Geek speak: demystifying remote access, part 1

Making mission-critical business applications (i.e. software products) available remotely is a hot topic these days. Consolidating operations, decentralizing offices, travelling and telecommuting can mean that solid remote access technology for your employees and volunteers is critical for your success.

Figuring out what to do or even where to start can be tough. Over the next few months, this series will introduce you to various remote access terminology and concepts, and provide a platform for you to begin your evaluation.

Dive right in - types of applications

The first step is to understand the architecture of the application that you want to access remotely. Some remote access technology choices may not be feasible, based on the application architecture. If you don't know which of the following architectures you are using, contact your IT professional, business partner or vendor for guidance.

Standalone (client/database)

You have a "client/database architecture" when a larger, dedicated application is installed on each user's desktop. This is sometimes also called a "fat client." It connects directly to a database either on the same machine as the client or over the network.

Client/server

The client/server architecture is similar to the client/database model. It also consists of a larger footprint application installed on each user's desktop, but this "fat client" connects to an application installed on the server. The server application then applies business logic before interacting directly with the database.

Web-based

A web-based architecture uses a Web browser as the client and requires minimal software to be installed on the user's computer. The web browser works with a web server to deliver a browser-based user interface (UI) to the end user. The web server may interact with other application servers to run business logic and return results to the user by way of the browser UI.

Know your remote technology options

There are a number of technology options for gaining remote access to applications, each with various bandwidth requirements and security considerations. We will explore the pros and cons of each of the more popular ones.

Tunnel in: virtual private network (VPN)

A VPN is a secure tunnel between a remote user and your internal network. The user creates a session with your VPN server or firewall appliance, and then is allowed to pass data directly to and from your network.

It is just like being plugged into a wall jack at the office, except for one very important difference: the bandwidth for the user is limited by the lesser of their and your available bandwidth to the Internet. In other words, the maximum size of the "pipe" is determined by whichever end passes the smallest amount of data.

Most offices have 100 megabit (mb) connectivity internally and significantly less out to the Internet (1.5 mb perhaps). Most homes have much less - even with a broadband connection. Your user experience may be sluggish with your application, or the connection may be too unstable for the application to maintain a connection to the server.

This makes VPN a challenging option for solutions that use a large-footprint application installed on the local machine. However, VPN does work well for Web-based applications if additional security is desired.

A virtual window: remote desktop connection (RDC)

Remote desktop services allow you to host an application on a remote server and transfer what amounts to screen shots back to the client. Keyboard and mouse inputs are forwarded to the server and the results are shown on the subsequent screen shots that come back. Think of it like using your computer as a virtual window into the server where the application is installed.

This technology allows you to offer a locally-installed software solution to users remotely without needing to boost their bandwidth for the application to communicate with the server effectively. The "screen shots" are compressed so the RDC uses a constant, but small amount of bandwidth.

The current 2008 server version of Microsoft's Terminal Services allows for the publishing of the entire desktop or only specific applications. Application publishing mode allows the user to click on an icon in the start menu, start the application, and then use it as though it were installed on the local machine.

Citrix XenApp is Citrix's version of Terminal Services and allows publishing of applications the same way. Depending on your configuration, XenApp may allow for nicer administration of the applications and a better user experience.

Both solutions - and RDC in general - are good choices for remote access of applications with a large-footprint user interface requiring constant communication with a server inside your network.

Application hosting

While RDC can be managed internally by your own IT staff, many organizations choose to partner with specialized technology and hosting providers. Though service varies with cost, hosting relieves considerable, and possibly all, IT burden from your staff.

For example, an application service provider (ASP) takes an application, puts it into a hosting infrastructure, and sells the use of the software directly to customers. The application is typically one built to be installed directly on a client machine, but the ASP uses Terminal Services, Citrix XenApp, or another technology to remove the administrative burden from the end consumer.

Software as a Service (SaaS) is a significant variant of application hosting. We'll discuss SaaS in greater detail in a future article.

As you can see, there are lots of variables and choices when creating a successful remote access strategy. This first article touched on the terminology and a few options. Next month, I'll focus on security considerations, personnel, and skill set requirements.

I'll close with my favorite technology saying: "Make a difference, not a mess."

Grant Howe is VP research & development for Sage North America's Nonprofit Solutions business. For more than 25 years, Sage has been developing accounting and development software for nonprofits and governments.

Prior to joining Sage, Grant served as executive vice president of engineering and chief technology officer for CareFlash.com, a Web 2.0 company providing free personal Web sites for sharing health updates, information and encouragement with friends and family during illness, injury, pregnancy, and childbirth. He also spent nearly six years in various engineering management roles - most recently as senior director of engineering - at Houston-based NetIQ, a global leader in systems and security management.

Grant holds a master's degree in software engineering from Syracuse University and a bachelor's degree in computer science from the State University of New York (SUNY) College at Oswego.