Given the prevalence of Microsoft in the enterprise we thought it would be beneficial to provide an overview of the current MS offerings for telework solutions. Microsoft provides a number of server-based and client-side products that are ideally suited for telework scenarios. This post outlines a few typical use cases, and the requirements for implementing each solution.

Document Management

Document management remains a challenge even in a consolidated office environment.  In a remote collaboration environment, organizing documents and controlling document versioning can be especially tricky.  To start, current versions of the most popular Microsoft Office packages (Word, Excel, PowerPoint) all support change tracking. Microsoft Outlook 2003 (and later) also supports Meeting Workspaces, which uses Microsoft Office SharePoint Services (MOSS) to create a meeting-specific portal that can be used to publish meeting agendas and minutes, store meeting-specific documents, and track meeting tasks.  MOSS may also be leveraged for more advanced document versioning control, as well as a host of other portal-based capabilities - such as calendaring, form-based workflow, database management, wikis, and more.  As a web-based solution, MOSS can be secured with standard SSL-based encryption, as well as third-party multifactor authentication.

Real-Time Collaboration

One of the hardest things to reproduce in a distributed environment is the casual ability to exchange quick ideas with colleagues, in real-time.  Most teleworkers may be accessible by telephone, and email is always an option for non-urgent communication, however there still exists a need to communicate in a casual, real-time fashion.  Windows Live Messenger (f.k.a. MSN Messenger) is an instant messaging client compatible with Windows XP/Vista/7 and Windows Mobile.  It connects to Microsoft's .NET Messenger Service, and requires a Windows Live ID to sign in and communicate.  A number of third-party clients (many of which are Mac- and UNIX-compatible) are also available. 

For companies requiring a higher level of control and privacy, Microsoft Office Communications Server 2007 (MOCS) integrates with Active Directory and provides robust instant messaging and presence capabilities, as well as file transfer and voice/video communication.  MOCS also supports web-based meetings, including shared whiteboarding and presentation capabilities.

Remote Access

Despite the variety of web-based solutions described above, there are still reasons why a company may wish to provide direct access to an internal private network.  Some legacy fat-client applications cannot easily be exposed to the Internet.  Other sensitive applications (think SCADA systems) simply should not be externally connected.  And certain systems administration tasks are simply impractical to perform remotely. 

Microsoft Forefront Unified Access Gateway 2010 (UAG) is the latest member of Microsoft's "Forefront" family of products, is a versatile remote access solution.  As a remote access solution, UAG supports VPN connections either via UAG's proprietary Network Connector, or through the Secure Socket Tunneling Protocol (SSTP), which uses HTTPS to establish a secure remote connection.  One of UAG's most interesting features, however, is its ability to perform "application trunking," whereby multiple applications are consolidated under a single IP address.  This reverse-proxying capability supports both web-based application, as well as non-web-based client/server solutions.  Applications may also be published via Remote Desktop Services (Terminal Services), via UAG's integrated Remote Desktop Services Gateway.

In addition to line of business workers, teleworkers may include systems administrators who require secure remote access to systems on the corporate network.  Windows Server 2008 ships with Network Policy Server (NPS), which provides Terminal Services Gateway - a secure firewall-friendly solution that leverages SSL for remote desktop access.  NPS can optionally include Network Access Protection (NAP), which allows the definition of policies to ensure the system health (e.g., anti-virus protection, host-based firewalls, etc.) of connecting systems.

Endpoint Management

Just as teleworkers need to access productivity and collaboration tools remotely, it is equally true that systems administrators need to be able to manage remote endpoints.  This includes the capability to enforce system configuration and asset management, as well as patch and upgrade systems as required by corporate policy.  Windows 7 and Windows Server 2008 R2 ship with a new feature called "DirectAccess," which connects remote endpoints to the corporate network via an IPv6 IPSec tunnel (encapsulated using IP-HTTPS).  DirectAccess is also compatible with NAP system policies, and will accept health certificates issued by an Internet-based Health Registration Authority (HRA). UAG also includes an upgraded version of DirectAccess, which extends this feature to downlevel (Windows XP/Vista and Windows Server 2003) systems, and also supports array-based load balancing for DirectAccess servers.

Thanks to Jason for this excellent post!