Access control center workflow and approval
First Claim
1. A system for restricting access provided to technical support personnel to computing devices of a company'"'"'s computing network, the system comprising a processor and memory in a computing apparatus configured to:
- verify an identification of a technical support person based on a user identifier and password associated with the technical support person;
provide a navigation mechanism to a computing terminal operated by the technical support person upon receiving access approval from a remote computing terminal and at least one of a production, development, and test system pre-assigned to the remote computing terminal,wherein the received access approval is selectively provided based on a type of incident needing resolution;
allow the computing terminal operated by the technical support person to connect to the remote computing terminal upon activation of the navigation mechanism, the remote computing terminal having pre-assigned a service area of the at least one of the production, development, and test system and being physically and logically isolated from the computing terminal operated by the technical support person and having limited functionality, wherein a firewall logically isolates a first network comprising the remote computing terminal from one or more networks comprising the at least one of the production, development, and test system,wherein the remote computing terminal is pre-assigned the service based on one or more software tools loaded on the remote computing terminal;
establish a remote access session between the remote computing terminal and the at least one of the production, development, and test system;
allow the technical support person to access the at least one of the production, development, and test system only from the remote computing terminal;
track and record a number of activities performed by the technical support person while the technical support person has access to the at least one of the production, development, and test system; and
recording the user identifier and the password that was used by the technical support person while performing each of the number of activities.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems are disclosed for providing indirect and temporary access to a company'"'"'s IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company'"'"'s IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to control the connection between the thin client terminals and the virtual desktops and the virtual desktops and the IT infrastructure and business applications.
-
Citations
21 Claims
-
1. A system for restricting access provided to technical support personnel to computing devices of a company'"'"'s computing network, the system comprising a processor and memory in a computing apparatus configured to:
-
verify an identification of a technical support person based on a user identifier and password associated with the technical support person; provide a navigation mechanism to a computing terminal operated by the technical support person upon receiving access approval from a remote computing terminal and at least one of a production, development, and test system pre-assigned to the remote computing terminal, wherein the received access approval is selectively provided based on a type of incident needing resolution; allow the computing terminal operated by the technical support person to connect to the remote computing terminal upon activation of the navigation mechanism, the remote computing terminal having pre-assigned a service area of the at least one of the production, development, and test system and being physically and logically isolated from the computing terminal operated by the technical support person and having limited functionality, wherein a firewall logically isolates a first network comprising the remote computing terminal from one or more networks comprising the at least one of the production, development, and test system, wherein the remote computing terminal is pre-assigned the service based on one or more software tools loaded on the remote computing terminal; establish a remote access session between the remote computing terminal and the at least one of the production, development, and test system; allow the technical support person to access the at least one of the production, development, and test system only from the remote computing terminal; track and record a number of activities performed by the technical support person while the technical support person has access to the at least one of the production, development, and test system; and recording the user identifier and the password that was used by the technical support person while performing each of the number of activities. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of restricting access provided to technical support personnel to a company'"'"'s computing devices, the method comprising:
-
verifying an identification of a technical support person using a user identifier and a password associated with the technical support person; providing a navigation mechanism to a computing terminal operated by the technical support person upon receiving access approval from a remote computing terminal and at least one of a production, development, and test system pre-assigned to the remote computing terminal; wherein the received access approval is selectively provided based on a type of incident needing resolution; allowing the computing terminal operated by the technical support person to connect to the remote computing terminal via the navigation mechanism, the remote computing terminal having pre-assigned a service area of the at least one of the production, development, and test system and being physically and logically isolated from the computing terminal operated by the technical support person and having limited functionality, wherein a firewall logically isolates a first network comprising the remote computing terminal from one or more networks comprising the at least one of the production, development, and test system, wherein the remote computing terminal is pre-assigned the service area based on one or more software tools loaded on the remote computing terminal; establishing a remote access session between the remote computing terminal and the company'"'"'s computing system; allowing the technical support person to access the at least one of the production, development, and test system only from the remote computing terminal; tracking and recording a number of activities performed by the technical support person while the technical support person has access to the at least one of the production, development, and test system; and recording the user identifier and the password that was used by the technical support person while performing each of the number of activities. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium encoded with computer-readable instructions for restricting access provided to technical support personnel to a company'"'"'s computing devices, the computer-readable instructions comprising instructions for causing a computer to:
-
verify an identification of a technical support person based on a user identifier and password associated with the technical support person; provide a navigation mechanism to a computing terminal operated by the technical support person upon receiving access approval from a remote computing terminal and at least one of a production, development, and test system pre-assigned to the remote computing terminal, wherein the received access approval is selectively provided based on a type of incident needing resolution; allow the computing terminal operated by the technical support person to connect to the remote computing terminal via the navigation mechanism, the remote computing terminal having pre-assigned a service area of the at least one of the production, development, and test system and being physically and logically isolated from the computing terminal operated by the technical support person and having limited functionality, wherein a firewall logically isolates a first network comprising the remote computing terminal from one or more networks comprising the at least one of the production, development, and test system, wherein the remote computing terminal is pre-assigned the service based on one or more software tools loaded on the remote computing terminal; establish a remote access session between the remote computing terminal and the at least one of the production, development, and test system; allow the technical support person to access the at least one of the production, development, and test system only from the remote computing terminal; track and record a number of activities performed by the technical support person while the technical support person has access to the at least one of the production, development, and test system; and recording the user identifier and the password that was used by the technical support person while performing each of the number of activities. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification