Remote Access Techniques for Business - How to Choose
RTA Information Technology - Tempe, Arizona
The Wonderful World of Remote Access keeps expanding. Small businesses now have remote access options that were unthinkable ten years ago. In fact, with Windows Small Business Server 2003, a small office has MUCH better remote capability than many large corporations.
There are four main techniques used for working remotely:
1) Remote Desktop
2) VPN (Virtual Private Network)
3) SBS Remote Web Workplace
4) Terminal Services
Each has its pros and cons. Each has appropriate and inappropriate uses.
1) Remote Desktop
Remote Desktop (using Microsoft's Remote Desktop or the open-software VNC) lets you work directly on your Office PC. Your remote PC is nothing more than a video terminal with a mouse and keyboard attached. Anything you do on the desktop is actually happening on your Office PC. This is a surprising low-bandwidth solution. You can work remotely with only a telephone modem connection.
Remote Desktop is recommended where you are accessing data-intensive applications, like databases. Since all the processing and data handling are done on your Office PC, Remote Desktop is much faster than VPN for viewing databases or working with large data files.
Remote Desktop is also quite safe for your Office network. Because your remote PC is only used as a video terminal, there's no direct connection between your Office's network and your remote PC. Worms, for instance, can't travel to your Office and infect the rest of your network.
Remote Desktop is my recommended access method when you can't be sure that the remote computer is secure and safe from viruses, worms, and other contamination. If employees are logging in from a home computer that others may use, it's by far the safest remote access method.
2) VPN (Virtual Private Network)
A VPN establishes a direct link between your remote PC and your Office network. It's pretty bandwidth intensive. Working with large files or databases is quite slow. On the other hand, you have direct access to the network, can perform drive mapping to resources, and data transfers (such as file transfers and directory listings) are much faster than with Remote Desktop.
As mentioned earlier, VPNs are a bit of a security risk. If a contaminated remote PC enters your network, your other Office PCs are exposed to worm propagation. This risk can be managed in various ways, but it never goes away completely.
VPN Flavors
VPNs come in two flavors: Client-to-Site and Site-to-Site. A Client-to-Site VPN connects single remtoe computers to the Office. A Site-to-Site VPN connects an entire Office to an entire Office. It doesn't require that each individual PC create a VPN connection.
Hardware versus Software VPNs
You can either use a hardware VPN server (like a SonicWall or Netgear VPN box) or a software VPN server (like Windows Server 2003 or SBS 2003, Standard or Premium Edition). There are advocates for both methods.
Personally, I use a lot of SBS 2003 servers (with or without ISA 2004), and I find that the built-in VPN server works fine. There's no need to maintain separate Windows and VPN accounts/passwords, since the VPN uses the same accounts as your Windows Server. Microsoft claims that an ISA 2004 Server can handle hundreds to thousands of simultaneous VPN connections, so, even if they are exaggerating, Microsoft's software VPN should be able to handle most small business offices just fine. Note that some hardware VPNs can also use LDAP to make use of your Windows accounts for authentication.
Alternative VPNs
There are some recent alternative VPN methods. A very recent one is Hamachi http://hamachi.cc Hamachi requires a special client to be installed on the Remote PC and at the Office. Once installed, Hamachi uses a 3rd-party public server to help create the secure link between the systems. Hamachi is quick and easy to configure.
Another interesting VPN method uses web browser technology. SonicWall's SSL-VPN http://www.sonicwall.com/products/ssl-vpn200.html uses the web browser on the remote PC to establish a secure connection to the SonicWall device. It still requires the use of Active-X or Java on the client PC, as well as SSL, cookies, and JavaScript.
3) SBS Remote Web Workplace
Although it looks pretty much like Windows Remote Desktop, and uses the same technology, SBS Remote Web Workplace offers foolproof remote access to your entire Office. No configuration is needed on the Office PCs. You just select which PC you want to access, click the mouse, and log in.
4) Terminal Services
This is similar to Windows Remote Desktop. The main difference is that Terminal Services, as run on a Windows Terminal Server, is intended for normal users and Terminal Services can handle many users at once. Remote Desktop on XP is limited to a single user (except for Remote Assistance, which allows two simultaneous logons, but only one active keyboard/mouse).
A Terminal Server gives multiple virtual desktops on a single Server. You install Terminal Services on a Windows Server, create a Terminal Services Licensing Server, and install TS licenses for your users. As each user logs in, he/she gets a unique desktop and program settings. You install programs, such as MS Office and other applications, in a special way that allows multiple users to simultaneously use the programs.
