A conspicuous trend in the modern economy has been the growth in the importance of services as opposed to material goods. Not only does the share of the service sector in industrialised economies grow, but many material goods are offered in the form of products that combine and enhance a material goods component with a services component. For example, an advanced computer system delivered by a vendor organisation to a customer organisation is now commonly purchased together with a maintenance contract for the computer system according to which the vendor or an independent service-providing organisation bear responsibility for the computer system's continued operation. The responsibility can include performing regular preventive maintenance tasks, monitoring the continued operation of the computer system, and providing repair services and replacement equipment in the event of failure.
For the service-providing organisation, one way of performing its maintenance services is to dispatch service technicians to the customer organisation. While for certain tasks such as full-scale replacement of the computer system the presence of a service technician is without alternative, visits to the customer organisation where the computer system is located are costly. Being able to remotely service a computer system saves vast amounts of service cost, since by using such methods it is in many cases not necessary to dispatch a service technician to the customer organisation.
Because of the considerable cost savings, remotely maintained computer systems are becoming more and more common in the computer industry. Conventional solutions involve attaching a modem to the computer system and connecting the modem to a public telephone line. The service provider dials into the modem over the public telephone line from a maintenance computer and remotely maintains the computer system via the modem connection. Typical maintenance tasks performed remotely in this way include microcode updates, checking and correcting errors, configuring the computer system, remotely supporting the customer organisation to perform their tasks, and helping with problems.
However, newer and more complex computer systems are demanding more and more bandwidth to perform such remote maintenance, and modems become outpaced for their limited data transfer bandwidth. At the same time, typically organisations own fast private networks or intranets that have access points to the Internet, protected by dedicated firewalls. One way of achieving higher bandwidth for remote maintenance is to use virtual private networks, which allow the service-providing organisation to connect remotely to the computer system to be maintained over the Internet and the private network of the customer organisation to perform maintenance tasks.
Typically, customer organisations are reluctant to allow such connections because they will be routed over their private network. Their main concern is that the private network can be intruded and the network security compromised by allowing a service-providing organisation to take control of a computer system inside the private network. In many cases the computer system to be maintained will be a personal computer equipped with a general-purpose operating system such as AIX, Linux, or Microsoft Windows. To perform maintenance tasks, a service technician connecting remotely will need to gain the supreme access privileges of these operating systems, known as root privileges or administrator privileges depending on the operating system. This poses a risk for the customer organisation because the computer system, which is connected to the private network of the customer organisation, can perform many potentially harmful actions to other computers in the private network. Although it is possible to configure the computer system in order to limit its capability of performing such actions, a service technician in possession of the supreme access privileges of the computer system's operating system cannot be prevented from reverting or circumventing such configurations or introducing harmful software that reverts or circumvents such configurations.
At the same time, the customer organisation frequently does have an interest in connecting the computer system to their private network, for example in order to allow a system administrator to remotely administer the computer system from an administration computer within the customer organisation. Depending on the security policy of the customer organisation, allowing a service-providing organisation to access a computer system connected to the customer organisation's private network even via modem is seen as an unacceptable risk to the customer organisation's private network.
WO 2005/047991 discloses a method for maintaining a field device by means of a maintenance computer, which is arranged in the company network of the field device manufacturer and is connected to the field device by means of said company network, a public network, and a customer network. The public network is provided with a directory server in which a customer unit and the maintenance computer are registered and which, upon the customer request, assigns a session identification number, selects the network address of a relay server connected to the public network and transmits said address to the customer unit and the maintenance computer. Said relay server and the session identification number enable to set a pair-to-pair connection for data exchange about the field devices between the customer unit and the maintenance computer in such a way that said pair-to-pair connection makes it possible to communicate by means of a firewall computer which protects the customer network and the company network.
United States patent application 20030079121 discloses a method of allowing an employee associated with a supplier enterprise to access a supplier-owned intranet from a supplier-controlled computing device located within a semiconductor fabrication facility. In one embodiment the method includes establishing an isolation pipe through the facility-owned Intranet between the node and a hub/firewall using virtual private network technology; generating a request to logon to the supplier-owned Intranet from the computing device; formatting the request in a secure Internet protocol such that the request is broken up into multiple packets, with each packet including at least a header portion and an encrypted data portion; and transmitting the formatted request through the isolation pipe over the facility-owned Intranet to the hub/firewall and then over the public Internet to the supplier-owned Intranet with end-to-end encryption.