QNX Remote Access/Administration

I want to use Phindows to remotely access machines operating “around the world” at my customers sites for diagnostics and troubleshooting (of their process). I can do what I need easily when on same Class C network, but how can I do this through their corporate firewalls, NAT, etc?
Corporate IT would be quite concerned about the security issues for obvious reasons.
I have extensive experience with QNX real-time developement, but only enough knowledge to be dangerous on IP/firewall/www/etc security issues. Any help??



There are several approachs how to solve these things. For example:

  1. You can convince your customer to configure his firewall to redirect a port to your phrelay server inside his LAN and to allow access to this port only from your IP. Not encrypted data but access allowed only from an IP.

  2. You can convince your customer to give you an account on his firewall (with some limited privileges) so you can login via ssh and establish a ssh tunnel between your customer’s firewall and your computer (redirecting your local port to your phrelay server through a ssh tunnel). Encrypted data, access allowed only from an IP.

  3. Establish a kind of tunnel similar to 2) but based on different protocols/technologies.

ssh tunnels: Plink (a command-line interface to the PuTTY back ends) chiark.greenend.org.uk/~sgta … nload.html

We are using ssh tunnels and/or port redirecting to access our customers over internet, if u need some examples i can provide some.

It will depends on each customer configuration. Some may already have infrastucture to support this (VPN, ssh ,etc) other will simply not allow anybody in. It also depends on where you are trying to connect from (something you hopefully have control over), some places I work would not let a PC establish a VPN connection with the outside.

Typicaly there is more the phrelay since you may need to get/send files which you can`t do with phrelay.

People I currently work for have been able to get around this issue (which can become quite nightmarish) by putting modem in a QNX machine. Not as fast but WAY simpler. Long distance call can be expensive but so is spending hours on phone taking with IT departement (in some case more then one IT) ;-)