Many companies are now placing greater emphasis on sending their staff out to work directly with customers. As a result, more computers are being used in the field, and so a greater reliance is now placed on the technology which allows them to keep in touch. Remote access products make it possible for these peripatetic employees to link into and exploit the information held on central servers throughout the enterprise.
Road networks The modern globe-trotting employee needs to be able to gain access to central information resources from wherever they are working ? whether it be from home, from hotels on the other side of the world, or even from a customer?s LAN. What?s more, they need access to an increasing number of mission-critical applications: many organisations no longer view email, group scheduling and discussion groups as a convenience, but as an essential part of the business operation.
In a recent report, Intranets on the Road, market research company Forrester reveals that network managers expect remote access requirements to rocket over the next two years. According to the report, a startling 50 per cent of network managers expect their remote access populations to grow to more than 2,000 workers and several expect a five-fold increase in the number of dial-up lines needed to link staff in the field to enterprise data.
Unfortunately for those contemplating either introducing or expanding these resources, the remote access market is undergoing dramatic change, both in the technology itself and in the way it is delivered. Internet technologies stand to revolutionise the way in which remote access is achieved technically. At the same time, many businesses are beginning to rethink whether they need to own all the remote access infrastructure themselves and are outsourcing some or all of it.
Currently, there is no solution that satisfies all remote access needs. Access speeds are changing rapidly and there are new standards for security on the horizon. The only certainty is that, regardless of what solution is chosen today, it is unlikely to be appropriate for your requirements in two years? time. So above all else, any remote access solution you choose should be sufficiently flexible ? otherwise, it may end up stifling rather than encouraging organisational change.
Remote access introduces a new set of support issues for many organisations. It?s a big step from supporting nine-to-five workers in one building to dealing with thousands of users 24-hours a day worldwide. Many organisations will want to stop and ask themselves whether they are really in the business of manufacturing widgets or running an around-the-clock global IT support operation.
Security is a concern when company data is being transferred across open telephone lines, third-party service provider networks and the Internet. Performance is also a serious issue when you consider that even an ISDN channel is 150 times slower than the average LAN. Other concerns include reliability, scalability and capacity. And for some users, accounting is a necessary feature, even when hosting remote access in-house.
To own or loan The wide range of remote access possibilities is bewildering. If an organisation wishes to own and manage its own remote access hardware, there are several ways of achieving this. At the bottom end, many network operating environments already include remote access software or have it available as an option, so it?s simple to buy some modems and set up a remote access server using an existing system.
Although the initial purchase price is more expensive, it?s probably easier to buy a ?black box? solution from a vendor such as Shiva. This is basically a PC in a box with modems that plug into your network at one end and the telephone line at the other.
Further upmarket there are large and sophisticated remote access servers that support many users and a wide range of telephony connection options, such as E1, T1 and PRI (primary rate ISDN).
Of course, if you own and manage your own remote access server, you have complete control over it. However, there are also many drawbacks. One of the most obvious is the fast-changing nature of communications technologies. Having gone from 14.4Kbits/sec via 28.8Kbits/sec to 33.6Kbits/sec already, remote access server owners are having to face yet another modem upgrade to 56Kbits/sec ? with two competing 56K technologies to choose from ? and/or the change to ISDN.
It?s not only the modems that need upgrading periodically, but also the remote access server operating system or firmware itself, as well as the client access software. And remote access servers not only go wrong, but are difficult to debug and fix.
Another serious problem is support. Even if you decide that you are in the business of running a 24-hour IT support operation, what are you supporting? The remote access server alone or the client software and end-user as well? What about the telephone link between Japan and your office in Basingstoke? And scalability is also a challenge ? adding new users means more lines, more remote access ports and a beefed-up server.
An alternative to owning a remote access server is to offload this burden to a service provider. That way connection to your LAN comes via a high-speed pipe and router, and the service provider manages all the dial-in technology.
