Secure Solutions for Telecommuters

hroughout the country, government agencies are scrambling to support telecommuting initiatives designed to offer more flexibility to workers and reduce traffic in major metropolitan areas. To do this, agencies will need to install robust and secure remote-access solutions for their networks. Our test center rated five department-level remote-access servers from some of the best names in the business. Read on to find out which server is right for your workgroup.

If you're in the market for a remote-access server or find that your current remote solution is running out of steam, take a look at five hardware-based solutions recently evaluated by the FCW Test Center.

These systems allow employees to connect to their internal networks from the road or from home. For the most part, the technology is transparent; users appear to plug directly into the local network. However, these systems can be very slow-only 56 kilobit/sec over analog phone lines. To fix this, vendors now support Integrated Services Digital Network (ISDN) as well as plain-old telephone service.

This comparison evaluates the end-to-end remote-access solutions from five of the best-selling vendors in the government market. We asked each of them to provide us with departmental servers that could support at least an eight-port combination of ISDN Basic Rate Interfaces and asynchronous interfaces or integrated modems. In addition, we asked the vendors to provide us with their recommend-ed ISDN solutions for a telecommuter's home office. We also looked at the client software and management tools provided with each server.

In the end, we evaluated 3Com Corp.'s AccessBuilder 4000, Ascend Communications Inc.'s MAX 1800, Cisco Systems Inc.'s Cisco 3640, Shiva Corp.'s LanRover/E Plus and 3Com Corp.'s (formerly U.S. Robotics) Total Control NETServer/8 I-modem. We also looked at Attachmate Corp.'s RLN Server 4.2, which is a good software-based remote-access solution.

We found most of the servers to be scalable and rich in features. Several of the servers were built around modular chassis that can be reconfigured as your remote-access needs change. Cisco's 3640 provided the most expansion options and can easily scale from the departmental level to the enterprise. If you want faster download speeds, look at the 3Com NETServer 8/I-modem and the Ascend MAX 1800, which incorporate the latest 56 kilobit/sec modem standards.

Agencies looking to rid themselves of expensive 800 access numbers or long-distance charges will be happy to find Virtual Private Dial-in Networking (VPDN) support in most of the servers. Two technologies currently exist for providing VPDN support: the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Forwarding (L2F) protocol. VPDN enables remote users to connect through a local Internet service provider account and, using encryption and encapsulation provided by PPTP and L2F, create a secure tunnel across the Internet to their agencies' local networks.

In the security area, all the servers support Remote Authentication Dial-In User Service and other well-known security methods such as the Terminal Access Control Access Control System and secure identification from Security Dynamics Inc. The highest level of security support was provided by the 3Com AccessBuilder, which was the only remote-access server to provide security for Microsoft Corp.'s Windows NT Domain and Novell Inc.'s NetWare Directory Service.

Most of the servers provide client software for dial in/dial out and offer unlimited licensing for their use. Cisco and Ascend, however, charge extra for their client software. 3Com's Transcend AccessBuilder Manager and Shiva's Shiva Net Manager provided the best Windows- based management software and make configuring the servers a snap. We also got a sneak peek at Ascend's latest Java-based configuration program and a beta version of Shiva's popular ShivaRemote for Windows 95, both of which should be available when this story is published.

As far as performance is concerned, all the servers fared well in our moderate-load tests. To choose one of these servers, you need to decide what is most important to you: scalability, client support, security or manageability. We chose 3Com's AccessBuilder 4000 as the best overall value because it offers the easiest configuration and management, excellent security, very good client software and a terrific price per port. However, most of these servers scored above 7.0 on our scale of 1 to 10 and are recommended.

John Marshall is the information systems manager with FCW Media Group.

If you're in the market for a remote-access server or find that your current remote solution is running out of steam, take a look at five hardware-based solutions recently evaluated by the FCW Test Center.

These systems allow employees to connect to their internal networks from the road or from home. For the most part, the technology is transparent; users appear to plug directly into the local network. However, these systems can be very slow-only 56 kilobit/sec over analog phone lines. To fix this, vendors now support Integrated Services Digital Network (ISDN) as well as plain-old telephone service.

