Windows Small Business Server 2011 includes an updated version
of Remote Web Access (RWA). This website gives the remote user access
to email, her desktop at work, the internal website, and any
RemoteApps–enabled remote applications that have been configured for
RWA.
1. Connecting to RWA
Connecting to Remote Web Access doesn’t require any special
settings except that you need to be running Internet Explorer 6 or
later for full functionality. The default location for RWA is https://remote.domainname.com, where domainname.com is replaced by
your public Internet domain name.
When you connect to RWA, you’re presented with a logon page
like that shown in Figure 1.
|
If your network contains sensitive information—and whose
doesn’t these days—you should consider providing an additional
layer of security beyond simple passwords. Windows Small Business
Server 2011 sets reasonable password policies, but even the best
of password policies is a balancing act between making the
password difficult to crack and making it easy for users to
remember and use so that they aren’t tempted to write it down on
the back of their keyboards. The four kinds of authentication
methods or factors are
Something you know (password) Something you have (token, or physical key) Something you are (biometric) Somewhere you are (location)
Of these, only the first three are realistic and usable in a
small business environment, though the fourth—location—is starting
to be used by banks as one factor to be sure that the person
trying to access your bank account is actually you.
Passwords alone are a single-factor authentication method—in
this case, something you know. Two-factor authentication requires
two of the main three factors, and provides a definite improvement
in the surety that the person authenticating to your network is
really who he claims to be.
For a second authentication factor, we like the simplicity,
moderate cost, and effectiveness of a one-time password
(OTP). Generated automatically by a token you carry
around with you, the combination of the token, a personal
identification number (PIN), and your SBS password provides an
additional level of security. Requiring at least users with
administrative privilege (and we think all
remote users) to use two-factor authentication is a good way to
improve the overall security of the sensitive data on your
network.
Third-party providers of OTP tokens include AuthAnvil (http://www.authanvil.com), CRYPTOCard (http://www.cryptocard.com), and RSA SecurID (http://www.rsa.com). Of these, only AuthAnvil is
focused on the small business market, with a suite of products
that are fully integrated into SBS, including RWWGuard, which
replaces the logon page shown in Figure 14-15 with a new page
that includes an additional field to directly enter your OTP. We
use RWWGuard and AuthAnvil on our SBS network.
|
After you’ve logged on to RWA, you’ll see the main RWA page shown in Figure 2. From here, you can connect
to a computer on your SBS network, access shared folders on the
network, log on to Outlook Web Access (by clicking Check Email), go
to your internal home page, change your password, or, if you’re
logged on as an administrator, connect to a server to perform system
maintenance.
You can customize this RWA landing page, even adding links to
applications on your network using RemoteApps.
