[unisog] Remote Access for vendor support

Richard Gadsden gadsden at musc.edu
Fri Sep 12 17:49:27 GMT 2003

On Thu, 11 Sep 2003, Bob Smith wrote:

> We have been seeing a continuing trend towards new contracts and renewals 
> where the vendors are "demanding" remote administrator access (terminal 
> services, pcanywhere, etc.) to our servers to provide support.  We have had 
> some success in handling most of our support issues over the phone, but it 
> appears lately that if we balk on the remote access then they won't provide 
> any support.  Its their way or the highway!
> I am looking for input as to how others have dealt with these issues and 
> how you may have or have not compromised with the vendor to find a viable 
> solution...

We have a partner connection agreement that requires each vendor to
provide up to date administrative and technical points of contact. The
vendor is also required to (a) state exactly which system(s) they need to
access, how they intend to access them, and what they will be doing, and
(b) sign an acceptable use agreement in which they agree not to step
outside of those defined boundaries.

Some things are negotiable. For example, we obviously prefer separate
logins for each support engineer who will be accessing our network, but
for some vendors whose support processes would not work under that model,
we've allowed the use of shared accounts -if- the vendor can demonstrate
that some audit process on his end ensures individual accountability.

Some things aren't negotiable. For example, we won't allow remote access 
by vendors through any kind of connection that can't be audited by the 


More information about the unisog mailing list