Dealers or service personnel typically do not have a secure mechanism to manage systems or devices installed inside the protected networks of a customer. Such systems or devices may include, for example and without limitation, multifunction printing (MFP) devices, capable of multiple printing and imaging functions, e.g. print, scan, copy and print, or subsets of these functions. In the MFP example, a dealer may manage a multitude of MFPs located at multiple customer sites. The dealer or service staff typically would be physically present at the customer site in order to install, configure, diagnose and service MFPs. In order to manage these devices, dealers may send staff to customer sites which is time consuming and costly.
A method and system for remotely managing a device connected on an intranet may include opening a private and secure communication channel between a management gateway connected on the intranet and a remote management console connected to the internet.
In the following detailed description and in the several figures of the drawing, like elements are identified with like reference numerals. The figures are not to scale, and relative feature sizes may be exaggerated for illustrative purposes.
An exemplary embodiment of a remote management system and method may provide a real-time, on-demand and standards-based secure technique to remotely manage a device or system, such as an MFP device. An exemplary embodiment of a system and method may include a “Management Gateway” and “Remote Management Console”. A management gateway may be installed inside the customer network. A remote management console may be installed at dealer site. The dealer may use the remote management console to communicate with the management gateway which in turn communicates to customer MFPs. The dealer may have access to only the management gateway. The rest of the customer network including the customer MFPs may be protected from the direct access of the dealer. The dealer may not be able to access any part of the customer network other than the management gateway. The management gateway in turn accesses the MFPs to carry out further device management on the dealer's request. Access to the management gateway may be granted only to the intended dealer and may be protected using industry-standard security protocols.
An exemplary embodiment of a system and method may provide various remote control and command capabilities to dealers to carry out device management, service and diagnosis of MFPs located inside customer premises from dealer locations, including one or more of the following: firmware upgrades, reboot, front panel access, feature cloning, device cloning, security dashboard, status update, click count, driver distribution, supply management, preventive maintenance, job accounting, and browsing the embedded web page of MFP.
An exemplary embodiment of a management system and method may include one or more of the following:
Direct and one to one secure connection between a dealer remote management console and a customer gateway.
Real-time and on-demand access to customer MFPs for diagnosis, service and management.
Remote management of the MFP devices, installed inside the protected customer networks, without opening up the customer firewall.
An exemplary embodiment may not add a hardware component for each MFP, and hence may scale from a few MFPs to thousands of MFPs easily and cost-efficiently.
An exemplary embodiment may employ standards-based protocols for communication between a dealer and customer systems.
Though an exemplary embodiment is described in the context of remote management of MFP devices, and may be useful for printing and imaging devices, the technology may be applied to many other application areas. For example, the technology may be used to manage computer networks remotely, and to manage the network devices remotely.
In an exemplary illustrative application, a manufacturer may distribute devices such as MFPs through dealers, who in turn sell the MFPs to customers. The dealers support and maintain the MFPs for their customers. A dealer typically may have multiple customers. In the past, a dealer service staff may be physically present in the customer premises in order to install, configure and service the MFPs. Usually MFPs are behind the firewall of the customer's computer network, and the dealer cannot access them from within the dealer network. In this exemplary application, a system and method is provided to enable a dealer to securely manage the MFPs from the dealer location. A mechanism may be provided through an exemplary embodiment of the system and method for dealers to perform device management tasks such as, for example, firmware (FW) updating, device rebooting, device cloning and front panel access remotely from the dealer location.
In an exemplary embodiment, a dealer has a software application referred to herein as a remote management console 60 which may be used to remotely manage the customer MFPs 10A,10B, 10C. The remote management console may be installed onto a server 66 connected with a terminal or PC 52 at the dealer's site. The remote management console 60 may be secured behind the firewall 62 of the dealer. In an exemplary embodiment, the dealer may open his HTTPS port in order for the remote management console 60 to communicate with the management gateway 30 installed at the customer site.
An exemplary embodiment of a management system may provide the remote management console 60 and the management gateway 30 with a persistent secure virtual tunnel 70 through which the remote management console can communicate with the management gateway. In an exemplary embodiment, the secure virtual tunnel may be an authenticated and encrypted communication link which is persistent or quasi-persistent, i.e., stays on after an exchange of messages. This secure virtual tunnel may provide a private and secure channel of communication between remote management console and management gateway over a public and non-secure medium such as the internet. To further enhance the security, the secure virtual tunnel also ensures that dealer can not access any other part of customer network except the Management Gateway. In an exemplary embodiment, the management gateway 30 may maintain a white list of all the devices which the remote management console is to be permitted to control remotely. Only the management gateway will access those devices. If the remote management console were to ask to control any other devices remotely on the customer intranet, the management gateway would refuse the request.
