Remote Access Manager White Paper
The Remote Access Manager ( RAM ) provides secure, efficient, accessible, feature-rich remote desktop access, enabling IT managers to cut costs while improving quality of service.
The Power of Remote Desktop Access
Remote desktop access enables a user to take complete control of a distant computer over an organization's network or the Internet, as if the user was sitting at that computer. This technology has a wide range of uses; some of the most common uses are:
When combined with real-time telecommunication through voice-over-IP or conventional telephony, remote desktop access makes location irrelevant for most IT tasks. Travel expenses are reduced, and organizations with multiple offices can reduce the size of their IT staff. A competent individual or small team can perform most IT tasks across the organization. As a result, every office in an organization can benefit from the same top-notch IT staff. In short, remote desktop access enables IT departments to cut costs while maintaining and even improving quality of service.
Problems with Previous Implementations
Though remote desktop access is a powerful tool, several problems with previous implementations hinder organizations from harnessing the power of this technology effectively.
A New Solution: Remote Access Manager
The Remote Access Manager ( RAM ) is an innovative remote desktop access package which addresses all of the problems described above.
Deployment, Management, and Security
At the center of RAM is a server which manages all remote access connections across the private network. An organization may install and run its own server, or it may use Serotek's Internet-based server. Network security policies need not be adjusted for each remotely accessible machine, and an organization can make its machines remotely accessible to authorized personnel over the Internet without compromising security. The server provides a Web-based interface for centralized deployment and management of remote access clients and remotely accessible machines (called hosts). In short, the RAM Server offers the convenience of centralized deployment and management without sacrificing security.
RAM puts the remote IT professional in the same Windows session as the end-user. Not only can the two people work with the same applications and documents at the same time, they can also exchange text and even files through the Windows clipboard. This makes remote training and distance learning possible and is also invaluable for technical support.
RAM consists of three components, the client, the host, and the server.
The client is the program that IT professionals use to remotely access users' machines. It is installed on a portable U3 smart drive, also called a memory module, so IT professionals can use it on any Windows computer in the office, and potentially outside the office depending on the network security policy. The memory module contains not only the remote access client but also System Access, so visually impaired IT professionals can quickly and easily gain access to any Windows computer they encounter by plugging in the memory module.
The host is the program which is installed on each machine that IT staff may need to access remotely. It is provided as a Windows Installer ( MSI ) package, so IT staff can easily deploy it to thousands of machines at once. Once deployed, the host software sits quietly in the background except when remote access is required. It makes no permanent system configuration changes, except to install itself as a Windows service. Except for an icon in the system tray (normally located at the bottom of the screen), users will not notice that the host software is present until they need it.
The host software plays a crucial role in RAM 's accessibility. Because the host software communicates with System Access, it can provide speech output to visually impaired IT professionals when they access it remotely. However, the end-user does not hear this speech output unless he or she is already running a separately installed copy of System Access. If the user is running another known screen reader, the host software recognizes this and informs the IT professional. If the user is running JAWS for Windows or Window-Eyes, the host will even send the screen reader's speech output to the client so the IT professional will hear it.
Hosts can be divided into host groups; each host group has a user account on the RAM Server (described below). A host group may correspond to a department, office, or other organizational unit. Host groups are used to organize large numbers of machines, to set policy, and to ease deployment of the host software.
The server manages all clients, hosts, and connections between the two. As mentioned earlier, an organization can either install and run its own private server or use Serotek's Internet-based server. Serotek's Internet-based server is the most convenient option, since it requires the organization to dedicate minimal resources to RAM . However, deploying a private server is also straightforward, and a private server provides the greatest control over security. Depending on the size of the network, running a private server may be more cost-effective in the long term than using Serotek's server. In both cases, the server provides an easy-to-use, fully accessible, Web-based interface for all management tasks.
A key function of the server is to provide downloadable installation packages for the client and host software. The server automatically configures these packages with information about itself and about the specific client or host group. The IT professional only needs to log in to the server's Web-based interface, download the appropriate package, and install it; no additional configuration is required. This automatic package configuration by the server makes RAM easy to deploy in organizations of all sizes.
The server also plays a vital role in RAM 's security. Each host maintains a connection to the server, which notifies the host of remote access requests from clients. When a remote access session begins, the client and the host both make connections to the server, which relays data between them. Thus, no client can gain access to the host except through the server.
Remote Access Session
Questions and Answers
Do any ports need to be opened for the host machines?
Are remote sessions encrypted?
Yes; all remote sessions, including file transfers, are encrypted end-to-end using Transport Layer Security ( TLS ), also
known as Secure Sockets Layer ( SSL ).
Can Serotek eavesdrop on sessions relayed by its Internet-based server?
No. Session key negotiation and encryption are performed end-to-end between the client and the host; the server merely relays data as-is. Therefore, the server is unable to decipher the data that it relays. This also applies to file transfers; in fact, the server is unaware that a file transfer is even being performed.
What measure have been taken to prevent buffer overruns, which may be exploited to execute arbitrary code?
Most of RAM , including all code which communicates with the network, is written in the high-level Python programming language. Like Java and the . NET Framework, Python automates all memory management, so buffer overruns are impossible.
On which ports does the private server listen for incoming connections?
By default, the private server listens only on TCP port 7260; this port number is configurable. This single port handles both HTTP and RAM 's proprietary protocols. The private server can be configured to also listen on the standard HTTP port.
Does RAM comply with HIPAA?
Yes. For more information, please refer to our web site at www.serotek.com .
Does the private server require a server version of Windows?
No; the private server runs on Windows XP as well as Windows Server 2003.
Does the private server require a database package such as Microsoft SQL Server?
No; the private server uses a built-in, high-performance, low-overhead, zero-configuration database engine.
Does the private server require a web server package such as Microsoft Internet Information Server?
No; the private server uses a built-in, high-performance, low-overhead web server.
Does the private server conflict with an existing web server on the same machine?
No; the private server does not listen on the standard HTTP port by default, though it can be configured to do so.
Does the private server depend on any software apart from the operating system?
No; the private server is a self-contained package which will run on any Windows XP or Windows Server 2003 system.
Does the private server require that its administrator have desktop access to the server machine?
No. Because the private server is packaged for Windows Installer, installation can be non-interactive. After installation, all
management is performed using a web browser.
What limitations exist on the number of host machines that can connect to the private server?
The private server imposes no hard limit on the number of host machines that can connect to it; this number is limited only by CPU speed, available memory, and bandwidth.
Remote desktop access is an immensely powerful tool for IT staff in organizations of all sizes. The Remote Access Manager addresses the problems that most hinder organizations from harnessing the power of remote desktop access effectively. It provides security, convenience, powerful features, and accessibility in an integrated, affordable package. For more information or to inquire about deploying RAM in your organization, please contact your Serotek representative or visit our web site at www.serotek.com .