Remote Access Buyer's Guide
Inevitably, just when you're miles from the office, someone needs a piece of information that only you can provide, and it is locked away on your office PC. With a remote access solution, you can easily access your PC and get the data you need, all while sipping a drink with your toes in the sand.
Sound too good to be true? Well, it isn't. A number of different solutions are available to help make this a reality. In this Remote Access Buyer's Guide, I will cover the different types of remote access solutions, their advantages and disadvantages, their ease of use and technical requirements, and also what you can expect as far as usability.
Let's get one thing straight right off the bat--accessing your computer from outside the physical building is not something only Fortune 500 companies are capable of doing. There are many options available, from free and low cost to moderately expensive, that will allow you to access your PC from a remote location. All of them provide you with a way to connect to your desktop computer and have access to your files and data. No more copying files to a USB drive to work on them at home. No more feeling cut off from the office while on vacation. Secure remote access is something that the employees of every business, big or small, should be doing to be more productive.
[ The best free remote access tools for Windows and Mac combine firewall friendliness with easy remote access and an amazing array of handy features. For some of those mentioned here, see InfoWorld's review. ]
All of the techniques described here require a little networking knowledge, mostly for making changes to your router or firewall. Each remote access method requires a TCP port to be opened in your router and directed at your desktop PC or server in order to allow the remote control program to function. Adding a port-forwarding rule to your router or firewall is easy, and a number of online how-to's can help you accomplish your remote access dreams. While an incorrect port-forwarding rule might not mess up the router, it can cause remote access to fail and produce more than a little frustration. If you aren't comfortable making changes to your router, a quick call to a local IT professional is the best course of action.
Free and Low-Cost Remote Access Utilities
The adage, "you get what you pay for" doesn't necessarily hold true when it comes to free or low-cost remote access solutions. Quite a few utilities provide better than adequate performance and capabilities at little or no cost. Microsoft has offered its Remote Desktop Connection tool for years, and a number of other utilities, most notably programs based on VNC (Virtual Network Computing), are available for download and installation on your office PC.
For Remote Desktop Connection, the remote component is built into versions of Windows from XP through Windows 7, and users of Windows versions as far back as 95 can download the client directly from Microsoft to add that functionality to older systems. Unfortunately, only the professional versions of Windows XP, Vista, and Windows 7 can be remotely controlled; the service isn't available for any other versions.
VNC-based utilities, such as UltraVNC and TightVNC, include both server and client components and can be installed on a wide range of Windows operating systems. And for users of Mac OS 10.5, VNC is built into the operating system.
As mentioned earlier, setup for these types of remote access tools requires changes to your firewall and router to forward specific TCP/IP ports to the computer you want to take over. This means that this type of remote access solution doesn't scale very well beyond a single user. It is possible to use alternate ports to control other computers, but it can quickly become an administrative nightmare.
Security isn't much of an issue with these utilities as long as good password policies are in place, but any time you open up ports in the firewall, you are exposing a device to the Internet. Make sure that, besides having strong passwords in place, each PC set up for remote access has an up-to-date antivirus program installed on it, too.
Commercial Remote Access Tools
In the same category as Remote Desktop and VNC are commercial remote access programs. These tools also have a server/host component and a remote/client program that communicate and provide access to the office PC. Symantec's pcAnywhere is one of the oldest and most popular of the commercial remote access packages. It goes beyond simple remote access and provides additional features such as multimonitor support, better logging to meet compliance requirements, and the ability to connect to multiple operating systems, including Windows, Mac, and Linux.
Another program that has been around for years is Laplink Gold. It provides many of the same features as pcAnywhere and can even connect two PCs via USB cable for file synchronization and transfer.
Commercial packages do have two downsides -- cost and the firewall issues listed above. The cost of a package is a mild trade-off for its additional features and the ability to call technical support should the need arise. And because of the nature of the solution, you still have to open up specific ports on your firewall to allow a connection. These programs also don't scale well because of the port-forwarding issue at the firewall.
You will find, though, that these programs are easy to use. Each one has technology built into it to help improve screen transfers and reduce latency (latency is the delay sometimes noticed when working over the Internet). This makes the remote control experience seem more like you really are sitting at the computer and helps to reduce the irritation that comes when you have to wait for the other system to catch up.
Cloud-Based Remote Access Services
A segment of remote access that is growing in popularity is the hosted remote access solution. A hosted solution is an online service that acts as a gateway between you and your office computer. It requires a small program to be installed on both the host and remote computers. The program on the office PC establishes a connection to the Web-based service, through the firewall. When you want to connect to your PC, you log in to the Web service and pick your PC out of the list presented; the Website brokers the connection.
Popular services that fall into this category are GoToMyPc, LogMeIn Pro, and TeamViewer. Each one of these programs has both a Windows and a Mac version, and all but TeamViewer allow connections from a Web browser.
One great advantage to this type of remote access is it doesn't require changes to your firewall--no open ports forwarded in to your computers. This also means that they scale well and don't have the inherent administrative overhead that VNC, Remote Desktop, and pcAnywhere have. Even though they do use a small program to "call out" to the hosting Website, the installed portion usually has a very small footprint and doesn't consume resources when idle.
The biggest downside to hosted remote access solutions is that most of them are fee-based services. For noncommercial users, TeamViewer and LogMeIn each have free accounts, but for commercial use, such as in a small business, you can expect to pay a small monthly or yearly fee. For many, such fees are a small price to pay (no pun intended) for the advantage of not having to worry about firewall rules and management.