Terminal Services is a good way to ensure that all users have identical desktops. But it has its own set of Server management challenges. Many antivirus applications, for instance, aren't really designed for Terminal Server use.
Notes About Remote Printing and Drive Sharing
Both Remote Desktop and Remote Web Workplace offer you the chance to print on your remote PC's printer. The only problem is: It ususually doesn't work!
The solution is install the DRIVERS for your remote printer on your Office PC. If Remote Desktop can't find IDENTICAL printer drivers on both the remote PC and the Office PC, it'll refuse to print remotely.
Drive Sharing between your remote PC and your Office PC is easier. Jut click the appropriate checkbox when you open up your Remote Desktop or Remote Web Workplace connection. You'll get a warning about the potential hazards of drive sharing, which you can accept if you trust both PCs.
Notes about Terminal Server Remote Printing
Just like Remote Desktop, Terminal Server has known remote printing problems. Solving them is tougher, because you have more users and they may have a wide variety of remote printers installed on their remote PCs. You can't possibly install all those printer drivers on your Terminal Server. Besides, installing 3rd-party printer drivers on a Terminal Server is asking for an unstable Server.
If you only want to support common printers, like HP Laser and Injet printers, you can set up Terminal Server to translate printers to those common drivers. This can work if the remote printers recognize the HP drivers.
But if you have Samsung or other printers that don't recognize HP drivers, you should take a look at 3rd-party "Universal Printer Drivers". ScrewDrivers and UniPrint are two well-known drivers. Licensing is pricey (ScrewDrivers is about $1500 per server and Uniprint around $1000), but these special drivers can make remote printing a breeze.
If you aren't currently taking advantage of remote access, you should give it a whirl!
The Wonderful World of Remote Access keeps expanding. Small businesses now have remote access options that were unthinkable ten years ago. In fact, with Windows Small Business Server 2003, a small office has MUCH better remote capability than many large corporations.
There are four main techniques used for working remotely:
1) Remote Desktop
2) VPN (Virtual Private Network)
3) SBS Remote Web Workplace
4) Terminal Services
Each has its pros and cons. Each has appropriate and inappropriate uses.
1) Remote Desktop
Remote Desktop (using Microsoft's Remote Desktop or the open-software VNC) lets you work directly on your Office PC. Your remote PC is nothing more than a video terminal with a mouse and keyboard attached. Anything you do on the desktop is actually happening on your Office PC. This is a surprising low-bandwidth solution. You can work remotely with only a telephone modem connection.
Remote Desktop is recommended where you are accessing data-intensive applications, like databases. Since all the processing and data handling are done on your Office PC, Remote Desktop is much faster than VPN for viewing databases or working with large data files.
Remote Desktop is also quite safe for your Office network. Because your remote PC is only used as a video terminal, there's no direct connection between your Office's network and your remote PC. Worms, for instance, can't travel to your Office and infect the rest of your network.
Remote Desktop is my recommended access method when you can't be sure that the remote computer is secure and safe from viruses, worms, and other contamination. If employees are logging in from a home computer that others may use, it's by far the safest remote access method.
2) VPN (Virtual Private Network)
A VPN establishes a direct link between your remote PC and your Office network. It's pretty bandwidth intensive. Working with large files or databases is quite slow. On the other hand, you have direct access to the network, can perform drive mapping to resources, and data transfers (such as file transfers and directory listings) are much faster than with Remote Desktop.
As mentioned earlier, VPNs are a bit of a security risk. If a contaminated remote PC enters your network, your other Office PCs are exposed to worm propagation. This risk can be managed in various ways, but it never goes away completely.
VPN Flavors
VPNs come in two flavors: Client-to-Site and Site-to-Site. A Client-to-Site VPN connects single remtoe computers to the Office. A Site-to-Site VPN connects an entire Office to an entire Office. It doesn't require that each individual PC create a VPN connection.
Hardware versus Software VPNs
You can either use a hardware VPN server (like a SonicWall or Netgear VPN box) or a software VPN server (like Windows Server 2003 or SBS 2003, Standard or Premium Edition). There are advocates for both methods.
Personally, I use a lot of SBS 2003 servers (with or without ISA 2004), and I find that the built-in VPN server works fine. There's no need to maintain separate Windows and VPN accounts/passwords, since the VPN uses the same accounts as your Windows Server. Microsoft claims that an ISA 2004 Server can handle hundreds to thousands of simultaneous VPN connections, so, even if they are exaggerating, Microsoft's software VPN should be able to handle most small business offices just fine. Note that some hardware VPNs can also use LDAP to make use of your Windows accounts for authentication.
