fairly easy to use, and are, if properly configured, fairly secure as well.
At the other end of the spectrum are so-called managed services. In such an arrangement, a permanent tunnel links a support site with the client's network, allowing for immediate administration and support at all times. Tunneling, as known in the art, enables one network to send its data via another network's connections. In some implementations, tunneling works by encapsulating a network protocol within packets carried by the second network. However, many companies are not comfortable with having an always-open tunnel into their network, even when nothing is going wrong.
Relatively few offerings fall between these two extremes on the remote administration spectrum. One notable middle point exists, in virtual private networking. A VPN allows a support computer to access a client's network. Security issues aside, a major drawback to this approach is that the support computer is limited to tools located either on the support computer, or on the client's network. If the tool needed to fix the problem is not in either location, there is no easy way to access it, short of moving it to one or the other computer.