Going the big distance
In 1999, US road warriors will connect to enterprise networks using wireless links that provide bandwidth-on- demand more economically than wireline connections. Counterparts in small offices will fire up asymmetric digital subscriber line (ADSL) connections, linking them to the corporate LAN at T-1 speed upstream and 6Mbps downstream. National carriers and local Internet service providers will offer virtual private networks (VPN) -- enhanced Internet-based data backbones tying together corporate workgroups on far-flung LANs. Between larger branch offices, public frame relay will continue to rule. Durelle Fry investigatesSuch is the future of corporate remote access according to a recent article in Network World (US). Access options will become even more varied than they are today with major development occurring in the areas of the Internet, VPNs, security, ISDN and the roles they play.
Outsourcing may become an option for organisations deciding that future remote access demands will be too great to bother with in-house. Remote access requirements can now be outsourced to carriers and ISPs. An example is Telstra's Dial Connect service.
Looking at options
When a company outsources its remote access workers, it dials into the outsourcer's nearest point of presence, then travels via a VPN into the user's network. Under the Dial Connect system, Telstra provides the user with an interface into a router on their network.
One of the benefits of outsourcing is it eliminates the high upfront costs of establishing a remote access solution. But there is a point at which the cost of outsourcing is higher than the cost of building in-house support. This is a point that each organisation must assess for itself, based not only on its current remote access situation, but also on future requirements.
Much of the software functionality for remote access has now been built into, or can be added onto network operation systems like Windows NT, IntranetWare or Banyan Vines. Leveraging off these tools when putting together a remote access solution opens up opportunities to use less expensive remote access servers, which don't need to supply all the software which is built into the operating system.
The Internet can be used as a relatively cheap and simple way to give users remote access into a corporate network. In the future, the Internet will play a much greater role in providing a wide-area alternative for corporations seeking to outsource all or part of their remote access network, as part of the push toward less expensive, Internet-enabled access technology.
According to Network World (US): "Tunnelling protocols, security and quality of service-like guarantees will dominate the Ôpremium' Internet -- a highway supporting different classes of service. In addition, corporate managers will see lower-cost access routers, streamlined IP addressing, and the transformation of core service provider networks from analog to digital."
The concept of VPN, where the Internet is used as the access point to the corporate LAN, is increasing in popularity in Australia. VPN can be viewed as a form of remote access where users dial their local Internet Service Provider (ISP) in order to gain access to their LAN.
According to Alex Gostin, marketing manager at Eicon Technology, the main benefit of VPN is local call charges are used to access the corporate LAN irrespective of where it is located. Gostin says the main requirement for VPN is access to an ISP with global presence (eg IBM Global Network) and a server technology such as Novell's BorderManager or Microsoft's Windows NT with RRAS.
While VPNs -- "a portion of the Internet that users can carve out and call their own" -- can save organisations a lot of money on long-distance telephone bills by using the Internet to link up remote users, they add another problem: network security vulnerability.
To tackle the security issue, VPN providers such as AT&T WorldNet offer secure encryption and firewalls. They may also incorporate private vanity addresses that include a company's name and other unique identifying information.
SecureWire and SecureZone, offered by Secure Computing, are two products discussed later in this article that address this issue. Pundits in the US predict that ISPs will be charging higher fees for premium service which will offer different tiers of VPN service, such as reserving a bandwidth on a net, and additional tunnelling protocols for security.
Modem pool security has a lower implementation cost than network security, and provides a barrier prior to gaining login access to the network. Compaq Microcom has layered security designed into its high-end modems, layering user ID/password, multiple callback scenarios, and hidden password protection to prevent unauthorised access.
ISDN plays an important role in the remote access scenario for local telecommuters (within a local call dialling area) because its rapid switching speed and multiple channel handling capability allow organisations to make their LANs available to business partners, consultants and suppliers as well as remote access users.
ISDN services available through Telstra can be divided into two categories.
The first targets the SOHO and branch office market. The Basic Rate Interface (BRI) service gives the subscriber access to two 64Kbps B-channels (128Kbps) and a 16Kbps D-channel. The second category is from the central site. The Primary Rate Interface (PRI) service provides access to 30 64Kbps B-channels (2Mbps) and a 64 Kbps D-channel.
Gostin believes remote users should be given the option to dial in using a standard modem, ISDN client product or a GSM modem.