Using a service provider can be cheaper than owning the equipment yourself. The service provider can achieve economies of scale with the dial-in equipment and, depending on its reach, your remote users can make local calls instead of long-distance ones. The break-even point, where it becomes cheaper to opt for external service provision, is low and dropping all the time.
A service provider can offer transport between the dial-in points of presence (POPs) and your LAN using a number of techniques, including the Internet (see Remote Access via the Internet boxout, page 140). Of course, with any service provider, and especially one that uses the Internet as transport, security is vital.
But with the right choice of service provider the problem is solved. Not only can it offer 24-hour support, but it supports the whole infrastructure from the dial-in POP to the router on your LAN. In fact, a service provider can offer more than just remote access. It can ? and probably should ? remotely manage the router that terminates its pipe and can even go beyond that to manage your network infrastructure, servers and desktop PCs, using tools such as Network Health Server from Concord Communications.
Novell?s philosophy is that users should think of networks that deliver services, rather than individual servers that deliver specific operating systems and applications. Thus, people will be less concerned about individual server hardware and software, and more interested in directory, email, Web and other services, regardless of where and how on the network they are hosted. The natural extension to this is that some, or even all, of these services are outsourced, so that no servers physically sit in the organisation. This makes it possible to take remote access to the extreme and create an organisation where everyone works remotely. Catalyst 400 is a good example of the ultimate in remote access implementations (see Catalyst 400 boxout, page 138).
Shiva Lanrover Access Switch Shiva?s Lanrover is not a single product but a large family of products covering a range of corporate remote access needs. The Access Switch is at the top end of the range and supports large-scale remote access. It incorporates the functionality of modems, communication servers and multi-protocol routers in a single box that sits attached to your LAN. The device is modular, so components can be changed or upgraded.
The Smart Detect feature allows you to have a single number for both ISDN and modem users because incoming call types are automatically detected and connected appropriately. There?s also no need to change any hardware or software when moving from analog to ISDN. Multilink PPP means that dial-in users can even aggregate two ISDN channels for a full 128Kbits/sec connection.
Shiva provides its Remote client software for dial-in Windows 3.x users. Because the Access Switch supports the PPP standard, you can also connect to it using the dial-up networking that?s built into Windows 95 and Windows NT. The company supplies an add-on pack for Windows 95 to improve security features.
The Access Switch supports a wide range of protocols, including TCP/IP, IPX, Apple Remote Access (ARA), Appletalk/ PPP, NetBEUI and 802.2/LLC protocols. Several security options are also supported, including Radius and Netware bindery. Telephony connections can be analog lines for modem connections up to 33.6Kbits/sec, PRI, T1 or E1. Modem cards for 56Kbits/sec will be available towards the end of the year.
The Lanrover Access Switch is available in a variety of configurations and prices.
Contact: Shiva on 01734 774747 Price: on application Windows NT Routing and Remote Access Service Microsoft?s Windows NT has a remote access service (RAS) built in. So, with the appropriate hardware (such as modems) and a Windows NT server, you can implement a remote access solution yourself ? provided you?re prepared to maintain and support it.
The RAS has a number of useful security features. There are three call-back options: user-defined, fixed number and none. With the fixed number scheme, each user has an individually-assigned number. Permission to dial in can be granted and denied to each user, and you can also configure the RAS so that users dialling in cannot access any network resources beyond the RAS server itself. With Microsoft?s point-to-point tunnelling protocol (PPTP) and the RAS data encryption, data can be sent encrypted using a 40-bit key that is negotiated at connect time between the RAS client and the Windows NT RAS server. This feature needs client PPTP support, which is included in Windows NT.
Windows NT also has DHCP, so Internet protocol (IP) numbers are automatically and dynamically assigned to remote users, as well as PPP Multilink channel aggregation, so remote access users can combine multiple connections to increase the available bandwidth.
Microsoft has recently launched a product that enhances the RAS and Windows NT 4.0?s multi-protocol routing facilities. Known variously as Steelhead and Windows NT Router as well as Routing and Remote Access Service, this upgrade can only be applied to Windows NT Server.
