Infrastructure Optimization

In a recent survey done by Gartner of 260 enterprises, 90% of enterprises worldwide have remote workers, but 25% of those organizations don’t know exactly who those remote workers are. Again, according to the survey, the IT departments often have no idea who they’re providing remote access to. Are they executives, sales, engineering, etc. ? How do they primarily connect to the network? Are they teleworking full time or only a few days a week? Better yet, are they roaming nomads that connect from regional branch offices, or maybe from more ghastly places like the airport, the hotel, or the local coffee shop where open WI-FI runs amok.

Here are some more interesting numbers (from Nemertes Research) about what’s happening in the enterprise space as it relates to remote workers:

• 90% of employees work in locations other than headquarters.
• Between 40% and 70% of employees work in different locations from their supervisors.
• Number of “virtual workers” (individuals who work in offices that are geographically separated from their supervisors) has increased by 800% in the past 5 years.
• Companies continue to increase bandwidth in effort to resolve performance problems: 48% of companies plan to increase bandwidth by 100% to 500% annually!

The interesting take on all of this is that a good percentage of enterprises are aware of these issues, but are seriously grappling with the ramifications of an ever changing virtual workspace. Gone are the days where users rely on a single laptop or PC to remotely connect to the corporate network from their home. Has anybody noticed that your laptop, smartphone, PDA, MP3 player, digital camera, etc., has merged into a seamless functioning device where there is longer a distinction between the individual components themselves? And the changing trend in the remote worker virtual workspace has shifted from a mind set of only productivity and effectiveness in the workplace, to more of an emphasis on increasing staff effectiveness. The expectations for connectivity from a mobile workforce has become an anytime, anywhere, any device war zone and IT departments are searching for the solutions to fit this new paradigm.

With the so-called emergence of such solutions as Converged Communications and\or Unified Communications, the big boys like Microsoft, Cisco, Nortel, and the likes are touting such solutions that bring together a one-stop shopping approach to unifying connectivity issues that IT shops are being faced with during this virtual workspace explosion. I think these technologies are fascinating, but does one size fit all?

Needless to say and as I mentioned earlier, one of the biggest hurdles that enterprises face with remote workers is knowing who is connected “How, When, & Why”. For example, than new wam bam Windows Mobile Smartphone PDA Laptop gizmo that the sales guy just got. It has WI-FI! He can sync with the corporate email system and check his mail! He can even VPN into the corporate network. But, what about security, asset, and patch management on this device? These things are probably well-managed on his laptop, but chances are the IT department has no way of effectively enforcing security policies on this device.

Fortunately, I think the big guys are starting to understand this and it will be interesting to see what the future will hold. For example, in a recent article done by counterpart (Jon Connery), Microsoft has introduced SCMDM 2008 (System Center Mobile Device Manager 200 for Windows Mobile devices - that has great promise in filling in the security gap that is desperately needed for these devices.

So stay tuned, as it will be interesting to see how these technologies will impact the remote worker explosion.

You’re absorbing caffeine from a white cup with green letters while surfing the web on your laptop and you suddenly remember that you need something from your corporate VPN. What to do? Yes, I know you’ll try to establish VPN even if you tried it just last Thursday. You’re an optimist who believes that they just might have realized that outgoing VPN is not evil. But alas, you’ll need to head back home since airports, hotels and coffee shops notoriously block most all of the really cool protocols from working.

Some day soon (we hope) you’ll be able stay comfy and do your work. This is all due to the upcoming Windows 2008 and Vista support of SSTP!

The Secure Socket Tunnel Protocol is really an ingenious convergence of secure HTTP (HTTPS/SSL) and Point-to-Point Protocol technologies. In order to make this work you’ll need a few things:

• Windows 2008 Server - Expected February release
• A certificate authority (This can be an internal enterprise CA)
• A firewall - My personal favorite: Microsoft ISA 2006
• Vista SP1 - Early to mid March release. There’s discussion on whether XP SP3 will add this support but the future is unclear. Check again later.

Now, I won’t tell you that giving your road warriors this kind of freedom is going to take 15 minutes and a wizard, but there are already some great resources published to get you ready.

• Dr. Thomas Shinder (The smartest firewall guy I know) has published an article on ISAserver.org on how to configure ISA 2006 for SSTP access:
  • http://www.isaserver.org/tutorials/Publishing-Windows-Server-2008-SSL-VPN-Server-Using-ISA-2006-Firewalls-Part1.html
• Another Dr. Shinder article on WindowsSecurity.com. This one is a 2-part article. Part 1 is a deep-dive on the new protocol and part 2 focuses on configuring required Windows 2008 services:
  • Part 1: http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part1.html
  • Part 2: http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part2.html
• Samir Jain from the TechNet Routing and Remote Access blog has posted a primer on the SSTP protocol:
  • http://blogs.technet.com/rrasblog/archive/2007/01/10/how-sstp-based-vpn-connection-works.aspx

Happy Tunneling!

Jonathan Connery MCSE+I, MCSD
Senior Systems Architect
Getronics Consulting and Transformation Services
Infrastructure Optimization Team