He points out that this requires the server equipment to be able to handle both analog and digital communications over an ISDN channel.
When LAN-to-LAN connectivity is required for distributed offices to connect to each other or to the head office, switched ISDN is an option. For switched ISDN, Gostin says Short Hold Mode (SHM) is mandatory. SHM ensures the ISDN line is brought down during periods of inactivity and that it is not reconnected until communications are once again required.
Another feature of ISDN is it can offer telecommuters simpler integration between voice and data, and also offers a number of PABX features. Vendors are introducing techniques such as call bumping to further enhance the usability of ISDN's voice/data integration features. Call bumping allows a call to take place automatically, even if all ISDN channels are currently being used to transfer data.
The following is a collection of remote access products: some either haven't yet arrived in Australia or they are just arriving now.
Compaq Enterprise Gigabit Ethernet SwitchesCompaq has just introduced its first enterprise Gigabit networking products, the Compaq 5411 and 5422 Enterprise Gigabit Ethernet Switches.
The switches are designed for enterprise customers who have a specific need for a complex backbone with significant connectivity, increased network reliability, and applications requiring a guaranteed level of performance.
According to Compaq, enterprises will be able to construct a complete desk-to-server environment.
Compaq's Gigabit computing strategy combines high-performance servers and professional workstations, desktops and networking products into a single, comprehensive solution set.
Ian Harvey, business unit manager of communications products group Compaq Computer Australia, said: "Compaq's network-centric approach to Gigabit computing offers benefits no other networking vendor can match. Our Gigabit products provide robust solutions. They combine leading performance with true three-layer routing and a comprehensive quality of service that compares favourably with other LAN technologies."
The company claims that its 5411 and 5422 switches are high-performance and provide ease of use, enhanced bandwidth management, and high availability.
The company suggests that customers with growing corporate networks can use these products to meet current needs, while future-proofing their systems and preserving their existing network infrastructure.
Both switches include fault-tolerant features, redundant power support and port bonding with hunt groups. Network reliability is provided through the existence of a redundant Gigabit Ethernet port on the 5411 which supplies instant fail-over in case a network connection is lost.
Compaq Networking Man-agement Software (CNMS) is included with the switches for easier installation and monitoring. SNMP, Telnet and Web-based management are provided for more direct, hands-on management and configuration. Included with the Gigabit switches and all Compaq networking products is Compaq Insight Manager (CIM), which enables users to manage Compaq servers and work- stations. Compaq has vowed to continue the integration of CIM and CNMS functionality to make it easier for customers to manage all Compaq products from one platform.
The Compaq Enterprise Gigabit Switches are now available. The RRP of the 5411 is $24,749 and the 5422 is $32,527.
Remote access products
COMPAQ'S Remote access servers have already been introduced in the US and will be available in Australia in the third quarter. The reason for the delay is that the models announced in the US use US standard telco interfaces that are not acceptable in Australia. The European/ International standard models are not expected until the third quarter. Pricing is not yet available.
Ian Harvey, Compaq's business unit manager of communication products, told Australian Reseller News that he expects these products to have a profound impact on the remote access market "because for the first time, a product has been introduced that simplifies the RAS solution and makes it available to all business sectors without the huge skill-base need and cost overheads of the past". He added: "This is the communications server of the future."
The remote access servers, as announced in the US, are NT-RAS servers based on Compaq servers. They have been pre-installed with "best of breed" analog and digital remote access connectivity, and the system provides the power to support a wide range of remote access needs. The system is easy to install and manage, and its design is based on an open architecture with Pentium II processors. It provides scalability to add new communication applications or hardware as needed.
The servers support up to two Pentium II 266MHz processors and they can scale up to four T1 or PRI (Primary Rate Interface) lines. For maximum scalability and security, multiple servers can be pooled together as one logical server.
But wait, there's more
The system can also support a wide range of remote access needs such as remote access connectivity between a branch office and head office; connectivity to the Internet; and low-cost secure connectivity through the Internet. The ease of installation and manageability comes as a result of the pre-installed and tested remote access hardware and software.
To meet a wide range of remote access business needs, three models have been offered: the 5208 which provides eight analog connections; the 5408 which has eight ISDN BRI (Basic Rate Interface) ports for up to 16 connections, and the 5601 which has one ISDN PRI or T1 port for up to 24 connections. The two ISDN models offer full modem coverage for both analog and digital calls from remote users. The preinstalled Windows NT 4.0 Server operating system is augmented by a suite of software for "powerful administration", reporting, and shared Internet access. A choice of security mechanisms is available to ensure that only authorised remote users get access to the corporate network. The user can also establish low-cost and secure "tunnelled" connections across the Internet, using it as a VPN for worldwide access.
