Extending the Network: Remote-Access Tools
Basically, remote-access tools serve the function of allowing users outside a local network to log into, access and use resources on that network as if they were locally attached. Historically, remote access developed as a technology to permit users to dial into specific banks of modems attached to a server that would permit them to set up virtual network sessions through the dial-in connection. They could either access resources only on the dial-in server (limited remote access), or they could interact with any network resources available through that server as if they were logged in on a PC attached to the network.
For reasons primarily related to low-bandwidth connections, some remote-access implementations created an interesting software architecture (plus associated hardware, in some special cases). Remote-access sessions were designed to move only mouse movements and keyboard input from the remote-user side of the connection, and only to move screen updates (and in some special cases, other data or file transfers) from the server side of the connection. This kept the amount of data moving between client and server to a minimum and enabled users to function more or less normally, as if they really did have a local connection. On the server side, this could mean setting up virtual machines on a one-per-user basis, so that basically, the server would emulate a separate, distinct virtual computer for each user and supply the CPU horsepower, memory, storage and networking access for each machine as needed. More specialized implementations included “PC on a card” hardware, so that remote users actually took control over a real PC inside the server instead of a virtual emulation. Either way, users could log into, access and interact with applications, file stores, other servers and even printers as if they were plugged right into the local network.
Remote access can have other meanings as well. One popular interpretation of the term describes a scenario where a remote user on a laptop or other mobile computing device establishes a connection with his primary desktop to access files, run applications and perform other activities as if he were sitting in front of the primary machine. Also known as “remote control software,” this sort of thing usually falls outside more stringent interpretations of remote access. While many products offer this kind of functionality (for example, Symantec’s PCAnywhere, LapLink or Microsoft’s Remote Desktop Connection), most of them do not offer full-blown Web-based, virtual-private-network-(VPN)-based implementations that feature strong authentication and encryption capabilities as well. That’s why only two products in that category are mentioned in the list of top remote-access tools: Citrix Online’s GoToMyPC and NetOp RemoteControl. The Citrix product is included because of strong security, an elegant implementation (any Web-capable client will do) and a very compact implementation. NetOp Remote Control gets the nod because of strong security, easy deployment and use across all kinds of connections, and support for Windows, Macintosh, Linux/UNIX, Solaris and legacy systems. Nevertheless, lots of alternatives abound.
Some of the companies that played heavily in this space are still quite active in the remote-access world, but their offerings, their typical avenues for remote access and the platforms they support have changed dramatically. Microsoft’s Remote Access Server (RAS), which began life as a dial-in-only solution, adapted by adding Internet access and channel aggregation capability on the server side. Today, the corresponding service is known as the Routing and Remote Access Service (sometimes abbreviated as RRAS) and includes both dial-in support for those who still need it and VPN-based access for those who wish to establish remote-access connections over the Internet. Along the way, Microsoft has considerably strengthened security for remote connections, upping its use of more secure protocols (IPSec), authentication mechanisms (RADIUS and/or Kerberos), encryption mechanisms and so forth.
Citrix is another company with deep roots in the remote-access field. Always viewed as a high-end provider of Microsoft alternatives, Citrix MetaFrame server technology is still regarded as a leading high-end server solution for remote access. Increasingly, the company gives users more alternatives on both client and server sides, with support for Web-based client access complementing Windows-specific capabilities, and with a UNIX implementation of the server technology available, as well as support for all current Windows server versions. At the same time, the company has also embraced the same kinds of enhanced and strengthened protocols and authentication as Microsoft and other leading players in the remote-access space.
As the Internet became increasingly popular and bandwidth became cheaper, straight-through dial-up options began to lose their appeal for many applications. Why make clients place expensive long-distance calls to access a server directly when they can access the Internet almost anywhere by placing a local call (if they can’t use a faster broadband connection as so many do nowadays)? As long as the server can also access the Internet to establish the “other end” of a remote connection, this ends up being cheaper, easier and, in many cases, faster than old-fashioned dial-up anyway.
When no other connection type is available, dial-up remains better than nothing. But fewer remote-access users than ever before rely solely on dial-up to make connections these days. That’s because ubiquitous Internet access plus secure VPN connections have revolutionized remote access. Simply put, this technology makes long-distance dial-up unnecessary in nearly all cases (and even when local dial-up is used, VPNs make connection types more or less transparent, aside from bandwidth issues). As the name suggests, a VPN turns a public connection into something that’s as secure as a private connection would be by applying rigorous encryption and protection to all the communications traffic it ferries. This eliminates most privacy and confidentiality concerns and makes the Internet more suitable as a business communications and remote-access medium.
The advent of secure VPN technology has completely changed the face of remote access. For one thing, it’s no longer necessary to emulate virtual machines to provide network access (though there’s nothing stopping anyone from using emulation-based remote-access software across a VPN link, either). Other than VPN client software, no special additional software is required, because remote clients function just as if they were locally connected to any networks that a VPN server can reach.
There’s also been a profound change in the style and behavior of most remote-access clients in the past few years. The overwhelming trend is toward Web-based client interfaces, which essentially present access to applications and services through a browser window. Among other things, this removes a lot of client platform dependencies from the client side of the equation, so that even Web-enabled PDAs or cell phones can play the client role for remote access (within limits). Likewise, as long as a Web browser works, a Macintosh, a Linux/UNIX machine or a PC can play the client role with equal facility—provided, of course, that the user understands how the remote-access interface looks and behaves, and knows how to operate it properly.
Be aware that high-end, full-function remote-access solutions are still not cheap (except for remote-control implementations and implementations with limited functionality). It’s not unusual to have to spend $10,000 or more for server-side software and client licenses, not including server or communications costs. This often translates into per-seat costs between $200 and $500, depending on the products chosen and related licensing