Case Study: Combining remote access and VPN

A fast broadband linkup along with user-friendly software provides easy remote access to thousands of Microsoft employees

A fast broadband linkup along with user-friendly software provides easy remote access to thousands of Microsoft employees

Today, businesses are asking their Information Technology Groups (ITG) to deliver an increasing array of communication and networking services, while squeezing the maximum possible from budgets and support staff. At Microsoft, the situation is no different. To meet these demands, the ITG at Microsoft looked to the Windows operating system platform, software vendors and service providers for the technology needed to meet the remote access demands of its more than 25,000 mobile sales personnel, telecommuters and consultants around the world.

Using Windows-based clients and enhanced Windows NT RAS technology available in the Windows NT Option Pack, Microsoft's ITG is currently using and deploying a custom Windows-based, remote dial-up and virtual private networking (VPN) solution. New user services, in concert with new Windows-based network services from UUnet, provides users with quicker and easier network access while significantly reducing network costs.

Microsoft's ITG has learned that the widespread adoption and use of technology largely depends on how easy and transparent the experience is for the end user. Likewise, ITG has learned not to deploy technologies whose complexity results in an increased support burden on its limited support staff.

To simultaneously make the remote access solution easy to use and easy to manage, ITG provided the following:

Single client

ITG provided a single client for both the direct dial-up and virtual private network connections. Using Windows integrated dial-up networking technology (DUN) and Microsoft Connection Manager, users use the same client interface for secure transparent access whether dialling directly to the corporate network or connecting via a VPN.

Central management

It also provided central management of remote dial-up and VPN access phone numbers. Microsoft ITG has found that one of the most common support problems travelling users face is determining and managing local access phone numbers. This problem translates into one of the principal reasons for support calls to Microsoft's user support centers. Using the Connection Manager Administration Kit (CMAK) wizard, which is part of Microsoft's remote access solution, Microsoft's ITG preloads each client PC with an electronic "phone book" that includes every dial-up remote access phone number for Microsoft's network.

The result is that Microsoft employees, connecting via the Internet, can easily and securely access any Microsoft BackOffice-based application - the Microsoft intranet and the Internet - through IPORT jacks in hotel rooms and public places at rates of up to 50 times that of typical dial-up modems. This high-bandwidth and easily available connection helps Microsoft employees become more productive and have a better online experience while on the road.

The integrated and open services of Windows enabled Microsoft to supplement its private data network infrastructure and RAS with VPN services by working with UUnet Technologies, Inc., the largest Internet service provider in the world. Under this relationship, Microsoft's VPN solution is integrated with the UUnet Radius Proxy servers through the Windows NT Server 4.0 native support for RADIUS. This provides Microsoft employees with secure local access to the Microsoft LAN through more than 1,000 Internet point-of-presence locations worldwide, at speeds ranging from 28.8Kb/s to 155Mb/s.

Microsoft ITG made reliable and secure local access to UUnet Technologies IP network available to all Microsoft mobile employees, in part by Windows NT Server 4.0, Remote Access Service integrated RADIUS support. This resulted in the delivery of high-quality VPN services over the UUnet Technologies, Inc. infrastructure at a reduced cost. Microsoft ITG conservatively estimates that this use of Windows based VPN service, as an alternative to traditional remote access, will save the company more than $3.5 million per year in remote access fees alone. Additional savings are expected from greatly reduced remote access configuration support and the elimination of call requests for RAS phone numbers.

Directory in Windows NT Server also allowed Microsoft to retain all authentication rights for Internet and LAN access for its employees. This helps maintain network security and requires no change or redundant replication of directory information.

Finally, Microsoft's ITG wanted to ensure that its current investment in the remote access infrastructure would not only be able to meet today's needs, but also enable it to make the most of the opportunities provided by the digital convergence of network-aware applications in the near future.

The momentum of Windows NT Server as a platform for IP telephony, media-streaming technologies and the migration to PBX systems based on Windows NT Server 4.0 is evidence of an increased need for higher degrees of client/server network application integration. The remote access solution ITG selected needed to be flexible enough to meet the forecasted demand for increasingly sophisticated and mission-critical network-aware applications.

"In the end," says ITG program manager Ken Kubota. "What Microsoft remote employees want is easy, fast, secure access to the corporate network."

Using Windows NT Server as the backbone of the remote access solution provides the flexibility needed to economically address current and future needs of Microsoft ITG. The selection of a Windows-based solution allows ITG the freedom to both centrally manage and incrementally extend the Microsoft direct dial and VPN infrastructure at a controlled pace and in an open manner, through partnerships with multiple service providers such as UUnet Technologies. Furthermore, should outsourcing network WAN services and equipment become even more prevalent, Windows provides ITG with a platform that can accommodate this migration while still preserving the value of current software and hardware investments.

The UUnet Technologies, Inc. network that supports Microsoft's wholesale remote access and VPN services provides access to one of the largest IP networks in the world. UUnet's backbone infrastructure features a fully meshed network that extends across both the Atlantic and Pacific, and includes direct fiber optic connections between Europe, North America and Asia. UUnet also provides satellite access services for remote areas that lack Internet connections.

Compiled by Ajith Ram

(c) 1999 Microsoft Corporation

Read more on Mobile hardware