It took a little creative configuring, but in July Tyco's IT team got the beta version of the latest iteration of the Neoteris software, version 2.0, to work with the older SAP client application. As part of the solution, the team installed a dedicated DNS server to help route the Neoteris remote-access traffic.

The DNS server handles IP addressing for SAP, Microsoft Exchange and other applications that Tyco Thermal users need to access using Neoteris. A labor-intensive alternative to the DNS server would have been to configure and maintain host files and IP addresses for each PC and laptop accessing the appliance, says Jeff Stroud, network manager for the Redwood City, Calif.-based global maker of heating products like constant-temperature cables.

The DNS server now sits in front of the firewall and tells the user's machine how to reach the servers they need to access.

The Neoteris EmployeeAccess 200 appliance replaced Tyco's old CompuServe service and Check Point Software Technologies VPN client packages. It's geared for traveling users who don't have a laptop or VPN access at their disposal or who work at a Tyco site that doesn't have VPN access to the Tyco Thermal home network.

The remote-access appliance technology is browser-based, so it's less expensive to operate than a dedicated Internet service and doesn't create the management headaches of a client-based VPN architecture, which generally requires regular upgrades and support.

Tyco was able to recoup its $12,000 up-front investment in the appliance in six months, Stroud says, by getting remote employees--such as those in its new offices in the United States and those who work at parent Tyco Electronics' site in Japan--onto the network. Tyco eliminates the per-hour connection charges of the CompuServe service, plus surcharges for users outside North America. Tyco Electronics is part of the embattled Tyco International conglomerate.

"Having Neoteris available for new acquisition and remote sites has been helpful," Stroud says. "Those may need immediate access before their DSL or Internet connections are up."

Browser-based remote access isn't quite the same as being on the home LAN, however. "You don't use it all day like you're on the LAN," Stroud says. "And you can't expect to have access to everything you can access with the LAN."

The 2.0 beta of the Neoteris software supports just one application per port, so only one of Tyco Thermal's Exchange servers, for instance, could be set up for use with Microsoft Outlook via Neoteris. If a Neoteris user's "home" Exchange server is not the designated one, he or she has to access mail using the more cumbersome Outlook Web Access interface. That limitation was expected to be addressed in the production version of the 2.0 product, which was about to ship last month.

Tyco Thermal's main branch offices, meanwhile, are connected to the corporate backbone using Nokia's IP330 and IP440 site-to-site VPN firewall appliances, which run Check Point's FireWall-1 and VPN-1 software. The company's Microsoft VPN Server supports remote users who are not using Neoteris. It replaced Tyco's Check Point VPN package, which suffered from compatibility problems with some of the older versions of Microsoft Windows at Tyco Thermal. There were also security differences between Check Point and Microsoft Active Directory that led to an authentication problem, Stroud says.

Users on Windows 2000 and XP machines get Microsoft VPN Server clients for VPN access, and can also use the Neoteris technology if they are at a client office or other site that lacks VPN access. The company's Windows 95 and 98 users have only Neoteris remote access because their OSs aren't secure enough for the VPN, Stroud says.

Tyco Thermal plans to extend the Neoteris platform to support its other client/ server ERP package, International Business Systems' ASW software. The remote-access technology also becomes an extranet of sorts for Tyco Thermal: It may serve as a way to set up secure connections between Tyco Thermal and its business partners who need access to the Tyco network, Stroud says.

On the Job Stroud's biggest challenge implementing the Neoteris Remote-Access Technology: Convincing users to go with the Microsoft Outlook Web interface (very slow) over a dial-up connection. Best thing about it: No client software or VPN connectors to maintain and distribute. Next time I build a remote-access infrastructure, I will: Look for a solution that is inexpensive, secure and not restricted by "legacy" infrastructure as our initial VPN solutions were. I'll stay away from support-intensive platforms that keep you tied to a particular vendor. Next Career: More of an IT management role and less network hands-on. Job Perks: Traveling around the globe to other Tyco Thermal sites