WO2012065894A2 - Procédé et ensemble pour la gestion centralisée de terminaux portables, terminal et ordinateur à faire fonctionner au moyen d'un ensemble pour la gestion centralisée de terminaux portables - Google Patents

Procédé et ensemble pour la gestion centralisée de terminaux portables, terminal et ordinateur à faire fonctionner au moyen d'un ensemble pour la gestion centralisée de terminaux portables Download PDF

Info

Publication number
WO2012065894A2
WO2012065894A2 PCT/EP2011/069761 EP2011069761W WO2012065894A2 WO 2012065894 A2 WO2012065894 A2 WO 2012065894A2 EP 2011069761 W EP2011069761 W EP 2011069761W WO 2012065894 A2 WO2012065894 A2 WO 2012065894A2
Authority
WO
WIPO (PCT)
Prior art keywords
computer
terminal
management
client application
portable
Prior art date
Application number
PCT/EP2011/069761
Other languages
German (de)
English (en)
Other versions
WO2012065894A3 (fr
Inventor
Thorsten Höhnke
Susanne Pudlitz
Original Assignee
Fujitsu Technology Solutions Intellecutal Property Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Technology Solutions Intellecutal Property Gmbh filed Critical Fujitsu Technology Solutions Intellecutal Property Gmbh
Publication of WO2012065894A2 publication Critical patent/WO2012065894A2/fr
Publication of WO2012065894A3 publication Critical patent/WO2012065894A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • H04L41/0809Plug-and-play configuration

Definitions

  • the invention relates to the central management of portable terminals, in particular the central management of at least one technical feature, such as a serial number of the hardware or software used in the device or parts of the software, or other technical settings.
  • IT Information technology
  • a user for example a company employee, has a computer in his workstation with which he accesses central data and resources via networks, such as intranets or the Internet.
  • networks such as intranets or the Internet.
  • additional equipment such as
  • An object is therefore to simplify the central management of such portable terminals.
  • a method for the central management of portable terminals comprises the following steps: inserting a portable terminal in a remote computer with communication interface,
  • the portable terminal is, for example, a storage medium. This can be realized in the form of a portable hard disk or in the form of a so-called memory stick.
  • the communication network is for example an Internet or an Int ⁇ RANET, the physical data transmission takes place wired and / or wireless.
  • a respective administration client application stored on the terminal device is tuned to the administration server application of the computer, so that the desired functionality is achieved by interaction of the two applications. For example, passwords, serial numbers of software and hardware as well as other user-specific or connection- specific settings and configurations are managed.
  • the terminal when the connection from the terminal to the computer is established, the terminal is registered with the computer.
  • This login involves authentication of the terminal using its hardware identity or Address and, for example, in the context of a log-in ⁇ operation.
  • This logout corresponds to a so-called log-out process. It corresponds to the log- ⁇ process described above.
  • the method has the following additional steps:
  • the virtualization client application of the terminal is started.
  • the counterpart to this application, the virtualization server application runs on the computer.
  • the connection between the terminal and the computer is established by virtue of the virtualization applications and, after termination of the administrative actions on the terminal, reduced again.
  • the method comprises the additional steps:
  • a portable terminal for operating a central portable device management system includes an interface for exchanging data with a remote computer and a memory.
  • the memory has an administration client application with auto-start functionality and a data area.
  • the management client application is automatically started using the computing power of the remote computer.
  • the terminal is connected to the remote computer via the interface.
  • at least one change is made in the memory of the terminal.
  • the administrative client application thus enables the central management of the terminal by the computer in cooperation with the arrangement.
  • the self-starting functionality is also called autostart be ⁇ draws.
  • the interface for exchanging data with the remote computer is, for example, a Universial Serial Bus, USB interface.
  • the memory has a write protection option and a virtualization client application.
  • the virtualization client application is designed as a zero client.
  • the zero client is the client-side part of a desktop virtualization solution, in which, in contrast to so-called fat or thin client solutions, the complete software, ie operating system, applications and also the user's computer-simulated workplace, the so-called Desktop, on a remote server, in this case the computer, is running.
  • the devices present at his workstation are therefore used by a user mainly for inputting and outputting data.
  • the virtualisation ltechniksclient uses a predetermined protocol in ⁇ play as the Remote Desktop Protocol, RDP to communicate with the ent ⁇ speaking application on the computer.
  • Desktop virtualization essentially exchanges compressed image data between client and server.
  • a computer for operating a centralized portable device management system includes a processor, a processor coupled to the processor, and a processor. provide for the exchange of data and an executable on the processor management server application.
  • the management ⁇ server application is configured to access to a memory of the portable terminal over the administration client application.
  • the management server application of the computer using the processor and the interface, allows access from the computer to the data area in the memory of the terminal via its management client application. This simplifies the central management so equipped contract ⁇ Barer devices. Time-consuming and time-consuming transfer of end devices between user and administrator is unnecessary.
  • the computer has a virtualization server application that can run on the processor and at least one virtual machine that can be activated by the virtualization server application.
  • the virtual machine is set up to interact with the virtualization client application of the terminal.
  • the connection between the computer and the terminal can also be established via the virtualization applications on the server and client side.
  • Virtualization matches the desktop virtualization described above for the end device side.
  • the virtualization server application is also called a hypervisor. For each virtualization client application, the hypervisor starts an associated virtual machine. The hypervisor also takes on tasks to manage and manage multiple virtualization client applications on different devices and corresponding respective virtual machines true.
  • the management server application can be implemented as part of the virtualization server application.
  • an arrangement for centralized management of portable terminals at least one portable End ⁇ device as described above, at least one remote computer which is coupled to the at least one terminal, egg ⁇ NEN computer as described above and a communication network for the exchange of Data between the computer and the at least one portable terminal on the at least one remote computer.
  • the arrangement comprises an intermediary computer which is connected to the communication network.
  • the intermediary computer is adapted to produce a ⁇ Ver bond from the terminal via the remote computer and the communication network to the computer.
  • the broker computer is also referred to as a gateway or broker.
  • the agent computer forms part of a demilitarized zone, demilitarized zone, DMZ, of the communication network.
  • the demilitarized zone shields computers available in this area from one another by using one or more firewalls over other networks. This allows the access to publicly available services, such as WWW or e-mail gestat ⁇ tet while an internal network, intranet, LAN are protected from unauthorized access. It makes sense to have the computer in the demilitarized zone of the communication network.
  • the connection between the terminal and the computer is then established via the intermediary computer.
  • FIG. 1 shows an exemplary embodiment of an arrangement for managing portable terminals according to the proposed principle.
  • FIG. 1 shows an exemplary embodiment of an arrangement for managing portable terminals according to the proposed principle.
  • the device comprises a portable terminal 10, a computer 20, a remote computer 30 and a communication network 40.
  • the portable terminal 10 comprises an interface 11 for exchanging data, a management client application 12, a data area 13 and a virtualization client application 14.
  • the management client application 12, the data area 13 and the virtualization client application 14 are located in a memory 15 of the terminal 10.
  • the interface 11 is designed, for example, as a USB interface.
  • the computer 20 includes a processor 21, an interface 32 for exchange of data 22, a wishessserverapplika ⁇ tion 23 and a virtualization server application 24th Furthermore, at least one virtual machine 25 pre ⁇ see.
  • the management server application 23, the virtualization server application 24 and the virtual machine 25 are designed for execution on the processor 21 of the computer 20 and configured to access the memory 15 of the terminal 10 and its data area 13.
  • the virtual machine 25, which can be a punched In ⁇ a virtual desktop of a user implemented, run on another, connected to the computer 20 computer.
  • the remote computer 30 on the one hand has an interface for exchanging data with the interface 11 of the Endge ⁇ Raets 10th On the other hand, it has an interface 31 for exchanging data with the communication network 40.
  • the remote computer 30 is configured to execute the applications 12 and 14 stored on the terminal 10.
  • the communication network 40 is realized, for example, as a Local Area Network, LAN, or Wide Area Network, WAN, or a combination of both.
  • the remote computer 30 is connected via its interface 31, the computer 20 is connected via its interface 22 to the communication network 40.
  • the communication network 40 thus represents, for example, the network of a company.
  • Internet protocols such as IP, TCP and UDP are used to from ⁇ exchange of data here.
  • the communication network 40 comprises an intermediary computer 50. This forms the entrance to a demilitarized zone of the communication network 40, in which, for example, the computer 20 is located for security reasons. In order to separate internal accesses to the network from external, access to the computer 20 is preferably via the intermediary computer 50.
  • the portable terminal 10 is inserted with its interface 11 in the remote computer 30.
  • the administrative client Application 12 of the terminal 10 is automatically executed on the remote computer.
  • the management server application 23 is started. This already listens for connection requests by the Whatsclientapplikati- on 12 of the terminal 10.
  • a connection between management ⁇ server application 23 of the computer 20 and the management client ⁇ application 12 of the terminal 10 is transmitted via the remote computer 30 and set up the communication network 40th
  • the terminal 10 logs on to the computer 20. This is done for example by authentication using the hardware identity or address of the terminal 10 or by means of a login by the user. For this purpose, the user is asked to enter his ID and password ⁇ .
  • the write protection of the memory 15 of the terminal ⁇ appliance 10 is deactivated by the administration client application 12.
  • the management server application 23 of the computer 20 can now access the memory 15 of the terminal 10, check, for example, versions or serial numbers and / or make changes to the software or the data in the data area 13. In doing so, the administration client application 12 and / or the virtualization client application can also be updated. Once the update is complete and all administrative changes on the terminal 10 are completed, the write protection of the memory 15 of the terminal 10 is reactivated.
  • management server application 23 of computer 20 and administrative client application 12 of terminal 10 is disconnected.
  • the terminal 10 is logged out of the computer 20.
  • the administrative client application tion 12 is ended.
  • the terminal 10 can now be unplugged from the ent ⁇ remote computer a 30 again.
  • the illustrated arrangement using the method enables simplification of the central management of portable terminals 10.
  • the virtualization client application 14 is additionally executed. This realizes a virtual desktop on the remote computer 30 using resources on the part of the computer 20, namely, the virtualization sticiansserverap attacks 24 and at least one virtual machine 25.
  • 23 can a connection is established between computer 20 and terminal 10 by means of the virtualization server and virtualization client applications 24, 14.
  • the registration of the terminal 10 in the computer 20 is carried out in a similar manner as described above by means of virtualization client and virtualization server applications 14, 24.
  • the remote computer 30 acts in this case single ⁇ Lich as input / output medium, computing power is in this Case not needed.
  • the computer 20 is in a demilitarized zone of the communication network 40, the connection Zvi ⁇ 's terminal 10 and computer 20 is constructed in a two step process via the intermediary computer 50th Reference sign list

