Make telecommuting work by starting with a functional home office

IT support for remote users is increasingly painful. According to a 2001 Cahners In-Stat Group survey, 60 percent of the IT decision makers surveyed said supporting home-based workers is increasingly difficult, 37 percent said telecommuters' IT needs significantly affect IT spending, and 71 percent said they expect the number of telecommuters to grow. Respondents in enterprises allocate 7 percent of their IT budget to technology for telecommuters, or roughly $16 billion. And 62 percent want to remotely manage the technology they buy for telecommuters.

Are you ready for this shift? Let's look at five steps to effectively manage remote workers' telecommuting needs, starting with broadband and enabling home networking.

Step 1: Provide Broadband

To ensure productive remote users, you need to provide a broadband connection for their home offices. Broadband for telecommuters might seem unnecessary, even though IT managers wouldn't consider forgoing high-speed Internet access for workers within the enterprise. Broadband is faster, doesn't tie up a phone line, opens up new application possibilities (e.g., videoconferencing), provides security options (e.g., firewalls) through routers, and lets remote workers use home networking.

Just add up the costs of providing separate fax, modem, and business phone lines. Now consider the reduced productivity that a dial-up connection necessitates. You'll find broadband's Return on Investment (ROI) is better than the dial-up ROI.

However, providing broadband to geographically dispersed telecommuters isn't easy. Unfortunately, no single broadband carrier covers all the US. So most IT managers let end users negotiate their own cable, DSL, satellite, or fixed wireless connections. As a result, the company must pay for multiple service providers and receives no benefit of high-volume pricing and service agreements, no standards, and no uniform security. And IT must deal with a variety of features and service levels. In a follow-up article, I'll discuss IT service providers that work with multiple carriers to cover the entire US market.

If you want to deal directly with multiple carriers, here's a way to get started. One source for finding a DSL provider is at DSL Reports not only helps you find a carrier but also provides a feedback forum on which customers share their recent experiences with the carriers. Based on my analysis of customer experiences, I recommend cable, DSL, and satellite—in that order. I recommend cable first because carriers can install it more quickly than DSL or satellite. In addition, cable is more stable than DSL or satellite and has faster access speeds and standardized equipment.

I recommend DSL second because it's faster than satellite connections. However, DSL installations vary wildly. For example, vendors took months to install and correctly configure my Qwest/MSN DSL setup. Unlike cable modems, which adhere to a standard called DOCSIS and which you can purchase off the shelf, the DSL broadband carrier configures DSL modems, adding to complexity and cost.

You typically pick satellite because it's the only choice available in certain regions. The only two carriers are DIRECTV (which offers DIRECWAY Internet access) and Dish Network (which offers StarBand Internet access).

In the future, fixed wireless will become an option in some areas. The new fixed wireless mesh technology has access speeds that start at about 700Kbps and have no upper limit. If legal entanglements continue to hinder the growth of broadband through cable and copper, then fixed wireless will be an increasingly popular option.

Step 2: Determine the Internet Sharing Scheme

Once remote users have broadband, make sure the carrier supports home networking. You might say, "IT is paying for the high-speed connection and the laptop, so why should the enterprise risk its network security and set up a home network for the remote user's benefit?"

First, a home network lets telecommuters share the broadband connection with various devices in their houses. Second, telecommuters can use their own PCs as a backup in case the company-supplied computer breaks. Third, the ability to move throughout the house with a wireless network is convenient and can result in increased time spent on work activities.

IT can provide a secure home network that benefits a remote user both personally and professionally and serves the enterprise's interests. For example, one big technology company provides antivirus software for all the computers in telecommuters' homes to protect the corporate network from infection from a virus on a home network.

Some broadband carriers do not allow customers to share bandwidth, and some charge for additional IP addresses. Also, some carriers provide equipment that makes networking difficult. They insist on providing an internal modem, which forces you to use a PC as your router device. Ask whether a prospective carrier will provide an external modem that has an Ethernet output jack. Also, some modems have only a USB port as the output jack, which forces you to use a PC as the router. An Ethernet port output jack lets you use any router device.

For cable broadband, ask whether the modem is free or you must lease it. Typically, the modems are free if you sign up for a 1-year service contract, similar to a mobile phone deal. If you have to pay an ongoing lease for a cable modem, ask whether you can buy an off-the-shelf modem: Your cable operator might lower your monthly bill if you purchase the modem. Cable modems are available from local retailers or online outlets.

You can choose from two basic ways to share an Internet connection. First, the PC can serve as a router if you install two NICs in it. The Internet connection comes from the wall to the modem, then connects from the modem to NIC 1 by means of a standard Ethernet cable. You can connect NIC 2 to a hub or wireless gateway to connect the rest of the PCs in the home. With this networking scheme, you need to consider that IT typically provides a laptop, not a desktop PC, for remote users. IT would have no control over the remote user's PC and therefore couldn't configure it. Also, users must leave the PC on all the time, which is acceptable in a business, but the fan noise is annoying at home.