This comparison evaluates the end-to-end remote-access solutions from five of the best-selling vendors in the government market. We asked each of them to provide us with departmental servers that could support at least an eight-port combination of ISDN Basic Rate Interfaces and asynchronous interfaces or integrated modems. In addition, we asked the vendors to provide us with their recommend-ed ISDN solutions for a telecommuter's home office. We also looked at the client software and management tools provided with each server.

In the end, we evaluated 3Com Corp.'s AccessBuilder 4000, Ascend Communications Inc.'s MAX 1800, Cisco Systems Inc.'s Cisco 3640, Shiva Corp.'s LanRover/E Plus and 3Com Corp.'s (formerly U.S. Robotics) Total Control NETServer/8 I-modem. We also looked at Attachmate Corp.'s RLN Server 4.2, which is a good software-based remote-access solution.

We found most of the servers to be scalable and rich in features. Several of the servers were built around modular chassis that can be reconfigured as your remote-access needs change. Cisco's 3640 provided the most expansion options and can easily scale from the departmental level to the enterprise. If you want faster download speeds, look at the 3Com NETServer 8/I-modem and the Ascend MAX 1800, which incorporate the latest 56 kilobit/sec modem standards.

Agencies looking to rid themselves of expensive 800 access numbers or long-distance charges will be happy to find Virtual Private Dial-in Networking (VPDN) support in most of the servers. Two technologies currently exist for providing VPDN support: the Point-to-Point Tunneling Protocol (PPTP) and the Layer 2 Forwarding (L2F) protocol. VPDN enables remote users to connect through a local Internet service provider account and, using encryption and encapsulation provided by PPTP and L2F, create a secure tunnel across the Internet to their agencies' local networks.

In the security area, all the servers support Remote Authentication Dial-In User Service and other well-known security methods such as the Terminal Access Control Access Control System and secure identification from Security Dynamics Inc. The highest level of security support was provided by the 3Com AccessBuilder, which was the only remote-access server to provide security for Microsoft Corp.'s Windows NT Domain and Novell Inc.'s NetWare Directory Service.

Most of the servers provide client software for dial in/dial out and offer unlimited licensing for their use. Cisco and Ascend, however, charge extra for their client software. 3Com's Transcend AccessBuilder Manager and Shiva's Shiva Net Manager provided the best Windows- based management software and make configuring the servers a snap. We also got a sneak peek at Ascend's latest Java-based configuration program and a beta version of Shiva's popular ShivaRemote for Windows 95, both of which should be available when this story is published.

As far as performance is concerned, all the servers fared well in our moderate-load tests. To choose one of these servers, you need to decide what is most important to you: scalability, client support, security or manageability. We chose 3Com's AccessBuilder 4000 as the best overall value because it offers the easiest configuration and management, excellent security, very good client software and a terrific price per port. However, most of these servers scored above 7.0 on our scale of 1 to 10 and are recommended.3Com AccessBuilder 4000

3Com's AccessBuilder 4000 features a two-slot modular chassis that can be populated with either two eight-port asynchronous cards, two four-port ISDN S/T or U interface cards, or one of each. Depending on your needs, you can choose either the Enterprise or ISDN Plus version of 3Com's AccessBuilder system software. Enterprise supports AccessBuilder when using an asynchronous-only configuration, while ISDN Plus supports asynchronous and ISDN configurations. In addition, ISDN Plus provides PPTP support through 3Com's WANstackable configuration or in conjunction with a Windows NT 4.0 server configured for PPTP service.

AccessBuilder was a near-perfect out-of-the-box solution, only requiring the administrator to add modems to support analog callers. 3Com even provides the necessary cables to connect modems to the server. We found it quite easy to get AccessBuilder configured and accepting calls, thanks to the bundled Windows-based Transcend AccessBuilder Manager software. TABM displays a graphical representation of AccessBuilder's backside, giving us easy point-and-click access to interface cards and port configuration. TABM also provides protocol statistics, connected-user statistics and user logs. The screens, however, were dull and not graphical in nature. 3Com also provides its Trap Manager for Windows NT software, which collects Simple Network Management Protocol trap messages arriving from AccessBuilder and stores them in the NT event viewer.

