USA India
Home Articles UserTV Press Releases Dictionary Books Education Careers B-Channels Resources Forums Blogs Classifieds
Saturday 5 Jul, 2008 eNewsletter Register Login
Archives
Articles By Date
Articles By Category
 
 
 Archives >> Details
A Hands-Off Solution
Could a managed remote-access VPN be the thing for your business?
Posted by : Timothy Sutton

Pundits estimate 40 percent of workers now travel for business, and IDC predicts this figure will rise to two-thirds by the end of 2006. As a result, providing mobile employees, clients and partners with remote access to a companyâs internal network is a basic IT requirement. Working at home or on the road should be as productive and secure as working in the office--a common goal of most IT staffs looking for economical ways to provide comprehensive remote access. With the right technology, the full productive potential of information workers can be unleashed anywhere there is an Internet connection.

However, network administrators face a bewildering set of overlapping products and technologies to consider. While taking different approaches and providing different benefits, technologies such as client-based and Web-based Secure Socket Layer (SSL) Virtual Private Networks (VPNs) provide secure remote access over the Internet.

Whether to choose a client-based VPN client or SSL-based VPN is no longer the issue. Outsourced remote access services combine the benefits of both approaches with the additional benefits of a managed-subscription service. We'll explore the pros and cons of each solution, hopefully providing insight that will keep administrators from being boxed in by the narrow scope of traditional VPN appliances.

Security vs. convenience

A client-based VPN is a set of protocols developed to support the secure exchange of data packets across IP networks like the Internet. In this approach, a VPN client is downloaded and installed on the remote user's desktop computer or laptop, providing full network access so users can do anything from their remote locations that they can do from their office desktops.

Client-based VPNs have a number of drawbacks. Most utilize IPSec, which is difficult to configure and maintain access behind any firewall or proxy, usually involving involves complex key settings, encryption algorithms, and manual user configuration. Client-based VPNs can also present a serious security problem because PCs essentially become nodes on the company network, potentially opening a wide security hole if a client machine is compromised by a virus, Trojan horse, or remote control software.

Client-based VPNs require the distribution of client software, firewalls and antivirus updates that can require a significant investment of time and money. As a result, businesses can quickly find themselves trying to roll out ad hoc solutions while dealing with increased call volume to its help desk. All of these factors can significantly raise the cost of the project and increase user frustration.

A step beyond

SSL-based VPNs have evolved in response to the shortcomings of traditional client-based solutions. These solutions typically offer limited access to company resources through a standard Web browser using SSL, an Internet standard protocol for transmitting documents via the Internet using a public key to encrypt data. Most browsers support SSL, and many Web sites use the protocol to obtain confidential user information such as credit card numbers.

Web-based remote access is easier to deploy: Users simply connect to the Internet through any standard browser and network resources are made available from a Web page. SSL-based VPNs generally offer wide device support though some functionality is usually limited to browsers with Java or ActiveX support. Unlike client-based VPNs, users connecting over the Web with SSL are not actually nodes on the network protecting the LAN and data on it.

As with most technology approaches, SSL-based VPNs present a different set of challenges and issues for an IT department. Users must have an Internet connection to work remotely with an SSL-based VPN. While they usually provide access to Web applications and network shares, they have limited support for non-Web based systems--remote users do not have access to non-Web-based applications on Windows, UNIX, Linux, AS400 or mainframe systems, nor can they get to Windows or client/server applications that aren't Web-enabled.

Resources such as files are presented in Web pages, and it can be difficult and confusing for users to accomplish simple tasks like uploading files or working with e-mail attachments.

Best of both worlds

Given that there are beneficial uses for both VPN clients and client-based and SSL Web-based SSL-VPNs, remote access services and managed VPN service providers integrate the best of both worlds in a single offering. With managed service-based remote access solutions, businesses can tailor remote access to the needs of its users rather than forcing users to accommodate the limitations of any given approach.

These service providers have a powerful policy manager that completely integrates both VPN approaches with existing user settings and preferences. The best solutions offer a Web-based approach reducing the time and cost of deploying client solutions. Using the Internet, virtually any device or OS can connect to the company LAN.