Remote Access Over VPN
With remote access over VPN (a virtual private network), we are starting to get beyond what a typical small business either can afford to deploy or has the technical experience to support. Before I get into the pros and cons of this approach, let me briefly explain what VPN is.
All networked computers and network devices have an Internet Protocol (IP) address assigned to them. Each network has a unique IP address range, and because each network is separated by and protected with a firewall appliance, users from one network don't have direct access to another.
To create a VPN, you have to have a VPN-capable firewall on one end and a VPN software client, usually based on IPSec (IP Security protocols) on the remote end to bridge these segregated networks. By establishing a VPN connection from your laptop on the beach to your office network in St Louis, it makes your laptop look like it is part of the office network and not really a thousand miles away. Think of it as stretching your network cable from the office to the beach--it looks as if you are still physically connected to the network, but you are doing it over the Internet.
The VPN connection eliminates the port-forwarding issues we've covered in the free and commercial remote access packages section. Now you can connect to any networked PC from your remote location because the VPN makes your laptop part of the network. This means you can take over any computer on the network instead of being limited to one or two. You can also access printers and other network resources, too.
Any remote control program will work over an IPSec VPN connection. Remote Desktop, VNC, pcAnywhere, Laplink--they all work the same over the VPN. Because traffic over the VPN is encrypted, this form of remote access is more secure. Not only is your remote PC protected behind a firewall and locked down via user names and strong passwords, but the very connection into the network itself is safe from potentially prying eyes.
The disadvantages with remote control over VPN come in the form of cost and complexity. Not every firewall/router purchased at Best Buy or other electronics store is capable of terminating a VPN connection. Linksys, D-Link, SonicWall, and others make VPN routers, but they cost more than a run-of-the-mill router, sometimes substantially more.
Configuring the VPN connection is also something that most small businesses aren't ready to tackle. Questions such as cipher strength, hash algorithm, and shared secret will stump many small business owners. So additional cost will be incurred by hiring outside help to define and maintain the VPN setup. But the greater cost of initial setup and configuration can be quickly recouped by the overall superior remote access experience provided by the VPN.
Taking the virtual private network concept a little further is the SSL VPN. This is a form of remote access that uses your Web browser to establish a secure connection to your office without any additional software on your laptop. What it does require is a very specialized appliance on your office network that brokers your connection to the various network resources.
An SSL VPN appliance provides connectivity to network resources by proxying, or relaying, your requests through the appliance and then to the appropriate resource. SSL VPNs allow direct access to Web servers and e-mail, and to Windows- and Web-based applications, and some can also provide direct IPSec-style network-level access to servers and desktops.
In many ways, an SSL VPN is superior to an IPSec VPN because it allows the network administrator a fine level of control over who can access what resource, and they can do it for a group of users at the same time. Also, because the secure connection is based on SSL (encryption built into every Web browser), you have no software client overhead to maintain. Lastly, the current crop of SSL VPN appliances can all do some form of integrity check on the client to make sure they don't pose a security risk to the network. This integrity check can take the form of a scan to make sure that the laptop's antivirus signatures are up to date and that antivirus program is enabled, to make sure they have the proper operating system patches installed, and even to make sure they have a particular Registry entry (a form of secret key).
The big drawback to using an SSL VPN for your small business's secure remote access? Cost. A typical SSL VPN can cost anywhere from a few hundred dollars to well over tens of thousands of dollars. The benefits are huge when compared to the amount and type of access they provide, but it is going to be overkill for all but the deepest of small business pockets.
Server-Based Remote Access
One last form of secure remote access comes built around Microsoft Small Business Server. SBS is a bundle of Microsoft technologies specifically targeted towards offices with less than 75 users and includes file and print services, Exchange e-mail and collaboration, and SharePoint Web services. It also comes with Remote Web Workplace, a Web-based portal to the server and PCs on the network. Much like an SSL VPN, you would connect to the SBS server using your Web browser; and once logged in, you can choose to either log into Outlook Web Access (Webified Exchange e-mail) or connect to a client PC--your office computer.
Remote Web Workplace bridges your connection from the beach in through the firewall and over to your office desktop, all without any additional software on your laptop. It does, however, require a little initial setup in the form of open ports in the firewall and the SBS server's SSL certificate installed on your laptop, so it is a lot like standard Remote Desktop connection in that regard. But when properly set up, it acts more like a SSL VPN because it requires only Internet Explorer on the desktop, and you can then access any PC or server on your network.
The downside to using SBS server is that it has to be the first server on your network--Small Business Server can't be added to an existing Microsoft Active Directory domain. So if you've already invested money and resources into Microsoft servers, SBS probably won't be something you can add. If you don't have a network, or at least not one with Active Directory installed, SBS is a great way to get a lot of very useful technology at a great price.
As you can see, you have a lot of ways to skin the proverbial cat when it comes to remote access. I personally use or have used every form of remote access discussed here, and there isn't a day that I don't use at least one to either work from my home office or provide remote assistance for one of my clients. For me, remote access is an indispensible tool, and one I highly recommend for anyone looking to spend more time with the family or while travelling and still get some work done.
Keith Schultz is a contributing editor for the InfoWorld Test Center. E-mail firstname.lastname@example.org.