Remote access technology is a phrase that used to strike terror into the heart of anyone involved in IT implementation and support. It raises images of complex client software which, even if you can ever get it working, is so sensitive to the system configuration that as soon as the user does anything more sophisticated than type into a word processing document, it all falls over. Fortunately, thanks to the efforts of Microsoft (aided and abetted by Shiva), that situation is a thing of the past. It's now possible to implement remote access solutions that require nothing more than the dial-up networking technology already built into Windows 95, Windows 98 and Windows NT 4.0. Windows Dial-Up Networking (DUN), first introduced in Windows 95, is now easy to configure in its latest incarnation in Windows 98. A wizard-style interface guides the user through the entire process, and about all that there is left for the user to do is type in a telephone number, user name and password. Obviously, if a remote access solutions vendor can deliver a product that will work with DUN, it will. But to do this, the remote access server has to use the same standards that DUN follows, and fortunately, this is now usually the case. Ian Nicholson, technical support manager, Better On-Line Solutions, says "We've made our LANLynk/400 to be standards-based, so people can choose to connect without having to use our client software at all." Colin Farquhar, product marketing manager, Shiva, says "We have always offered standards-based remote access solutions, using PPP. You can use any PPP dialler with a LANRover AccessSwitch. Sure, we do have our own client software, and you might still want to use Shiva Remote on Windows 3.x platforms, but in general we are moving away from having our own client software. DUN is built into Windows 95, and there are many other programs that have been developed to work with it. Furthermore, when supplying our own client, there are always going to be some instances when adding it to Windows might result in some incompatibility". Unfortunately, DUN is a moving target. In fact, today there are three major versions. The first version, shipped with Windows 95, didn't include the Virtual Private Network (VPN) capability, using PPTP (Point-to-Point Tunnelling Protocol). This functionality was made available at a later date, as a free download. Now, at version 1.3, DUN has been further enhanced with new security features. A fair amount of criticism was levelled at Microsoft for the weak security in its original version of PPTP. In version 1.3, several enhancements have been made to the security of both PPTP connections and DUN itself. A new MSCHAP secure mode for authentication of remote access users (MSCHAP V2) supports mutual authentication, stronger initial data encryption keys, and separate encryption keys for the transmit and receive paths. There have also been changes to the compression and encryption features used by PPTP. Unfortunately, the new benefits will only be realised when both ends of a connection have been upgraded. For the moment, that means only organisations which use Windows NT 4.0 as their remote access solution, and have upgraded to the latest version of the Windows NT RAS (Remote Access Server), will benefit. Nevertheless, such software upgrades will be unavoidable from time to time, and here's where using the standard DUN client has another advantage. It's a lot easier to upgrade mobile users when all they have to do is run an automatic upgrade from the Internet, than it would be if it became the responsibility of the IT manager to distribute and install new client software on possibly hundreds of notebook PCs. One of the reasons that vendors still provide their own client connectivity software is because even though dial-up networking works well, it isn't the easiest or most intuitive piece of software to use. According to Farquhar: "Shiva does still have its own client for Windows 95. It's based on DUN, but adds a layer on top - it does better management of the contacts and telephone numbers. It's also easier to carry out certain functions like change the modem." Ray White, Symantec Secure support manager, believes that Norton Mobile Essentials adds value to DUN too. "You can set up multiple locations easily, if you need to call from different places from time to time. There are even wizards which advise you what sort of telephone connector you're likely to need when travelling abroad. A troubleshooting option calls up test servers in the UK and helps you sort out any connection difficulties." Ease of use is also cited as the reason for supplying special client software for the LANLynk/400. "It's a front-end to DUN, which is easier to configure and more user friendly", claims Nicholson. Recognising that DUN is a done deal for most users, Shiva has adopted a second strategy. "We supply plug-ins to DUN when we want to add functionality now", says Farquhar. "We have plug-ins for both Windows 9x and Windows NT. There are features being added to the Shiva products that required complementary support from the client software. These plug-ins enhance DUN capability, for example by supporting third-party authentication or roving dial-up: part of the SPAP protocol allows the client to inform the host of the dial-back number." If remote access is provided via the Internet and uses a tunnelling protocol other than the PPTP that's already built into DUN, then special client software can't be avoided. Once the connection has been made, all you need is the same software as you'd use in the office. Mobile users aren't attached permanently, and want to be able to work off-line. This mode of working entails synchronisation between files on the mobile PC, and those stored back at base. Synchronisation tools, such as the Xchange Agent in LapLink Tech address this issue. When connected, it checks the files at each end to see if any changes have been made, and exchanges only the changes themselves - not the entire document. If a document has been changed both on the server and on the mobile, conflict resolution software prompts the user to decide which one to discard and which to keep. While synchronisation is fine for a small collection of files that one particular user works on, it may not be so convenient for a large volume of read-only material, such as marketing information. Norton Mobile Update is a product that addresses this requirement. "You set up a directory on a server which contains the documents that people need access to", explains White. "While you're out on the road, any changes that people within the office make to documents within that folder are emailed to you automatically. For example, if there is a large spreadsheet of sales forecasts or business done, it will only send out the changes, and not the entire document." Another case where you might need special software is when the host you want to connect to usually runs with proprietary terminals. Many businesses entrust their serious computing not to a collection of PC-style servers, but to the IBM AS/400. "While the AS/400 does support remote access, mobile users will usually also