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

Dans un mode de réalisation, l'invention concerne un procédé de gestion centralisée de terminaux portables comprenant les étapes suivantes: enficher un terminal (10) portable dans un calculateur (30) à distance comportant une interface de communication (31), lancer une application client de gestion (12) mémorisée dans le terminal, lancer une application serveur de gestion (23) mémorisée dans un ordinateur, mettre en communication le terminal (10) et l'ordinateur (20) au moyen du calculateur (30) à distance par l'intermédiaire d'un réseau de communication (40), modifier au moins un bit dans la mémoire du terminal (10) au moyen de l'ordinateur (20).
PCT/EP2011/069761 2010-11-18 2011-11-09 Procédé et ensemble pour la gestion centralisée de terminaux portables, terminal et ordinateur à faire fonctionner au moyen d'un ensemble pour la gestion centralisée de terminaux portables WO2012065894A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE201010051768 DE102010051768A1 (de) 2010-11-18 2010-11-18 Verfahren und Anordnung zur zentralen Verwaltung tragbarer Endgeräte, Endgerät und Computer zum Betreiben mit einer Anordnung zur zentralen Verwaltung tragbarer Endgeräte
DE102010051768.2 2010-11-18

Publications (2)

Publication Number Publication Date
WO2012065894A2 true WO2012065894A2 (fr) 2012-05-24
WO2012065894A3 WO2012065894A3 (fr) 2012-07-26

Family

ID=44992894

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2011/069761 WO2012065894A2 (fr) 2010-11-18 2011-11-09 Procédé et ensemble pour la gestion centralisée de terminaux portables, terminal et ordinateur à faire fonctionner au moyen d'un ensemble pour la gestion centralisée de terminaux portables

Country Status (2)

Country Link
DE (1) DE102010051768A1 (fr)
WO (1) WO2012065894A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015034875A1 (fr) * 2013-09-05 2015-03-12 NCS Technologies, Inc. Systèmes et procédés de réalisation d'un client ultraléger mobile
US9189225B2 (en) 2012-10-16 2015-11-17 Imprivata, Inc. Secure, non-disruptive firmware updating

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6006274A (en) * 1997-01-30 1999-12-21 3Com Corporation Method and apparatus using a pass through personal computer connected to both a local communication link and a computer network for indentifying and synchronizing a preferred computer with a portable computer
US7239877B2 (en) * 2003-10-07 2007-07-03 Accenture Global Services Gmbh Mobile provisioning tool system
US7555570B2 (en) * 2006-02-17 2009-06-30 Avocent Huntsville Corporation Device and method for configuring a target device
US7912503B2 (en) * 2007-07-16 2011-03-22 Microsoft Corporation Smart interface system for mobile communications devices
EP2063357A1 (fr) * 2007-11-21 2009-05-27 Pepperl + Fuchs Gmbh Support de données transportable et procédé de transmission de données de configuration d'un ordinateur externe vers un capteur
US8789070B2 (en) * 2007-12-06 2014-07-22 Wyse Technology L.L.C. Local device virtualization

