Getting RAS right for your network

Getting RAS right for your network

Can multimodem adapter cards that plug into standard PC servers running Microsoft's Windows NT really be a low-cost alternative to dedicated remote access concentrators?

Port for port, server cards can cost as little as half the price of modular remote access devices - but can they really do the job in a real-world network? When we came across six of these add-in boards as options for companies looking for a cost-effective way to offer remote access, we decided to see how these cards stack up against their chassis-based competition in terms of ease of use, scalability, manageability, security and advanced features.

We tested a 23-user remote access server card - Brooktrout Technology's Instant RAS AnyCall IRAS-24A remote access card - and a fully loaded 24-user dedicated remote access concentrator - 3Com's SuperStack II Remote Access System 1500.

What we learned from these tests was that even though 3Com's SuperStack 1500 has a much more robust management and security feature set, Brooktrout's IRAS-24A server card surpassed 3Com's device both in terms of its ability to scale and its overall ease of use.

Our tests also suggest that these RAS cards may be the better-performing buy. However, since the Brooktrout card uses a Primary Rate Interface con-nection and the 3Com box uses multiple analog connections to the local PBX, we cannot conclusively say whether the performance differences were due to the products themselves, or rather, to how they were deployed according to the manufacturer's specifications.

We did attempt to get a RAS concentrator that was directly comparable to the IRAS-24A from vendors including Lucent, Intel, MultiTech Systems and Perle Systems. However, these vendors declined to participate in the test.

Getting started

Brooktrout's IRAS-24A fits into any Intel-based server that has an open PCI slot. We installed ours in a brand-new NT 4.0 primary domain controller. A patch is also available from Brooktrout that will allow users to install these cards inside a backup domain controller.

Once the card was installed, Brooktrout's setup program helped us create 23 new communication port devices. We then installed modem drivers and binding NT RAS services to each new communication port device.

It's a good thing installation went smoothly, however, since Brooktrout's diagnostic and troubleshooting tools seemed scant to us. For example, there is no direct command-line interface for modem-by-modem checking, nor are there graphical tools for troubleshooting configuration problems.

Because IRAS-24A works with servers running NT Server, managing the card once it is up and running is relatively simple for those who already have NT networks. The prepackaged NT remote access tools, such as Microsoft's Remote Access Admin utility, are adequate for most management tasks.

Installing 3Com's SuperStack 1500 is as simple as plugging it in. We found the setup process relatively straightforward, but we did experience several timeout errors while saving configuration changes. This kept us second-guessing the effectiveness of the graphical user interface. Fortunately, we were able to troubleshoot using the command-line interface. We also encountered a few problems involving dial-in client configuration, but we were able to work through these with 3Com's technical support.

3Com provides three ways to administer the SuperStack 1500. You can use a command-line interface using a local console port; manage it remotely using telnet via an Ethernet port; or use the Transcend Remote Access Manager (TRAM) software that ships in the box. TRAM - 3Com's GUI - was of little help in configuration or management, especially when we tried to initially set up the product. We managed most of the device's special features from the command line and relied heavily on documentation. The full-featured command-line interface proved to be an invaluable troubleshooting tool when the GUI simply wasn't enough.

As with many of the management tools that come bundled with RAS devices, 3Com's TRAM is able to defer responsibilities such as user and session management and accounting services to a standards-based Remote Authentication Dial-In User Service (RADIUS) server.

Documentation for both products was adequate, but we did encounter some issues in finding the information we really needed. 3Com provided a voluminous amount of information on CD-ROM, but we had trouble pinpointing key configuration details. Brooktrout, while providing enough information on the product itself, appears all too ready to rely on users' NT expertise to manage these cards.

Grow with the flow

At first glance, the Brooktrout and 3Com products seem comparably scaled. Brooktrout's IRAS-24A supports 23 analog connections, and 3Com's fully loaded SuperStack 1500 device supports up to 24 users. However, the two products are designed for companies growing at different rates.

Brooktrout's strength lies in its ability to quickly scale upward. You can install multiple cards in a single system depending on the number of PCI slots available in a host server. You can plug as many as four Brooktrout cards into a single NT server for a total of 92 simultaneous analog connections. Brooktrout's IRAS-24A can build an NT box into an enterprise-class RAS server.

3Com's product, on the other hand, is geared toward slower growth. The company's modular approach is suited for sites that aren't ready to expand by 23 remote access connections at a time. Instead, the SuperStack 1500 scales from four to 24 users in increments of four analog connections. The SuperStack 1500 supports analog and ISDN dial-in clients, as well as LAN-to-LAN and LAN-to-ISP services.

In the end, though, 3Com's SuperStack 1500 simply doesn't scale as high as Brooktrout's IRAS-24A.

Reliable, secure access

One of the cost-saving advantages of Brooktrout's IRAS-24A is that you can add remote access services to the same NT server that hosts your other network services. However, if the Brooktrout RAS card fails or requires maintenance, all services would then be unavailable. The Brooktrout card is not hot-swappable and therefore requires the entire server be shut down for RAS maintenance.

You could lower your risk of downtime by dedicating an NT server to remote access, but that will cut into any cost savings you might have been looking for with this RAS deployment option.

By contrast, 3Com's stand-alone SuperStack 1500 offers several levels of fault tolerance. The device includes hot-swappable expansion units and replaceable ISDN and analog modules. Additionally, all powered expansion units continue to communicate if one (or more) module experiences a power outage.

The only fault-tolerance hole in the SuperStack 1500 server is that it lacks a redundant power supply.

In terms of security and management features, Brooktrout has the basics covered but lacks advanced functions.

Because Brooktrout plugs into NT's Remote Access Services, it is tied to the secu-rity and management measures the operating system offers. Those services include callback security, NT user authen-tication, Password Authentication Protocol (PAP)/Challenge Handshake Authentication Protocol (CHAP) encryption, and some multilink connectivity.

Brooktrout bundles its NetAccess Remote Access Manager Administrator and Port Manager with its server card. The pair provides some additional services, such as a RAS session manager; port usage, monitoring and reporting; and Access Control List security.

Despite all these options, security is still a weak link for the IRAS-24A cards. Because Brooktrout's IRAS-24A is installed on a primary domain controller or a backup domain controller, you may inadvertently give all dial-in clients "log on locally" rights to the network. If a few permissions were to be configured improperly, IRAS-24A could create a security breach.

Since Brooktrout relies on NT RAS for user authentication, it doesn't allow you to defer user authentication responsibilities to third-party servers in order to increase the security of the overall service.

3Com's SuperStack 1500 is feature-rich by comparison. Advanced management functions include a Dynamic Host Configuration Protocol (DHCP) ser-ver support for IP address management for remote clients, and SNMP support, so the SuperStack 1500 can plug into larger-scale systems management platforms. Advanced security features include client spoofing, which allows the RAS box to suspend connections and resume them as needed, and packet filtering.

We feel Brooktrout's IRAS-24A product is well suited for sites needing many dial-in clients and the ability to scale RAS services quickly, but where advanced security and management measures and downtime are not critical concerns.

3Com's SuperStack 1500 has many more features and is more secure than the IRAS-24A, and allows companies to add remote access clients in increments. If your site requires a remote access box that can support the latest in networking features, then the SuperStack 1500 just may be the ticket.


3Com 1800 644 606

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments