In-Depth

Remote Possibilities: Enterprisewide Remote Access Solutions Flourish in High-Bandwidth World

• By Judy Silver
• 05/01/2001

The recognition of remote workers’ contribution to the bottom line is driving enterprises to develop more flexible, innovative and cost-effective remote access solutions. Helped by growing demand for high-speed connections, improved security measures and new wireless LAN access technologies, a variety of service providers are now tackling the remote-access challenge.

"Enterprises are starting to understand and respect these [remote] workers as some of the most important workers in the enterprise," says IDC Analyst Stephen Drake. He also cites as a market driver the growing need for business travelers to access not only e-mail, but also mission-critical applications, such as corporate accounting or customer relationship management systems. Wireless access technology figures to play a critical role in this regard.

"The enterprise WLAN market will continue its rapid growth rate and will largely be driven by mobile end users who will continue their insatiable demands for high-speed LAN connectivity. Critical to the adoption of WLAN solutions is the maturity and experience of traditional network equipment suppliers, such as Cisco, to meet enterprise customers’ strict requirements, particularly in the area of security," says Bob Egan, Vice President at GartnerGroup. "Providing a wireless network solution that integrates with an end-to-end wired network and delivers robust security, manageability and performance is exactly what is necessary to meet the growing demand for wireless networks within enterprise accounts."

The growth of the wireless LAN market is being driven by a growing list of market dynamics that will accelerate adoption of the technology over the next few years, according to Esmeralda Silva, Networking Research Director at IDC. "The market drivers include wireless transmission at higher speeds, lower adoption costs and businesses looking to augment their wired network and enhance mobile worker productivity. The entry of large equipment suppliers, such as Cisco Systems, to the wireless LAN market will drive market opportunities for the technology into the mainstream market."

Telecommuters play a big role in determining remote access solutions. "In a strong job market, the ability to get access to workers across the nation, instead of a regional area, and provide those users with the same tools they would need in the office is critical," states Drake.

Nortel Network, working feverishly on the next-generation Internet, is experiencing this telecommuting phenomenon firsthand. With 20,000 full- or part-time telecommuters (21 percent of a total 94,000 employees), Nortel reports that remote workers post double-digit improvement in productivity and retention over on-site staffers, as well as more frequent referrals for new hiring.

"The model of the enterprise is changing to the virtual workplace," says Warren Ayers, Nortel’s Senior Manager in Teleworking Solutions. He estimates that the teleworking industry will grow from $325 billion by 2004 worldwide. "In the market for technology workers, it’s a huge thing for us to be able to identify people to work for our company and let them live where they want to live."

Virtual Private Networks (VPNs) fill many of the enterprise’s requirements, providing networking services that users can create on demand to connect themselves to their offices from wherever they are in the world. A VPN allows you to use the Internet as your communications backbone for connecting remote users, different businesses and business partners. It is accomplished by using encryption to create a private tunnel through the Internet.

"Everyone wants to jump on a VPN platform for remote access – both in voice and data," Ayers says. "Last year, it was something they talked about. This year, most people are saying we have to get into that [VPN] because it really proved itself as the only way to fly, as far as access to the corporate LAN."

MobileStar Network Corp., for instance, is a provider of high-speed, wireless Internet access for business travelers in public places, such as airports, hotels, conference centers, business service centers, restaurants and coffee shops in the United States. MobileStar has created a wireless broadband communications network designed to give mobile professionals access to the Internet and their corporate intranet remotely.

At the infrastructure level, remote access solutions are moving towards an all-VPN world in the next few years, predicts Infonetics Research’s Executive Director, Jeff Wilson. "One of the things network managers hate more than anything else is managing modem banks," says Wilson. Not only are IT administrators tired of the headaches generated by 10,000 to 50,000 remote users, he notes, they’re also tired of high dial-up costs.

As enterprises migrate away from dial-up connections, Infonetics reports that the worldwide market for VPN services – including bandwidth, design, integration, installation, outsourcing and fully managed services – will reach $10.7 billion in 2001 and explode to $36 billion by 2004.

Broadband connection for remote access is driving the transition to VPNs, because telecommuters can’t use DSL or cable connection from home unless they have a VPN. "It’s a grass-roots demand," states Wilson. "Once you get a faster connection, you want to use it to make your life easier. People who work from home would rather have 356Kb connection, than a dial-up 28.8Kb connection."

