Apple's .Mac comes close to offering professionals secure shared data and remote desktop access without the hassle of VPN. Microsoft Live Mesh hopes to take it all the way.
Old-schoolers will tell you that there are only two places your important data should live: on your meticulously secured network behind a paranoid firewall, or at Iron Mountain. One must heed the old-schoolers, for they shall keep the bitemarks off your backside, but their advice must be tempered with modern reality. Having data live exclusively within your domain presents thorny operational problems when two or more people need to get at it. If you want to selectively share files with temporary staff, business partners, external software testers, or employees who are on the road, you've got to find a way to publish it with a combination of easy access and tight security.
If you've shared business data that can't easily be placed in a shared Exchange folder, by putting it in a password protected zip file and stuffing it in your Yahoo! Briefcase or its like, you'd hardly be the first. Nor would you be the first to stay on the phone with that remote user until they verified receipt of the file so that you could delete it immediately. You're wise to assume that data hosted on free, public, consumer online services will prove inaccessible, will transfer to its broadband-endowed recipients at modem speed, or fall into the wrong hands.
While it makes IT break out in hives, professional users also need remote access to their desktops. Whether it's to run applications that are locked to that machine by license, or to make a quick Saturday check on a time-consuming task, or to pull out files that are wisely (or unintentionally) not publicly shared, there are some things that can only be accomplished at the desks at which professionals spend so little of their time. It is a truly dicey matter when an employee works at home. When they're travelling, or, ironically, in the office for meetings or such, they routinely turn their desktops into servers that stand naked on residential DSL and cable modem networks, neighbourhoods that make Detroit look like Utopia by comparison.
If you think you can impose security requirements on these users, you're dreaming. Users will always take the path of most convenience, and where users' remote access is concerned, IT can't possibly craft a more convenient solution than the forwarding of file sharing and VNC ports through their home or branch office routers.
VPN is the prevailing standard for safety, but that's effective only for services that live behind your firewall. It's wholly impractical, and sometimes difficult and unwise, for off-site users, contractors, and branch offices to VPN into your corporate LAN to share data. And if you have charted a course by which workers at hotels can use your corporate VPN to connect to desktops in their home offices, you've got too much time on your hands.
Apple's $139/year .Mac service has the makings of an interesting solution to the desktops-as-servers conundrum. It sets up a virtual volume, called an iDisk, that appears as a desktop icon on Windows and Mac clients. The iDisk client that's launched when you click on the desktop icon is a convenience. iDisk uses WebDAV, a secure and mature, if sluggish, standard for access to remote file hierarchies. It's a capital notion, because any changes to files are immediately visible to all users subscribed to a given iDisk, and the iDisk client lets users use Windows' Explorer or OS X's Finder to move files around, as though the iDisk were a local disk. iDisk also automatically synchronises remote files to a local folder, so that when you open your iDisk while you're offline, you can still access your files. When you're back on the Net, changes you've made are shipped to your remote iDisk and visible to other authorised users.
iDisk is clever and simple, but it shows both its age and its consumer-targeted nature. As I said, it's slow, owing to SSL encryption and HTTP's unsuitability to chatty protocols. Although changes to an iDisk are visible to all online users, there is no notification scheme to alert users that a shared volume's contents have changed and nothing like file versioning to prevent changes submitted by multiple users from overwriting each other. .Mac's 10GB storage pool, which is expandable for a fee, is roomy enough, but Apple subjects all users to limits that have been imposed to guard against the whims of adolescents. There is a monthly transfer limit of 100GB, but if you use 50GB of that in the first two weeks of a month, Apple shuts down your account. My suggestion to Apple is that transfers among .Mac users should be unlimited. It would help distinguish .Mac's service from Gmail and flaky free personal file hosting services, and it would make it worthwhile for companies to buy .Mac accounts for their users.
Although iDisk needs some renovation, Apple has added a thoroughly modern touch to .Mac's suite of services. Back to My Mac uses .Mac as a remote desktop access gateway for Mac clients, eliminating that other justification for turning home office desktops into vulnerable servers. It uses .Mac to transparently tunnel through firewalls, even those odious hotel and conference centre gateways, and to pierce the veil of dynamically assigned IPs, to put your desktop's display, keyboard, and mouse at your command. There are lots of specialised services that do the same thing, but Back to My Mac is blissfully simple, not least because it is a standard feature of OS X Leopard. For any Mac user, Back to My Mac is just there, and to me at least, it is pretty plainly aimed at professional users.
Without changes to iDisk, .Mac falls short of requirements for commercial use, and Back to My Mac is of no use if you really need Back to My Vista, or that decrepit XP thing. Microsoft is floating a closed trial of Live Mesh, which, on paper at least, looks like .Mac for the 21st century. When it goes live — timing and cost are not mentioned — Live Mesh could render specialised file transfer, folder sync and remote desktop access services obsolete. I like seeing specialised anything go obsolete. I say that Live Mesh could obsolete these things. A lot depends on how Microsoft packages it.
What is Live Mesh? It's not that easy to find out; I've given you the link to the most concise description that Microsoft provides. The details are limited, although the screen shots are gorgeous. My hat's off to Microsoft for finally bringing some commercial artists in house. Even in its concise synopsis of Live Mesh, Microsoft can't help spending more time bragging about the underpinnings of it than talking up what users will get out of it. Perhaps that's because what Live Mesh does is very simple: It keeps folders and RSS feeds synchronised across all of the PCs in your custom-defined "mesh" so that no matter which of your PCs you're facing, folders and feeds published via Live Mesh are all kept in sync and made available both online and off. .Mac approaches this and arguably does it one better by blending in the synchronisation of contacts, calendars, mail rules, and browser bookmarks across multiple Macs. But Live Mesh's publish/subscribe mechanism takes polling out of the equation for published folders. It will let you know when the contents of a folder change or when a new post is received in an RSS feed.
Live Mesh also lets you tap the console of any Windows machine in your Mesh in Back to My Mac fashion. That's no surprise. Nobody's got easy and fast remote desktop access down like Microsoft.
Microsoft is careful to couch Live Mesh as a consumer service, but really, with Mac and mobile device support on the road map, Microsoft clearly doesn't see Mom, Dad, Billy and Grampa as the members of the typical Mesh. Live Mesh allows you to invite select outsiders to share whatever parts of your Mesh you choose to make available. Let's dare to hope that what Microsoft calls the "social aspect" of Live Mesh will soon begin to take shape as a cure for commercial file sharing woes, and an end to the unsecured desktop server.