1. The Field of the Invention
The present invention generally relates to electronic messaging systems. More specifically, the present invention provides for allowing authorized users to remotely and securely change configuration setting of a targeted device using a standard messaging transport protocol. Further embodiments also provide for central monitoring and reporting of the status of such configuration request.
2. Background and Related Art
Computer systems or related technology affect many aspects of society. Indeed, the computer systems ability to process information has transformed the way we live and work. Computer systems now commonly perform a host of tasks (e.g., word processing, scheduling, database management, etc.) that prior to the advent of the computer system were performed manually.
Although computers were once isolated and had minimal or little interaction with other computers, computers today interact with a wide variety of other computers through Local Area Networks (LANs), Wide Area Networks (WANs) dial-up connections, and so forth. With the wide-spread growth of the Internet, connectivity between computers is becoming more important and has opened up many new applications and technologies. The growth of large-scaled networks and the wide spread availability of the low-cost personal computers has fundamentally changed the way that many people work, interact, communicate and play.
Electronic communications among users of various computer systems have been known for many years. Many companies have developed internal electronic messaging systems that allow email communications between various computers connected to corporate LANs and/or other networks. Further, many companies have reengineered the process and procedures to take maxim advantage of email communications in order to provide a convenient mechanism for exchanging information and documents; thus reducing the handling of paperwork and speeding the flow of information between and among employees of various departments. Traditionally, large-scale network connecting various divisions over vast distances were extremely expensive. In addition, the large-scaled networks that did exist generally used proprietary protocols, which were difficult to interconnect with other networks.
As previously mentioned, however, with the growth and development of the Internet the situation has changed dramatically. Today, a company may install a corporate LAN at sites separated by large geographical distances and “backbone” communications between sites over the Internet. In many ways, the Internet has become a standard with which any viable network must interact.
Regardless of whether a LAN is centrally located or separated by large geographical distance through “back-boning,” typical networks have varying levels or boundaries of security-trust. For example, organizations wish to limit and shield the inner organization from attacks of others on the outside of the network. Further, organizations may wish to also restrict accesses to certain portions of information within the network. As such security-trust boundaries are configured to ensure that protected content is accessed by authorized users.
FIG. 1 illustrates an example topology of varying degrees of security-trust boundaries within a network 100. As shown, perimeter network 115 lays in a middle ground between an organizations's trusted internal or private network 120 and an un-trusted external network such as the Internet 105. The perimeter network 115 is a sub-network that may sit between firewalls 110 and 130 for shielding secure clients 140 and secure server 150 from access from unauthorized users outside the network 100. Mail server 125 and Web server 135 within the perimeter network 115, however, need to have limited access to those on the outside; and therefore they are only shielded by a single firewall 110 from those on the outside the network 100 coming in from Internet 105.
Of course, other mail servers may be used within other topologies and security-trust boundaries depending on the organization's security and other needs. For example, secure server 150 may also be a mail server. In such instance, the Mail server 125 within the perimeter network 115 might be used for such things as sanitizing mail (e.g., virus and junk mail scan) and for transferring mail to the appropriate mail box. Secure server 150, on the other hand, may be used for holding individual mailboxes and shielding these mail boxes from those outside the private network 120.
Regardless, however, of the topology and number of security-trust boundaries within a network configuration, often it is desirable to configure various machines with various security and other type settings. Typically, however, authorized users or system administrators have to have direct connectivity or be physically present at the particular device in order to make such configurations changes. This becomes extremely difficult, however, if the system is hard to access either due to physical location or because it is an isolated environment such as perimeter network 115. Accordingly, there exists a need to be able to remotely configure the various machines within a network 100.
One solution to the problem may be to use a protocol such as Remote Procedure Call (RPC) for allowing one program to request and access various machines within the network. Like a regular or Local Procedure Call (LPC), a RPC is a synchronistic operation requiring the requesting program to be suspended until the results of the remote procedure are returned. Accordingly, RPC utilizes a lightweight process or threads to share the same address space and allow multiple RPCs to be preformed concurrently. Such a process, however, requires opening multiple ports upon any individual machine, thereby leaving machines highly vulnerable to attack. As such, there exists a need to remotely configure a targeted device while minimizing the number of ports open for such configuration purposes. Also, it would be useful to have a central console module for monitoring and reporting on the status of all configuration requests regardless of wherein the requests were made and destined.