There are several ways in which a persistent secure virtual tunnel can be established, and which option is used in a particular customer scenario is a function of ease of deployment, scalability and level of security needed. In an exemplary embodiment, the URI scheme known as HTTPS may serve as a primary mechanism to establish a persistent secure virtual tunnel. HTTPS is well known in the art, and refers to Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL. HTTPS is a Web protocol built into browsers that encrypts and decrypts user page requests as well as the pages that are returned by a Web server. HTTPS uses the Secure Socket Layer (SSL) as a sub layer under the HTTP application layering. HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.
In an exemplary embodiment using HTTPS, the management gateway 30 may initiate an outgoing connection to the remote management console 60, and the secure tunnel 70 is established after mutual authentication based on digital certificates. Then the management gateway 30 authorizes the remote management console 60 for remote management of the MFP devices 10A, 10B, 10C. At the successful end of an authorization step, a secure tunnel 70 is in place. Since the connection was initiated from within the firewall of the customer and it is an outgoing connection, there may be no need to open a hole in the customer firewall 32. This exemplary embodiment may not require customers to make any changes in their existing firewall, e.g. in cases in which outgoing connections are not blocked by a firewall.
An exemplary embodiment employs HTTPS polling as a mechanism to obtain a persistent connection. HTTPS connections are by their nature non-persistent. HTTPS connections can be dropped for various reasons. Usually if the connection is idle for a certain period of time, then some intermediate network device (e.g. a firewall, a proxy, network address translation (NAT), a router or gateway, a Web Server, etc.) will drop the connection. In an exemplary HTTPS polling mechanism, the management gateway 30 periodically sends small HTTPS request packets in order to preempt the idle timeout and waits for response from the remote management console 60. When the management gateway receives the response, it knows that the HTTPS connection is up. If the management gateway 30 does not get a response within a certain time interval or gets a network message that the connection is dropped, then the management gateway starts the secure tunnel establishment process all over again. Thus, in spite of intermittent disconnects (which may be largely unnoticeable by users), this exemplary embodiment simulates a persistent connection.
While an exemplary embodiment has been described which uses HTTPS as a mechanism to establish a secure virtual tunnel and HTTPS polling to make this tunnel persistent, other techniques may alternatively be employed. For example, in addition to HTTPS polling, other options which may be supported by the management gateway 30 include use of instant messaging, SMS (Simple Messaging Service) and MMS (Multi-media Messaging Service) to simulate the persistent behavior. In this alternative, whenever the remote management console wishes to communicate with the management gateway, then it sends an instant message, SMS or MMS to the management gateway and the management gateway may establish a secure virtual tunnel with the remote management console using HTTPS. In this alternative, the instant message, SMS or MMS may be a communication request message sent from the remote management console to the management gateway via a second communication channel which is different from the secure virtual tunnel. The second communication channel may be a secure or non-secure channel, or an encrypted or non-encrypted link. A HTTPS connection may not always exist between the remote management console and the management gateway, though it is almost always available on demand through instant messaging, SMS or MMS.
An exemplary embodiment may also use a virtual private network (VPN) as one of the options to establish a persistent secure virtual tunnel. A persistent secure virtual tunnel established using a VPN provides very high security but it is less scalable due to the need for one to one VPN between dealer and each customer. As the number of customers increases, the need for hardware and software needed multiplies quickly and hence this solution may be more expensive to deploy and scale.
An exemplary embodiment of a secure virtual tunnel may use SSL and Digital Certificates for encryption and authentication. An exemplary embodiment may also use username/password based authorization for additional security.
In an exemplary embodiment, a secure virtual tunnel may be firewall friendly because it may obviate opening up the customer firewalls. Since the management gateway 30 actually initiates an outbound HTTPS connection to the remote management console 60, the customers in some cases may not need to modify their firewall settings.
For the example illustrated in
The activity depicted in
Once the persistent secure virtual connection is established between the remote management console and the management gateway, then the remote management console is able to manage, service and diagnose the MFP devices with the help of the management gateway. The remote management console may ask the management gateway to perform the following exemplary activities on the customer MFPs which are accessible to the management gateway: firmware upgrade; reboot; front panel access; feature cloning; device cloning; a security dashboard (a “dashboard” which displays the current network configurations; for example it may show if the FTP port on the MFP is enabled or disabled,; status update; click count (a count of total pages printed, faxed and copied by the MFP, i.e. a kind of meter reading to denote the usage of the MFP); driver distribution; supply management; preventive maintenance; job accounting; and browsing the embedded web page of an MFP.
Although the foregoing has been a description and illustration of specific embodiments of the subject matter, various modifications and changes thereto can be made by persons skilled in the art without departing from the scope and spirit of the subject matter as defined by the following claims.