The Routing and Remote Access Service includes Radius client support. This means that a Windows NT Server can be used as a remote access server that authenticates to a Radius server, such as Novell?s Radius Services for NDS. There is a new, unified management tool for routing and remote access. But even Steelhead does not add any accounting functionality to RAS.
The release version of the Windows NT Routing and Remote Access Service is available as a free 5.54Mb download from www.microsoft.com/ntserver/info/remoteaccessservices.htm.
It requires Windows NT 4.0 with Service Pack 3 or later. Note that Client Access Licences (CALs) are needed for remote users dialling into a Windows NT RAS.
Contact: Microsoft on 0345 002000
Price: on application
Novell Netware Connect 2.0 Netware Connect is a straightforward solution for Novell networks in organisations that want to buy and maintain their own infrastructure. Unlike Windows NT, Netware doesn?t include remote access capabilities as standard. Intranetware for Small Business is the exception, however, because it includes a two-port licence for Netware Connect 2.0.
With Netware Connect, a Netware (or Intranetware) server and appropriate remote access hardware, such as a modem bank, you have a complete network access server solution. Remote users of Windows 3.1, Windows 95, Mac OS, DOS and Windows NT can dial into Intranetware and Netware networks to access file and print services.
Netware Connect integrates directly to NDS and adds a second level of authentication. You can set the same user names and passwords for remote access as you use on the LAN or input different ones. You can choose from a variety of authentication mechanisms, including PAP and Chap.
Setting up client access for Netware Connect isn?t difficult. In Windows 95 you can choose either Microsoft Client For Netware Networks or Novell?s Netware Client32 for Windows 95. If you?re going to use the Microsoft client with Netware server 4.1 using NDS, then you?ll need to add the Service For Netware Directory Services and the Windows 95 Service Pack 1. For Windows 3.1 users, the Netware Mobile client software package includes dialling software and a File Assistant to allow you to work locally and synchronise with the server later.
Connectview, which is an optional extra, is a Windows-based monitoring console for network supervisors that includes a number of analysis tools. It can be used to determine peak-time needs and ensure that remote access users have adequate resources. Connectview also includes an accounting package so users can be billed, per person or per department, based on a number of options such as speed, connection type and time of day.
Netware Connect 2.0 is available in a range of configurations and upgrades, depending on the number of ports required. Connectview is priced separately.
Contact: Novell on 01344 724000 Price: on application
Novell Radius Services for NDS Netware Connect 2.0 allows an organisation to build a complete remote access solution, whereas Novell?s Radius Services for NDS (only available in a Beta version) are intended to be used alongside a third-party remote access server. they are compatible with the new Radius standards, so they can be used with any remote access server that supports Radius authentication.
A Radius server sits somewhere on your network and is used by the remote access server to authenticate remote users. Radius Services for NDS can be used in two ways: either with remote access equipment owned by the organisation, or with that owned by a service provider. So Radius Services for NDS gives users a degree of flexibility in deciding how much of the remote access solution should be outsourced. At one extreme, you can buy the remote access server hardware and manage the whole lot; or at the other, you can outsource the entire package to a service provider. A useful compromise is outsourcing the remote access hardware to the service provider, but using only Radius Services for NDS in-house to retain control of your NDS administration.
If you?re using Radius with a service provider, the remote access equipment at the service provider will authenticate dial-in users against your NDS database, through either the Internet or private bandwidth. Radius authentication only grants dial-in users the ability to connect to the network: once connected, another log-in is needed to access file and print services on the Netware servers. However, you can opt to use the same user name and password for both log-ins.
The client software you use will depend on the network access server, but usually clients such as the Microsoft Dial-Up Networking will be adequate. The impact on the server is fairly low, with clients requiring about 150Kb of free memory and 150Kb of disk space.
High availability is relatively easy to achieve because you can configure any number of backup Radius servers that will take over if the primary server fails.
The public beta version of Radius Services for NDS is available as a free download from support.novell.com/home/pubbeta/radius.
