Enabling remote access to office email
Deb Shinder
Published: 11 Aug 2006 11:30 BST
Email is, by far, the most used and depended upon Internet application, and with many people working after hours at home or from distant locations when they travel, workers often need access to their company email when they're out of the office. There are numerous ways to accomplish this, but some are more secure, more cost-effective and/or more scalable than others, and the best choice for your company may depend on its size, as well as other factors.
Directly connect to the mail server
The most logical, and often the easiest way for users to retrieve their company mail is to set up their email clients to connect over the Internet to the email server used for sending and receiving company mail. All they have to do is configure the mail server IP addresses and account information in their email client software and they can send and receive mail just like at the office — well, maybe.
If the office mail server uses IMAP, the mail itself stays on the server and users can view it from wherever they are. For instance, if your Exchange server is properly configured, users can set up their Outlook clients to connect to it and read and send mail.
If the mail server used for company mail is a POP server, this can cause problems. With POP, mail is downloaded to the end user's computer instead of staying on the server. That means the user may end up with some of their mail on their office machine, some on their home machine, and some on their laptop.
As for sending mail, many SMTP servers are configured not to allow anyone to send through them unless the sender is connected to the local network. So, although this may seem to be the most straightforward method, it may not work.
Connect to the company LAN through a VPN
As your company grows, a better way for your employees to access the mail server is to use a VPN.
You should implement a VPN quarantine solution, so remote systems that VPN into the LAN are checked to ensure they're running an antivirus program, have personal firewall protection, have the latest security updates and service packs, and so on.
You should also prohibit "split tunnelling", which occurs when the user has direct access to the Internet at the same time they're connected to the VPN. This can make the VPN vulnerable to attack.
Access mail via the Web
Another way users can access their company email accounts remotely is via the Web. For instance, you can set up your Exchange server to support Outlook Web Access (OWA). Users point their Web browsers to the email server's OWA URL, and log on with their regular mail account credentials. The interface resembles Outlook, but the user doesn't have to configure an email client or even have one installed on the computer.
A big advantage of Web access is that users can get their mail from any computer, including public access computers at libraries or Internet cafés. For best security, make OWA available only through an HTTPS (SSL) connection and use certificate-based encryption. This is especially important if users will need to access OWA with browsers other than Internet Explorer, because they may not be able to take advantage of the security of Windows Integrated Authentication with some other browsers.
Alternatives
If your company is small, you might not have your own mail server. You may instead use an ISP's mail server, so some of the options discussed above may not be available to you. There are still ways your users can get their company mail at other locations.
One alternative is to use email redirection software such as ERC (E-mail Redirecting Client), which is a free tool that allows a user to redirect the mail from their office POP3 account to their home account (for instance, while they're on vacation).
A redirection program could also be set up to redirect the office mail messages to a Hotmail account, so the user could access them via the Web from any computer.
Then there are services such as E-mail Anywhere that allow you to access any existing ISP or corporate POP mail account through their Web site. You just log on with your email address and password, and you'll see your Inbox and can check your mail. As with other Web-based solutions, it can be used from any computer, anywhere in the world.
Another possibility in the small office situation is for the user to use remote-control software such as the Remote Desktop built into Windows XP/Vista, a third-party product such as PCAnywhere or a service such as GoToMyPC to access their entire office desktop from another computer at a remote location. The user can run any application on the office computer, including the email client. All processing takes place on the office computer. This option has the advantage of allowing you access to all the files on your office computer, not just your email messages.
There is another program that you can use to share files and run remote applications on your office computer, but this one uses your email account to do it. It's called GetByMail and you don't need a dedicated IP address, nor do you have to make complex network configuration settings. It supports POP, IMAP and SMTP and works with Exchange and Gmail. You can secure connections with SSL.
Summary
There are many ways to give your users access to their company email when they're away from the office. Some work only with ISP POP accounts (more likely to be used by small businesses), some work only with corporate mail servers (more likely to be used by medium and large business) and some will scale to work with almost any type of email account.
Did you find this article useful?
154 out of 286 people found this useful
- Share this article:
Full Talkback thread
3 comments
