Demystifying Remote Access: Part 2 Evaluating your organization's needs and skills for implementation Grant Howe - July 29, 2011 Learn about the skills required for implementing remote access and what you should look for in your organization. This article was is from Sage's whitepaper (PDF) of the same name, authored by Grant Howe. Sage offers donated Sage Business Solutions products and discounted Sage Payment Solutions services to eligible nonprofits and public libraries through TechSoup.In part one of this two-part whitepaper, we discussed the technical components to remote access. Part two reviews the skills required for implementing remote access and what you should look for in your organization.Personnel and Skill Set RequirementsIf you are providing remote access from your internal systems or looking at a third-party partner, there are some definite skill sets necessary in any of the technology choices. Carefully assess if these skill sets are available from your staff or an outside partner. If not, seek to close the gap.Networking and SecurityFirewalls, antivirus, intrusion prevention, compliance controls, and policies and procedures need to be configured properly, maintained and, if appropriate, rolled out to users. An improperly configured firewall is a leading cause of security breaches from external attackers.Generally these are specialized skills not found with sufficient aptitude in an IT generalist. If you plan to manage your remote access solution internally, it is strongly recommended that you seek the services of a professional security analyst. There are organizations that offer certification for analysts — be sure that your security professional is certified by a recognized entity.Operating Systems and AdministrationMost remote application offerings are based on the Microsoft operating system. Besides needing the skill set to install and configure servers, someone must be tasked with applying security patches issued by Microsoft on a monthly basis. Failure to apply important security patches to servers is another leading cause of security breaches.Administration of Services and AccessBesides knowledge of the operating system, you must have expertise in the installation, configuration, and maintenance of the chosen remote application hosting technology. This knowledge is not the same as knowledge of the operating system, therefore the need for additional specialized experience, or finding the rare person who has both, is critical.Application-Specific AdministrationAdditionally, expertise in installing, configuring, and maintaining the application you are making available for remote access is necessary. Make sure to check with the software vendor and ask with which technologies the application has been successfully accessed remotely, and if the vendor supports that configuration. If the vendor says it works but doesn't support it, this should be a big red flag for you. Maintenance headaches are almost a guarantee.Evaluating Remote Application Access OptionsDo It Yourself or Partner?Many organizations have been successful in offering remote access to internal applications with internal resources. If you already have a solid IT department with the skills outlined earlier and have an application whose vendor supports some sort of remote-access technology, you may be in business.However, you still need to consider the significant effort and the opportunity costs of other projects on which your IT staff could focus. Or, you may be considering ways to reduce your IT expenses, since outsourcing such projects is often more cost-effective.Vendor SelectionWith every business relationship, you are looking for not just a vendor, but some sort of partnership. This is imperative when you need to depend on them for the continuity of your business operations. Before making your initial contact of inquiry, gather the following information to help narrow down your options:Length of time in business (avoid new entrants to the market regardless of cost) Proper accreditation (look for SAS 70 type I and PCI at a minimum) Customer support reputation (look for a vendor who strives to make you successful) Avoid lowest bidder or lowest-cost providers (you will usually get what you pay for) Avoid vendors on the cutting edge of technology (success in IT is not gained from taking high risk with new technology) Look for staff with architect-level titles and certifications on technology (MCSE, Cisco, SAIC) Look for a company that first strives to understand your needs rather than prescribes a solution that they want to sell you. Partnering Options: Co-Location, Hosting, and Managed ServicesIt's important to understand what you are being offered versus what you really need. Each of the following options increases in price and also in value.Co-location means that you purchase servers and equipment co-located in a secured datacenter. The vendor provides network access, power, and sometimes firewall configuration. You are responsible for managing the servers, software, and so forth, on those boxes. Co-location is for companies that have an established and experienced IT staff, but do not have a secure datacenter, reliable power, or enough Internet bandwidth to host internally.Hosting means that your vendor rents you all of the equipment, power, and bandwidth for a monthly or yearly fee. You do not own the hardware your applications run on. The vendor also provides the operating systems and manages them for you. Generally the vendor is responsible for keeping your servers up and running and adhering to a service level agreement (SLA). The vendor generally does not support any software that sits on top of your operating system.Examples of software that vendors do not directly support are database, web server, remote access, Active Directory, Exchange, and third-party software (such as accounting or fundraising software). Hosting is a good opportunity to take a load off your IT staff and possibly reduce costs.Managed services providers take hosting to the next level. They do everything a hosting provider would do, plus manage common software like the ones named above. They generally would not manage the business application for which you are setting remote access, but they manage everything else including the remote access technology itself (such as Terminal Services). Managed services are an ideal choice for those who have few or inexperienced IT staff or are looking to reduce IT costs. However, even with managed services some IT staffing is required to run your application.Application Service ProvidersASPs pick up where managed service providers leave off. An ASP offers you remote access to popular applications along with hundreds of other customers. They generally charge you a monthly fee for access and possibly a licensing fee. Typically they use established applications and fit them into a remote access technology infrastructure. They are seldom the developer of the applications to which they are providing access.The ASP model generally eliminates all need to have IT staffing for the particular application you wish to use, making it an extremely attractive option for those with little or no IT staff. The drawback is that you have to find an ASP that offers the application you want. For niche software this could be an issue. One possible drawback is the ASP owns your data. Since it's a commercially available application, you could get your data from the ASP and move to another hosting model at a later time.Software as a ServiceSoftware as a service further picks up where ASPs leave off. SaaS is generally offered to customers by the software developer. The application is specifically tailored and built for SaaS use. SaaS applications are almost always web browser based and have subscription pricing for access but no license fee since you don't own the software.Generally, the user is not required to install any additional software to sign up, pay, and begin using a SaaS product. SaaS products constantly evolve and often add new features on a quarterly basis. Since the software is written specifically for a SaaS model, the developer can listen carefully to its customers and tune the software frequently and quickly to meet their collective needs.Like the ASP model, the SaaS model eliminates the need to have IT staff allocated to this application. The most significant drawback of SaaS is that the vendor owns your data exclusively and switching to another hosting model will have high switch costs. While you could get an export of your data, since the software you are using is only available in SaaS form, you can't buy it and run it yourself. You would have to transform the data and import it into another package. It is widely believed in the industry that the trend is for most software to eventually end up as a SaaS model.SummaryThere are a lot of variables and choices in putting a successful remote application access strategy in place. The bottom line recommendation is that you really shouldn't try to go it alone unless you already have very knowledgeable IT staff in house with available time to support the effort. If this is not the case, a good partner who is interested in your success is the best bet. This work is published under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License.