Compaq also claims that the Remote Access Server is a natural extension to the network. It is based on familiar hardware and software, and it doesn't require separate training or spare parts. Compaq says users can continue to use the same management systems and administrative tools as existing servers.
Compaq Computer Australia
Tel 1 300 368 369
Fax (02) 9911 1982
Bay Networks operates in the worldwide networking market, providing a line of products that serve corporate enterprises, service providers and telecommunications carriers. The company offers frame and ATM switches, routers, shared media, remote and Internet access solutions, IP services and network management applications, all integrated by Bay Networks' Adaptive Networking Strategy.
With its product line the company aims to ensure that networks can grow and adapt to the emerging high-bandwidth applications of the future, as well as provide network reliability.
Danny Ng, region business development manager, Internet and Telecommunications Group, Bay Networks Australia and New Zealand, said:"for any corporate network to deliver its full potential, companies need to ensure their underlying network infrastructure can support the needs of its users." He added: "While Ethernet-based networks running at 10Mbps have been sufficient in the past, the growth of multimedia and data-intensive applications such as intranets will see companies needing to deploy faster network topologies and optimise existing networks by introducing switching technology."
Bay Networks' Adaptive Networking framework provides advanced switching solutions to reduce network complexity, "leading-edge" access solutions, a "constantly expanding" expertise in IP services for scalability and flexibility, and Optivity O network management solution.
Tel (02) 9927 8888
Fax (02) 9927 8899
Dataplex, an Australian remote access and central site solution company, now a part of the Sirius Technologies Group of Companies, has released the DPX-922 Fort Denison -- a family of Web-managed policy routers.
The product is a software modular solution which consolidates full-featured VPN and enterprise-level firewall security, along with other integrated services such as URL filtering, Web caching, real-time monitoring and e-mail. The DPX-922 Fort Denison is a hardware/software package that works in conjunction with network routers, including those from the Dataplex product range as well as Cisco, 3Com and Bay Networks.
DPX-922 Fort Denison combines the following features in a rack-mountable hardware device: standards-based VPNs; enterprise-level firewall security; application and device-level user access control; 10Mbps or 100Mbps connectivity; network address translation (NAT); URL blocking with CyberNOT; e-mail server; "Spam" e-mail filtering; DNS caching; Web caching; real-time network monitoring; Internet usage reports; extensive real-time network diagnostics; SQL database for custom reports; extensive policy management capabilities; and in-band and out-of-band Web-based management tools.
DPX-922 Fort Denison is configurable from a Macintosh, Windows 95, Windows NT or Unix system using Netscape Navigator or Microsoft's Internet Explorer.
Dataplex claims that the installation wizard makes it possible to have full firewall protection and VPN capabilities "up and running in as little as 15 minutes".
The product does not require any address changes on the router and can be added to an existing network without requiring any changes on the router, PC or other network-connected devices.
The RRP for the DPX-922-02 (Pentium 133MHz processor) is $4990 (ex tax); the DPX-922-03 (Pentium 200MHz processor) is $9990 (ex tax); and the DPX-922-04 (Pentium 300MHz processor) is $17,990 (ex tax).
A VPN software option is available for the DPX-922-03 and 04 Fort Denison for an RRP of $1840 (ex tax).
All systems offer an e-mail server option for $920 (ex tax), and a yearly subscription for updates to the URL blocking service is also available.
Tel (02) 9424 2000
Fax (02) 9424 2010
Digi International has as its mission statement, "the expansion of the market for remote access by advancing the concept of open systems server-based communications". The company is an ISO-compliant provider of data communications hardware and software that delivers connectivity solutions for open systems, server-based remote access and LAN markets.
Products are sold through a global network of distributors, systems integrators, VARs and OEMs. It also sells direct to large accounts and the government.
The Digi Xr Family for ISA or PCI systems is a family of high-speed serial ports which deliver 230Kbps uni-directional throughput on all four or eight ports.
The Digi AccelePort 4r and 8r are designed and packaged by the company to "provide a superior server solution" in dial-in/dial-out environments. The products boast built-in speed and data handling efficiencies "to keep pace with the fastest high-speed modems", as well as ISDN terminal adapters.
