Site home page
Get alerts when Linktionary is updated
Book updates and addendums
Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)
Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!
Contribute to this site
Electronic licensing info
Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.
Remote access covers a range of techniques that let home users, mobile users, and remote office users access resources on a corporate network, or the Internet in the case of an ISP. Remote access methods should let remote users access a network as if they are directly attached to it and using the same protocols. Note that this topic discusses access to corporate networks, but there are many similarities to connecting with ISPs to access the Internet.
There are two types of remote operations:
The remote control method can provide better performance for the user, but a dedicated computer must be set up on the corporate LAN that the remote user controls. Access servers that emulate a number of PCs in the same box are available. Remotely controlling a computer at the corporate site cuts down on bandwidth requirements.
The remote node connection allows users to connect to the network using native protocols, such as TCP/IP or IPX. This is the method that most people use to access the Internet by dialing and connecting through an ISP. See "Modems" and "PPP (Point-to-Point Protocol)".
Typical remote access scenarios include home users who access corporate resources via dialup or another access method. The users may dial directly into the corporate network. Another scenario is users who access the corporate network from a business partner's location across an extranet connection or a permanent leased line. Users may access the corporate network from their own computer, or via computer owned by the business partner or a kiosk system at an airport or Internet café.
NAS (Network Access Server)
Remote users typically connect with an NAS (network access server), which terminates calls and provides an end point for a PPP session. A RADIUS server then handles AAA (authentication, authorization, and accounting) functions. See "RADIUS (Remote Authentication Dial-In User Service)."
An NAS is a gateway into another network. It controls a pool of external modems or it is a modular platform that contains many hundreds of modems. The former is usually implemented at a corporate site where only a few remote users need to dial in. The latter is often implemented by organizations with a large mobile work force. ISPs (Internet service providers) also use access servers to provide dial-up access to the Internet for whole communities.
A typical access server answers a dial-in call from a remote user and performs a logon/authentication to verify the user. The access server may hang up the connection and call the user back at a predefined number for security reasons and to reverse the charges on long-distance calls. As mentioned, authentication on many access servers is performed by RADIUS. A newer protocol called DIAMETER is emerging. Microsoft RAS (Remote Access Service) authenticates users who have accounts in Windows NT/Windows 2000 user databases.
If users are geographically remote, an Internet tunnel such as L2TP (Layer 2 Tunneling Protocol) can save long-distances charges by letting users dial local ISPs and connect with the corporate network across the Internet. While L2TP works well, it sends data unencrypted over the public Internet. IPSec (IP Security) is a tunneling and VPN protocol that provides high levels of security for remote access users. See "L2TP (Layer 2 Tunneling Protocol)" and "VPN (Virtual Private Network)." Also see "Mobile Computing" for other information related to remote users.
An IETF working group called Network Access Server Requirements (nasreq) is drafting a functional specification for a NAS (network access server) and the requirements of protocols that will provide that functionality. See "NAS (Network Access Server)."
Today, large service providers and carriers wholesale dial-up and access services to smaller ISPs and other organizations that need to support a large number of remote users at distant locations. The service provider locates racks of modems, authentication servers, and other access equipment at its PoPs. Smaller ISPs then outsource with the service provider by leasing some of the modems. This allows smaller ISPs to establish presence at remote PoPs. Remote users make a call into the local PoP and establish an L2TP or IPSec session across the Internet to the corporate site.
The actual equipment that houses the NAS and modems has become quite sophisticated. Many hundreds or even thousands of modems are concentrated in rack units and are software programmable from a central device to support fast upgrades. Texas Instruments has a paper at the Web ProForum Web site called "The Evolution of the Remote Access Server (RAS) to a Universal Port-Enabled Platform" that describes this further. TI's GoldenPort solution can automatically sense and accommodate any call type on any available port, and it transports voice, fax, and modem calls from traditional POTS interfaces over multiple-packet networks, including IP, frame relay, and ATM.
Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.