Another trend beginning to shape the remote access market is the proliferation of cost-effective wireless connections. Nortel’s Ayers feels that wireless data service is on the verge of exploding among remote workers. "The more accessible and more remote access you can bring to the place where a person wants to work, the more effective they are, so you can keep them productive for a lot more of the day."

Enterprises may soon offer options, such as Metrocom’s Richochet Wireless Internet, a mobile wireless radio solution, because once you’re connected to the Internet via wireless access, you can use a corporate VPN just as you would over landlines. In addition, there are a growing number of people who want access to their corporate enterprise through portable appliances, including Personal Digital Assistants (PDAs) and Web tablets.

Although VPNs cost-effectively fulfill many of today’s enterprise requirements, the security risk is great. Always-on DSL connections give others a chance to hack into your machine and find the tunnel route.

ISP Pilot Network Services offers a turnkey VPN solution that addresses security issues through a network-based, managed system. The company’s Heuristic Defense Infrastructure (HDI) sits in Pilot’s data center and is monitored day and night. "We’re intercepting the tunnel at the Pilot security center, breaking out traffic streams and running clean traffic to corporate sites," says Pilot’s Vice President of Marketing and Business Development, Phil Simmonds.

Pilot has also developed the Secure Road Warrior Plus to handle more users and provide better management control to the enterprise. "When a VPN doesn’t work, it’s a real pain," asserts Simmonds. "A managed service takes the worry out of remote access."

Newsweek magazine’s approach to remote access demonstrates the importance of flexibility in enterprises that want to deploy a managed VPN solution. Domestically, Newsweek set up an 800 number for remote access into a Citrix Metaframe residing on a Remote Access Server (RAS) that allowed two different types of access – one for Newsweek-supported machines, that have all the applications loaded on the machines and one for home machines, via remote control. About 20 percent of Newsweek’s remote users use this remote access method.

Centralized Control Over a Managed Service

"When I arrived [at Newsweek], my first nightmare was [finding] PC Anywhere on everybody’s desk, with PCs left on and modems all over the place," asserts Newsweek’s Director of Information Technology, Len Carella. "It wasn’t secure or cost-effective, and it wasn’t reliable." Establishing the 800 number helped create centralized remote access that was secure and cost-effective.

The second approach, remote control, is popular with workers who just want access to e-mail or who don’t warrant a laptop for regular work at home. These workers install floppy disks, dial into the 800 number and access applications set up inside the network, so Newsweek doesn’t have to support home machines.

"That left us a void with people traveling internationally and those with DSL and cable modems at home," states Carella, adding, "That’s where the VPN solution has worked well for us."

Although Newsweek had been using Pilot’s Road Warrior VPN, it needed Windows 2000 support. By upgrading to Secure Road Warrior Plus, Newsweek gets not only Windows 2000 support, but also faster throughput and more control over creation and maintenance of user accounts and passwords.

Newsweek is adding another 100 users to its first phase of 25, and that number will grow with the proliferation of cable modems and DSL, as well as its growing international presence. For international travelers, Newsweek takes advantage of America Online’s (AOL) local points of presence (POPs) around the world. Users dial into AOL, launch the VPN software and thus enter the corporate network. Newsweek benefits from flat monthly rates and user familiarity, practically eliminating the need to train and support international users.

Private healthcare network provider ChimeNet’s Director, Phil Ruenhorst, says that the healthcare industry is going toward managed services for Internet access and other services, including remote access. Moving MRIs across the network, hospitals enjoy the benefit of managed service, including interoperability, as well as low-cost bandwidth. Serving a user base of 75,000 people, ChimeNet utilizes Cisco PIX firewalls to terminate the VPN and Cisco VPN 3000 Concentrators. Its backbone consists of a Cisco 7000 router and a Lightstream 1010 ATM Switch.

ChimeNet’s remote access offering is different from most VPN vendors who put concentrators out at the remote site, according to Ruenhorst. Instead, ChimeNet attaches to a VPN concentrator in its data center, encrypts traffic to a remote site to a Cisco PIX firewall. "Our method allows users to leverage their Cisco investment," says Ruenhorst. "For a low monthly fee per user, they can piggy-back on our solution."

