Remote Access Guide for Nonprofits, Part Two

Remote Communications Solutions: The Options

So, you've determined that indeed you do need a remote communication solution of some sort to resolve a specific business need. The next step is to identify the most reliable, effective, and cost-effective solution you can find. Most often, the simplest solution is the best solution. In this spirit, we are presenting the major categories of remote communications solutions in order of simplest and least expensive to most complex and expensive.

Email: Using Web Email To Develop A Remote Communication Solution

An Executive Director once called me in for a consultation on remote services. She ran a successful NPO with multiple office. She wanted to "tie the offices into the central bookkeeping system" and needed advice on how to do this. After some discussion, it became clear that the business need she wanted to address was much more specific than her description indicated. She wanted to know how to get spending requisition forms to the main office quickly and efficiently from each of the remote offices. Typically, these would be stockpiled for a week and then the manager, who often worked alone, would have to close the office for a couple of hours and make a round-trip to and from the central office to drop off the completed forms.

The fact is that any of the above solution types could have solved her problem, but the easiest and most cost effective was already in place - simple Internet access, and that's the solution I recommended. Simply creating an electronic form (a simple MS Word file replicating the requisition form) and distributing it as a Word file attachment to each site allowed the managers to use basic email to transfer the completed form to the NPOs bookkeeper whenever they needed to submit a purchase requisition. In this case, each office already had email access through a dial-up modem, so all that was needed was the creation of the form, it's distribution, and communicating the new procedure to the staff. This simple solution saved the organization an estimated $8,640 a year in staff time alone. How? If you consider that the average round-trip travel time for each of six managers amounted to 2 hours, or 12 hours total, and that the average hourly rate for the managers was $15/hour, and that this routine was repeated approximately 48 weeks of the year for each manager, you arrive at the sum of $8,640 in staff time costs alone. The cost of the solution in this case was the cost of creating the form in MS Word (1/2 hour) and typing up new instructions and emailing these to the managers and the bookkeeping staff. Even factoring in the pre-existing Internet dial-up account costs of $20/month for six staff, you arrive at a cost factor of $1,440/year, a savings of $7,200/year. Moreover, now that the ED was able to see the potential of simple electronic transfer through basic Internet email services, she could put the tool to use with other processes similar to the requisition form example at no extra cost.

Basic Internet services, especially in the form of email, provide the cheapest and easiest form of remote communication for some solutions. If all you need to do is transfer email messages and file attachments, email is all you will need. Basic Internet services, for example, Microsoft's Hotmail, Yahoo Mail, Netscape mail , and a host of others offer free Internet email. However, Internet email is ideally had in the form of your own domain name email (for example, jsmith@mynpo.org) for each staff person. This customized email service is both more professional and often more efficient - if for no other reason than you will not have size limitations on the amount of email you can store or on the size of your attachments. The so-called free services (actually supported by ads) limit the size of attachments and impose stringent limits on the overall size of your mailbox.

What you will need

1. A connection to the Internet for each office or remote location:
   • phone line or other internet connection (Cable, DSL, etc.)
   • ISP account
   • Modem
   • Phone line to connect to your ISP
2. Internet enabled email account that accepts attachments (ideally of an unlimited size); this can be as basic as a free Hotmail, or Yahoo mail account, but consider that these free services often strictly limit the size of attachments to the point where they are useless for file transfers. We deal with several NPOs that suffer from these so-called "free" services. Using them costs them significantly in lost time and resources. Believe me, they're no bargain for business use although they may be acceptable for personal use.

How it Works

1. A user establishes an Internet connection by dialing up to their ISP and opening email client or Web rowser.
2. A remote or local user attaches files to the email message using file attachment features of almost all email systems and sends the email with attachment to the remote site.
3. Remote user opens the email using their email client and unpacks the attached file(s).

What it can be used for

Quickly and easily transferring files to remote offices and back again. The files can even be large database files that can then be "synchronized" with the main data files as needed. Of course, a large file will take a long time to download using email. We estimate that a 10-megabyte file will take approximately an hour to download over a 36kbps connection. This is a very long wait, so if you are transferring significant sized files (anything over 1 MB) you should consider automating the process.

