If these are critical applications, you should have a development/staging/production environment.
Let the vendor have access to a development or staging server that looks close to production environment. Put this server into a DMZ. Allow access only from pre-designated hosts. Let the vendor "fix" the applications on this box. Port the changes to production yourself.
Consider using a VMWare like solution for several of these virtual servers on a single hardware platform to keep hardware costs in control.
This wont fix all your problems, but will shunt off routine access requests by vendors off to a non critical replica.
(As a vendor, I can attest that this also causes the customer support staff to get trained faster:) )
Slashdot Mirror
If these are critical applications, you should have a development/staging/production environment.
Let the vendor have access to a development or staging server that looks close to production environment. Put this server into a DMZ. Allow access only from pre-designated hosts. Let the vendor "fix" the applications on this box. Port the changes to production yourself.
Consider using a VMWare like solution for several of these virtual servers on a single hardware platform to keep hardware costs in control.
This wont fix all your problems, but will shunt off routine access requests by vendors off to a non critical replica.
(As a vendor, I can attest that this also causes the customer support staff to get trained faster :) )