Remote intervention
Inventory
For security reasons, these servers are not accessible via the Internet, which means that any operation on these servers requires that an employee of the application provider is physically present on the premises of the customer – with all this implies in terms of cost and delays in the event of an incident.
Needs
In order to reduce costs and the intervention times, the company wants to make it possible for the editors of these vertical applications to act remotely (e.g.: via the Internet) on their hosted applications – using SSH (Unix & Linux servers) and RDP protocols (Windows servers).
However, in order not to compromise the security of the information system, the following constraints have been defined by the computing team:
- No direct access to the servers,
- Each editor can only access its own applications,
- It must only be possible to connect during a previously defined time slot (e.g.: Wednesday between 18:00 and 22:00),
- It must be possible to trace every detail of the operations carried out by the editor – going beyond the information already contained in the application’s logs,
- No agents must be installed on the servers nor any specific software installed on the workstations used by the editor’s technical staff,
- There must not be any changes in the ways in which the personnel of the various
application providers carry out their tasks.
Solutions
authenticator proxy-based solution provided the perfect solution for the customer’s needs.
Future developments