AccessBuilder's LAN-to-LAN connections provided routing and bridging as well as token-ring source routing. AccessBuilder can act as a Dynamic Host Configuration Protocol (DHCP) proxy for dynamic Transmission Control Protocol/Internet Protocol addressing. In addition, you can pool up to 16 TCP/IP addresses directly in the server. AccessBuilder also supports a slew of third-party security devices, including the Windows NT Domain server and Security Dynamics' ACE/Server. We were also happy to find support for NetWare Bindery and NetWare Directory Service.

3Com packages Stampede Technologies Inc.'s Remote Office software with AccessBuilder. Remote Office includes Stac Inc.'s Reachout client viewer, FTP Software Inc.'s OnNet TCP/IP client and Network Products Corp.'s Network Communication Services Interface for dialing out. By the time you read this review, 3Com will be shipping Remote Office 4.0, which will support Windows 95. The company also will ship Stampede's TurboGold accelerator software, which enhances the performance of file read-intensive applications, such as LAN-based mail, databases and word processing. TurboGold does this by transferring only data blocks that have changed, thus reducing the traffic traversing the wide-area network.

The 3Com unit fared well in our performance testing, falling in the middle for file transfer protocol transfers. 3Com paced our performance leaders Cisco and Shiva in IPX transfer times, lagging by only fractions of a second.

3Com provided us with the External Impact IQ ISDN modem for our ISDN telecommuting solution. We found the installation to be much simpler than with an ISDN router. The software will auto-detect the central office switch type and configure the necessary Service Profile Identifier (SPID) information. You can also assign numbers to the built-in POTS jacks, enable Multilink Point-to-Point Protocol (MPPP) and configure ISDN B Channel connection rates. The software includes a built-in diagnostic tool, a firmware upgrade utility and the ability to save and restore configurations. 3Com also provides a mail-in card for a free Macintosh serial cable as well as special offers for purchasing 230,400 bit/sec COM port cards.

3Com's AccessBuilder is our top choice for several reasons. The server delivers easy configuration out of the box and provides very good client software. It is also easy to manage and offers well-rounded performance numbers. The unit sports the lowest price per port as configured and offers moderate expandability and support for VPDN. In addition, the 3Com server topped the chart for its breadth of security options.

Shiva LanRover/E Plus

Shiva's LanRover/E Plus has a unique per-port expansion capability that gives the administrator a choice of mixing or matching Shiva's V.34 modem modules, DB-9 asynchronous serial modules or ISDN BRI modules (S/T or U interfaces). However, the Shiva server was one of the least expandable in port density in our lineup, supporting a maximum of only eight ports.

Separating it from other servers in the lineup was its ease of configuration and deployment, thanks to well-written, well-organized documentation and the Shiva Net Manager application. Supported on Windows 3.1x, Windows 95 and Macintosh platforms, Shiva Net Manager makes configuring and managing the device server a snap through a graphical user interface. Shiva also includes activity-logger software for collecting and viewing information about Shiva devices.

The LanRover supports LAN-to-LAN routing over analog and ISDN media. In addition, MPPP channel aggregation lets LAN-to-LAN connections use up to eight analog or digital channels simultaneously. Protocol routing support is provided for TCP/IP, IPX and AppleTalk. Client workstations equipped with Shiva's LanConnect software can initiate connections to one or more LANs. Shiva provides a LanConnect client for both Windows 3.1x and the Macintosh operating system but not for Windows 95 or NT clients; at this writing, Shiva has no intent of supporting these platforms. In fact, the company said it plans to discontinue this software altogether, which we think is a shame.

The LanRover provides spoofing at the network and application levels and thus creates virtual connections for remote PC and LAN-to-LAN analog and ISDN connections. During lengthy idle periods, the physical line connection is suspended and resumes automatically when data is sent. The LanRover allows for floating virtual connections, in which connections may be resumed on a line other than the one that the connections originated on, as long as the connections are re-established within the same LanRover. Floating virtual connections, however, are supported only on PC clients running the Shiva Remote client software.