Remote Control Software

Remote control software is complex stuff, but luckily not for the user. As a technology, remote control software has been around for at least ten years - plenty of time to mature and be very stable and effective. Remote control software are applications that are installed on at least two computers allowing a user on one computer to literally take control of the other remote computer as if he or she were sitting in front of the remote computer using it's mouse and keyboard and seeing exactly what's on its screen. Remote control software works so well it can be eerie. It's strange to be watching a computer that is seemingly running by itself but no user is in sight! That's because the user can be a mile or 100,000 miles away and it makes no difference. The remote computer is controlling the host machine.

Remote control software ranges from free to expensive. The most popular product, and a real classic, is Symantec's PC Anywhere. This product has been around for a long time. It works well, it's easy to set up and configure, and it's not too expensive. PC Anywhere , or any remote control software solution, does one thing: it allows you to dial-in to a remote computer and to control it from a remote location as if you were sitting in front of the remote computer. You actually see the remote computer's screen and you can control everything on it from the remote computers keyboard and mouse. The program has to be installed on both the remote computer, often called the "host" because it "hosts" a remote session, and on the computer on which you are working (typically a laptop or desktop computer at a remote location). The remote control application simply transfers screen images, keyboard strokes, and mouse commands to the controlling computer. All of the processing, file activity, etc. happens on the host computer, thus the speed of the work can be amazingly fast even on a slow analog connection. Most remote control software can also transfer files from the host computer to the remote computer, so if you need to grab files from another office or location the remote control solution may be enough for you.

What you will need

1. Two computers with modems that meet the software's minimum system requirements.
2. Remote control software installed on both computers.
3. Each computer configured to carry out its allotted role: host or remote controller.
4. An available phone line at each location.

How it works

1. The controlling computer dials into the remote host.
2. Remote host establishes connection based on pre-configured criteria (number being dialed from, password, etc.)
3. Session begins and controlling computer "captures" the remote computer.
4. Work is carried out (e.g., data is entered into a remote database, applications are accessed, files are browsed, etc.). If you are using the file transfer features of most of the software the file directory of the host is browsed, the relevant files are identified, and the file transfer is initiated.
5. Work or file transfer is completed.
6. Remote control session is terminated.
7. Remote computer is now available for local use and the controlling computer now has the files necessary on its local drive (if files were transferred).

What it can be used for

1. Retrieving files remotely.
2. Running applications remotely (not an optimal solution as the connection is often too slow).
3. Remote troubleshooting of systems by a systems administrator

Pros

• Stable and reliable.
• Relatively affordable (some software is even free, e.g., http://www.uk.research.att.com/vnc/).
• Relatively easy to set up and use.

Cons

• Limited by the speed of the connection.
• Slow over an analog dial-up connection.
• The host computer must be left on.
• Limits access to one computer only that must be connected to a phone line or the Internet.

RAS (Remote Access Services)

RAS, or remote access service, is a technology that allows a remote user to dial/connect to an office LAN (Local Area Network), and once connected, utilize the LAN just like any other local user - subject to the speed restrictions imposed by their connection, of course. This can be extremely useful as it essentially gives a remote user all of the functionality of the LAN. It goes one step beyond remote control because it gives the remote user access to the entire LAN, not just one computer. Remote access services have been around for some time and are quite reliable and effective. All of the major operating systems offer some form of RAS service. We have experience with the Windows NT/2000 RAS services and this is the one we will focus on, but consider that Novell and Linux also offer similar capacity.

What you will need

1. A computer at the central office -- or other office you want to dial into -- with Windows NT or 2000 Server (Workstation or Professional will do for one incoming connection, Novell NetWare 4.11 or 5 and Linux also have RAS capacity): the computer must have sufficient system resources.
2. Each client computer must have a modem and be configured to dial into the RAS server computer.
3. A phone line and modem for each incoming connection; for example, if you plan to have three staff connect to the main office at one time, you will need three phone lines and modems for each staff at the central office in addition to the phone line and modem on the remote user's end. This can get expensive quickly, which will likely make a broadband option more attractive and affordable where available.
4. The server must be properly configured. See Windows NT RAS server for step-by-step instructions on configuration.