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9189225B2 (en) 2012-10-16 2015-11-17 Imprivata, Inc. Secure, non-disruptive firmware updating
US9749335B2 (en) 2012-10-16 2017-08-29 Imprivata, Inc. Secure, non-disruptive firmware updating
US10187396B2 (en) 2012-10-16 2019-01-22 Imprivata, Inc. Secure, non-disruptive firmware updating
US10924493B2 (en) 2012-10-16 2021-02-16 Imprivata, Inc. Secure, non-disruptive firmware updating
US11637837B2 (en) 2012-10-16 2023-04-25 Imprivata, Inc. Secure, non-disruptive firmware updating
WO2015034875A1 (fr) * 2013-09-05 2015-03-12 NCS Technologies, Inc. Systèmes et procédés de réalisation d'un client ultraléger mobile
US9331903B2 (en) 2013-09-05 2016-05-03 NCS Technologies, Inc. Systems and methods providing a mobile zero client
US10075507B2 (en) 2013-09-05 2018-09-11 NCS Technologies, Inc. Systems and methods providing a mobile zero client

Also Published As

Publication number Publication date
WO2012065894A3 (fr) 2012-07-26
DE102010051768A1 (de) 2012-05-24

Similar Documents

Publication Publication Date Title
DE112011101729B4 (de) Verwaltung von Ressourcenzugriff
EP1715395B1 (fr) Système pour un accès à distance en sécurité
DE69933329T2 (de) Vorrichtung und Verfahren für sichere übertragung von Dokumenten die von einem Webmittel gesendet werden
DE102012203561A1 (de) Die Personifikation/Bevollmächtigung eines Benutzers in einem Merkmal-basierenden Authentifizierungssystem
DE112012002741T5 (de) Identitäts- und Berechtigungsprüfungsverfahren für die Sicherheit einer Cloud-Datenverarbeitungsplattform
DE102008011191A1 (de) Client/Server-System zur Kommunikation gemäß dem Standardprotokoll OPC UA und mit Single Sign-On Mechanismen zur Authentifizierung sowie Verfahren zur Durchführung von Single Sign-On in einem solchen System
DE202012013482U1 (de) Verteilung von Zugriffsinformationen auf Overlay-Netzwerken
DE102005015830A1 (de) System zum Verwalten einer Vorrichtung
EP2642395A1 (fr) Procédé et dispositif d'exécution de scripts de flux de travail
DE112008004024B4 (de) Verfahren zum Bereitstellen einer Fernverwaltungsfähigkeit für ein Computersystem und tragbare Verwaltungsvorrichtung
DE112012002780T5 (de) Verfahren und Vorrichtung zur Berücksichtigung des Aufwands von Anwendungen basierend auf Kundenhardware
DE102008062984A1 (de) Prozess zur Authentifizierung eines Nutzers durch ein Zertifikat unter Verwendung eines Ausserband-Nachrichtenaustausches
DE102008046639A1 (de) Serversystem und Verfahren zur Bereitstellung mindestens einer Leistung
EP2304558B1 (fr) Système et procédé de communication à distance entre un ordinateur central et une commande de machine
DE102011080467A1 (de) Zugangsregelung für Daten oder Applikationen eines Netzwerks
DE112012007196T5 (de) Parametereinstellungssystem, Programmverwaltungsvorrichtung, und Informationsverarbeitungsvorrichtung
WO2012065894A2 (fr) Procédé et ensemble pour la gestion centralisée de terminaux portables, terminal et ordinateur à faire fonctionner au moyen d'un ensemble pour la gestion centralisée de terminaux portables
WO2004055744A1 (fr) Communication entre un appareil de commande, un module de vendeur et un module de client
EP3825880A1 (fr) Remise à zéro protégée d'un appareil ido
EP3537654B1 (fr) Procédé et système de détermination d'une configuration d'une interface
EP3005130B1 (fr) Dispositif, systeme et procede de soutien à la création d'un reseau local
DE102010052246A1 (de) Verfahren zum Zugang zu einem Betriebssystem, Wechselspeichermedium und Verwendung eines Wechselspeichermediums
EP3414879B1 (fr) Utilisation d'un procédé cryptographique non-local après l'authentifcation
DE10107883A1 (de) Verfahren zur Übertragung von Daten, Proxy-Server und Datenübertragungssystem
EP2634970A2 (fr) Accès à des ressources au sein d'un réseau local

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11784456

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11784456

Country of ref document: EP

Kind code of ref document: A2