The home networking solution to satisfy IT requirements as well as the remote user is a wireless switched router, which connects directly to the broadband modem and provides three to four switched Ethernet ports for directly connecting PCs and networked printers. In addition, Wi-Fi (the 802.11b wireless standard) wireless routers provide wireless connectivity for up to 32 devices. You could give your remote users a preconfigured wireless router and one Wi-Fi PC Card for less than $300. Wireless routers can be left on 24 x 7, have low power consumption, are very small, and make no perceptible noise.

Step 3: Determine Must-Have Router Features

Many wireless router features are important for an IT-managed home office. You can choose among several features to implement on the PC, the router, or both. Here's a list of the must-have features for wireless routers:

Wireless protocol. 802.11b (WiFi) is the most common wireless protocol and is available from every router manufacturer. It supports connectivity at speeds up to 11Mbps in the 2.4GHz range.

Security. Wired Equivalent Policy (WEP) sets up authentication keys between a Wi-Fi card and router, reducing the risk of someone cracking the wireless network. The two levels of WEP encryption are 64-bit and 128-bit. Eventually, all Wi-Fi cards will be 128-bit.

A home network uses a Network Address Translation (NAT) table to let you specify an IP address to your ISP so that the ISP thinks only one PC is connected to the Internet. A firewall then creates a subnet, letting each device have its own IP address that the Internet never sees.

Each Wi-Fi card has a unique Media Access Control (MAC) address. MAC filtering lets you enable only certain Wi-Fi MAC addresses for your router. That way, somebody near your home network couldn't access your network because that person's MAC address would not be enabled on your router. Firewalls are a necessity—either a router-based firewall or a PC-based firewall. On the PC, you need to purchase a firewall product or you can use the firewall that comes with Windows XP. In addition to purchasing a firewall for each PC, you need to configure the firewall for each PC. In contrast, if you configure a firewall that's built into the router, then that firewall protects all PCs and devices behind the router.

As the IT person responsible for your network's security, you need to be aware that when most home network users install a wireless router, they simply leave all the defaults in place. They get the home network running and never touch the configuration again. The problem is that most vendors leave all the security features turned off by default. Although the result is faster installation and fewer support calls, the default configuration leaves the remote user's home network open for intrusion, thereby exposing corporate data.

Configuration. Universal Plug and Play (UPnP) is a standard that lets compatible applications automatically configure a router. For example, an instant messaging (IM) client could support voice or video by having UPnP open up port 40 on the router, then close port 40 when finished. Manufacturers' support of UPnP varies. For example, Linksys plans to support UPnP in all its routers, citing the ease of use in configuration. NETGEAR plans to support UPnP only on its home routers, not its business routers, assuming that if an authorized program can configure a router port automatically, so can a virus or Trojan horse program. Other vendors, such as D-Link Systems and Intel, don't currently support UPnP but plan to support it by the end of 2002.

Manufacturers are investigating other services that they can integrate into the router, such as virus control, dynamic content filtering, and video capture. These advanced features require increased processing and storage power, which is challenging for vendors trying to make their products' home-friendly.

Step 4: Determine Nice-to-Have Features

After you've nailed down must-have features for telecommuters, you can look into features that would be convenient but aren't necessary for business—right now. The following features are nice to have and will support future applications such as advanced security.

801.11a. 801.11a is a 54Mbps wireless protocol. It's more expensive than its predecessor, 802.11b, and isn't compatible with 802.11b, but 802.11a lets you stream DVD-quality sound and video throughout your house.

Smart card support. Smart card support is a security feature, and XP supports smart card authentication.

VPN. A VPN built into the router provides telecommuter security. Many IT shops provide a VPN client for remote workers or use the one built into XP or Windows 2000. Having the VPN client built into the router means you don't have to configure any software on the client, and all devices behind the router use the VPN configuration in the router. So you can move from one device to the next in your home network without worrying about whether the VPN is set up on that client. The typical number of simultaneous VPN sessions varies from a minimum of 5 tunnels to a maximum of 70 tunnels.

Advanced security. The following advanced security features will be increasingly necessary:

  • Stateful packet inspection (or dynamic packet filtering) is a firewall architecture that works at the network layer, examining not just the packet header information (for source and destination information) but also packet contents up through the application layer (to filter out rogue packets typical of Denial of Service—DoS—and other flood-type attacks). A stateful inspection firewall also monitors connection state and compiles the information in a state table to serve as context for further filtering decisions.
  • Extensible Authentication Protocol-Transport Layer Service (EAP-TLS) is a transport mechanism to pass keys back and forth from client to access point. Every 15 minutes (or whatever value you set), EAP-TLS reauthenticates keys between the access point and the client device.
  • 802.1x provides port-level authentication for any wired or wireless Ethernet client system. 802.1x has a built-in key management protocol that provides keys automatically. Keys can also be changed rapidly at set intervals by EAP-TLS.

Step 5: Pick a Router and NIC

Now that you've chosen features, you can choose a router and corresponding NICs. The following vendor Web sites have useful information about choosing routers: Agere Systems' Orinoco site (, Belkin's networking product finder (, Cisco Systems' Mobile Office: At Home site (, Linksys' Educate Me site (, and NETGEAR's product selector (