How it works

1. Remote computer dials into the RAS server on the LAN. The phone number must be known to the client and be pre-configured.
2. A RAS server answers the call and applies security options (password authentication, call back, RAS computer only or entire network access, etc.)
3. Once connected and/or authenticated, the remote computer can do anything that it could do on the LAN locally. Of course, pre-existing user rights and restrictions apply just like they would with a local LAN connection.

What can it be used for

In theory, RAS connections can be used for anything local area connections can be. However, they are seriously hindered by the speed of a dial-up connection, which is at best 49-53 Kbps (even 56kbps modems can only achieve a up to 53Kbps connections because of FCC imposed limitations). At 53Kbps, the remote computer could effectively do the following:

1. Browse the network (slowly).
2. Download files (large ones will take a long time, plan on 10 minutes per megabyte).
3. Run some applications; i.e. email programs work well, medium to complex databases do not.

Unfortunately, RAS connections are not very effective in running database applications remotely, such as NWorks 2000. These applications require a lot of processing power and must interact often with the server that stores the shared data file. Even over the fastest dial-up connection, this type of task will be painfully slow. We do not recommend them for medium to heavy database use, and that includes remotely running NWorks 2000.

Pros

• Allows remote users to access and entire LAN without any limitations (although an administrator can impose limitations).
• Relatively affordable.
• Relatively easy to set up.
• Stable.
• Good security.

Cons

• Slow over an analog connection.
• Can get expensive if many users need to connect simultaneously as each will need a separate incoming phone line and modem.

WANs (Wide Area Networks)

WANs, or Wide Area Networks, are the ideal solution for remote computing, with one drawback: they are expensive to setup and maintain. The cost is largely that of recurring monthly lease charges. A WAN can be defined as "a data communications network that covers a relatively broad geographic area and often uses transmission facilities provided by common carriers, such as telephone companies." In other words, a WAN uses leased, dedicated high-speed data lines to connect two or more offices. They are usually very fast depending on the bandwidth you lease and the redundancy you want built into them. They are also relatively secure because you are not sending data out through a public channel, like the Internet, where a clever hacker is more likely to intercept your data. Although they are fast and secure, they are not the answer to all remote computing needs. They have some limitations. For example, by definition, they connect specific locations. They cannot connect a mobile user who needs to access resources from a number of varying locations, so they are not a viable resource for traveling or mobile staff. They are also expensive. A T1 line, which carries data at a rate of 1.55 Mbps or over 30 times the speed of an analog connection, costs in excess of $1000/month and can go much higher if the distance between the locations is great and you require very high "up-time" guarantees. You can lease WAN lines that are even faster than this. T3 lines carry data at a phenomenal 43MBps, but they are prohibitively expensive for most nonprofits and typically only leased by large corporations or Internet Service Providers connecting to the Internet backbone. Fractional T1 and T3 lines are also available. A fractional leased line divides the channels on a line so you get a fraction of the bandwidth carried by that line. As you lease less bandwidth, your costs go down, as does the speed of the connection.

What you will need

1. Appropriate leased lines, most likely, if you go this route you will lease a T1 or fractional T1.
2. WAN hardware that will connect two or more LANs; typically these are routers or bridges.
3. Know-how to set up and configure the WAN; typically purchased from the provider that leases the line as part of the installation and support contract.

How it works

Once set up and configured, the WAN operates much like a typical LAN. You log on to the network and then local and remote computers and resources will be visible and available as configured by the network administrator. If users need to share remote resources on a regular basis (and they better if you are considering the expense and maintenance load of this option), you can easily configure your system to connect to remote resources at log-on. For example, if you share a database among three remote offices, you can configure each user's system to connect to the appropriate data file as soon as they log into the network. The database client interface portion of the application will act just like it would if the data file were stored locally on the user's hard drive. Of course, depending on the speed of the connection, specific actions may be slower over remote connections.

