You’d be hard-pressed to find a managed services provider (MSP) who doesn’t work with remote access protocols on a regular basis. That said, not all remote access methods are equal, and choosing the right protocol is essential in providing the best service to your clients.
Our Ninja guide to remote access will help define and compare the different types of remote access protocols, making it easier for you to choose your access methods, and to explain and recommend the most suited remote protocols to your clients.
What are remote access protocols?
A remote access protocol manages the connection between a remote access server and a remote computer and is an essential part of desktop sharing and help desk activities. There are several different ways to remotely access a client’s endpoint, some of which are more secure or easy to use than others.
The remote access protocols you’ll likely see in use are the Serial Line Internet Protocol (SLIP), Point-to-Point Protocol (PPP), Point-to-Point Tunneling Protocol (PPTP), Remote Access Services (RAS), Independent Computing Architecture (ICA), and Remote Desktop Protocol (RDP).
Types of remote access protocols
The following are the primary remote access protocols that are in current use:
Serial Line Internet Protocol (SLIP)
SLIP was developed in the early 1980s for Unix as a way to transmit TCP/IP over serial connections (such as telephone modem connections). Today, SLIP is used in other network operating systems apart from Unix, but is used less frequently as more feature-rich protocols are adopted.
Serial Line Internet Protocol is a low overhead option that can transmit TCP/IP over serial connections, but it does no error checking or packet addressing. Because it can only be used on serial connections, SLIP is mainly used to connect a workstation to the Internet or to another network running TCP/IP.
SLIP operates at both the Physical and Data Link layers of the Open Systems Interconnect (OSI) model and does not support WINS or DHCP. This protocol does not allow for encryption — one reason why it is being phased out — and the only authentication protocol you can use is PAP.
Setting up SLIP is relatively easy and only requires a SLIP account on the host machine and a script or batch file on the endpoint that will be accessed.
Point-to-Point Tunneling Protocol (PPTP)
PPTP is used to create virtual connections using TCP/IP and PPP so that two networks can use the Internet as their WAN link, yet retain private network security.
With PPTP, the Internet is used to create a secure session between the client and the server. Also called a virtual private network (VPN), this type of connection is very inexpensive when compared with a direct connection.
PPTP is often used to connect several LANs while avoiding the costs of leased lines. There are possible disadvantages associated with this protocol, including:
- PPTP is not available on all types of servers.
- PPTP is more difficult to set up than PPP.
- Tunneling can reduce throughput.
- PPTP is not a fully accepted standard.
- Restricted to 128 bit encryption
It’s possible to implement PPTP in two ways. First, you can set up two servers; one to act as the gateway to the Internet and another to handle the tunneling. In this case, the workstations will run normally without any additional configuration. This method is preferred for connecting and accessing entire networks.
The second option is to configure a single, remote workstation to connect to an organization’s network over the Internet. This workstation is configured to connect to the Internet and the VPN client is configured with the address of the VPN remote access server.
Point-to-Point Protocol (PPP) and Point-to-Point Protocol Over Ethernet (PPPOE)
Point-to-Point Protocol is most commonly used for remote links to LANs and ISPs, and uses the Link Control Protocol (LCP) to communicate between PPP client and host. This protocol transmits TCP/IP over point-to-point connections, such as serial and parallel connections.
PPP has largely replaced the aforementioned SLIP protocol as it can support several network protocols, supports error checking, and can be used across more types of physical media. Because PPP can automatically configure TCP/IP and other remote access parameters it’s considered easier to set up, but this protocol is not compatible with some older configurations.
Part of this ease-of-use improvement is due to the Dynamic Host Configuration Protocol (DHCP) support that SLIP lacks. This layer of the TCP/IP protocol stack assigns TCP/IP addressing information, including host IP address, subnet mask, and DNS configuration.
Windows Remote Access Services (RAS)
Windows NT and Windows 2000 includes RAS technology to allow users to connect to both a server and that server’s host network. This protocol is used in smaller networks where a dedicated dial-up router is not a viable option. Using RAS, you can connect a modem to a Windows NT or Windows 2000 server and configure that modem as dial-out only, dial-up only, or a combination thereof.
It is important to note that basic RAS only allows users access to the LAN. (It will not allow LAN users to use the modem to dial other services, such as an AOL account.)
Independent Computing Architecture (ICA) Protocol
Citrix WinFrame (or MetaFrame) products are relatively new entries to this lineup. These products — which include Windows Terminal Server) — use the ICA protocol to allow multiple thin clients to take control of a virtual computer and use it as if it were their desktop.
The idea behind this approach is that an organization can invest into or upgrade a single computer (the Terminal Server or Citrix Server computer) and use their legacy equipment or less expensive workstations as simple access terminals. When resource needs increase, the company can simply replace or upgrade the server and in turn improve the speed and capability of all users.
While this is a novel approach, the cost of the server is often seen as the biggest downside. The organization must essentially buy a server that is the equivalent of multiple desktops — and shoulder the associated cost.
The Citrix or Terminal Server client uses the ICA protocol to communicate with the server which works on several different platforms (there are ICA clients for all major client OSes, including Windows, MacOS, Linux, and even the Internet).
An organization must have a Citrix WinFrame, MetaFrame, or Terminal Server installed and functioning to use ICA.
Remote Desktop Protocol (RDP)
Our final entry is RDP, which is very similar to the above ICA protocol used by Citrix products. RDP is utilized to access Windows Terminal Services, a technological cousin to Citrix WinFrame.
Remote Desktop Protocol offers the same core functions as ICA, with the caveat that RDP provides remote access for Windows clients only.
Remote access for MSPs
As you can see, you have plenty of choices when it comes to remote desktop access. It can be hard for an MSP to determine which ones you should choose (and for which use cases).
RDP is great for Windows machines on a LAN but isn’t always supported. Virtual Network Computing (VNC) using a protocol like ICA is a viable alternative but comes with its tradeoffs in costs.
Scaling is always a concern for MSPs, of course. One of the above protocols might be all you need for simple use cases and small LANs, but it’s a different story entirely when it comes time to manage multiple assets across multiple customer sites.
One of the biggest issues managed IT service providers have to contend with is security. While RDP traffic is encrypted and VNC is often routed through secure IPsec or SSH tunnels, exposing those services over the Internet is not recommended.
To use these protocols securely, tight policies must be implemented across the board. Strong passwords, certificates, SSH tunnels, firewalls, multi-factor authentication (MFA) — and all must be defined, implemented, and enforced across multiple endpoints at multiple customer sites.
Several commercial tools are available that aim to solve this problem and simplify remote access, the most prominent in the MSP space being the RMM tool. Among those commercial tools, NinjaOne has built a reputation in the MSP space as a reliable, effective, and secure Remote Monitoring and Management solution.
NinjaOne streamlines your MSP workflows and gives you multitenant, remote desktop access directly from the same system you use for ticketing, asset management, monitoring, and automation.
Partnering with NinjaOne
NinjaOne is here to help MSPs manage their business efficiently and securely. Thousands of users rely on our cutting-edge RMM platform to navigate the complexities of modern IT management.
Not a Ninja partner yet? We still want to help you streamline your managed services operation! Visit our blog for MSP resources and helpful guides, sign up for Bento to get important guidance in your inbox, and attend our Live Chats for one-on-one discussions with channel experts.
If you’re ready to become a NinjaOne partner, schedule a demo or start your 14-day trial to see why over 9000 customers have already chosen Ninja as their partner in secure remote management.