Understanding remote access technologies (Nov 16, 2011) (beginner)
20
Henry Van Styn IntelliTree Solutions November 16 th , 2011
-
Upload
henry-van-styn -
Category
Technology
-
view
223 -
download
1
description
Keynote presentation given on November 16th, 2011 for IMA (non-technical audience) on modern remote access technologies as well as background topics such as Internet routing, NAT, VPN, remote desktop, port forwarding, etc.
Transcript of Understanding remote access technologies (Nov 16, 2011) (beginner)
Henry Van Styn
IntelliTree Solutions
November 16th, 2011
Types of Remote Access
What they all have in common: communicate over
the Internet – common challenges
Brief technical/anecdotal background info – it’s
interesting! (at least I think so)
Practical implications and considerations
Using Remote Access effectively – discuss a few
of the currently available tools/solutions
General:
◦ VPN – (Virtual Private Network)
◦ Remote Desktop
Specific:
◦ Web applications
◦ Other applications
Most everything is now Internet based, including any mainstream Remote Access solution
◦ Legacy: Dial-in, ISDN, other WAN connections (but even those are all IP based)
Global Public Network
Any computer can reach any other computer by its
unique address (“IP Address”)
◦ Example IP Address: 74.125.225.20
Another Global Public Network:
The Postal System
Internet74.125.225.20(google.com)
209.173.141.162
Any computer/device can reach
any other computer/device if it
knows the IP Address….
All Internet applications communicate
over this basic computer-to-computer
connection.
Websites, e-mail, Skype and Remote
Access are all examples of Internet
applications…
There aren’t enough of them
◦ (Compare to CC numbers: ~ 1 trillion per issuer)
“Long-term” fix: IPv6
“Short-term” fix: ugly hacks & workarounds, most
notably “NAT”
Would have run out of addresses 10 years ago
(which is about how long IPv6 has been “right
around the corner”)
(only ~ 4 billion)
(approaching 20 years old)
(~ 340 undecillion)
NAT (Network Address Translation) allows multiple computers to share the same Public IP address. Totally ubiquitous.
Router/Firewall acts as intermediary and tracks individual connections
Major limitation: outbound only – built for things like browsing the web
But also provides security by design – often synonymous with the term “Firewalling”
Primary cause of complexity for Remote Access
Internet
209.173.141.162
192.168.1.5
74.125.225.20(google.com)
NAT Router/Firewall
NAT Allows multiple computers to transparently share a single
public IP Address
Private IP
Internet
209.173.141.162
192.168.1.5
74.125.225.20(google.com)
But NAT only allows outbound access…
Computers on the Internet cannot be the initiator of
new connections
Private IP
Internal computers can only receives replies to
connections they initiate
Internet
Cannot directly
communicate
Internet
VPN
A VPN is itself an Internet Application
that carries network traffic within it
192.168.1.5 Private IP
192.168.1.6 Private IP
Can communicate virtually
Internet
Permanent network-to-network VPN
192.168.1.5
192.168.1.6
A VPN connection alone does not provide Remote
Access
Mapped network drives
Direct network application access over the VPN
(generally slow – example: QuickBooks)
Remote Desktop alternative (such as Windows
RDP, Terminal Services, Citrix)
Doesn’t require a VPN connection or IT
department to setup on the Router/Firewall
Relies on 3rd party servers
Remote Desktop Application with built-in
connectivity
Internet
Services like GotoMyPC provide
Remote Desktop access and work
behind NAT because both sides
initiate connections to a 3rd party
public accessible server
3rd party
server
WebEX
LogMeIn - Free
GotoMeeting alternative: http://join.me – Free
Windows XP and later has RDP and requires no
custom install – but you need to be able to
connect (i.e. VPN)
VNC – also free, Remote Desktop
Cisco, Netgear, Sonicwall, others
OpenVPN – SSL based
OpenS/WAN – IPSec based
Internet
For easy RDP access to a home PC without a
VPN, configure a port forward (supported on
all firewall/router devices, such as Linksys)
Port forward
(RDP: 3389)
192.168.1.5 Private IP
DDNS:
Use DDNS service to be able to use
a hostname instead of an IP address:
• DynDNS
• DNS2Go
• No-IP
Encryption: doesn’t require a VPN
RDP, and most remote access applications are
encrypted anyway
VPN does guarantee encryption
Access policies a larger issue
Remote Access potentially opens your network to
the world – use strong passwords and limit access
