Need a book? Engineering books recommendations...

Return to index: [Subject] [Thread] [Date] [Author]

Re: O.T.: "VPN and Document 'Check Out'"

[Subject Prev][Subject Next][Thread Prev][Thread Next]
Bill -

I'm coming a bit late to the party (honeymooning for the last
two weeks!  Wow, a REAL vacation!), but I wanted to drop my $0.02 on
the remote connection and check-in/check-out things.

I use Remote Administrator, which currently allows connections to
the server using either a password or using Windows authentication
(i.e. Windows login privileges).  The next version (which you get
for *free* if you buy the current version) will have key-type
authentication, wherein a private key (on the user's machine) is
used to encryt a message to the server and the server decrypts the
message with the public key to verify identity.  This is about as
secure as authentication gets, since it is a one-way encryption
system and the private and public keys are never transmitted over
the 'net, just the encrypted message.

All traffic and connection information is 128-bit encrypted (I believe)
and they just released a new patch a few weeks ago.  You can also control
access to the Radmin authentication engine using IP address controls.
That is, specify which IP address or subnet has access to Radmin directly
from Radmin.  Add a decent stateful hardware firewall, some intrusion
detection software, and your connection is about as secure as you can get,
short of a direct hardline secured according to NSA rules.  Speaking of
No Such Agency, they have a set of guidelines for hardening Windows 2000
Pro (not sure if there's a set out for XP yet).  Sorry, I got distracted
when I mentioned the NSA.

Radmin allows the server administrator to set up several levels of
access, including Secure FTP-equivalent, Screen Observer mode (you can
remotely *watch* the screen while the local user manipulates things),
Secure Telnet mode (giving you a command prompt on the server), and Full Authority mode which allows the client user to control the server machine
as if he were sitting at the keyboard

I absolutely love this program, and so far have not had problems with it.
If you do purchase it, you get one license that authorizes both machines
(e.g. your office server and your employee's machine) to be both server
and client.  That is, the relationship is completely bi-directional.
Licenses for personal and academic use were reasonable, and I suspect
business licenses are similarly reasonable.

Regarding CVS, there is a WinCVS (a UI for CVS) which I have used
in the past and which I found to be quite usable and easily operated.
I recall it having a command prompt interface as well as a GUI
FTP-like interface.  I like the command prompt, but I started
computing as a UNIX geek.  You need a CVS back-end like CVSNT,
but it works like a champ. CVSNT and WinCVS are both free
software as I recall, although I think you can purchase support
for CVSNT.  It wasn't cheap, however.   Think ~$10k annual.
More info on CVSNT available at:

	http://www.cvsnt.com/cvspro/

Combining this with Remote Administrator, you could:

 - Radmin Secure Telnet into the server to execute a WinCVS
	command prompt checkout of the desired file.

 - Radmin SFTP the file across to your client machine.

 - Close the Radmin sessions as neither is necessary during file
	modification.

- Radmin SFTP back the file to the server.

- Radmin Secure Telnet to the server and check in the file.


Charley

P.S. - Wish I was making money off of Radmin.  It's a
great product, although the vendor is sometimes slow to respond
with feature upgrades.  Version 3 (currently in public beta, I believe)
has been coming for just under two years.  Or is that just over?

--
Charles Hamilton, PhD EIT               Faculty Fellow
Department of Civil and                 Phone: 949.824.3752
    Environmental Engineering           FAX:   949.824.2117
University of California, Irvine        Email: chamilto(--nospam--at)uci.edu




******* ****** ******* ******** ******* ******* ******* ***
*   Read list FAQ at: http://www.seaint.org/list_FAQ.asp
* * This email was sent to you via Structural Engineers * Association of Southern California (SEAOSC) server. To * subscribe (no fee) or UnSubscribe, please go to:
*
*   http://www.seaint.org/sealist1.asp
*
* Questions to seaint-ad(--nospam--at)seaint.org. Remember, any email you * send to the list is public domain and may be re-posted * without your permission. Make sure you visit our web * site at: http://www.seaint.org ******* ****** ****** ****** ******* ****** ****** ********