They support remote access software including Novell NetWare Connect, Microsoft Windows NT and IBM OS/2.
When used in conjunction with Digi's client-side AccelePort boards (AccelePort C1 and AccelePort C2 for remote users), a remote communication systems system can be created which provides high performance on both the server and the client PCs.
The RRP of the Acceleport 4r is $1217 without the cable, and $1289 with the cable. The 8r is $1446 without the cable, and $1574 with the cable.
Tel (02) 9680 8949
Fax (02) 9680 9175
Timothy Smith, marketing manager of distributor Force Technology, has segmented the products distributed by Force into different categories: the small to medium-sized office; the medium-sized office; large corporate remote access; mobile solutions; and software solutions.
For the small to medium-sized office, Force distributes the Compaq Microcom 808 Integrated Access Device, which provides high-speed Internet access, remote access and LAN connectivity. The 808 integrates an eight-port 10Base hub IP ISDN router and has two analog POTS ports. This allows the user to have a 1 x 64Kbps (256Kbps with compression) line available to access the Internet, and 1 x 64Kbps line for dial-in access. Smith said: "this scenario is more than adequate if you have a small mobile sales force that wants occasional remote access to download e-mails and access to the corporate server."
The RRP of the Compaq Microcom 808 is $1499.
Two products are distributed for the medium-sized office scenario.
The Compaq Microcom 4000 "offers cutting edge central site modem tech- nology and is designed to provide cost-effective remote access for corporate environments, Internet Service Providers (ISPs), and Bulletin Board operators". The Microcom 4000 is equipped with modemWARE -- Compaq's modem technology, and it offers a range of integrated services. They include management of remote unmanned sites, guaranteed availability, minimal maintenance and a small form factor. The Microcom 4000 offers up to 64 x 33.6 modems or 112 x 56Kbps modems in a PRI/EI environment. It is a 19in rackmount design and is 7in tall.
The Microcom 4000 uses midplane architecture and offers PRI, TI, EI or individual analog telephone line input through digital and analog modem adapters.
The RRP of the Compaq Microcom 4000 is from $303 per port.
The second product distributed by Force technology for this segment of the market is the DIVA ISDN PRI range of ISDN Server interface cards by Eicon Technology.
The RRP of DIVA ISDN Remote Access solutions begins at $295.
Eicon Technology's ISDN Server cards offer high-speed BRI and PRI ISDN connectivity to numerous remote users at the same time. The cards provide flexible and reliable LAN-to-LAN access, as well as corporate server access by remote and travelling corporate users over high-speed ISDN. All of Eicon's ISDN Server cards have on-board RISC processors and are of ISA or PCI architecture.
The DIVA BRI Server card is available now at an RRP of $1247.
The DIVA PRI Server cards are about to be released.
Further details on Eicon's product range and fellow distributors may be obtained on (02) 9919 7213.
For large corporate remote access, Force Technology distributes the Compaq Microcom 6000 Series -- Remote Access Concentrators.
Smith says that remote users such as telecommuters, workers in branch offices, or mobile users, require timely access to critical information residing on their corporate LANs or the Internet to compete in today's global economy. "The challenge for network managers is to design and maintain a high-performance, reliable, secure network that can easily accommodate additional remote users and applications simultaneously.
According to Smith, the Compaq Microcom 6100 with a seven-slot chassis, and the 6200 with a 17-slot chassis "are the only enterprise remote access concentrators powerful enough to meet the needs of remote users all within the corporate IT budget". The RRP of the Compaq Microcom 6200 is from $650 per port.
For the mobile user, Force distributes Eicon Technology's DIVA family of ISDN products which offer a broad range of ISDN solutions for notebooks, desktop PCs and PC-based servers. The range is from low-cost passive cards to feature-rich intelligent cards and modems. The RRP of the DIVA family of products begins at $286.
Also for mobile users is the Olicom Combo Card LAN adapter and 33.6Kbps Modem. The GoCard Eth/Modem 336 Type-II PC Card combines an Ethernet LAN adapter and a fully featured V.34 33.6Kbps fax/modem. It enables notebook users to send or receive data and faxes via the phone network.
The new GoCard features an automatic sleep mode which switches off when the modem is not in use, and to further reduce battery consumption, a fax/modem only configuration is also available.