Alternative VPNs
There are some recent alternative VPN methods. A very recent one is Hamachi http://hamachi.cc Hamachi requires a special client to be installed on the Remote PC and at the Office. Once installed, Hamachi uses a 3rd-party public server to help create the secure link between the systems. Hamachi is quick and easy to configure.
Another interesting VPN method uses web browser technology. SonicWall's SSL-VPN http://www.sonicwall.com/products/ssl-vpn200.html uses the web browser on the remote PC to establish a secure connection to the SonicWall device. It still requires the use of Active-X or Java on the client PC, as well as SSL, cookies, and JavaScript.
3) SBS Remote Web Workplace
Although it looks pretty much like Windows Remote Desktop, and uses the same technology, SBS Remote Web Workplace offers foolproof remote access to your entire Office. No configuration is needed on the Office PCs. You just select which PC you want to access, click the mouse, and log in.
4) Terminal Services
This is similar to Windows Remote Desktop. The main difference is that Terminal Services, as run on a Windows Terminal Server, is intended for normal users and Terminal Services can handle many users at once. Remote Desktop on XP is limited to a single user (except for Remote Assistance, which allows two simultaneous logons, but only one active keyboard/mouse).
A Terminal Server gives multiple virtual desktops on a single Server. You install Terminal Services on a Windows Server, create a Terminal Services Licensing Server, and install TS licenses for your users. As each user logs in, he/she gets a unique desktop and program settings. You install programs, such as MS Office and other applications, in a special way that allows multiple users to simultaneously use the programs.
Terminal Services is a good way to ensure that all users have identical desktops. But it has its own set of Server management challenges. Many antivirus applications, for instance, aren't really designed for Terminal Server use.
Notes About Remote Printing and Drive Sharing
Both Remote Desktop and Remote Web Workplace offer you the chance to print on your remote PC's printer. The only problem is: It ususually doesn't work!
The solution is install the DRIVERS for your remote printer on your Office PC. If Remote Desktop can't find IDENTICAL printer drivers on both the remote PC and the Office PC, it'll refuse to print remotely.
Drive Sharing between your remote PC and your Office PC is easier. Jut click the appropriate checkbox when you open up your Remote Desktop or Remote Web Workplace connection. You'll get a warning about the potential hazards of drive sharing, which you can accept if you trust both PCs.
Notes about Terminal Server Remote Printing
Just like Remote Desktop, Terminal Server has known remote printing problems. Solving them is tougher, because you have more users and they may have a wide variety of remote printers installed on their remote PCs. You can't possibly install all those printer drivers on your Terminal Server. Besides, installing 3rd-party printer drivers on a Terminal Server is asking for an unstable Server.
If you only want to support common printers, like HP Laser and Injet printers, you can set up Terminal Server to translate printers to those common drivers. This can work if the remote printers recognize the HP drivers.
But if you have Samsung or other printers that don't recognize HP drivers, you should take a look at 3rd-party "Universal Printer Drivers". ScrewDrivers and UniPrint are two well-known drivers. Licensing is pricey (ScrewDrivers is about $1500 per server and Uniprint around $1000), but these special drivers can make remote printing a breeze.
If you aren't currently taking advantage of remote access, you should give it a whirl!
posted by Myron Johnson | 12:44 PM
1 Comments:
I think http://www.ibackup.com/remote_access_pc will be another ideal solution. You can acces your office or home computers remotely anytime and from anywhere in the world. You can read e-mails, work on the documents and resources and retrieve important documents and data files using RemotePC.
The entire communication between the remote computer (Viewer) and the RemotePC enabled computer (Host) is encrypted using 128-bit RC4/SSL. RemotePC works behind most firewalls and proxy servers and the Host computer does not require a static IP address. Downloading and installing the Host and Viewer applications is not at all cumbersome.
Free with RemotePC comes http://www.ibackup.com/remote_access_pc/remote_data.htm'with which you can access pictures and documents. The advantage of RemoteData is that you can create sharable links of data and email them to your friends and colleagues to share them.
RemotePC also has a solution for remote troubleshooting customers’ PCs. http://www.ibackup.com/remote_access_pc/remote_helpdesk1.htm'solution can help you troubleshoot PCs and considerably enhance your customer support capabilities.
Interested? Then try their 30-day free trial.
Post a Comment
<< Home