REVIEW: Asavie accessmyLAN VPN with ActiveSync

REVIEW: Asavie accessmyLAN

Supplier: Asavie Technologies Product: accessmyLAN Cost: £13.95 pm subscription (+VAT) for single user Review: The review was carried out on a T-Mobile TyTn II WM6 with an unlimited data connection and Windows 2003 Server running on a HP D530 desktop with 1Gb RAM

Introduction

accessmyLAN is a secure, reliable and scalable VPN, subscription based service, providing enterprise-class features and security with no additional hardware, no up-front costs, and without the requirement for specialist technical expertise. One of these features is an ActiveSync proxy service simplyfying the provision of direct push email to mobile phone.

One of the main features of a WM enabled phone is its ability to provide direct push email via ActiveSync (i.e. automatic retrieval and sending of emails over the phone network). Unfortunately this feature is only really available if you have one of three services available to you:

• An ActiveSync enabled email service from an online provider. This service generally costs £7-10 pm (+VAT).
• A subscription to an ActiveSync emulator service such as eMoze. (Not truly ActiveSync).
• A fully configured MS Exchange environment as found in a corporate environment.

However, let us consider the home user who happens to have their own Exchange Server environment. This may seem to be unusual at first sight, but in practice is quite common, especially amongst IT professionals.

In order to enable ActiveSync to function what is needed is:

• A computer running Microsoft Exchange as Backend server hosting the mailboxes.
• A computer running Microsoft Exchange as Frontend server enabling secure access from the internet.
• A valid Certificate to enable secure communications.
• Changes to the firewall to enable the required email and SSL ports to be used for ActiveSync communications.
• A domain name and IP address which is routable and accessible from the internet (either directly or via DynamicDNS).
• A fairly good knowledge of IIS, Exchange and SSL.

Admittedly some of these features can be excluded but only by compromising the system's security. The result is that unless you have access to some serious resources, knowledge and funds then the only realistic solution is one of the first two options shown above.

What is really needed is a solution that provides true ActiveSync functionality using just an Exchange server and which does not compromise your system and network's security. This is where accessmyLAN comes in.

All you need is a working ActiveSync enabled version Exchange Server and a subscription with accessmyLAN and the whole process can be completed in less than an hour:

• Signup.
• Download and install the accessmyLAN agent.
• Add a User.
• Add an ActiveSync device for that user.
• Configure ActiveSync on the device.
• Synchronise.

The only change to the network is to install the agent - no configuration required to either the agent or the network.



Feature Set

accessmyLAN is a monthly subscription service based on the number of users required. A single agent, which is installed on the internal network is included. Additional agents can be purchased if redundancy is required (corporate environment) and traffic is automatically routed and rerouted through them according to their availability.

Each user licence provides the following:

• VPN Agent.
• VPN Client.
• Web Portal.
• Mobile APN (Access Point Name).
• ActiveSync (Microsoft Exchange).

Each client licence allows that user to add as many or as few devices as they need.



VPN Agent
The VPN Agent is installed onto any Windows computer on your network and maintains a secure anbd permanent outbound SSL connection to accessmyLAN's servers. When you want to gain access to your home network's resources you actually make an SSL connection to the accessmyLAN's servers which then routes your requests via the VPN Agent's connection to these servers.

The agent provides any NAT (Network Address Translation) requirements and allows you to connect and work with any IP device on your network.

The agent runs as a service on the installed computer and the only configuration available is the type of logging you want to keep.

VPN Client
This is the core feature for which accessmyLAN was originally developed and is implemented by installing a program on the PC or laptop to be used to access your home network. The VPN client is then activated by running a standard windows dial-up dialog which connects your device with accessmyLAN's servers. Once a connection has been established your device is to all intents on your home network and has access to its resources - printers, files etc.

accessmyLAN does not provide a "desktop" function as provided by other personal VPN products such as LogMeIn etc. Instead accessmayLAN places your device on your home network and allows you to access your resources using standard TCP and windows networking functionality i.e. Shares. This means you can use your own preferred desktop control applications (Windows Remote Desktop. Dameware, VNC, NetSupport etc) allowing the level of access and control you need.

Once again no configuration is normally required as long as you are using non-routable IP addressing within your internal network (i.e. 10.n.n.n or 192.168.n.n) as all routing is performed using your internal DNS. Where this is not the case NAT Addressing for use within accessmyLAN is available. However this is performed using 10.n.n.n addresses above the 10.200.n.n range so these should be avoided by your internal network.

This feature will allow you to access your home network anywhere from which you can access the internet over https (subject to local firewall rules).

Web Portal

The Web Portal is an internet browser based access to your Exchange email using Outlook Web Access. A facility is also provided to access your files and documents using IIS based web sharing. Security via credential based signon (using your windows AD) can be enforced along with an activeX addon that ensures your details are removed from the device cache when finished. This feature does require some configuration both within your network and the accessmyLAN service.

This service means that you can securely access your information from any PC and can be useful where local firewall security blocks the accessmyLAN VPN client.

Mobile APN

This is a feature that enables device connectivity where the VPN client is unavailable or where there is a requirement to limit internet access from mobile devices. It is only available within specific mobile partnerships and device setups and is only applicable within a corporate environment.

ActiveSync

This is the feature that makes this product of special interest to the Windows Mobile user.

The accessmyLAN ActiveSync function basically takes on the role of the Frontend Exchange server, Certificate management, firewall protocol and security administration. All that is needed is for the user's device to be added to their profile and for the device to be configured for direct push email in the normal manner. No additional software on either the device or the server is required.

All security is maintained using SSL encrypted communications, enforcement of login failure policies, logging and authentication and locking of devices to users.

A nice touch is that when a device is added for use with ActiveSync, a device specific configuration page is provided detailing the exact steps and information required to setup the device.

However, this feature is not limited to just Windows Mobile Devices. It is also available to Apple iPhone 2.0, Palm Treo, DataViz RoadSync enabled devices and any Nokia Mail for Exchange (MfE) compatible devices.
Currently Nokia support the E and N series but are adding other devices to the list. This can be a major cost saving in the corporate environment allowing direct push email to be provided without necessarily requiring costly device upgrades.



Installation and Maintenance

All installation and administration is web based using an https secured browser connection. As this is performed for obvious security reasons I have had to limit the number of screenshots and images of the process involved.

However, the administration portal is well laid out and in the average network configuration is kept to a minimum.

The main steps for implementation are:

Signup
A 15 day trial is provided, with no credit card or charging details required, for which a 3 User single agent licence is provided.
Install the VPN Agent
A VPN Agent needs to be installed on a Windows 2000 or later system within your internal network. This agent provides accessmyLAN with its access and communication through your internal firewall. The only requirement for this device is that it is always on and available.
Install a VPN Client on a device
Installation can be performed directly onto the device or a link can be emailed allowing the user to self install.
Configure an ActiveSync device
The details of the device are entered in the Administration portal and the device then needs to be configured for direct push email.

It would be nice to be able to write more about the installation procedures but it really is quite simple. In the event of any problems there is an online help facility and failing that email support is provided which is responded to quite quickly.

In general if you have any problems getting the ActiveSync feature to work it is more likely to be an issue with your internal network and Exchange setup and here is where Asavie can come to your rescue. They have a free tool on their website, The ActiveSync Tester. This tool is free to anyone without registration and can test for:

• Host connectivity and name resolution issues.
• SSL & Certificate problems.
• Exchange Server / ActiveSync issues.
• User Mailbox configuration and security issues.

The results are clear and provide links to both Asavie's help files and also to the relevant Microsoft Knowledge Base articles. If you are an Exchange administrator, even if you do not intend to use accessmyLAN, I would strongly suggest you get a copy of this extremely useful tool.

Currently accessmyLAN ActiveSync supports Exchange 2003 (SP2) and Exchange 2007.

The service is charged monthly in advance but with no minimum contract period.



Conclusion

I have been administering and using this product, in a corporate environment, for over 2 years now and would recommend it in that arena for its powerful feature set combined with easy management and configuration. The ActiveSync function is a relatively new feature and Asavie are continuing to enhance the product by recently adding corporate authentication methods.

At first sight its price would appear to be rather an expensive option for the private user wanting to get direct push email on their device. However, if you consider that for this price not only are you getting direct push email, but also a VPN solution, then it is actually very good value. The general level of pricing for direct push enabled mailboxes is £7-10 per month, with VPN access adding £10-12 per month. A single user accessmyLAN licence costs £13.95 with an equivalent package costing £17+.

Obviously this product is designed for the corporate market, but for the private individual running their own Exchange Server this is definitely a service that should be considered.