Remote Access Strategy
Determining how you deliver remote access services to your users can be difficult and involves many complex decisions. By applying a structured approach to the design and deployment of a RAS, you can ease these difficulties and implement a solution that is targeted to your organization's specific needs. The following is a proven strategy for developing and deploying a viable RAS that meets your business objectives. This strategy has been successful, especially in larger projects that focused on complex issues, such as remote access.
This implementation strategy is very similar to that discussed in Chapter 17, "Developing an Implementation Plan." (See Figure 17.1 from that chapter.) The same terminology is used in both places, and both chapters use the same structure. The steps are the same; just the details are different.
Phase I Requirements Definition —This phase defines specific business and technical requirements.
Phase II Discovery and Analysis —This phase identifies available technologies, alternatives, options, risks, dependencies, and assumptions.
Phase III Design —In this phase, conceptual design maps the requirements to the available technologies, detailed design defines the solution specifications.
Phase IV Lab —This phase validates the design and demonstrates the solutions capabilities in a controlled environment. Detailed design is modified in iterations until all the requirements are met.
Phase V Pilot —This phase demonstrates solution in a semi-production environment and tests the implementation approach for the subsequent production deployment.
Phase VI Deployment —This phase, typically, deploys the solution by group or by location, depending on size, needs, and services being delivered.
This chapter focuses on the first two phases, because much of what is determined in these phases dictates the forthcoming solution and defines the activities for the last three phases. If you use this strategy to build and deploy your RAS, your chances of developing a comprehensive solution to meet all your business and technical requirements increase.
Requirements Definition
The first step in developing a RAS is to define your remote access requirements. Clearly defined and documented requirements make all the difference between a successful solution and a failed solution. Without defined requirements, you might build a solution that meets the needs of your mobile sales force, but that does not account for your remote administration needs or for your branch-office locations that are planned for occupancy next year.
Because Windows 2000 is built on standards, many of the remote access components that you need to build a standards-based solution are incorporated into the product. Examples of these components include: a public key infrastructure (PKI) , based on X.509 certificates; Windows terminal services; and a Virtual Private Network (VPN) capability, based on Point to Point Tunneling Protocol (PPTP) or on Layer 2 Tunneling Protocol (L2TP) and IP Security (IPSec) . Windows 2000 provides remote users with single sign-on access to network resources because it leverages Active Directory as the central security authority, which authenticates remote users and applies policy and permissions to computers, users, and groups within an organization.
If you are defining your requirements for remote access, you need to evaluate your specific business needs, such as
How large is the remote access population?
Where are the remote users concentrated?
During what times and in what time zones will users be accessing the network?
How restrictive does your network need to be for remote access?
What are your business policies and security policies regarding remote access?
These questions, and more, need to be identified and defined before you determine what specific technologies you need, and how these technologies need to be employed to satisfy your business requirements. Typically, requirements, like the previously listed examples, are determined by first identifying the key customer stakeholders, such as the IT Director or CIO, and the business unit sponsors who require and use this service. After they are identified, you need to develop an interview questionnaire, and then schedule a series of facilitated meetings (individually or as a group) to define (list) these requirements. After they are listed, you would then need to group them into similar requirements, establish the priority for each, and then build a consensus that these requirements are the requirements from which your remote access strategy and solution should be developed.
If you understand the habits and needs of your remote users, you can begin to define remote access system requirements and define how Windows 2000 Active Directory needs to be configured and deployed to support your mobile work force. By understanding these requirements first, you avoid making costly mistakes and eliminate integration issues down the road.
Discovery and Analysis
Performing a thorough examination of various remote access products and technologies, using the defined requirements from Phase I as your base line for consideration, helps you to design and deploy a viable RAS.
Nothing is worse for a user than to have a corporate computing culture of "ease and flexibility," only to find that if they use remote access, they must dial a single long distance phone number that inevitably seems to be busy, and then they are presented with three separate sign-on requests using three unique user IDs and passwords. Worse, they then spend additional time completing expense reports to get reimbursed for remote access expenses when traveling to Europe for an important convention, when all they really needed was a file from the corporate network that took 3 minutes to download, and over 20 minutes and two support calls to obtain!
Doing a comprehensive discovery of technology options and alternatives and then mapping those against the requirements for remote access, a process we call a gap analysis, yields a technology direction. In this way, you ensure these typical user frustrations are avoided because you have developed a strategy for remote access that meets your remote users' requirements in the best possible manner.
Determining exactly what remote access technology you need to meet your remote access requirements is a critical and necessary first step to designing a functional solution for your users. Fortunately, Windows 2000 has many of these inherent remote access technologies built-in. The job of a solutions architect developing a solid remote access strategy is to fully understand the product features and capabilities, to know how they are deployed and managed, and then to determine what additional components are needed to round-out a complete solution.
To help you identify which remote access technologies are available and required for your specific business needs, the sections that follow discuss popular remote access technologies and present specific context for remote access product and technology selection. Unlike identifying which server to purchase and how much memory to install, defining a RAS with all its intricacies might require some external validation or support. Do not hesitate to consult outside expertise in this area; the money spent now is well worth it in the end.