From the secluded areas of India to the bustling business district of Chicago, Exchange admins are barraged with SOS calls from remote workers who have problems accessing their e-mail and connecting to the main office.
"Road warriors" keep IT pros busy with their demands for reliable remote access. The connectivity issues are immune to any distance guidelines -- a worker can be just miles away from the office or halfway around the world. Exchange admins also have to balance their users' expectations and the need to access enterprise applications against security issues. As a result, IT support staff can spend an inordinate amount of time solving connectivity problems.
The situation has become even more challenging because of the variety of complex remote access technologies available, said Brownlee Thomas, a principal analyst, telecom and networks research group, Forrester Research Inc., Cambridge, Mass. "I anticipate the IT challenges will get bigger over the next five years because the No. 1 threat is security and No. 2 is balancing security policies against usability to ensure productivity," Thomas said.
At the same time, the number of remote workers is continuing to grow. According to the U.S. Bureau of Labor Statistics, there were 25 million employees working from home at least once a month in 2001. And the number of telecommuters has been growing at the rate of 15% annually, according to a study by the Hudson Institute Center for Workforce Development.
VPN vs. Outlook Web Access
Jen Stone, IT service manager at Headwaters Inc., is among the IT pros balancing security issues with ease of use for her customers. The South Jordan, Utah-based company provides services, such as conversion of fossil fuels into alternative energy products, to energy companies. Stone and her team support 2,500 users, including about 100 critical remote users who range from employees in the sales and marketing departments to senior management.
Headwaters implemented a VPN, which provides users with the same familiar Outlook interface, as opposed to Outlook Web Access.
"OWA is a problem because it looks different; feels different, and requires different pathways to upload or download attachments, print (e-mails) and look up addresses than the in-office solution," Stone said. "A fortunate few of these travelers have enough computer savvy to shift mental gears when presented with changes to any computing solution, while others could be paralyzed if their machine's Windows theme were to change color," she added.
Stone's enterprise was using Exchange Server 2000 and Outlook 2000, and just upgraded to Exchange Server 2003 at the beginning of August.
One challenge for Stone occurred when VPN over wireless did not work for one Headwaters executive on a London stopover en route to Delhi. He e-mailed the IT department numerous updates describing the problem but because of the time difference, IT was not able to do "on the spot" troubleshooting. Frustrated with the unfamiliar OWA interface, he opted for VPN over dial-up -- a slow and expensive solution.
The IT department received more help requests, Stone recalled, when the same executive arrived in Delhi and, because VPN would not work over the hard-wired broadband in his hotel room, he was forced again to use OWA. When he arrived at the remote northeast of India, 80 miles from the Chinese border and beyond Bangladesh, the only Internet access was at a roadside cyber-cafe. Under armed guard, he accessed OWA amidst squalor and filth and fended off mosquitoes. A malnourished-looking cow and an indigent child stood under a sign that read, "High-speed Internet access available here."
"You know what struck me about the whole story?" Stone said. "The inconvenience of OWA ranked at least as high to him as the squalor, filth, poverty, mosquitoes and a machine-gun-toting bodyguard."
In this case, the executive had a predisposition to not wanting to use OWA. Because Headwaters provides numerous remote options, ranging from POP3 to Outlook over VPN, to Exchange through a Citrix Interface, most users choose OWA only as the last resort, Stone said.
Familiar habits are hard to break. When a large national distribution company migrated from a Multi-channel Memo Distribution Facility, a popular Mail Transport Agent (MTA) for Unix, to Exchange 2003 on Windows 2000 Service Pack 3, the challenge was to support 500 remote U.S. sales force users who were running software from Windows 95 to Windows XP. More than 350 opted to continue with the Unix interface or Kermit. Because the company regards the sales force as its customers, it decided to accommodate a variety of systems since many users were reluctant to change.
"So imagine, some users dialing in via Kermit to read mail online, some users POPing Unix, some users connecting to Exchange via OWA, some using the VPN to connect to Exchange, all with the same domain name," explained David Rettig, a systems engineer for the distributor.
The problem? An internal user can maintain both a POP account with Unix and an Exchange account. An Outlook client POPs mail from Unix and deposits it in the Exchange store, but OWA cannot POP mail. Remote users using OWA did not receive mail messages sent to their Unix accounts, but when they returned to the office they found hundreds of e-mails waiting, which resulted in dozens of calls to the IT department.
Another issue: SCO Unix 5.0.5 doesn't support user names that are more than 14 characters, while Exchange's Outlook allows more than 250 characters for user names.
Rettig said the solution was to use GFI Mail Essentials software to assign multiple accounts to be POP'd into Exchange at the server level. By setting up aliases in Unix and pointing the longer Exchange names to the shorter Unix ones, Unix and Exchange users were able to communicate.
Simple trial and error often works well, said George Wilson, network services manager at Portable Practical Education Preparation Inc./AZEdNet, a social services agency and Internet Service Provider in Arizona that supports approximately 25 remote access users.
The company encountered remote access problems after migrating to Windows 2000 with Remote Access Server. "Basically, if we gave the user dial-in privileges, they weren't allowed in," Wilson explained. The fix, he said, was to give the authenticated users group full control in the users' security settings within the Active Directory.
With remote access a business necessity, providing a comfortable solution that doesn't confuse or frustrate remote access users remains a challenge.
Supporting many different solutions can become a support nightmare, Stone of Headwaters said.
Her advice: "Choose the technology that works for the most people and stick with it."
Paula Jacobs has written about technology for more than 15 years. Her articles have appeared in publications that include CIO , InfoWorld and Network World.
Do you have a useful Exchange tip to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.