What it can be used for

A WAN can be used for most remote computing needs. The only exception is the roving user who is seldom at the same location. File and email access should be no problem. Even the notorious database will run effectively over a WAN with a decent amount of bandwidth (.5Mbps or higher):

• Browsing the network
• File transfers
• Remote data entry
• Email

Pros

• Fast (dependent on amount of bandwidth leased but even a fractional T1 with 128kbps throughput will offer good speed for most applications)
• Secure
• Reliable

Cons

• Expensive
• Expensive
• Expensive (full 24-channel line offering 1.54MBps costs about $1000 to install and $2,500/month in recurring carrier fees. Less bandwidth is less expensive but still $1000+/month in most locations)

VPNs

VPNs are a sort of cheap WAN, but they can be quite effective for some purposes, and superior to a WAN in some cases. A VPN, or virtual private network, is designed to provide users with secure remote computing using the public Internet as the data carrier. The trick is to "tunnel" the data so that it is encrypted and can only be accessed by an authorized system on the other end. In essence, VPN technology creates a virtual leased line using the public Internet as the carrier medium. Think of the tunnel as the equivalent of your private leased line in a WAN environment. Of course, the connection will be slower, and the complexity of formatting, encrypting, and addressing the data will be greater and will add overhead, further slowing down the connection. But the end result can be an acceptably fast, secure connection to a remote system.

Why would anyone chose a VPN over a true WAN?

There are two reasons:

1. Cost: A VPN, because it does not require leased dedicated lines and can use any Internet connection including a dial-up connection to any ISP, can be much cheaper to operate than a WAN. There simply are no expensive recurring monthly leased line tolls. You will have to buy some form of Internet access for each location you want to connect, but this could be as simple as a $20/month dial-up connection to any ISP.
   
2. Flexibility of access: because the client can dial-in from anywhere where they have an Internet connection, the VPN can be established from just about anywhere a user can connect to on the Internet. A WAN is typically restricted to specific sites for which the leased lines have been connected.

What you will need

1. A VPN product; these are specific product packages sold by a myriad of vendors. The solution can be hardware, software, firewall based, or a combination of these. Typically, they consist of a VPN server component, a VPN client component, and some dedicated hardware (VPN router), although the latter is optional
2. Static IP address for the central site; this allows the client to find the server on the Internet
3. Hardware components such as a dedicated VPN router (optional but advisable)
4. Internet access for every site or user you want to connect to the VPN

How it works

Once the VPN is setup, your vendor will instruct you on the proper procedure to connect to the VPN. Typically, the process is a simple matter of dialing in or connecting to an Internet address; encountering a logon procedure; being authenticated by the software; and then having full access to the resources configured to be available to the VPN users.

What it can be used for

In theory, a VPN can be used for anything a WAN can be used for. In reality, the connection speed will determine what is practical. In all cases, you should be able to access the LAN to transfer files and access your email. Large files will take a long time to transfer. We transferred a 5.5-megabyte file over our VPN and found that it took a full hour to transfer! If you are connecting to the VPN using DSL, cable or other broadband connections, you should be able to effectively share a database application through a VPN and get much faster file transfer speeds. We do not recommend the VPN for remote database applications.

Pros

• Relatively inexpensive
• Secure
• Reduced support costs
• Stable

Cons

• Limited by connection speed (slow over a dial-up connection)
• Not useful for most database application over dial-up connections

Terminal Services

Terminal services is a new, but in a sense, also an old technology. Terminal services is a remote computing technology that allows a remote user to log on to a server either over the Internet, a LAN, a WAN, or dial-up connection, as if they were a dumb terminal. A dumb terminal, or thin client, is a computer the simply displays screen images and serves to provide mouse and keyboard input but on which no processing actually occurs. All of the processing happens on the server and the screen output gets sent back to the client as a screen image. This is why we call terminal services a new/old technology. Although not exactly a dumb terminal like the old WANG and IBM mainframe systems it functions in much the same way, allowing any Windows client, and even Unix, Apple and DOS clients to connect to a Windows 2000 server and act as a thin client for the duration of a session. The old mainframe concept was very similar to the new Terminal Services, a dumb terminal would log into a server, which would in turn run all applications and carry out all processing and data storage. The latest iteration of this concept is getting a lot of attention as Microsoft is pushing it as part of their new server operating system Windows 2000 Server, but the concept has been around almost as long as computing has. The advantage of Terminal Services is that it allows an organization to continue to use older clients with less resources longer than they would ordinarily keep these. It also allows for remote computing, our interest here.

