• United States

Defense co. uses .Net, iPAQs to build remote server admin tool

Nov 12, 20032 mins
Cellular NetworksNetwork Security

* Getting creative about mobilizing administration apps

Recently, I was chatting with a senior integration specialist at a large East Coast defense contractor. He was very excited about a wireless “killer app” he had just built for the IT group, after the department brainstormed about needs and how best to make use of wireless and handheld technology.

In this case, the application was remote server management and administration. The components involved were Microsoft’s .Net 2003 architecture, HP iPAQs and Sprint PCS’s Code Division Multiple Access (CDMA) 1XRTT services.

The specialist and his colleagues identified a capability his CIO wanted: to be able to remotely manage corporate servers 24/7 securely. “I couldn’t find anything off-the-shelf for mobile remote server administration,” he says. So he used components of Microsoft’s .Net architecture and the Terminal Service Client in HP iPAQ Pocket PCs to “grow his own.” This translated into building a mobile intranet Web page for remote administrators who preferred performing necessary server tasks that cropped up remotely – rather than making a physical trip to the data center during Thanksgiving dinner at Grandma’s.

The specialist discovered that by itself, the Terminal Service Client in HP IPAQs would require a remote administrator to log on to each server again and again to perform tasks. So he wrote code against the .Net Management Object Interface within the Windows Management Instrumentation framework that would allow a remote administrator, once authenticated, to view and perform tasks on multiple servers.

The “secure” component included staying compliant to the organization’s standards for Certicom-based VPN access (which just recently became available for handhelds) and RSA-based Triple-DES encryption.

To prevent just anyone getting into the company’s network through the VPN and rebooting or otherwise performing tasks on corporate servers, the specialist built a user log-in screen that checks a user’s credentials against a Windows access control list.

“Once you’re logged in as a legitimate administrator, you can access all the servers in the [Microsoft] Active Directory,” he explains. “If you find a rogue process in progress, you can select that process and kill it.  You can reboot servers. All this was much easier to do in .Net than in Visual Basic.”

Tasks are performed wirelessly via the Sprint PCS 2.5G 1XRTT service-packet-based wireless services that generally offer throughput between 40K and 60K bit/sec. The specialist admits that “at this juncture, the network seems slow.”