Shiva supports TACACS/ TACACS+, RADIUS and NetWare Bindery. The unit also provides native authentication via an internal list called the Shiva User List. For a network with a number of LanRovers, a single LanRover can be flagged as the master Shiva User List server and all other LanRovers configured to authenticate dial-in users via this single server.

The excellent client software provided with the LanRover includes ShivaRemote, which is multiprotocol dial-in client software for DOS, Windows 3.x platforms and OS/2. Windows 95 clients are supported by the Security Pack for Windows 9, which gives added functionality, such as dial-in banners, roaming dial-back, password changes, password expiration and support for third-party security. The Windows 95 client, however, is lacking features found in the ShivaRemote client, such as virtual connections and integrated Powerburst support. (Powerburst is compression software that Shiva sells separately.) Macintosh clients are supported through Apple Remote Access (ARA) software - versions 1.0 or 2.X - and through Shiva security extensions. These extensions allow ARA 2.0 clients to dial up the LanRover servers using NetWare Bindery, TACACS or Security Dynamics' ACE/Server.

Shiva's server was the fastest at IPX text and FTP text and was competitive in all the other benchmark categories.

The Shiva AccessPort router ships with an ISDN installation utility as well as the necessary crossover cable for connection to a local Ethernet network interface card and ISDN wall jack. The utility software that shipped with the AccessPort was the best in this review.

In addition to a helpful installation wizard, the Shiva Monitor utility provides an image of the AccessPort unit, allowing point-and-click access to configuration information. The software also included an extensive collection of online help files, an interoperability guide and an ISDN provisioning guide.

We liked the second-place Shiva remote-access server solution because it is an easy-to-configure server with excellent performance and great client software. However, due to performance degradation, it doesn't support more than two ISDN BRI modules in conjunction with the four V.34 modems installed. The LanRover also does not support VPDN but has a higher per-port price than some of the other servers.

Cisco 3640

If scalabilty is a key factor in your purchasing decision, then the Cisco 3640 is for you. A recent addition to the Cisco family, the 3600 series is available in two modular designs: the 3620 two-slot chassis or the 3640 four-slot chassis. These models offer an impressive list of interface options, including asynchronous/synchronous serial, ISDN BRI and channelized T-1/ISDN. However, you will have to burn one slot in the chassis on a network interface module. All three network interface modules include dual WAN slots that can be populated with a one-port synchronous serial or ISDN BRI (S/T or U interface) card. For our review, Cisco's 3640 was configured with an eight-port asynchronous/synchronous module, eight-port ISDN BRI module with built-in NT-1 and a dual Ethernet interface with two open WAN slots.

One drawback to Cisco's remote-access server is configuring the unit through the command line interface provided with the Internetwork Operating System. Although IOS is proven and powerful, it can be quite formidable for the novice administrator. Cisco does take the edge off initial configuration by offering the System Configuration Dialog. This interface steps the administrator through configuration parameters such as passwords, protocols and interfaces. With the release of IOS Version 11.0, Cisco incorporated a Hypertext Transport Protocol service into the software. That provides some general statistics as well as hyperlink access to the IOS command line.

In the latest release of IOS 11.2, Cisco has introduced the ability to use multiple access servers in what the company refers to as stack groups, or Multichassis MPPPs. In this configuration, the access servers are peers with one another. For instance, if a client establishes a connection to an access server configured within a stack group, the answering server owns the call. The calling client can then decide to initiate a second and create an MPPP session. However, if a different access server within the stack group answers the client's second call, the access server establishes a tunnel, through L2F, and forwards all packets belonging to the call to the access server that owns the original call.

The Cisco 3640 uses L2F to create a VPDN. L2F allows remote clients to establish a PPP connection with their local ISP and then "tunnel" through the ISP's backbone to the agency's home gateway.

Cisco fares well in security, with support for the Password Authentication Protocol (PAP), the Challenge Handshake Authentication Protocol (CHAP), RADIUS, TACACS, SecureID and Enigma Logics. For an additional cost, Cisco recommends its CiscoSecure security package. The latest version of CiscoSecure Access Control Server (ACS) provides centralized control and authentication for remote-access users as well as secures router access within a network. The CiscoSecure ACS offers administrators easy configuration through a rich HyperText Markup Language/Java-based interface. CiscoSecure makes use of an Open Database Connectivity-compliant database for storing authentication, authorization and accounting data.