Contact: Novell on 01344 724000 Price: free download of Beta version
US Robotics Edgeserver An unusual approach to remote access, this is a plug-in module for the Total Control Enterprise Network Hub ? a chassis in which you can build virtually any enterprise network access solution. Different modules include a proxy server, a firewall and an authentication server, plus modem and ISDN ports and PRI interface cards.
The Edgeserver module includes a Windows NT server. This means you can choose to run some or all of the services that your remote users will need to access in the Edgeserver, thereby reducing the impact of remote access traffic on your LAN. You can even opt to have remote access users restricted to using the Edgeserver and prevent them from using the LAN altogether. This would entail putting every service they might need on the Edgeserver.
US Robotics has also increased the security in the standard Windows NT Remote Access Server, so access control can be applied on a per-port basis.
Contact: 3Com/US robotics on 01753 751200 Price: Price on application
IBM Global Network If you want to offer local-call global coverage for remote access users by using the Internet, the IBM Global Network (IGN) could be what you?re after. It?s a true global Internet service pro-vider (ISP) that offers a single log-in identity for dial-in users at any of about 1,000 POPs around the world. Modem speeds up to 56Kbits/sec are supported, as well as ISDN.
For those concerned about Internet security and performance, IGN offers an alternative solution. Instead of connecting your corporate LAN to the Internet, you can connect it to IGN. That way the traffic from the local interface gateway (LIG) at the POP that the user dials into never traverses the public Internet ? it?s carried entirely on IBM?s network, thus providing you with a secure VPN. This also solves the problem of unpredictable Internet performance.
If dial-in users also need to be able to access the Internet, this is managed by the LIG in such a way that users can run two concurrent sessions ? for example, replicating the company Notes database across IGN to your LAN, while browsing the Web over the Internet.
If your LAN users also need Internet access, there is no need to have a second leased line: IBM can offer firewall-protected outgoing-only access to the Internet from the PCs on your LAN, via the IGN. If outsourcing appeals, IGN can also host virtually any service you might want, such as intranet Web servers, Lotus Notes and email.
Contact: IBM Global Services on 01926 464343 Price: on application
Managing mobile equipment
PC ownership costs have received a great deal of attention recently and there have been many initiatives ? such as Intel?s Wired for Management (WFM) technologies ? to make it cheaper to manage desktop users. But a serious concern for companies with large numbers of remote access users is how to manage mobile machines. Already, 25 per cent of PCs bought by companies are portables. These have higher ownership costs than desktop systems, so being able to manage them is particularly important.
Version 1.1 of the WFM specification addresses the needs of mobile computing. Portables are only occasionally connected to the company network and then often by a medium that has low bandwidth compared with the LAN that connects desktop systems. They are also more dynamic than desktop systems: hard drives can be swapped and PC Cards plugged in and out.
The mobile section of the WFM specification defines the features needed to enable remote system installation and configuration, automatic systems maintenance and system health monitoring. The objective is to ensure that portables can be managed by any application that uses the baseline?s specifications, in the same way that it can manage conformant desktop PCs
Intel says that future versions of the LANdesk Client Manager will provide support for managing portables, and major notebook manufacturers have promised systems that will be compliant with the WFM specification.
The main requirements for a mobile PC are ACPI power management compliance and the same instrumentation as other PCs. They also need to support the DMTF (desktop management task force) mobile supplement to the system standard group definition and provide instrumentation support for hot-pluggable devices.
Two additional recommendations are that portable PCs support remote new system setup ? perhaps using a boot diskette, docking station, PC Card NIC or built-in LAN interface ? and remote wake-up
Mobile systems compliant with the baseline are expected to start appearing soon.
Catalyst 400: ?maximum client contact, minimum dead time?
Catalyst 400 was formed in April 1994 as an IBM AS/400 Business Associate. It has a nomadic, flexible working structure with all of its employees able to work from home, customer sites or hotels and airports.
Because Catalyst 400 operates in the competitive computer industry, it is keen to keep overheads to a minimum. Ben Schofield, technology consultant for Catalyst, says: ?The leanest business model we could find was that of nomadic teleworking, where every employee is customer-facing and working totally from the field.?
Catalyst wanted teleworking to enhance efficiency rather than hamper it, says Schofield. ?We were adamant that the technology should provide a better way of working than previous manual practices. With Lotus Notes and our information-sharing application, a sales manager is able to see ? for each salesman ? every customer, each contact, all bids in progress with their value, and any letters sent or meeting notes. Our management has more information on the sales process than most companies, wherever they are based.?
Catalyst?s IT operations are built around Lotus Notes, hosted by IBM Global Network?s data centre at Warwick, which provides 24-hour coverage and support. ?The Notes-based system means we achieve maximum client contact and minimise dead time in travelling or internal meetings,? says Schofield.
The nomadic teleworking model has been surprisingly cheap to implement, according to Schofield. ?We have found that the cost of equipping individuals in a mobile workforce requires 50 per cent less investment than setting up an individual in an office environment.? he says.
The company?s business model has certainly produced results. In two quarters in 1995 it received the Agent of the Quarter award as IBM?s leading AS/400 Business Associate and it has completed certification of its quality procedures to ISO 9000.
Remote access via the Internet
Although remote access via the Internet potentially solves many problems, it introduces new ones. The main attractions are flexibility ? connection from anywhere in the world, either via dial-up or directly from someone?s LAN ? and lower costs. The Internet lets you provide remote access at a fraction of the hourly cost of a customer-run modem bank. And because Internet access is available everywhere, long-distance calls for remote access should become a thing of the past.
There are proprietary solutions to the security problem, such as Check Point?s Firewall-1. This is used by UUNet in several countries around the world to enable it to offer secure encrypted remote access to your LAN. The Securemote client encryption software encrypts data before it leaves the remote PC. Other proprietary encryption solutions involve unencrypted data travelling between the remote PC and the service provider?s point of presence, where it is encrypted before traversing the Internet. There will be a standard for Internet protocol (IP) security, Ipsec, which is due to be finalised this year, but products incorporating it won?t ship until 1998.
Internet performance is still something of a gamble. And the average Internet service provider cannot yet be trusted to provide decent customer service.
Several major ISPs, such as UUNet, have POPs in many countries, but only a few, such as Compuserve Network Services, AOL and the IBM Global Network, offer anything like a true global presence. A truly global service provider like IGN should also offer good, constantly available support.
Tunnelling is another issue. Your LAN may not be TCP/IP yet, but the Internet is an exclusively IP network. There are two proprietary tunnelling solutions that solve the problem of running other protocols encapsulated in IP: Microsoft?s Point-to-Point Tunnelling Protocol (PPTP) and Cisco?s L2F (Layer 2 Forwarding). These are stopgap solutions until products supporting the open L2TP protocol start appearing in 1998.
Forrester predicts the emergence of devices that it calls extranet routers to help provide remote access over the Internet. These devices will terminate the Internet connection on your LAN, and will support encryption, authentication to Radius servers, and all three tunnelling protocols. They will also include built-in firewall technology and offer fast multiprotocol routing between a high-speed leased line and the local LAN.
Another benefit of Internet remote access is that remote users can use standard software, both to connect to the ISP and to access company data. This will work only if the applications that people need to access are based on Internet standards. Fortunately, many mission-critical applications are now Web-enabled.
For example, Staffware Global for Staffware Workflow is one of the first industrial-strength Java applications. It offers the full functionality of Windows clients to remote users. More importantly, workflow software of this type may be essential to operating business processes successfully with remote users ? you may need something like this to track and control business processes before you can contemplate large-scale teleworking.
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23
Asda, Morrisons and Tesco in the frame for checkout facial recognition technology
Research opens up new possibilities for structural batteries, where the carbon fibre forms part of the energy system
Another shape could have indicated hard-to-detect particles