relief4pakistan-468x60

Next Generation Remote Access by Talha Ghafoor

Posted by graphics on Dec 18th, 2008 and filed under December 2008, Magazine. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry

Everything about today is fast, mobile and flexible. Connectivity to an office environment from a remote location is hardly a problem anymore. In fact, your physical geographical location should have no bearing whatsoever on whether you can actually connect to your corporate network. As long as you have the security and internet access available to you, you should be able to plug in your device without the hassle of installing multiple applications or protocols.
And this is hardly something new. CIOs and other key personnel have always been on the go and plugging themselves back into the office environment is a very regular habit. Over the years, though, the efficiency and security with which these connections are made has increased dramatically. Observing the trends and user behavior, companies that develop solutions, keep making additions based on what users are demanding.

Connectivity through POTS
There are several ways how one can log onto a corporate network and function effectively remotely as they were onsite. Traditional connectivity in an earlier lifetime required a person to dialup through POTS (plain old telephone service) into a modem pool at the office. As time progressed, the connectivity became slightly more refined.

Moving onto VPN
This allowed the remote user to get connected to the corporate network through his VPN over a high speed broadband connection. The VPN over internet are based on tunneling protocols such as L2TP (Layer 2 Tunneling Protocol) or PPTP (Point-to-Point Tunneling Protocol). VPN over Internet is typically used by remote users over home broadband internet or through corporate network where a remote user might need connectivity.
Of course this works though both POTS and VPN have several major flaws. First, dialup is slow, expensive for remote users who have to make long distance calls. Secondly, VPN over internet mostly requires installation of additional software and configuration on client’s machine. A remote user connecting via a corporate network may not be able to connect due to security restrictions at that network. Moreover, it is also difficult to control the access from unauthorized remote machines and harmful software that may affect corporate networks. Several Network Policies would need to be generated for every user who was connecting into the corporate network, something that is just too time consuming and complicated to manage manually.

Enter SSL VPN
Just like everything else in the new age of enabled services, there is an easier, more effective way to manage the connectivity into a corporate network. SSL VPN, or Secure Socket Layer Virtual Private Network, is the newest kind of remote access solution that solves the accessibility problems. It is based on a standard SSL protocol that works through the HTTPS sessions. Any network that allows internet access through a web browser should be able support the connectivity of SSL VPN.
No need to have complex installation on the client workstation, nor is there the need to spend time configuring protocols. Depending on the layer of complexity you select, you can enable specific tunnels of communication to be opened, thereby maintaining the integrity of your network.
Juniper Networks Secure Access, also referred to as SSL VPN, provides multi-layer remote access solutions to cover any connectivity requirements. There are three features that the Juniper Networks Secure Access offers: Core Access, Secure Application Manager and Network Connect. Let’s take a look at each of the three in a bit more detail.

Core Access
You can use the browser and use the Secure Access Box to map and reroute the http pages through https protocols. This helps to ensure security as well as eliminates the need to install 3rd party applications to communicate with the remote machine. There are two parts to Core Access: Web Server publishing and File Server publishing.
Through the Web Server, you can map any internal unprotected intranet document on site online through secure https, while through the File Server publishing, you can publish any file and share it conveniently through the web interface. The http page you are viewing through Core Access will be a collection of downloadable links. Once again, the Web interface makes the transaction hassle-free and quick. And because you are viewing pages or documents that are being rerouted through the Juniper Secure Access Box in realtime, there is no direct access between your remote location and the corporate network, thereby not compromising the integrity of the network.

Secure Application Manager
This works like an application proxy and securely connects your applications such as email to your corporate network. Once you define the applications you wish to use, Secure Application Manager will “sniff” the activity that takes place on the port, and tunnel that through the Secure Access Box to your remote desktop. Because the only information transaction being done is on that port, the need to write specific Network Policies is eliminated. And for the same reason, the interaction becomes isolated from the rest of the network. You can use your own applications on your computer and the secure application manager will reroute the relevant traffic between the client application and the server.

Network Connect
Upon entering the Core Access module, you will see a Network Connect icon. Clicking the Network Connect downloads a small java applet which will create a virtual adapter in your system. This adapter will have an IP assigned to it by the corporate network. Once this happens, you gain full access to the corporate network just like you did in the legacy IPSec VPN, the difference however is in the level of security that Network Connect gives to you. You get full IP connectivity over an SSL tunnel enabling you to connect any application in either direction.
A powerful feature which Juniper Networks Secure Access provides to you is real time compliance check. Almost all solutions offer compliance checks at the time the request to configure a remote system is sent by the corporate network administrator, however Network Secure Access continues the compliance check in real time, throughout the entire duration of the connection. Ensuring that the “state of the PC” coincides with the policies of the network is increasingly vital to the security and integrity of the enterprise.
The compliance checks provide a list of default installed applications and also gives you an API allowing you to add a customized list of applications which are not available in the default list of applications.

The Practical Application
While there is so much talk of allowing employees to maintain a remote desk away from the physical site of the office, the real time compliance check becomes an integral way to loosely supervise the activity of a workstation that is connected to the corporate network. Support staff that might be responsible for taking care of immediate responses, or how you monitor whether there is actually a steady stream of traffic being generated by search queries for a research task – remote monitoring becomes a way the various departments across the organization can be more efficient.

Secure Meeting
There have been a number of queries coming in on CIO Pakistan’s site where people want to know about various secure meeting applications. Well, there are a number of applications that can be used, however my experience with Juniper’s Secure Meeting has been the most convenient. Much like the other software it allows users to share their desktops for presentations or control the machines remotely for technical support. There are essentially two kinds of meetings that occur: a scheduled meeting and an instant meeting. And yes, these can be configured to run securely across your VPN.
Hosted Web collaboration services are more cost effective and convenient. Collaboration software, deployed via a dedicated Web-conferencing server farm or collaboration extranet, adds deployment cost and ongoing maintenance. The Secure Meeting license on Juniper Networks SSL VPN provides a cost-effective, highly functional Web conferencing and remote assistance solution that can deliver a strong return on investment in months. So host the web conference you need to with all a feature rich, web interface and get more out of your discussion.
Once again, the non-compliant user interface at any time during the meeting can be terminated from the network, so the real time compliance check that Juniper provides, gives you real control over your network. Except for the small java applet, there is no need to install anything additional to gain access to the conference, which makes this solution a great one for network administrators.
One of the best features of a ‘solid’ software is how flexible it is within any ecosystem. The plug and play features of Juniper Networks Secure Access gets it up to the top of my list of absolutely must have solutions.
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP does not provide confidentiality or encryption; It relies on the protocol being tunneled to provide privacy. PPTP has been made obsolete by Layer 2 Tunneling Protocol (L2TP) and IPSec.
An increasing number of companies in Pakistan are already using various forms of IP-based communications – For those who want real power on their business desktops, give this one a try.

Similar Posts:

Popularity: 1% [?]

Share/Save/Bookmark

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Advertisement

Recently Commented

Archives by Tag

Recent Entries

Photo Gallery

Get Adobe Flash playerPlugin by wpburn.com wordpress themes
Log in / Advanced NewsPaper by Gabfire Themes