For our client software requirements, Cisco provided a copy of CiscoRemote Plus for Windows 3.1x and Windows 95. CiscoRemote features Netscape Communications Corp.'s Netscape Navigator, Farallon Communications Inc.'s Timbuktu Remote Control Software, DataBeam Corp.'s FarSite conferencing software and Banyan Systems Inc.'s BeyondMail mail as well as popular Internet utilities such as Telnet and File Transfer Protocol. However, you'll need to pay a per-seat licensing fee for each remote user requiring the software.

The Cisco 3640 was the performance leader in our review, sweeping four of the six speed categories we tested. It is worth noting that the Cisco server performed the fastest in IPX transfers, outpacing some boxes nearly twofold.

For our home telecommuting solution, Cisco's 766 ISDN router best matched our criteria. The 766 is a full-featured IP/IPX router that provides support for transparent bridging. The 766 also can act as a DHCP server and has the ability to translate private internal TCP/IP addresses into unique addresses for talking to hosts outside the private network through port address translation. The unit also supports Stac's LZS compression and is SNMP-manageable. The 766 featured ISDN U and S/T interfaces, dual POTS jacks and a 10Base-T Ethernet port. The Cisco 700 Series devices use their own version of IOS, appropriately titled IOS 700. The command syntax differs from the mainstream IOS, so you will need to further expand your IOS vocabulary. Cisco also provides its Windows-based configuration program, called ClickStart, to get your router up and running fast.

The Cisco 3640 is a good choice in environments where expandability and performance are priorities. The only drawback is that it's difficult to configure via the IOS command line. However, as this story was going to print, Cisco announced newly developed software that promises to make configuration less painful.

Ascend MAX 1800

The Ascend MAX 1800 is outfitted in a slim, rack-mountable chassis that houses eight internal ISDN BRI ports and two modular expansion slots. The unit also sports a V.35/RS-449/422-compatible WAN serial interface port. To support our requirement for analog dial-in users, Ascend populated an expansion slot with the company's V.34/V.42 digital modem card. The MAX 1800 is able to terminate either a digital or analog call per ISDN B channel. Ascend also has recently upgraded its digital modem card to support the K56FLEX modem standard.

Configuring the MAX 1800 wasn't as easy as we'd like; it uses a character-based interface rather than a GUI. The menus are crude but efficient, and we were able to get our unit up and accepting calls in a reasonable amount of time. Ascend also provides a batch-processing language that allows the administrator to create tailored configuration interfaces.

Similar to the Cisco 3640, the MAX 1800 can be configured to operate in a stack group configuration. For VPDN service, the Ascend unit provides support for PPTP as well as the company's proprietary Ascend Tunnel Management Protocol. The MAX 1800 can also assign dynamic TCP/IP addresses through DHCP service provided in the server.

Security features with the MAX 1800 were strong, including support for TACACS+, RADIUS, Security Dynamics' ACE/Server and Microsoft's CHAP supported by Windows NT servers. In addition, Ascend offers its own Secure Access Firewall package, which is managed through the company's Windows-based Secure Access Manager software.

The Ascend solution was the slowest at FTP text and FTP Zip text transfers, but it landed in the middle of the pack on the rest of the benchmark tests.

Available in either an ISDN U or S/T interface, Ascend's Pipeline 75 ISDN solution provides multiple protocol routing and bridging for home telecommuters or branch offices. The unit includes Ethernet connectivity and dual POTS jacks for analog device connectivity. Ascend bundles its MAXLink PPP software for DOS, Windows 3.1x and Apple Computer Inc. Macintosh platforms. For local LAN users, Ascend's MAX Dial software provides dial-out access through digital modems located in the server.

The Ascend offering is one of the few that supports 56 kilobit/sec modems and integrates ISDN with POTS. Unfortunately, however, the client software costs extra, and the management software is difficult to use. Hopefully, Ascend's new Java configuration program will solve that problem.

3Com Total Control NETServer/8 I-modem

After unpacking the NETServer from its carton and seeing it had only four fixed ports, we assumed 3Com (formerly U.S. Robotics) had sent us the wrong server. But after further investigation, we found that the server incorporated U.S. Robotics' I-modem technology on each port.

