Business security

Bring the Desktop to Your Users

Many users who travel find they’ve left vital information they need on their desktop back at the office. However, that doesn’t mean they can’t still connect to their desktop using an iPhone or iPad from wherever they are to retrieve files, access applications, or use corporate portals that are blocked from outside the corporate network.

There are four primary methods a user can employ to remotely access their desktop PC from their iOS device:

Individual Apps

These apps install on a user’s desktop PC and link through a network protocol or service to allow an iPhone or iPad outside the network to connect. These apps include products like Citrix GoToMyPC, as well as free services such as LogMeIn.

These apps can be an issue from an IT standpoint because users can implement rogue solutions without IT consent or monitoring. Any user can buy the app, install it on their PC, and then connect remotely. Because the connection uses standard protocols (usually HTTPS), it may not be possible to block easily with a network firewall. Individual apps seem convenient and get the job done, but you should educate users about the risks and set up a sanctioned alternative to deliver the same capabilities.

Web portals

Another method of connecting remotely to company resources is through a Web portal. A user can log in on their iOS device with a username and password and access business applications via the Web as if they were sitting at their desk. This method gives the IT admin more control, and enables the user to connect to the desktop, typically without installing an additional app.

Because security is maintained through the portal, these systems are easy to make secure to update if a user forgets their login while on the road. A remote access Web portal can be a network hardware appliance, similar to a firewall, or a software-based solution that must be installed and configured on a server with Internet connectivity.

Remote access servers

A remote access server, or RAS, is a dedicated server on the network, which uses a specialized remote access protocol like PPTP or LT2P to securely connect devices outside the company firewall to systems inside. This is often called a VPN, or virtual private network.

Remote access servers have been around for a long time and include products such as the Patton DialFire and the Array SPX1800. Originally designed to handle modem connections, most now use a standard Internet connection to set up a VPN, though some manufacturers still support dial-in modem connections as well.

A remote access server uses two types of protocols: an access protocol like PPTP or L2TP and a security protocol like IPSec or Microsoft Point-to-Point Encryption (MPPE). Both the access protocol and the security protocol must be set up before the user can connect, and the client side (the mobile device part) of these systems can be somewhat difficult to set up and support. Many firewalls, like the WatchGuard series, have VPN functionality built in, and if you use the Windows VPN client that comes with Windows 7, this substantially eases the process of setting up and connecting users.

Many remote access servers include VPN clients for mobile devices such as tablets and smartphones. If you go this route, make sure the RAS platform you choose is compatible with iOS or has an iOS app available.

Cloud services

A cloud service offers some of the same benefits as a Web portal or on-premise RAS solution but without some of the network and administrative overhead. An IT admin can set up accounts for users and install software on the local desktop, which can then link to remote iOS devices. This functions in a similar way to the individual app approach, but can be done en masse for large groups of users.

No configuration of the company firewall is required, and the system works with a variety of devices and platforms beyond the iPhone and iPad, including other smartphones and tablets, or computers. In contrast to the individual app, the administrator can set up user accounts, specify required security, and control access. These services are available from vendors such as GoToMyPC, LogMeIn, and TeamViewer.

With any approach, it’s important to consider security because users outside the company network will be able to access resources and data inside the network across the public Internet. Ensuring that logins use complex passwords and that authentication information and encryption keys are maintained not only ensures security, but reduces support needs, especially when users are unable to contact the IT department for help.

Multiple solutions can enable iOS mobile devices to control a desktop on the company network. Most are easy to set up and run, and, in fact, the only issue for administrators is supplying the service before users run out and do it themselves. Providing this capability makes users more productive and enables them to work from anywhere and still have access to corporate systems.

Subscribe to the Apple @ Work Newsletter