Typically, the hardware and software setup of a computer system is determined by a collection of related and unrelated files and directories having various parameters related to the assortment of components that make up the computer system. During the installation of a new device or program, the computer needs to be manually or automatically reconfigured to accommodate the new device or program. For example, when installing a new hard drive onto the system, pertinent information about capacity, brand and how it is connected must be available to the operating system to make internal decisions for proper access. Similarly, when new software is installed onto the system, pertinent information must be available to the new software to make internal decisions to properly run the newly installed program and not impact the current environment. The configuration information for hardware and software is typically stored in one or more configuration files. Typically, during the initialization of the operating system program and at the start of additional programs; the programs will access their assigned configuration files to retrieve values to be used by the programs for parameters that may vary from computer to computer depending on the environment and user preferences. This allows for the proper functioning of devices and programs to work together on a computer system. This dynamic configuration capability enables a wide combination of devices and software to work together and be well behaved.
Similar to individual computer systems, one or more configuration files are needed to control computer networks. These are after all typically just a specialized combination of an operating system, devices and programs. A local area network (LAN) typically consists of several individual computers connected to each other over a communication connection. Similar to how an individual computer system needs information on various devices and programs in order to function properly, LAN servers need information on the various individual computers on the network in order for those individual computers to function properly and be well behaved while connected. As new computers are added to the network, reconfiguration of the network server may be necessary. For example, if a new workstation were added to a LAN, the network server would need the address of the workstation (i.e., information on how to access that workstation) in order to route the new workstation messages and requests correctly to communicate with other devices on the network. Similarly, if a new printer were added to the network, the network server would need information about the new printer in order to have proper access to the printer by other devices on the network (i.e., access by the workstations on the network).
A gateway server often includes hardware and software for connecting LANs to the Internet. Similar to network servers, gateway servers need to be correctly configured in order to have proper functioning of the LAN vis-à-vis the Internet. The necessary information for configuring a gateway server is often contained in a configuration file for the gateway server. Since the gateway server acts as an interface between the LAN and the Internet, it is imperative that these gateway servers are properly monitored and managed. Illustrative of the importance of gateway servers, if a gateway server malfunctions, then it is possible that the entire LAN may be denied access to the Internet or permit unauthorized access to the gateway server and/or LAN. Moreover, since the gateway server is the LAN's connection to the “outside world,” if a particular gateway server is compromised, then individual systems on the LAN connected to the gateway server are susceptible to tampering. Likewise, in wide area networks (WAN) having multiple gateway servers, a compromise of one gateway server may risk compromise of other gateways in the WAN.
Historically, managing gateway servers required accessing each gateway server's configuration file using a proprietary interface and manually typing in countless parameter values. Once the gateway server is operational, should reconfiguration be necessary or desired, that gateway server's configuration interface must be accessed again, and the required configuration changes applied. In order to do this securely, the administrator would have to, either, be physically present at the location of the gateway server, or have access to the unit's configuration interface via a secure channel. Moreover, if multiple gateway servers need simultaneous reconfiguring, which is often the case for multiple gateway servers managed by the same organization, the administrator would need to access each unit's configuration interface in turn to make changes to each individual unit. This makes reconfiguration of gateway servers difficult and time consuming.
Alternatively, methods of allowing pre-configuration scripts to be backed up from one unit and applied to another via means such as file transfer protocol (FTP) are among other methods of remote configuration. These remote management methods have traditionally required each unit to monitor all incoming messages and respond to incoming requests for reconfiguration from an off-site administration machine. Such a method requires that each gateway server maintain an open port for incoming requests, thus, rendering each unit vulnerable to an attack by a hacker (e.g., denial of service attacks). This problem becomes accentuated in the context of configuration files as a system's resources may become consumed in identifying and attempting to configure a device before the system realizes that it has incorrect or corrupt configuration data. In addition, the conventional simple network management protocol (SNMP) system has often been used for configuration managements. SNMP, however, suffers from being so difficult to configure and maintain that it is often improperly set up, poorly maintained, or ultimately neglected to the point that it becomes a security risk.
From the foregoing, it can be appreciated that there is a need in the art for a method and system for remotely managing networked devices in the hostile Internet environment without sacrificing security.