Remote Access Technology Overview

Remote access technology allows home users, mobile users, and remote office users to access resources on a company network or Internet Under ISP conditions. The remote access method should allow remote users to access a network just as they connect directly to the network and use the same protocol. Access to the company network is discussed below, but there are many similarities with access to the Internet using an ISP.

There are two types of remote operations:

Remote Control: In this mode, the dial-up user remotely controls the computer connected to the company's network. Only keyboard commands and screen updates are connected by dialing.
Remote node: In this mode, the user's remote computer becomes another node of the network. All requests and responses are connected by dialing, usually through PPP links that encapsulate TCP/IP protocols.
The remote control method can provide users with better performance, but a dedicated computer must be installed on the company LAN for remote user control. Simulate that the access servers of many PCs in the same chassis are available. Remote Control of computers on the company's site reduces bandwidth requirements.

Remote node connection allows the user to connect to the network using the local protocol (such as TCP/IP or IPX), which is a method for most people to access the Internet through dialing and ISP connections.

Typical Remote Access scenarios include home users who access company resources through dialing or another-access method. These users can directly dial into the company network. In other cases, users who access the company's network from the business partner's location through external network connections or permanently rented lines, users can access the company network from their own computers or through the computers owned by their business partners.

NAS (Network Access Server)

Network Access storage uses network TCP/IP, ATM, and FDDI technologies. It connects to the storage system and server host through network switches, and establishes a private network dedicated to data storage.

Remote users are usually connected to NAS (Network Access Server), and NAS receives the call and provides the PPP session endpoint. The RADIUS server then processes AAA (authentication, authorization, and accounting) functions. The RADIUS server verifies the security server. For example, on a vro, all types of access can be directed to the RADIUS server. The RADIUS allows or denies access based on the original configuration to ensure the security of network and other resources.

RADIUS is a document protocol used for authentication, authorization, and accounting between Network Access Server NAS that needs to authenticate its connection) and shared authentication server. RADIUS uses UDP as its transmission protocol. In addition, RADIUS is responsible for transmitting billing information between the network access server and the shared billing server.

NAS is the gateway to access another network, which controls an external modem pool or a modular platform that includes hundreds of modems. The former is usually used on company sites that only a few remote users need to dial in, and organizations with a large number of mobile personnel often use the latter. ISP (Internet Service Provider) also uses access servers to provide all communities with dial-up access to the Internet.

Generally, the access server responds to the incoming call from a remote user and performs logon/identity verification to verify the user. Due to security issues and long-distance call reverse billing problems, the access server can hang up the connection and call the user back with a predetermined number. As mentioned above, authentication is performed by RADIUS on many access servers. A newer protocol called DIAMETER is emerging. Microsoft RAS authenticates users with accounts in the Windows NT/Windows 2000 user database.

If the user is geographically remote, the Internet tunnel (such as L2TP (Layer 2 tunnel protocol) allows the user to dial the local ISP and connect to the company network through the Internet to save the long distance cost. Although L2TP is very suitable, it sends unencrypted data over the public internet. IPSec (IP Security) is a tunnel and VPN protocol that provides a high security level for remote access users. IPSec can provide encrypted and authenticated communication between routers, firewalls, or between routers and firewalls. Although its implementation is more complex, its security is much better than other protocols.

An IETF working group called NetworK Access Server Requirements (NetworK Access Server Requirements) (nasreq) is drafting a NAS (NetworK Access Server) functional specification and Protocol Requirements for providing this function.

Today, large service providers and telecommunications companies sell dial-up and access services in batches to smaller ISPs and other organizations that need to support a large number of users in distant locations. The service provider installs the modem, authentication server, and other access devices on many of its PoP racks. A small ISP seeks outsourcing from the service provider and rents some modem. The remote user calls the local PoP and establishes an L2TP or IPSec session to the company site over the Internet.

The actual devices that hold the NAS and modem have become very complex. hundreds or even thousands of modems are concentrated in the rack units and can be programmed from a central device, to support quick upgrade. Texas Instruments has a paper on The Web ProForum Web site called the Evolution of The Remote Access Server (RAS) to a Universal Port-Enabled Platform, which is further described. TI's GoldenPort solution can automatically identify and adapt to any call type of any available port, through a multi-data group network (including IP, frame relay, and ATM) transmit voice, fax, and modem calls from traditional POTS interfaces.

1. Remote access is becoming increasingly mature, but ensuring security is the final principle
2. Ssl vpn-Introduction to remote user access technology