During the dot-com boom, when C-Bridge Internet Solutions’ work force was growing at the rate of 100 people a month, well-intentioned customers would offer the company high-speed Internet connections so its staff working at their sites could connect back to C-Bridge’s corporate systems. Too often,
though, conflicts between the customers’ firewalls and the client software used to provide secure access to C-Bridge’s servers were insurmountable, and C-Bridge’s remote staff had to resort to slow dial-up modems.
Chief Information Officer Rafael Rodriguez was at a loss to solve the problem until a friend put him in touch with Aventail Corp., which had just launched remote-access software that took what at the time was an unusual approach to security. Instead of relying on IPsec, which requires software on the client system and often runs into conflicts with firewalls and other devices, Aventail’s offering relies on the Secure Sockets Layer (SSL), the security standard on which most e-commerce depends.
Rodriguez — now CIO and chief security officer of eXcelon Corp., with which C-Bridge merged about a year ago — says he was skeptical at first, but decided to give the software a try.
“”The pilot was fantastic,”” he recalls. When C-Bridge and eXcelon merged, Rodriguez converted the whole company from IPsec to SSL. It’s a cost issue, he says, because with IPsec “”the minute you make any change, it’s a phone call to IT.””
SSL, on the other hand, lets a remote user connect from any device running an ordinary Internet browser, and doesn’t get into conflicts with firewalls and home networks.
A growing number of companies are using private IP addresses within their own networks, Rodriguez says, and increasingly popular home networks create the same private IP situation. While IPsec can work in this environment, it usually does so only after much tinkering. To add to the pain, some cable-modem Internet service providers (ISPs) have set up their systems so IPsec clients won’t work. When telecommuters want access to corporate systems from home, the access providers try to switch them to costlier business services.
Aventail is not alone. IPsec is giving way to SSL as the security technology of choice for remote access, whether remote users are at home, in client offices, in hotels or even in small branch offices.
Working away from the office
The trend toward SSL goes hand in hand with increasing adoption of Web browsers as the universal client for remote access to corporate applications.
“”It simplifies life because Web browsers have been pretty much ubiquitously deployed (and) everybody knows how to use them,”” says Reggie Best, chief executive officer of Netilla Networks, Inc. The Somerset, N.J.-based vendor’s Netilla Service Platform creates virtual private networks (VPNs) using SSL.
SSL also provides greater security, says Tim Claxton, senior product marketing manager at Aventail. Because SSL lets the secure VPN “”tunnel”” through the Internet terminate at the edge of the corporate network, it makes it easy to set up permissions controlling which users have access to which applications and data — “”which is very appealing to the security officer,”” Claxton says. Aventail also builds in additional protection against system-crackers at the edge of the network.
In general, people are spending more time working at client sites, on the road and at home than in their offices, observes Ross Chevalier, director of technology at Novell Canada Inc. That means people want remote access to corporate applications and data at high speed from wherever they are, even using other people’s computers or portable devices such as handheld computers and personal digital assistants.
“”Work is not a physical location, a destination that you need to go to each morning,”” says Dave Manks, senior director of products, solutions and alliance marketing at Citrix Systems Inc. of Fort Lauderdale, Fla. “”Work is where you are.””
On the other side of the coin, Manks adds, more information is stored electronically today than ever before, and most people rely more on computers to do their jobs, so easy access to corporate systems is more vital.
That is driving a shift away from the traditional client/server model, requiring a component of access software on the local machine, to an approach that relies heavily on the Internet and the virtually ubiquitous browser software.
The range of applications to be supported seems almost unlimited. Access to corporate e-mail is an obvious one, but remote workers also want a window into corporate Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM) systems, various central knowledge bases, and even into everyday productivity applications such as Microsoft Office suite that may not always be available on computers where remote staff are working.
Citrix was an early entrant in the remote-access field. The company’s Metaframe server intermediates between remote users and the applications they use, working with an access software component that runs on Windows and various other client platforms. However, Citrix also offers an ActiveX control that can be downloaded through an ordinary browser to any computer and used to connect to the Metaframe server. The control remains active only for the session when it is downloaded, Manks explains, so it can safely be used from computers in airport and hotel business centres, client offices and the like.
“”I definitely see a trend moving in that direction,”” Manks says. “”A number of clients are telling us that the browser is really their ultimate ubiquitous client.””
The Ottawa-based Canadian Institutes for Health Research, for instance, supports users working at multiple universities, who use different PC platforms at work and also like to work from home. “”We just couldn’t support all the different kinds of desktops that are out there,”” says Shane Brunas, deputy chief information officer for IT services. Netilla’s browser-based approach is the answer.
“”The more stuff I can deliver through the Web, the easier the job is for me as a support person,”” says Novell’s Chevalier. Web access to applications, for instance, means less work in upgrading applications on dozens of individual client systems — though Chevalier admits users generally need their most-used applications installed on their own machines.
Growth in wireless computing
Some say the browser-as-client approach has limitations, though. Jon Russo, vice-president of marketing at Redwood Shores, Calif.-based iPass Inc. (which provides remote access service), says there is a place for browser access but it does not work well when customers need their own PCs to work closely with remote servers.
For example, it would not work well when a remote application needs to use data stored locally.
Conflicts with applications are not unheard of. Brunas says the Canadian Institutes of Health Research had trouble making Lotus Notes work with the Netilla system. The problem was never resolved because a move from Notes to Microsoft software was under way anyway.
Growth in wireless mobile computing, meanwhile, is creating some new challenges for remote access. One is the fact that many of these mobile devices have small screens that cannot display as much information as standard computer screens. Application data must be reformatted to be readable on these screens.
Manks says Citrix has been experimenting with supporting odd-sized screens for a number of years, and its Metaframe software can support pocket-sized devices today.
Security has always been a remote-access issue, and wireless communication only adds new wrinkles. Vendors and users say that while no security is ever perfect, the technology available today does the job acceptably. Manks’ advice to customers is to rely on several layers of security, such as SSL, 128-bit encryption and authentication using ID codes and passwords.
There is also a growing realization that a legitimate remote user could unwittingly serve as a back door into corporate systems by using a PC that is not fully secured. To combat this, some remote-access systems check for security precautions on remote systems. For instance, Russo says iPass’s client software makes sure the client PC is running anti-virus software and a personal firewall before allowing it to connect to a corporate server.
Over time, Chevalier sees the much-talked-about Web services model playing an increasing role in remote access. Yet Web services remains in its infancy.
“”We don’t see a lot of in-the-field demand for Web services today,”” says Claxton, “”but we realize that’s something that companies are working to.””