Site home page
(news and notices)

Get alerts when Linktionary is updated

Book updates and addendums

Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)

Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!

Contribute to this site

Electronic licensing info



Remote Access

Related Entries    Web Links    New/Updated Information

Search Linktionary (powered by FreeFind)

Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Remote access covers a range of techniques that let home users, mobile users, and remote office users access resources on a corporate network, or the Internet in the case of an ISP. Remote access methods should let remote users access a network as if they are directly attached to it and using the same protocols. Note that this topic discusses access to corporate networks, but there are many similarities to connecting with ISPs to access the Internet.

There are two types of remote operations:

  • Remote control    In this mode, the dial-up user remotely controls a computer that is connected to the corporate network. Only keyboard commands and screen updates cross the dial-up connection.

  • Remote node    In this mode, the user's remote computer becomes another node on the network. All requests and responses cross the dial-up connection, usually via PPP links that encapsulate TCP/IP protocols.

The remote control method can provide better performance for the user, but a dedicated computer must be set up on the corporate LAN that the remote user controls. Access servers that emulate a number of PCs in the same box are available. Remotely controlling a computer at the corporate site cuts down on bandwidth requirements.

The remote node connection allows users to connect to the network using native protocols, such as TCP/IP or IPX. This is the method that most people use to access the Internet by dialing and connecting through an ISP. See "Modems" and "PPP (Point-to-Point Protocol)".

Typical remote access scenarios include home users who access corporate resources via dialup or another access method. The users may dial directly into the corporate network. Another scenario is users who access the corporate network from a business partner's location across an extranet connection or a permanent leased line. Users may access the corporate network from their own computer, or via computer owned by the business partner or a kiosk system at an airport or Internet café.

NAS (Network Access Server)

Remote users typically connect with an NAS (network access server), which terminates calls and provides an end point for a PPP session. A RADIUS server then handles AAA (authentication, authorization, and accounting) functions. See "RADIUS (Remote Authentication Dial-In User Service)."

An NAS is a gateway into another network. It controls a pool of external modems or it is a modular platform that contains many hundreds of modems. The former is usually implemented at a corporate site where only a few remote users need to dial in. The latter is often implemented by organizations with a large mobile work force. ISPs (Internet service providers) also use access servers to provide dial-up access to the Internet for whole communities.

A typical access server answers a dial-in call from a remote user and performs a logon/authentication to verify the user. The access server may hang up the connection and call the user back at a predefined number for security reasons and to reverse the charges on long-distance calls. As mentioned, authentication on many access servers is performed by RADIUS. A newer protocol called DIAMETER is emerging. Microsoft RAS (Remote Access Service) authenticates users who have accounts in Windows NT/Windows 2000 user databases.

If users are geographically remote, an Internet tunnel such as L2TP (Layer 2 Tunneling Protocol) can save long-distances charges by letting users dial local ISPs and connect with the corporate network across the Internet. While L2TP works well, it sends data unencrypted over the public Internet. IPSec (IP Security) is a tunneling and VPN protocol that provides high levels of security for remote access users. See "L2TP (Layer 2 Tunneling Protocol)" and "VPN (Virtual Private Network)." Also see "Mobile Computing" for other information related to remote users.

An IETF working group called Network Access Server Requirements (nasreq) is drafting a functional specification for a NAS (network access server) and the requirements of protocols that will provide that functionality. See "NAS (Network Access Server)."

Today, large service providers and carriers wholesale dial-up and access services to smaller ISPs and other organizations that need to support a large number of remote users at distant locations. The service provider locates racks of modems, authentication servers, and other access equipment at its PoPs. Smaller ISPs then outsource with the service provider by leasing some of the modems. This allows smaller ISPs to establish presence at remote PoPs. Remote users make a call into the local PoP and establish an L2TP or IPSec session across the Internet to the corporate site.

The actual equipment that houses the NAS and modems has become quite sophisticated. Many hundreds or even thousands of modems are concentrated in rack units and are software programmable from a central device to support fast upgrades. Texas Instruments has a paper at the Web ProForum Web site called "The Evolution of the Remote Access Server (RAS) to a Universal Port-Enabled Platform" that describes this further. TI's GoldenPort solution can automatically sense and accommodate any call type on any available port, and it transports voice, fax, and modem calls from traditional POTS interfaces over multiple-packet networks, including IP, frame relay, and ATM.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.