|
At the launch of Office 2000 this summer Steve
Ballmer made it clear that Microsoft has undergone a paradigm shift. Its original vision
of "a computer on every desk and in every home" has changed to " great
software any time, any place any platform". Microsoft’s recognition of this new
reality is mirrored by a sea change in the role, function and relationship of the Remote
Access Server (RAS) and remote access client devices such as modems and terminal adapters.
As Microsoft stops promoting computers and starts promoting applications, RAS has evolved
to meet this new vision. The fundamental requirements for a remote access session of
course remain unchanged; we need as much bandwidth as possible between the RAS and the
remote access client device, the remote access session needs to be secure and access must
be possible any time, any place from any platform through any remote client access device.
3 AC
What has changed is how your remote access services can be delivered and who might deliver
the services. In keeping with Microsoft’s paradigm shift we have seen the rise of
Server Based Computing (SBC), as Microsoft and the rest of the computer and communications
industry concentrates on what you want to do, when you want to do it and how you want to
do it - Any time Any Place Any Platform Computing (3AC). With SBC the device you use to
access your application or resource depends on where you are and what you have to hand
– a PC, Laptop, an interactive TV, a mobile phone or a Personal Digital Assistant
(PDA) like a Palm Pilot. Who owns the Server and the Applications or where they reside is
not the issue, it’s your ability to access 3AC. This flexible connectivity, when
coupled with Thin Client Computing, is the genesis of the Application Service
Providers’ (ASP) offering with their ability, via the Internet, to deliver 3AC. The
RAS and remote access client device link remains the essential first step in delivering
3AC.
The Remote Access Server has changed from a box with many individual ports each with its
own characteristics, which you owned, to a single high-speed digital connection to the
Internet. You can rent this connection in 64K channels from your ISP, managing the remote
client’s access method. Speed can now be outsourced from an ISP with whom you can put
in Service Level Agreements as to bandwidth and availability to meet your needs, or you
can leave the client to access the ISP of their own choice. Additionally, this saves line
costs as Internet access is usually the cost of a call to a Point of Presence (POP),
(which is normally a local call) in contrast to the traditional remote access session
where the call costs are dependent on both time and distance, and you pay for the whole
link. Thus the Internet addresses the bandwidth requirements of remote access manager;
what we lose in the bandwidth or performance predictability we gain in the ability to
access information any time any place any platform. This marks a key step to
3AC and at the same time offers savings in call costs.
Thin client computing
Internet-based remote access is really where Thin Client Computing comes into its own when
compared with traditional client/server computing, and specifically when access
performance speed of the two architectures across the Internet is compared. With Thin
Client Computing you run the application on a distant server exchanging only screens and
keyboard/mouse commands across the Internet with the distant remote access client. This
radically reduces your need for bandwidth. Even the current bandwidth limit of 9.6 Kbps on
GSM connections is not a constraint for Thin Client, while for conventional client/server
implementation a GSM Internet connection can be frustrating and often impractical.
Internet-based remote access, ASP and Thin Client Computing fit well together allowing for
innovative ways of managing, delivering and presenting applications. For example, consider
a template program you might use to produce network diagrams for inclusion in proposals.
You may only need access to the actual application two or three times a month, say, so
rather than buy the program outright, you might choose to subscribe to access it or buy a
number of hours access time (support available at extra cost!). So you would always have
access to the latest version any time, any place, from any platform, and not have cash
locked into a depreciating asset. Server Based Computing is changing the nature of remote
access, increasing the options and possibilities as Application Service Provision moves
from a marketing spin to day-to-day reality.
So far we have seen how Thin Client Computing can be used to access Applications across
the Internet. This approach addresses two of the remote access fundamentals: the need for
more bandwidth and availability – any time, any place any platform. Thin Client
addresses the bandwidth requirements, where more is better; with Thin Client bandwidth
requirements are reduced to a minimum. At the same time the demands on the platform or
terminal are much reduced making it considerably easier to present and deliver the
application on a variety of platforms, which are often lower cost devices when compared to
conventional PCs, while the Internet through its ubiquity answers the remote access need
to be available at any time and from any place.
Security issues
Two out of three of the remote access fundamentals in delivering 3AC are addressed; what
the Thin Client Computing/Internet remote access combination does not address is the
remote access security requirement. Put simply, the Internet’s strength for 3AC for
remote access is in turn its weakness for remote access security, as with Internet-based
remote access the network manager has to be alert to a security breach at
any time, from anywhere and any from platform.
The answer to the Internet’s access security issue lies in the Virtual Private
Network (VPN). Taking that secure networking concept developed from the planet’s
other even more ubiquitous network, the Public Switched Telephone Network, Virtual Private
Networking turns a public network into a secure private network. Virtual Private
Networking provides the third and final piece to the three fundamentals of remote access
across the Internet, making it possible, and practical, to have effective, secure remote
access across the Internet.
Briefly, establishing a VPN across the Internet requires two calls: one call to connect to
the Internet followed by a second call to the Server supplying the resource or
application. The connection is made secure by the use of an encrypted tunnel; the analogy
with the Channel Tunnel fits well. The encrypted packets travel inside another packet just
as the cars travel inside the train through the Channel Tunnel. There is, however, a
performance downside to Virtual Private Networking; it creates an additional overhead as
packets are encrypted and loaded into another packet causing delay and consuming
bandwidth, just as it takes time for cars and trucks to be loaded on and off the Channel
Tunnel at Ashford and Calais. Coupling these delays inherent in the Internet, VPN
performance often cannot be as good as conventional direct connect remote access. This
performance consideration makes the application of Thin Client Architecture for
Application Service Provision across the Internet even more compelling as Thin Client
Architecture has a reduced bandwidth requirement which compensates for the additional
bandwidth needed to create that secure encrypted tunnel.
Is NT an effective option?
So we can see how the Internet breaks the direct physical link between remote access
client, remote access server and the ultimate application. The diagram shows how Remote
Access Server role and VPN together are part of Internet-based remote access
forming a key link in the provision of secure access which makes best use of the available
bandwidth using Thin Client Computing.
At the same time, Thin Client Computing
overcomes the Internet’s bandwidth constraints and Virtual Private Networking
addresses the Internet’s security issues. The traditional communications companies
offer a range of products to meet the access and security needs of the Internet. At the
same time Microsoft has not been idle in responding to these changes, building on Windows
NT’s strength as an application server.
Windows NT offers a server platform upon which each or all the functions of the layers in
the diagram can be built. Additionally there are a growing number of third party products
which increase NT’s availability and stability along with tightening its in-built
security, making NT-based Internet remote access a viable alternative to sourcing each
layer’s function from a different vendor. |
Remote Access Sever and Server Based
Computing
|
So Windows NT can be configured to offer
server-based solutions for all three key elements of remote access: efficient use of the
bandwidth with the Thin Client Edition, secure access with Proxy server and implementation
of firewalls like CheckPoint 1. 3AC can be made possible with the many fault tolerant NT
server architectures and options available from Compaq, Dell, HP and others. Making NT an
effective option for all aspects of Internet-based remote access to deliver the complete
Server Based Computing model.
Michael Ohajuru is director of
sRAS
> |
|