I-modem is essentially an ISDN terminal adapter combined with U.S. Robotics' V.Everything/ V.34 modem technology. This enabled the NETServer to distinguish incoming calls as either analog or ISDN, terminating either on the same port. This provides up to eight simultaneous analog or ISDN connections or up to four MPPP ISDN connections. The NETServer is also available in a 16-port version that sports the same I-modem technology.

What we liked most about the NETServer was that all terminations from the telephone company to the server were digital. Not only does this provide a higher level of reliability, but, when combined with the NETServer's support for X2 technology, it means you can provide download speeds of up to 56 kilobit/sec to your remote users equipped with a modem supporting X2. Also, when using the NETServer as a modem pool, local LAN users can benefit from X2 technology when connecting to services also supporting X2 technology. Additionaly, 3Com offers a service called LineTest that allows your remote end users to call a toll-free number and have the LineTest server perform a series of diagnostics in order to determine if the connection is capable of handling U.S. Robotics' X2 technology.

To configure and manage the server, the company provides its NETServer manager software for Windows. Unfortunately, the software can communicate with the NETServer only via TCP/IP, so if you're in an IPX shop, you'll need to enable TCP/IP communica-tions on your local network. The software also had no auto-discovery of the NETServer upon network installation. We had to first connect to the server's console port to configure TCP/IP settings for the server through the NETServer's command line interface.

To make the initial setup more user-friendly, 3Com now provides a copy of its Windows-based NetStarter software with the server. By using a supplied null modem cable connected to the server and a Windows-based PC, NetStarter guides the administrator through a series of user-friendly windows, allowing quick and easy pre-configuration of the unit.

The NETServer 8/I offers LAN-to-LAN routing capabilities for IP and IPX, and the company recently added routing capabilities for AppleTalk. The NETServer doesn't support bridging, however, so it's unable to support nonroutable protocols such as NetBEUI.

The security offerings that came with the NETServer were slim compared with those accompanying the other servers in the lineup, but the NETServer's offerings did include support for RADIUS and PAP/CHAP. The NETServer also includes support for per-port filtering.

The client software offered with the NETServer matched the software that came with 3Com's AccessBuilder. Stampede Remote Office 4.0 client as well as the TurboGold acceleration software will ship with the NETServer by the time this article goes to print.

Performance, while satisfactory, was the lowest for IPX file transfers. The NetServer per-formed better with FTP transfers, landing in the middle of the pack.

For our ISDN telecommuting solution, 3Com provided U.S. Robotics' Courier I-modem. As with the NETServer itself, the I-modem had a built-in NT-1 with an ISDN U interface as well as U.S. Robotics' V.Everything/V.34 modem technology. Installing the device on our local Windows 95 PC was a snap using the included I-modem configuration utility for Windows. This program allows easy configuration of switch types, SPIDs and directory numbers. The program also tests the physical connections between the I-modem and the central office as well as data link layer testing.

On the plus side, the NETServer was easy to configure, and it supports U.S. Robotics' X2 technology - a feature we really liked. The NETServer provides fixed ports, so expandability comes in stacking NETServers. However, security options are limited, which affected the overall score. The unit also scored lower than average in support policies by not offering a money-back guarantee. Also, a call placed to the company's round-the-clock support line on a Saturday was never returned.

-- John Marshall is the information systems manager with FCW Media Group.

* * * * *

THE CONTENDERS

* Ascend Communications Inc.'s MAX 1800, available on the GSA schedule. Score: 7.36

* Cisco Systems Inc.'s Cisco 3640, available on the GSA schedule. Score: 7.55

* Shiva Corp.'s LanRover/E Plus, available on the GSA schedule. Score: 7.78

* 3Com Corp.'s AccessBuilder 4000, available on the GSA schedule. Score: 7.79

* 3Com Corp.'s (formerly U.S. Robotics) Total Control NETServer/8 I-modem, available on the open market. Score: 6.07

* * * * *

HOW WE TESTED: Remote-Access Servers

We tested remote-access servers on our test-bed network, with four Windows 95-based clients dialing in.