Remote access services that provide centralized configuration features enable administrators to reconfigure applications, populate desktops with proper drive maps, drivers, printers and other company resources. Remote access services also provide the most essential security features such as locking down PCs and ensuring each user is properly authenticated before allowing direct access to the corporate network.

Any exceptions to company policies result in appropriate actions such as severing the user's connection and generating usage reports. Unlike traditional most in-house VPN appliances, managed remote access solutions include terminal services in their subscriptions providing access to files, e-mail and intranet sites--without the extra overhead of an additional terminal services environment.

Service-based remote access/managed VPN service provider solutions offer the additional benefits that accompany most outsourced services. The best service providers incorporate the latest remote access technology into their infrastructure. Customers receive the benefits of a solution that is always up to date without spending more for new technology and IT talent.

A third-party remote access service also provides flexible scalability: providers have the man-power and know how to provision and manage thousands of users so customers don't have to including basic help-desk support to ensure users don't have issues logging into the network. Unlike traditional VPNs that take months to implement, managed remote access VPN services are often implemented in hours reducing the risk of a long implementation resulting in potentially disappointing results.

Don't get boxed in

Administrators who only compare in-house client-based VPNs and SSL Web-based SSL-VPNs VPN solutions to meet their remote access needs address only part of the problem. Deploying a successful remote access initiative involves understanding what features and benefits are most important to your IT staff and users.

While some companies may have a predisposition to buying and integrating hardware and implementing their own home-grown solutions, many IT departments find a third-party managed remote access service to be better, faster, less expensive, and less risky than an internally developed one.

Managed VPN service providers keep businesses from being boxed in by traditional in-house VPN offerings that require substantial budget, both upfront and ongoing, and IT manpower to maintain. Technologies are automatically updated, thousands of users can be supported, and network managers don't have to worry about babysitting and protecting a growing number of clients--everything is outsourced. Managed remote access solutions enable employees to be productive while working remotely in a secure environment with fewer headaches, costs and unforeseen roadblocks.

Timothy Sutton is CEO and co-founder of Positive Networks, a provider of remote access services.

 
 
Archives by Date
 
 
 
 
 
Copyright © 2008 ComputerUser Inc.
About us | Terms of use | Privacy Policy | Legal | Trademark/Copyright | Awards | Advertise | Writer guidelines | Sitemap | Contact | FAQ's | Feedback  | Link to us