What you need

1. A functional LAN, WAN, or dial-up access that will allow the remote client computer to connect to the server running terminal services; you will want a static IP address for the server computer to greatly ease your client's connection to the server over the Internet.
2. A server computer running Windows 2000 Professional configured to run terminal services; terminal services requires more system resources than W2K Server. Microsoft recommends a server with at least 256MB of RAM in addition to all other requirements of W2K Server.
3. Client computers with Client Access Licenses and the terminal services client software for connecting to the Windows 2000 server; if you are not using Windows clients you will need additional client software installed on the client computer. Typically each terminal services client will cost approximately $200 to equip and licenses.

How it works

Once terminal services is up and running it is quite simple for the remote user to log on and run virtually any application off of the terminal services server. The user simply logs onto the terminal services server (usually through a link on the desktop) and they will see the pre-configured Windows 2000 professional desktop as configured by the administrator. From this desktop image they can launch any application they have rights to and the application will function as if it were local. All of the processing will happen on the server and all data will also be stored on the server, so it's important that the user realize that if he is not connected to the terminal services server he will not be able to retrieve his data. He can, however, print locally and cut and paste information from the terminal services machine to their local machine.

What it can be used for

As the description of how it works would indicate, terminal services can be used for virtually any type of remote computing. Remote administration of servers is an especially good use of TS. An administrator can log onto the TS machine and given enough rights, can configure and troubleshoot a server from anywhere in the world where he or she has an Internet connection. More common NPO applications can be run remotely through terminal services. The fact that only screen images are transferred across the Internet makes the remote functionality viable and typically faster than RAS, VPNS or even WANs.

Pros

• Fast even over an analog connection as only screen images and keyboard strokes are transferred.
• Little or no client side problems can occur.
• Can be used with old machines with very few resources thus significantly extending their life-span and the cost of new client side hardware.

Cons

• High server-side resource requirements.
• Many applications will need tweaking to run well over Terminal services.
• Non-Windows clients can be tricky to configure.
• Can be expensive to set up.
• Lack of client-side storage of data can confuse users.

Database Replicaiton

Many NPOs need remote computing for one purpose: to share databases between several offices. Unfortunately there is no easy and affordable remote computing solution to achieve this. In theory, a VPNs, WANs and terminal services solution can accomplish this function. In practice a VPN and WAN are limited by the bandwidth available to the user. We estimate that a reliable bandwidth that will not try the patience of users is at least a 500+ Kbps connection. Of course, if many users are simultaneously sharing this amount of bandwidth it may not suffice. A 12 channel fractional T1 line will serve the needs of most NPOs. A fast DSL connection can also meet most NPO's needs. However, these are not always available, and where they are available they can be very expensive. As a result we feel that we must mention a solution that is not technically a remote computing solution but that can effectively meet the requirement of sharing a database among multiple offices. We call this technology database synchronization or replication.

Database replication is a utility found in many commercial database products. It allows users in different sites to maintain separate but structurally similar databases that are periodically "synchronized" to produce one master copy that contains all of the combined data from all of the separate databases. This "master" copy can then be redistributed to all of the users who need the complete data set and re-synchronized when necessary.

How it works

1. Master database is created.
2. Design master is created using the product's specific instructions.
3. Replica is created in a new location(s).
4. Replicas are distributed to remote locations.
5. Periodically replicas are retrieved and synchronized with the design master.
6. Newly synchronized replicas are redistributed to begin the process again.

The most important factor in effectively implementing a database replication scheme is to develop an organized system to periodically collect and replicate the disparate databases into a master database and then redistribute the master to begin the process anew. A second important factor is developing a consistent file transfer process. In the absence of a high-speed connection, this will most likely necessitate a data compression routine using a compression utility and a data transfer method. We recommend remote control software for this. The primary reason for preferring remote control software is that it allows one user at the central site to dial into each remote site (assuming they are properly configured to function as a remote control host) and compress and transfer the files without requiring remote location intervention. This minimizes the potential for error and confusion that may result from involving multiple users in an already complex process. Because the replication routine can be time consuming, we suggest that it be scheduled no more than weekly in locations with 2-3 offices and monthly in offices with more than 3 offices.

Pros

• Very inexpensive
• Effective
• Low bandwidth requirements

Cons

• Logistics can be complicated if many sites or users need to replicate continuously
• Slow
• Relatively labor intensive
• More susceptible to human error than most other options