October 2011 IT Business Consulting Newsletter

Remote Access Alternatives to VPNs

By Tom K

So you or your managers need to access corporate resources remotely, but you don’t want to mess with VPNs
(as discussed in our August Newsletter, Virtual Private Networks– a key Business Enabler).

There are a few alternatives that are pretty easy to set up and can be free, but they do have a few caveats... there’s a surprise!

In this month’s newsletter I discuss a few of the more popular Remote Access alternatives, their Pros & Cons in a corporate environment, and provide recommendations.


Remote Access to Your Office PC/Mac

Our remote access alternatives involve using a commercial service to remotely connect directly to your office PC/Mac. Once connected, you actually work on that PC. You see your desktop just as if you were sitting in your office, so you have full access to your applications, your data, and your corporate resources. The PC/laptop that you are really sitting in front of is acting as a simple “terminal”, sending keystrokes and mouse input to your office PC while receiving and displaying the screen images from your office PC. Your office PC is doing all the work.

As we are only sending keystrokes & receiving screen images, the process uses very little bandwidth. Hence these alternatives work well using low bandwidth Internet connections.

With the other VPN solution I discussed in my August 2011 newsletter Virtual Private Networks– a key Business Enabler, the PC/laptop you are actually sitting in front of is doing all the work. This VPN connected PC becomes an office PC, directly connected to the office network through a very long virtual Ethernet cable snaking through the Internet.

Both solutions have their benefits, which I highlight later in this article.


Remote Access Models - PC Anywhere, GoToMyPC, LogMeIn, and “an app for that”

* PC Anywhere

One of the first remote PC models was PC Anywhere. This involved buying the PC Anywhere software & installing it on the office PC and on the remote PC, and doing a bit of configuration. The software is somewhat expensive but, once purchased, there are no operational costs other than the occasional upgrade. It works pretty well, was the defacto standard for years, and is still available from Symantec.

* GoToMyPC

Then came GoToMyPC, from Citrix. This is a subscription based model, where you pay a monthly/annual fee to use their Internet service to connect to your office (or home) PC/Mac from any Internet connected PC via a browser. Sweet! GoToMyPC quickly became the remote access model of choice, due to its “connect from anywhere using any PC” capability. It is feature rich, but costs around $100/yr. You simply set up a GoToMyPC account on their web site, load a small application on the device you want to access, and you’re in. It is still available and still quite popular.

There is also a GoToMyPC iPad app which is free (as you’ve already paid for the subscription). I’ve not tried the app, but the iTunes Store reviews are somewhat mixed.

* LogMeIn

Our current remote access favorite is LogMeIn. This is similar to GoToMyPC, but it is FREE. As above, you simply create an account on their site, load a small application on any PC/Mac/Server you want to connect to and you’re done in minutes. The free version has a limited feature set, but it is adequate for all but a very few scenarios my clients and I have encountered.

There is also a LogMeIn app for the iPhone and the iPad called Ignition, at a cost of $30. I’ve used it with excellent results, and it is rated quite high on the iTunes store.

If you do need a full feature set, you can subscribe to LogMeIn Pro for $70/yr. This feature set seems richer than that included in GoToMyPC.

* iPad apps

If you just need access to an office or home PC/Mac from an iPad, there are apps for that! As mentioned, LogMeIn has Ignition for $30 which I use regularly.

I’ve also just started evaluating one called Splashtop Remote Desktop for the iPad, which is currently $5, is also highly rated, and so far seems to work well. Note this does require you install a small free application (Splashtop Slipstream) on any PC/Mac being accessed remotely.


Caveats

* Need an available PC

When using these tools for remote access, the remote user is actually capturing a PC/Mac in the office (or in the home) and taking full control of it. If the remote user has a dedicated PC in the office, this is not an issue. If you have multiple remote users trying to remotely share an office PC (or two) this can become a problem.

* Security 1 (unrestrained staff access)

Anyone having access to a PC in your environment can download a small application to that PC and have unrestricted access to all the corporate resources available to that PC/user from anywhere in the world, anytime. This can send chills up a network admin’s spine!

We strongly recommend that our clients include a section to their employee manual’s IT Resources Use and Abuse section expressly prohibiting the installation and use of these tools in the corporate environment without written permission from senior management.

You DO have a written policy delineating staff use and abuse of IT Resources, don’t you?!? If not, you are at grave risk – please call me!! (See my January 2012 article Employee IT Use and Abuse" Policy - Retain Control, Reduce Liability for details)

* Security 2 (remote account Password)

The user's commercial remote access account provides direct access to your network. Anyone can get to this log-on screen, so you need to insist that the password used for this account is a "secure password". Additionally, you need to ensure the user's remote account password is different from the user's network password. (Don't use the same key for both doors :)

What is a "secure password"? See my November 2011 article Secure Passwords - You need to get this right! for full details.


Remote Access Policy

The written permission process mentioned above should require that the employee acknowledge and sign a special “Remote Access Policy” indicating that the employee will comply with the terms of the Remote Access Policy, to include:

  • The specific machine the staff can connect to
  • A secure password is required on the remote access account
  • A secure password is required on the user’s network account
  • The remote access account password must be different from the user’s network password
  • Users cannot share the remote access account credentials with anyone
  • Failure to comply will result in disciplinary action which can include termination

VPN vs Remote PC Access... so why VPN?

Remote PC Access is great for a manager or single employee to access their dedicated PC/Mac while out of the office. It is elegant simplicity! But, as noted above, this doesn’t really work if the remote user doesn’t have a dedicated PC to access. Also, if a large number of staff use these tools, it can become a security nightmare.

If you have a significant mobile workforce, using a VPN with internal resources designed and scaled to support that mobile workforce is a much better solution. This gives you complete control over who accesses your resources, as well as when and what they access. When an employee is dismissed, it is a simple matter to shut down his VPN access.

For remote sites and offices the VPN is, by far, the connectivity method of choice. It is free (assuming you have a firewall at each site), the connection is always up, it requires no software on the PCs, and it extends your main network to the remote sites, allowing your network management utilities to watch over the remote site PCs.


If you have any questions concerning Remote PC Access, implementing VPNs, or any other topics concerning utilizing your infrastructure to enhance your business, I’d be happy to discuss them with you at your convenience. Feel free to contact me at TomK@TomKConsulting.com, or via my cell 443.310.5110.


Next month I’ll discuss the concerns IT should have relating to departing employees, the steps we recommend to properly deal with security and auditing, and different processes used when the departing employee is leaving with blessings or in handcuffs. See "Departing Employee? How to Process them Gracefully and Securely".