Here are the topics we cover computer certification computer careers computer training computer games consulting data recovery data security digital entertainment emerging technology gadget reviews handheld computers hardware reviews home automation home networks home office how-to advice internet linux local companies local news local profiles macintosh mp3 players network security online music online security open-source small-business technology soho software reviews technology books technology dictionary vpn web site reviews wi-fi windows wireless technology tech articles tech news press releases tech dictionary education resources career solutions create your personal blog upload your videos become a writer usergroups special interest group SIG 3com cipts adobe adobe certified expert apc ncpi apple achds acpt acsa actc avaya bea 8.1 certified administrator 8.1 certified architect 8.1 certified developer 9 certified administrator bicsi rcdd checkpoint ccmse ccsa ccsa ngx ccse ccse ng plus with ai ccse ngx cisco access routing and lan switching ccda ccdp ccie ccip ccna ccnp ccnp old ccsp ccvp crmam ip communications optical proctored exams for validating knowledge sales specialist storage networking vpn and security wireless lan citrix cca 3.0 cca 4.0 cca 4.5 cca xp ccea 3.0 ccea 4.0 ccea xp ccia ciw ciw associate ciw certified instructor master ciw admin master ciw designer master ciw enterprise developer security analyst comptia a+ network+ security+ server+ computer associates ca cusa cuse cwna cwna cwsp dell eccouncil cea cep certified ethical hacker chfi e-commerce architect emc emc specialist implemenation technology foundations enterasys ese eta exam express exin exin itil extreme networks ena ens filemaker f7cd f8cd fortinet fortigate foundry cne fujitsu fujitsu guidance software ence hdi css hda hdm hdsa hitachi hitachi certified professional hp ais apc app aps ase certified systems developer csa cse master ase huawei hcne hyperion hcp ibm advanced deployment professional advanced technical expert application developer business process analyst certified administrator certified advanced system administrator certified advanced technical expert certified associate developer certified enterprise developer certified solution designer certified specialist certified systems expert database administrator db2 deployment professional enterprise developer eserver certified specialist ibm on demand business solution advisor solution designer solutions developer solutions expert storage administrator system administator iisfa cifi intel isaca cisa isc cissp sscp iseb itil ism cpm juniper jncia jncis legato lcaa lcea lotus clp lpi lpic level 1 lpic level 2 lpic level 3 macromedia mcafee mcdata csnd microsoft crm mbs mcad .net mcdba mcdst mcitp mcp mcpd mcsa longhorn mcsa 2003 mcsa 2008 mcsd .net mcse mcse 2000 security mcse 2000 to mcse 2003 upgrade mcse 2003 mcse 2003 messaging mcse 2003 security mcse 2008 mcts microsoft business solutions microsoft partner competency mile2 cnsa network appliance nac-na nac-nie naca nace nacp network general sniffer certified professional nokia nokia security administrator nortel ncde ncds ncse ncss ncts novell5 cna 5 cne 6 cna 6 cne 6.5 cne cne upgrade omg ocup oracle 10g dba 10g oca 11i 8i dba 9i dba 9i internet application developer oca ocp8 to ocp8i dba upgrade exam pmi project management professional polycom pcve redhat rhce rhct sair sas institute sas scp saas scp snia snia certified architect snia certified professional snia certified systems engineer snia storage networking certification program administrator professional associate symantec scse scsp scta scts teradata tca v2r5 tcad v2r5 tcda v2r5 tcis v2r5 tcm v2r5 tcp v2r5 tia ccnt ctp tibco tcp trusecure ticsa veritas infraguard chamber of commerce vcp vmware certified professional webex linkedin facebook myspace Professional page layout, image editing, vector illustration, and print production Website design, development, prototyping, and blogging Creation of rich interactive content Industry-standard visual effects and motion graphics Video capture, editing, and production; DVD titling; and digital audio, Adobe Photoshop CS3 extended, Adobe illustrator CS3,Adobe indesign CS3,Adobe Acrobat 8 Professional, Adobe Flash CS3 Professional, Adobe Dreamweaver CS3,Adobe Contribute CS3,Adobe Fireworks CS3,Adobe After Effects CS3 Professional, Adobe Premiere Pro CS3,Adobe Soundbooth CS3,Adobe Encore CS3,Adobe OnLocation,Adobe Bridge CS3,Adobe Version Cue CS3,Adobe Device Central CS3,Adobe Stock Photos, Intel Pentium 4 (1.4GHz processor for DV; 3.4GHz processor for HDV), Intel Centrino, Intel Xeon, (dual 2.8GHz processors for HD), or Intel Core, Duo (or compatible) processor; SSE2-enabled processor required for AMD systems Microsoft Windows XP with Service Pack 2 or Microsoft Windows Vista Home Premium, Business, Ultimate, or Enterprise (certified for 32-bit editions) 1GB of RAM for DV; 2GB of RAM for HDV and HD; more RAM recommended when running multiple components 10GB of available hard-disk space (additional free space required during installation) Dedicated 7,200 RPM hard drive for DV and HDV editing; striped disk array storage (RAID 0) for HD; SCSI disk subsystem preferred Microsoft DirectX compatible sound card (multichannel ASIO-compatible sound card recommended),1,280x1,024 monitor resolution with 32-bit color adapter Blu-ray burner required for Blu-ray Disc creation OHCI compatible IEEE 1394 port for DV and HDV capture, export to tape, and transmit to DV device QuickTime 7.1.2 software required to use QuickTime features Broadband Internet connection required for Adobe Stock Photos* and other services