[an error occurred while processing this directive]

 


Special reports - Feb 2000 - Any time, any place anywhere
The booming ASP industry relies on secure and stable remote access. Michael Ohajuru explains how this is achieved.

.

At the launch of Office 2000 this summer Steve Ballmer made it clear that Microsoft has undergone a paradigm shift. Its original vision of "a computer on every desk and in every home" has changed to " great software any time, any place any platform". Microsoft’s recognition of this new reality is mirrored by a sea change in the role, function and relationship of the Remote Access Server (RAS) and remote access client devices such as modems and terminal adapters.

As Microsoft stops promoting computers and starts promoting applications, RAS has evolved to meet this new vision. The fundamental requirements for a remote access session of course remain unchanged; we need as much bandwidth as possible between the RAS and the remote access client device, the remote access session needs to be secure and access must be possible any time, any place from any platform through any remote client access device.

3 AC


What has changed is how your remote access services can be delivered and who might deliver the services. In keeping with Microsoft’s paradigm shift we have seen the rise of Server Based Computing (SBC), as Microsoft and the rest of the computer and communications industry concentrates on what you want to do, when you want to do it and how you want to do it - Any time Any Place Any Platform Computing (3AC). With SBC the device you use to access your application or resource depends on where you are and what you have to hand – a PC, Laptop, an interactive TV, a mobile phone or a Personal Digital Assistant (PDA) like a Palm Pilot. Who owns the Server and the Applications or where they reside is not the issue, it’s your ability to access 3AC. This flexible connectivity, when coupled with Thin Client Computing, is the genesis of the Application Service Providers’ (ASP) offering with their ability, via the Internet, to deliver 3AC. The RAS and remote access client device link remains the essential first step in delivering 3AC.

The Remote Access Server has changed from a box with many individual ports each with its own characteristics, which you owned, to a single high-speed digital connection to the Internet. You can rent this connection in 64K channels from your ISP, managing the remote client’s access method. Speed can now be outsourced from an ISP with whom you can put in Service Level Agreements as to bandwidth and availability to meet your needs, or you can leave the client to access the ISP of their own choice. Additionally, this saves line costs as Internet access is usually the cost of a call to a Point of Presence (POP), (which is normally a local call) in contrast to the traditional remote access session where the call costs are dependent on both time and distance, and you pay for the whole link. Thus the Internet addresses the bandwidth requirements of remote access manager; what we lose in the bandwidth or performance predictability we gain in the ability to access information any time any place any platform. This marks a key step to 3AC and at the same time offers savings in call costs.

Thin client computing


Internet-based remote access is really where Thin Client Computing comes into its own when compared with traditional client/server computing, and specifically when access performance speed of the two architectures across the Internet is compared. With Thin Client Computing you run the application on a distant server exchanging only screens and keyboard/mouse commands across the Internet with the distant remote access client. This radically reduces your need for bandwidth. Even the current bandwidth limit of 9.6 Kbps on GSM connections is not a constraint for Thin Client, while for conventional client/server implementation a GSM Internet connection can be frustrating and often impractical.

Internet-based remote access, ASP and Thin Client Computing fit well together allowing for innovative ways of managing, delivering and presenting applications. For example, consider a template program you might use to produce network diagrams for inclusion in proposals. You may only need access to the actual application two or three times a month, say, so rather than buy the program outright, you might choose to subscribe to access it or buy a number of hours access time (support available at extra cost!). So you would always have access to the latest version any time, any place, from any platform, and not have cash locked into a depreciating asset. Server Based Computing is changing the nature of remote access, increasing the options and possibilities as Application Service Provision moves from a marketing spin to day-to-day reality.

So far we have seen how Thin Client Computing can be used to access Applications across the Internet. This approach addresses two of the remote access fundamentals: the need for more bandwidth and availability – any time, any place any platform. Thin Client addresses the bandwidth requirements, where more is better; with Thin Client bandwidth requirements are reduced to a minimum. At the same time the demands on the platform or terminal are much reduced making it considerably easier to present and deliver the application on a variety of platforms, which are often lower cost devices when compared to conventional PCs, while the Internet through its ubiquity answers the remote access need to be available at any time and from any place.

Security issues


Two out of three of the remote access fundamentals in delivering 3AC are addressed; what the Thin Client Computing/Internet remote access combination does not address is the remote access security requirement. Put simply, the Internet’s strength for 3AC for remote access is in turn its weakness for remote access security, as with Internet-based remote access the network manager has to be alert to a security breach at any time, from anywhere and any from platform.

The answer to the Internet’s access security issue lies in the Virtual Private Network (VPN). Taking that secure networking concept developed from the planet’s other even more ubiquitous network, the Public Switched Telephone Network, Virtual Private Networking turns a public network into a secure private network. Virtual Private Networking provides the third and final piece to the three fundamentals of remote access across the Internet, making it possible, and practical, to have effective, secure remote access across the Internet.

Briefly, establishing a VPN across the Internet requires two calls: one call to connect to the Internet followed by a second call to the Server supplying the resource or application. The connection is made secure by the use of an encrypted tunnel; the analogy with the Channel Tunnel fits well. The encrypted packets travel inside another packet just as the cars travel inside the train through the Channel Tunnel. There is, however, a performance downside to Virtual Private Networking; it creates an additional overhead as packets are encrypted and loaded into another packet causing delay and consuming bandwidth, just as it takes time for cars and trucks to be loaded on and off the Channel Tunnel at Ashford and Calais. Coupling these delays inherent in the Internet, VPN performance often cannot be as good as conventional direct connect remote access. This performance consideration makes the application of Thin Client Architecture for Application Service Provision across the Internet even more compelling as Thin Client Architecture has a reduced bandwidth requirement which compensates for the additional bandwidth needed to create that secure encrypted tunnel.

Is NT an effective option?


So we can see how the Internet breaks the direct physical link between remote access client, remote access server and the ultimate application. The diagram shows how Remote Access Server role and VPN together are part of Internet-based remote access forming a key link in the provision of secure access which makes best use of the available bandwidth using Thin Client Computing.

At the same time, Thin Client Computing overcomes the Internet’s bandwidth constraints and Virtual Private Networking addresses the Internet’s security issues. The traditional communications companies offer a range of products to meet the access and security needs of the Internet. At the same time Microsoft has not been idle in responding to these changes, building on Windows NT’s strength as an application server.
Windows NT offers a server platform upon which each or all the functions of the layers in the diagram can be built. Additionally there are a growing number of third party products which increase NT’s availability and stability along with tightening its in-built security, making NT-based Internet remote access a viable alternative to sourcing each layer’s function from a different vendor.

Remote access server and server based computing
Remote Access Sever and Server Based Computing

So Windows NT can be configured to offer server-based solutions for all three key elements of remote access: efficient use of the bandwidth with the Thin Client Edition, secure access with Proxy server and implementation of firewalls like CheckPoint 1. 3AC can be made possible with the many fault tolerant NT server architectures and options available from Compaq, Dell, HP and others. Making NT an effective option for all aspects of Internet-based remote access to deliver the complete Server Based Computing model.

Michael Ohajuru is director of sRAS
>