Nortel is now addressing customers’ security and management needs with its Contivity extranet switch. A teleworker with a soft client on his PC or laptop can easily connect to the Contivity box on the other side of the corporate firewall. This forms an encrypted tunnel, giving that teleworker access to the network.

Nortel’s Instant Internet works with the Contivity server that supports many technologies, including DSL and frame relay. Every time someone needs network access, it forms the tunnel immediately with the Contivity server. "So, you can put it in an application where you have several people hubbed in a small satellite office and this device would constantly keep a tunnel up when you want access to the corporate network," says Ayers.

Challenged by the lack of financial resources or in-house expertise, many small to medium enterprises are not ready to tackle VPNs. These organizations can take advantage of a remote access solution offered by Expert City.

With almost 70 percent of today’s enterprise’s requiring remote access, "people are much more interested in remote access solutions that are easy to implement, administer and maintain," asserts Expert City’s Senior Vice President of Products, Brian Donahoo. "IT and communications managers are fed up with complex systems that require additional people to manage them."

Central to Expert City’s solution – named GoToMyPC – is desktop streaming technology that allows users to gain access to a PC over the Web through a secure tunnel. Proprietary compression algorithms shrink the image back and forth over the Web in a unique way that allows for almost no latency, according to Donahoo. "Reducing wait time and providing a remote experience that’s as close as possible to the local experience is a challenge."

GoToMyPC also allows enterprises to integrate secure ID and standard, long-time password systems out there, as well as the basic networking protocols that enterprises may have in place. Furthermore, many local applications are not Web-enabled and therefore not easily exported to the Web. With GoToMyPC, even remote users are accessing network resources from a local PC – maybe even their own onsite desktop.

"None of the other players have focused on the ability to get access over the Internet," says IDC’s Drake. "It’s an opportunity for smaller enterprises or those who aren’t looking for a VPN solution. It can certainly augment a VPN solution in some ways, because it allows users to get up very quickly. Focusing on the thin-client solution, the ability to gain access over the Internet, really changes the game a little bit. [GoToMyPC] is a more efficient, cheaper, faster alternative to VPN, and when you look at the cost and the time to roll out large deployments compared to users signing up in minutes – there’s some value there."

"Enterprise customers want the ability to control what can be done remotely at various different group levels," says Donahoo. With GoToMyPC, the IT manager can set certain parameters to control levels of security, as well as some functionality available to the user.

Intel’s decision to discontinue support for dial-up products gained through its Shiva acquisition further supports the overwhelming move toward VPNs in the marketplace. "What a lot of people didn’t realize is that prior to Intel acquiring Shiva, Shiva had VPN technology that they developed in-house, as well as by acquiring Isolation Systems," declares Intel’s Product Line Manager, Doug Smith. "It was clear that [VPNs] was the direction remote access was going."

Intel started putting more resources into the next-generation Virtual Private Networking products and shifting away from the traditional remote access, which Smith calls a "flat and declining market."

The first business requirement for the enterprise is performance. "It has to handle lots of remote users, as well as many different sites connected through VPN," states Smith.

"The second [requirement] is interoperability," Smith says. "More and more, you’re not only allowing your own employees to connect, but in some cases, you’re allowing your customers to connect through extranets. They may not be using the same solution in terms of the brand, so you need to have interoperability or be standards-based. The third requirement is security. While some may think security is inherent to VPNs, they [VPNs] are not created equal, so the security implementation is important in each VPN implementation."

Currently, Intel is implementing a new OEM strategy to provide its high-performance, standards-based VPNs through the PC OEMs. Both HP and Compaq will sell Intel’s VPN solution under their brand.

Intel NetStructure VPN high-performance gateway 3130, 3120 and 3110 will allow many users to be connected at one time without hampering throughput. And, because Intel supports IPSec, its product is interoperable with different brands of VPNs.

Looking ahead, Smith points to the wireless front. "From a remote access standpoint, it will be important to look for new technologies that allow for secure encrypted connections via wireless devices," he says. He cites Intel’s support for the relatively new Elliptic Curve Cryptography (ECC), a lightweight, secure form of encryption that allows cell phones that have Web access, or PDAs that can have strong encryption to link back to corporate office as significant.