want to access the LAN, and often end up having to connect twice - once to the LAN, and then again to the AS/400", explains Nicholson. "Devices such as the LANLynk/400 give you both LAN and AS/400 access in the one session." The LANLynk/400 includes display emulation covering the widest range of IBM terminals (including the 3477FC) and provides such features as Windows-style toolbars. You also get MorphExpress, an on-the-fly GUI that performs automatic translation of all AS/400 character-based screens to full colour, mouse-sensitive Windows screens. Security is another area where remote access vendors have been active in finding innovative solutions. "The LANLynk/400 provides five levels of security: user name/password, industry standard dynamic encryption, a PC hardware ID stamp, an optional or mandatory intelligent call back facility and support for the RADIUS centralised authorisation system", explains Nicholson. Although Microsoft includes PPTP in DUN, not everyone wants to use that when performing remote access via the Internet. "Our corporate customers are looking for something that is vendor-independent", explains Farquhar, "so although we've considered the Microsoft PPTP VPN route, we're going along with IPsec instead. We provide the client software for this, and because we have control of the end-to-end solution we can thus offer something that isn't tied to any particular telco or ISP." According to Farquhar: "Once a standard PPP connection has been made, we create and manage the VPN using our own IPsec client software. It works automatically from IP addressing structures, so when I connect to an Internet site it will detect that and work normally. However, if I mention an IP address on the corporate LAN it will initiate 168-bit triple DES encryption - a very secure connection - and run the corporate data over that." Providing support for users within the office is bad enough, but for mobile users it is more difficult. It's also important to get it right, because while users may well have other resources available within the office building, if there's a problem on the road they are left high and dry. "pcANYWHERE, used alongside a remote access product for remote control such as DUN, provides a remote helpdesk solution", explains White. "It can also be used over direct dial-up modem and ISDN connections. Assuming that they can make the connection in the first place, pcANYWHERE enables the helpdesk operative to take control of the user's desktop, an invaluable tool for sorting out problems in the field." To avoid the complication of using an extra piece of software, it's possible to configure pcANYWHERE to be initiated by the user from a single desktop icon. "Clearly, the software does have to be installed on each mobile PC, but it's not a complex product to setup.", says White. LapLink Tech also includes remote control software for providing help to remote users, but with a difference. Built-in voice chat means that a conversation can take place over the same connection and telephone line, so the helpdesk operative can talk the user through solving the problem at the same time as having control of the PC. Support isn't just a question of solving problems. IT departments are increasingly using management software that knows exactly what's inside each PC, so that staff can provide more effective support (and also spot when something goes missing). But a serious concern for corporations with large numbers of remote access users is managing mobile machines - not least from an asset management point of view. Already, 25% of PCs purchased by companies are portable devices. The cost of ownership is higher than for desktop systems, making manageability even more important. Version 1.1 of the Wired for Management (WFM) Baseline Specification recognises and addresses the unique requirements of mobile computing. Mobile systems are only occasionally connected to the corporate network, and then often by some medium that has very low bandwidth compared to the LAN that connects desktop systems. The mobile section of the WFM specification defines the features needed to enable remote system installation and configuration, automatic systems maintenance and system health monitoring, the objective being to ensure that mobile computers can be managed by any application that uses the Baseline's specifications in the same way it can manage conformant desktop PCs. The baseline requirements for a mobile PC are ACPI power management compliance and the same instrumentation as for other PCs. They also need to support the DMTF (Desktop Management Task Force) Mobile Supplement to the System Standard Group definition, and instrumentation support for hot pluggable devices. Two additional recommendations - but not compulsory - are that mobile PCs support Remote New System Setup (perhaps via a boot diskette, docking station, PC Card NIC or built-in LAN interface) and Remote Wake-up. Together, this initiative ought to make managing and supporting mobile users easier. No matter how well you have the mobile end of the equation under control, you also need to pay serious attention to the server. If you don't outsource your remote access entirely, then you're going to end up with a box that needs managing and maintaining. Just how much work this is depends on what solution you opt for. Whether you use your existing Windows NT server to provide remote access or choose a dedicated remote access device, you still have to maintain it, and that means upgrading the software from time to time. The attraction of using a solution like Microsoft Remote Access Server is that it appears to be free. Why, then, do people go out and spend thousands on dedicated boxes? Certainly, dedicated remote access servers continue to have wide appeal. Nicholson reveals that: "Quite a few of our customers for the LANlynk/400 don't actually have an AS/400 at all. They are buying the box purely as a remote access server - primarily, because it is so easy to install, configure and manage." According to Nicholson, LANLynk/400 includes self-installation facilities, and should be up and running in a matter of minutes, and to anyone who has ever done battle with RAS, that's a compelling argument for the black box approach. "The LANLynk/400 manager software allows you to specify exactly those dates and times when users can have access, which protocols they can run, and even which servers they can have access to", says Nicholson. Whatever server you use, you need to support it, and that means you're suddenly running a 24-hour support operation. If you do choose NT as your remote access platform, and you don't particularly want to staff the server 24 hours a day, pcANYWHERE can come to the rescue. "One of our supported platforms is Windows CE", explains White. "So, as well as using pcANYWHERE to connect out to mobile users to provide support for them, a mobile support engineer can use it in the opposite direction. By using pcANYWHERE, it's possible to dial into the Windows NT server, take control of the screen and fix problems from a simple hand-held Windows CE device."
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally