1. Field of the Invention
This invention relates to remote management of a computer via a network.
2. Related Art
The use of a computer typically entails some management of the operation of, and activities engaged in by, the computer. For organizations that make use of many computers, management of those computers can be an especially burdensome task; such organizations often have one or more people who are specifically responsible for the management of the organization's computers. Management of a computer can entail any of a large variety of activities, as well known to those skilled in that art. Computer management can include, for example, one or more of the following: taking inventory of the hardware comprising a computer and/or the software installed on a computer; installation, configuration and/or updating of software on a computer; establishing and updating security parameters (e.g., passwords, access permissions) on a computer; deploying and installing system patches on a computer; monitoring usage of computer resources and/or computer operation; identifying and tracking problems with computer operation; producing an alert when a problem with computer operation occurs; controlling one or more aspects of the operation of a computer; and providing assistance to a user in effecting desired operation of a computer.
A computer to be managed may not be at the same location as the person who must do the management. This may be often be true, for example, for organizations with computers operating at different locations: there may not be a person at each such location with the skills and/or knowledge required to manage the computer(s) at that location. Thus, in the past, when it has been necessary or desirable to engage in management of computer(s) at a particular location, it has sometimes been necessary for a person with the requisite skills and/or knowledge to travel to that location. As can readily be appreciated, this may be undesirable for a variety of reasons, e.g., it may be inconvenient and/or too costly to travel to the location, it may be discovered after arriving at the location that tools and/or information necessary to manage a computer are not present at that location, etc. With the advent and increasing presence of computer networks, tools have been developed to enable remote management of a computer via a computer network, i.e., management of a computer located at one site of a computer network using a computer located at another site of the computer network.
Computers that can be connected to a network may have software installed thereon that controls access to the network by the computer and from the network to the computer. For example, a firewall can be useful in inhibiting unwanted access to or from the computer via the network. A gateway can also be useful in inhibiting unwanted access to or from the computer via the network and can additionally perform network address translation (NAT) that is used to direct network communication to an appropriate computer when multiple computers share a single network address. However, the presence of a firewall and/or gateway can also prevent remote management of a computer by stopping incoming instructions and/or data used to effect the remote management. As a result of greater concern regarding the security of computers that can be connected to a network (in particular, public networks such as the Internet), the use of firewalls and/or gateways has become common and is increasing, thus significantly inhibiting the usefulness of existing systems for remote computer management.
A proxy server can be present at a computer network site to mediate and control access to the network by computer(s) at that site. (Typically, a proxy server is used at a computer network site at which multiple computers—often, a very large number, such as 50 or 100 or more—access the network via the site, such as is the case with a large organization that has many computers accessing a computer network via a much smaller number of network sites, though this need not necessarily be the case.) All network communication from computer(s) at a network site at which a proxy server is present must be directed to the proxy server, which then decides whether the communication can pass through to the network. A proxy server can be used, for example, when it is desired to impose more—or simply different—control over access to a computer network than is provided by a firewall and/or gateway. When a proxy server is present at a computer network site, a (prospective) remotely managed computer at that site cannot directly communicate with a computer at another site of the network (i.e., attempt to communicate via the communication port assigned for communication with the computer at the other site) that is seeking to effect particular management action(s) with respect to the remotely managed computer, since all communication from the remotely managed computer must be routed to the communication port assigned for communication with the proxy server. Thus, the presence of a proxy server at a computer network site can prevent or inhibit management of computer(s) at that site by a system for remote computer management.
A computer at a computer network site may also be connected to one or more other devices present at that site, such as a switch, router, peripheral device (such as, for example, a printer, scanner, keyboard or display monitor) or another computer. It may be desirable to manage a device connected to a remote computer in addition to, or instead of, managing the computer. However, unless such device is accessible directly via the network (which is often not the case), existing systems for remote computer management do not enable this capability.
It can be desirable to update software used to implement (in whole or in part) a system for remote computer management after the software is installed and operating, e.g., to add new functionality to the remote computer management system. This can be done, for example, by uninstalling an existing version of the software and installing a new version of the software, or by installing an update to the existing version of the software. However, these approaches will disrupt operation of the remote computer management system, other operation of computer(s) on which the remote computer management system is implemented, and/or activities of users of the computer(s) on which the remote computer management system is implemented. These approaches may also experience error during the installation process, producing even more disruption or, in the worst case, precluding update of the software. Further, since these approaches are necessarily disruptive to some degree, they are typically only used to provide updates that make substantial changes (e.g., add substantial new functionality) to an existing version of the software, thus reducing the flexibility (e.g., the granularity) with which the software can be updated. Finally, these approaches can cause the instructions and/or data comprising the software to require an undesirably large amount of storage capacity. Another approach to updating software used to implement a remote computer management system is to provide one or more new stand-alone executable files that can be accessed by the remote computer management software to make use of the functionality produced by those executable file(s). However, when the new executable file(s) first attempt to operate, security software (which is frequently operating on computer(s) used to implement the remote file management system) may identify this as an attempt to begin operation of a new process that has not previously been authorized, and either stop the operation or present a user interface (e.g., dialog box) that requires instruction (often from a user who may not have the requisite knowledge to respond appropriately) as to whether the operation should be allowed to continue, in either case disrupting operation of the remote computer management system.