jSpan Corporation
Services and Technology
jSpan Corporation is an ASP that combines an Internet based Webtop work environment with a VPN link to one or more remote target systems. The combination of these two technologies eliminates the expense and expertise needed to custom configure a typical remote access solution. The Webtop work environment can be used to aggregate applications from a number of different sources including an office network, a home computer, or an Internet based service provider. The core technology required to implement the basic service is generally available in the market. Additional development is required to support the unique jSpan implementation and to expand the range of system interoperability.
3.1 Service Functionality
The functionality of the jSpan Service can be divided into three primary components. The first is the universally accessibly user interface – the Webtop – that provides an interface into applications both on the remote target system, and on the Internet. The Webtop controls access to the jSpan service and adapts the environment to meet the needs of different web browsers. The second component is a VPN connection between the jSpan application server and the remote target system. A VPN link can be readily established on a broadband link but a system that uses a dynamically allocated IP address or that resides on a dial-up link represents an additional challenge. The final component of the jSpan Service is client software on the remote target system that launches target applications. The software establishes communication over the VPN link and interacts with the application to insure that the appropriate content is returned to the Webtop.
Webtop
Internet websites are designed to deliver content but only accept limited user input. A Webtop differs because it supports the use of interactive applications that do not have pre-defined input limitations. Users can write or edit documents, transfer files, access databases, or interact with desktop-based applications. A Webtop should allow a user to customize the appearance, the applications, and the work methodology to effectively meet their work requirements. Once the Webtop is configured, it must maintain the configuration through multiple user sessions and across multiple browser platforms. This is further complicated by the proliferation of intelligent information appliances that access the Internet through customized Web browsers or that run a proprietary Internet access protocol.
Virtual Private Networking
VPN is the process of establishing network functionality – file and print services, personal and shared network applications, database access, etc. – using public network infrastructure. A number of commercial hardware and software solutions are available that support a VPN link over TCP/IP protocol. While VPNs are more secure than dial-up remote access networks, they still require customization on both the client and server system. jSpan establishes a VPN link from a locally hosted jSpan server to a customer remote target system. The jSpan application server implementation can support a number of different industry standard VPN solutions, based on the hardware and software configuration available at each hosting site. The common component is a TCP/IP link between the jSpan server and the target application.
Client Software
Secure access to desktop and network applications requires a software component that terminates the VPN link. The software must support data encryption over a broadband connection, terminate and reestablish the VPN connection, and limit access to authorized users. Because there are a number of potential target operating systems – Windows 95/98/NT, Solaris, Linux, NetWare, and others – multiple client components may be required.
3.2 Development of Core System
Software development is required to accomplish three critical tasks prior to the first customer deployment. The first task is the adaptation of a suitable remote access product to a distributed environment. Secondly, the user interface should reflect the jSpan “look-and-feel” and offer simplified functionality for non-technical users. Finally, an administrative management console is needed to simplify the management of a large number of customer accounts. Additional development will provide the value-added features that distinguish the jSpan product from competitors.
The two key differences in the jSpan deployment are the location of firewall protection and the establishment of a VPN link to the target system. A firewall typically limits access through remote access server but, once accessed, the server has unrestricted access to the rest of the network. While access control is desirable in the jSpan deployment, target systems will still require firewall protection from public Internet traffic. Without specific development, firewall protection will limit the functionality of the service.
Most VPN solutions anticipate a remote client that connects to an established VPN server. The jSpan server is designed to establish an outbound VPN link to a remote site. In general, this requires a reversal of the authentication process so that a connection can be established at the request of an Internet based remote user. Further development is necessary to customize the VPN link for the specific hardware available at the partnering network service provider.
The customer experience is determined by the “look-and-feel” associated with the jSpan Webtop. An effective interface should provide a work environment that is easy to configure and use, serves the functional needs of the customer, and enhances the image and brand of jSpan. jSpan will undertake a development process to identify and implement solutions that meet the needs of the target customer base.
To manage a large number of customer accounts, the jSpan server must include a management console that offers a high degree of automation. Enterprise based solutions are designed to be used by a single management team and offer similar access to all users. These solutions often do not support the billing requirements of an outsourced service. jSpan will develop a management console that provides for the deployment of jSpan servers at multiple physical locations across a number of organizations.
A comprehensive solution will support remote access from a variety of Internet browsers, including Personal Digital Assistants (PDA), cellular telephones and similar information appliances. Each of these appliances is limited in its ability to display and store information and to interact with Internet sites. To build a strategic competitive advantage, jSpan will launch a development program focused on developing new functionality and adding support for a variety of information appliances.
3.3 Available Core Applications
Commercial applications can be used as the core infrastructure for the jSpan remote access service. Two of the most complete solutions are the iPlanet Webtop from SUN Microsystems and the Tarantella Webtop from SCO Inc. Both of these applications were initially designed for a corporate enterprise environment but can be customized to meet the needs of the jSpan application server.
The iPlanet software is designed to provide access to a corporate network by allowing an Internet browser to penetrate a corporate firewall. The iPlanet server then validates the user and permits access to designated network resources. Resources include corporate intranet applications, email access, calendar access, access to PC and Windows NT applications, and file transfer. Some of the applications require the addition of a third party client component. Most notably, a driver from Symantec Corporation is needed to access a PC running Windows and a driver from Citrix is needed to access a Windows NT environment. Because the iPlanet solution is designed to reside within a corporate firewall, jSpan will develop modifications to extend the functionality to the Internet. At present, the iPlanet remote access solution is only available on the Solaris operating system running on a SPARC platform.
The Tarantella solution provided by SCO Inc. is specifically designed as a Webtop and does not incorporate the add-on applications offered in the SUN product. However, as most of those applications are generally available, the Tarantella solution is a viable alternative. This package also benefits from its compatibility with different hardware and software platforms including SCO Unixware, SUN SPARC Solaris, IBM Aix, and HP-UX. Windows applications are only supported under the Windows Terminal Server operating system although most X11 based UNIX applications are supported. Tarantella also requires a non-standard browser plug-in that may not be accepted at some publicly available Web browsers.The Tarantella solution will require additional development to effectively meet the needs of the jSpan application server.
VPN hardware and software drivers are available for the most common remote target systems. A PC running Microsoft Windows NT RRAS or Windows 98 Dial-Up Networking already has a VPN driver installed. Over the next year, other OS vendors will integrate standard L2TP and IPsec tunneling protocols into their TCP/IP protocol stack. Additional operating systems can be supported at minimal cost through licensing agreements with VPN developers.
A sufficient number of target system drivers to effectively launch the jSpan service are currently available in the market. Symantec, Citrix, and GraphOn already manufacture drivers for various operating systems and applications. Custom development will extend target system compatibility beyond the most common operating systems and to target specialized applications like WebTV, home networking products, and interfaces based on SUN Microsystems’ JINI technology.