Server Configuration/Ease of Use: Issues that determined this score include the time it took from initial power-up to fully configure the server and have it accepting our dial-in calls. We also rated the configuration/management software that shipped with each unit, judging how easy it was to maneuver through the interface and configure parameters such as users, modem and routing. Management tools able to discover the server upon network connection received extra points, as did good online documentation or command reference. Third-party management support and Simple Network Management Protocol manage-ability were also scoring factors. We awarded a word score and turned that into a percentage of the 150 points awarded this category.

System Features/Expandabilty: We scored each server by determining the maximum number of asynchronous and Integrated Services Digital Network Basic Rate Interface ports the server could support. Vendors that incorporated internal modems earned additional points, as did vendors that supported communications technologies beyond our asynchronous/ISDN BRI requirements, such as channelized T-1/ISDN Primary Rate Interface.

We rated each server on the breadth of protocols supported, both network and serial. Extra points were awarded for servers that support the PPTP or L2F protocols. In LAN-to-LAN connections, each server was rewarded full points for supporting routing and bridging technology and half the available points for supporting only one. At a minimum, each server had to support pooling TCP/IP addresses within the server and obtaining remote client addresses externally.

We looked to our servers to provide dial-out support for local LAN users and, subsequently, dial-out software for our clients. We rated servers' central office switch compatibility and case design, and we awarded extra points for informative front-panel status LEDs as well as the necessities to mount the unit into a standard 19-inch rack.

We awarded an overall word score and turned that into a percentage of the 150 points awarded this category.

Performance: To test each of our servers, we configured four Pentium-based Windows 95 workstations with dial-up networking support for TCP/IP and IPX. We installed Hayes Microcomputer Products Inc. Optima 28.8/V.34 modems on each of our workstations and configured our ports for a maximum DTE rate of 115,200. For servers that didn't include internal modems, we installed modems. We averaged the results of multiple transfers of a plain text file, zipped text file and graphics file to our NetWare 3.12 server and to our FTP server running on our Sun Microsystems Inc. SPARCstation 5. We scored this category mathematically, so the fastest server received the full 150 points, while all others received a percentage of the maximum points.

Server Security: In this category, we looked at authentication services supported by each server, including RADIUS, TACACS/TACACS+, Security Dynamics' ACE/Server, NetWare and Windows NT. We also looked for support of other features, such as dial-back, logging, filtering and password aging. We awarded a word score and translated that into a percentage of the 150 points awarded this category.

Client Software Support: While Windows 95 makes connections easier by providing the dial-up networking client, we wanted to address the vendors' support for DOS and Windows 3.1x as well. We looked at issues such as serial line protocol support, ease of installing and configuring the client, modem scripts and online documentation provided with the client. Vendors providing support for Windows NT or OS/2 scored extra points. Vendors offering software on CD-ROM and/or disk images on CD-ROM also scored extra points. We also looked for dial-out client software support, and we checked the pricing and licensing terms. We awarded a word score and translated that into a percentage of the 100 points awarded this category.

Documentation: We looked at the depth and quality of the documentation provided with each unit. We rated the documentation's usability by judging how well laid out it was through the table of contents, index and glossary. We also looked for quick-start guides or tips as well as trouble-shooting sections. Vendors that provided documentation on CD-ROM were awarded extra points. We assigned word scores and translated them into a percentage of the 50 points awarded this category.

Support Policies: In this category, we rated the length of the warranty and the coverage - such as parts, labor and shipping - and the technical support options provided. Vendors scored points for other support mechanisms, such as the Internet, an in-house bulletin board system, fax-back service or online services such as America Online or CompuServe. We assigned word scores that were translated to the 75 points awarded to this category.

Technical Support: We scored support on the quality of service and the technicians' knowledge. When possible, we made anonymous phone calls. We assigned word scores that were translated to the 75 points awarded to this category.

Price: We rated the systems based on per-port pricing. We used a 1-to-1 ratio for asynchronous ports. Because a single BRI port can communicate across two channels simultaneously, we used a 1-to-2 ratio for BRI ports. Price was scored mathematically; the lowest price per port received the full 100 points, while all others received a percentage of the total points.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.