The RRP of the Combo Eth/Modem is $636.
Further details on Olicom's product range and fellow distributors may be obtained on (02) 9955 1755.
As a software solution, Compaq's Carbon Copy 32 for Windows is a remote control and file transfer software package for IBM PC or compatible systems operating under the Microsoft Windows 95 or NT operating systems. (also available for DOS 3.x and CE operating systems).
With Carbon Copy, a PC running Windows can be used to control another PC running Windows or DOS in a different location.
Files can also be transferred (manually or at any scheduled time) between two connected PCs and chats can be established with the remote user.
Carbon Copy uses a Phone Book and customised user profiles for security and ease of use.
The RRP of Carbon Copy 32 V5.0 from Compaq is $199.
Further details on Compaq's product range and fellow distributors may be obtained on 1 300 368 369.
Tel (02) 9417 4477
Secure Computing International has introduced two products this month for remote access users.
SecureWire enables organisations to give external users instant, authorised access to internal Web data with secure and granular control.
SecureZone is a firewall which combines high-end security with ease of management to provide control over network access via an intuitive visual interface.
With SecureWire, security administrators can predefine access rights for external users. The product works with the user's existing Web technology to provide greater return on the infrastructure investment. It uses a standard Web browser to authenticate and authorise external partners to access specific real-time information on an internal Web server. External users can link to any HTML page.
Secure Computing points out that before SecureWire, many companies wishing to grant external access to secured information had to replicate that data to Web services outside a firewall -- a process which often required a day or more delay to post more information. The alternative method of access -- authorising individuals to pass through a firewall to use internal resources -- does not control access once a person is inside the firewall. Nor does it provide access for classes of use, and it is expensive to administer. The company claims that SecureWire can reduce by two-thirds both the time commitment and the total cost of alternative solutions.
SecureWire will be available this month.
The RRP is from $US11,500 for up to five intranet servers; from $US19,500 for up to 10 intranet servers; from $US29,500 for up to 25 intranet servers; and from $US45,500 for up to 50 Intranet servers.
Upgrades are available for from $US9600 for five to 10 intranet servers; from $US12,000 for 10 to 25 intranet servers; and from $US19,200 for 25 to 50 intranet servers. A SecureWire evaluation licence has an RRP of $US50.
SecureZone treats VPNs like encrypted virtual interfaces, allowing more control over business critical applications. It enhances the VPN by introducing a new model for security policy management -- Regions.
Regions enables administrators to organise networks and VPNs into logical groupings, so enterprise-level security policies are simple to manage, reducing administration time and reducing the total cost of ownership. A company can define different security policies for different aspects of its global network and remote access users.
SecureZone's functions are integrated with SecureOS, and are completely compartmentalised by Type Enforcement Control.
Type Enforcement Technology divides the entire firewall into domains and file types. A domain is set up to handle one type of application only, and that application runs solely in its own domain. Type Enforcement maintains both the integrity of the data and the application and enforces a mandatory access policy that cannot be altered.
SecureZone is available for ordering now and is due to be shipped at the end of May. The product will be licensed for 50 users at $US6000; for 200 users at $US11,000 and for unlimited users at $US19,900.
Secure Computing Australia
Tel (02) 9844 5440
Fax (02) 9844 5441
NetComm, part of the Sirius Technologies group of companies, has begun high-volume shipments of a dual-mode, 56Kbps standards-based V.90 modem.
The Roadster II 56 Ultra is one of the first 56Kbps modems based on the ITU V.90 standard to be released in Australia.
A free online V.90 software upgrade for current NetComm 56K users will be available at the same time.
The International Telecommunications Union announced the V.90 draft standard in February and it will be fully ratified in September 1998. V.90 solves the problem of incompatible proprietary 56Kbps technologies, and allows products based on the two competing solutions, Rockwell's K56flex and 3Com's x2, to talk to each other.
V.90 combines the best of K56flex and x2 technologies and offers some performance improvements. NetComm believes that while maximum data speeds may increase only marginally, the user will benefit through more consistent connection speeds and more accurate reporting of initial connect speeds.
Cam Wayland, business strategy manager of NetComm, says the company plans to make all its 56Kbps products dual-mode "as swiftly as possible". The RRP of the Roadster II 56 Ultra is $299 and it is available now.
Tel (02) 9424 2000
Fax (02) 9424 2010