Remote access used to mean dialing up from home using a personal computer with special software for connecting to corporate servers. Now it can mean connecting from home, a client’s office, an airport or a street corner using a laptop PC, a handheld, an Internet kiosk or a PC in an Internet cafe.
It can even mean tapping into the corporate phone system over an Internet Protocol (IP) connection.
“”There’s a tremendous demand now for people to work from home and be able to access the corporate network in totality,”” says David Wright, area vice-president for Canada with Citrix Systems Inc. of Fort Lauderdale, Fla.
“”The number of different ways that we’re capable of being in touch now has increased dramatically,”” says Tracey Fleming, senior technical consultant at Markham, Ont.-based Avaya Canada Corp.
This opens new doors for users, but it also opens a can of worms for network administrators.
“”Traditional remote access does not go far enough,”” says Jude O’Reilly, director of product marketing at remote access vendor Aventail Corp. in Seattle. “”They’re looking to provide access to people from handheld PCs, from airport kiosks, from Internet cafes.””
O’Reilly adds, though, that there is another trend in the remote access market: IT organizations are more aware than ever before that remote access is costing too much. “”The two trends don’t fit together very well,”” he says.
The proliferation of portable devices, public Internet access and wireless networks complicate the remote access picture in two ways. First, user expectations rise. Second, the growing assortment of devices and connection options means IT people have more to support. That’s especially true when it comes to handheld computers and even digital cell phones.
THE DIFFERENT PARTS DON’T ALWAYS WORK TOGETHER
“”We’re dealing with devices that on many occasions don’t share much commonality,”” says Mark Quigley, research director at the Ottawa-based Yankee Group in Canada.
Pocket-sized devices have small screens, meaning displays meant for desktops and notebooks don’t work well. They also run different operating systems.
On top of that, technical staff are dealing with devices over which they have little control. Many handheld computers belong to the employees rather than to the employers.
With handheld devices (as with home computers), employers can issue guidelines, such as having firewall and antivirus software on home PCs used to connect to corporate systems. With Internet kiosks and PCs in Internet cafes, IT has little or no control of the remote machine’s configuration — and the certainty that other people will use it after a mobile employee walks away.
Onset Technology of Santa Cruz, Calif., has created tools to let wireless handheld computer users use corporate data and applications from pocket-sized machines. Onset’s Metamessage for Wireless lets users view and download files from corporate servers and print them to network printers or fax machines, says Stewart Fox, Onset’s vice-president of sales and marketing.
The latest Metamessage release lets handheld users view and manipulate data in databases set up by enterprise applications like customer relationship management (CRM) and document management systems.
Metamessage includes a small client component for the handheld. Onset currently has clients for Microsoft Corp.’s Pocket PC architecture and Waterloo, Ont.-based Research in Motion Inc.’s BlackBerry handheld. The BlackBerry is the more popular platform so far, Fox says. A client module for the Palm handheld line is on its way.
Aventail supports remote access to corporate systems from Pocket PC machines, O’Reilly says. The company also has server software to allow remote access without special software on the client from Internet cafes and kiosks. Any machine with a Web browser will work.
Citrix, an established remote-access player, makes remote clients transparent to host applications, Wright says. It doesn’t matter to the application what the client is. However, there is still the problem of making the data readable on different devices.
“”If you’ve got an application that’s designed to work on a 17-inch screen, I don’t know what you do with that application to make it work on a four-by-three-inch screen.””
Remote access from publicly accessible computers raises thorny security questions. For instance, says O’Reilly, Web browsers normally cache the Web pages they retrieve, and a knowledgeable PC user could retrieve those pages from the hard disk of the remote computer. The Aventail software can prevent the caching of sensitive material. It can also deny users the option of saving passwords for future re-use, and blocks the auto-completion capability (which would allow another user to stumble on the address of a private Web page by typing its first few letters).
Sessions can be set to time out after a certain period of inactivity, to avoid the danger of a remote user leaving a secure session open.
Wright says Citrix takes similar precautions to ensure no data “”artifacts”” are left on remote computers.
IT departments are gradually coming to grips with the problems of securing remote access from devices they cannot control, says O’Reilly.
“”There is just a change in philosophy in IT,”” he says. “”How do we build strong security around this new assumption (that) we don’t necessarily control the end points any more?””
Both for security reasons and because of the need to tailor applications to different devices, Quigley says, IT departments may have to make choices about which remote devices to support. One answer is to take a step-by-step approach, he says, supporting the most important devices first and adding others over time.
SECURITY CONCERNS ARE HOLDING MANY FIRMS BACK
Though public machines present special problems, O’Reilly says, security fundamentals remain the same — with a few adjustments — whether the client is an internal PC or any sort of remote device.
Wright says Citrix’s software provides inherent security because only screen elements and keystrokes travel to and from the remote client, making it hard for anyone intercepting a connection to capture meaningful data.
Security issues scare many organizations away from remote access, though. According to a survey by Scottsdale, Ariz.-based research firm In-Stat MDR, only about half of companies surveyed allow remote access to their systems, and 38 per cent of those don’t cite security as the main reason.
Virtual private networks (VPNs) have become an accepted way to control remote access to corporate systems. However, traditional VPNs that require client software installed on the remote device present problems in an age of multiple remote devices, Internet cafes and kiosks. That has helped increase interest in “”clientless”” VPNs — often built using the Secure Sockets Layer (SSL) technology on which most Internet security depends.
YO: NOT EVERYONE NEEDS A VIRTUAL PRIVATE NETWORK
Aventail is among the vendors pursuing this course. So is Citrix, with its recently-introduced MetaFrame Secure Access Manager. Research firm Meta Group Inc. of Stamford, Conn., has projected that 80 per cent of remote access users will rely on SSL by 2005-06.
Yo Inc., a Toronto startup, offers a VPN alternative that uses an authentication server at the host end coupled with a small piece of client software that can be downloaded via the Internet. Yo’s VisEdge uses SSL for an initial connection with the remote machine, authenticates the remote user using a digital certificate, then sets up a direct, secure connection with a corporate server. Company spokesman Shelly Sofer says VisEdge is easier to set up than a VPN and makes it easy to limit users’ access to those parts of the corporate network appropriate for each individual.
Clients of Media Replication Services in Mississauga, Ont., use VisEdge to upload material to be placed on compact disks and tapes. Previously, the company relied on File Transfer Protocol (FTP), which was not secure, says Noble Musa, the firm’s vice-president of marketing. Employees also use VisEdge for access to office computers when working from home or elsewhere, Musa says.
As remote access to data makes it easier for employees to work wherever they are, expectations are extending to the corporate phone system. Voice over IP (VoIP) technology allows mobile workers to use “”soft phones”” on mobile PCs to take their office phone extensions with them wherever they are. Fleming spoke to C&N recently from Avaya’s Calgary office, where he was receiving calls to his head-office number on a PC.
In late April, workers at Avaya’s Beijing office gave remote-access technology a real workout when a Severe Acute Respiratory Syndrome (SARS) infection closed their office for several days. Employees worked from home, from Internet cafes and wireless hotspots and from client offices, says Timothy Mak, director of customer relationship management business for Avaya in greater China.
Media Replication Services prepared a backup plan in case the SARS outbreak in Toronto got worse. The plan called for employees to work from home using VisEdge, Musa says, but it never had to be used.
Their experiences underline how far remote access has come from its early days of dial-up access to corporate servers from home PCs. Now employees have the potential to take almost their entire office environments with them wherever they go. “”They could be in hotel rooms at night, they could be literally by the side of the road,”” Wright says.