.Mac and Live Mesh show promise

Apple's secure product has merit, says Tom Yager

Apple's .Mac comes close to offering professionals secure shared data and remote desktop access without the hassle of VPN. Microsoft Live Mesh hopes to take it all the way. Old-schoolers will tell you that there are only two places your important data should live: on your meticulously secured network behind a paranoid firewall, or with data protection and storage firm Iron Mountain. Having data living exclusively within your domain presents thorny operational problems when two or more people need to get at it. If you want to selectively share files with temporary staff, business partners, external software testers, or employees who are on the road, you've got to find a way to publish it with a combination of easy access and tight security. If you've shared business data that can't easily be placed in a shared Exchange folder by putting it in a password-protected zip file and stuffing it in your Yahoo! Briefcase or its like, you'd hardly be the first. Nor would you be the first to stay on the phone with that remote user until they verified receipt of the file so that you could delete it immediately. You're wise to assume that data hosted on free, public, consumer online services will prove inaccessible, will transfer to its broadband-endowed recipients at modem speed, or fall into the wrong hands. While it makes IT departments break out in hives, professional users also need remote access to their desktops. Whether it's to run applications that are locked to that machine by licence, or to make a quick Saturday check on a time-consuming task, or to pull out files that are wisely (or unintentionally) not publicly shared, there are some things that can only be accomplished at the desks at which professionals spend so little of their time. It is a truly dicey matter when an employee works at home. When they're travelling, or, ironically, in the office for meetings or such, they routinely turn their desktops into servers that stand naked on residential DSL and cable modem networks. If you think you can impose security requirements on these users, you're dreaming. Users will always take the path of most convenience, and where users' remote access is concerned, IT can't possibly craft a more convenient solution than the forwarding of file sharing and VNC ports through their home or branch office routers. VPN is the prevailing standard for safety, but that's effective only for services that live behind your firewall. It's wholly impractical, and sometimes difficult and unwise, for off-site users, contractors and branch offices to VPN into your corporate LAN to share data. And if you have charted a course by which workers at hotels can use your corporate VPN to connect to desktops in their home offices, you've got too much time on your hands. Apple's .Mac service has the makings of an interesting solution to the desktops-as-servers conundrum. It sets up a virtual volume, called an iDisk, that appears as a desktop icon on Windows and Mac clients. The iDisk client that's launched when you click on the desktop icon is a convenience. iDisk uses WebDAV, a secure and mature, if sluggish, standard for access to remote file hierarchies. It's a capital notion, because any changes to files are immediately visible to all users subscribed to a given iDisk, and the iDisk client lets users use Windows' Explorer or OS X's Finder to move files around, as though the iDisk were a local disk. iDisk also automatically synchronises remote files to a local folder, so that when you open your iDisk while you're offline, you can still access your files. When you're back on the Net, changes you've made are shipped to your remote iDisk and visible to other authorised users. iDisk is clever and simple, but it shows both its age and its consumer-targeted nature. As I said, it's slow, owing to SSL encryption and HTTP's unsuitability to chatty protocols. Although changes to an iDisk are visible to all online users, there is no notification scheme to alert users that a shared volume's contents have changed and nothing like file versioning to prevent changes submitted by multiple users from overwriting each other. The 10GB storage pool that comes with .Mac, which is expandable for a fee, is roomy enough, but Apple subjects all users to limits that have been imposed to guard against the whims of adolescents. There is a monthly transfer limit of 100GB, but if you use 50GB of that in the first two weeks of a month, Apple shuts down your account. My suggestion to Apple is that transfers among .Mac users should be unlimited. It would help distinguish .Mac's service from Gmail and flaky free personal file hosting services, and it would make it worthwhile for companies to buy .Mac accounts for their users. Although iDisk needs some renovation, Apple has added a thoroughly modern touch to .Mac's suite of services. Back to My Mac uses .Mac as a remote desktop access gateway for Mac clients, eliminating that other justification for turning home office desktops into vulnerable servers. It uses .Mac to transparently tunnel through firewalls, even those odious hotel and conference center gateways, and to pierce the veil of dynamically assigned IPs, to put your desktop's display, keyboard, and mouse at your command. There are lots of specialised services that do the same thing, but Back to My Mac is blissfully simple, not least because it is a standard feature of OS X Leopard. For any Mac user, Back to My Mac is just there, and to me at least, it is pretty plainly aimed at professional users. Without changes to iDisk, .Mac falls short of requirements for commercial use, and Back to My Mac is of no use if you really need Back to My Vista, or that decrepit XP thing. Microsoft is floating a closed trial of Live Mesh, which, on paper at least, looks like .Mac for the 21st century. When it goes live — timing and cost are not mentioned — Live Mesh could render specialised file transfer, folder sync and remote desktop access services obsolete. I like seeing specialised anything go obsolete. I say that Live Mesh couldobsolete these things. A lot depends on how Microsoft packages it.

Join the newsletter!

Error: Please check your email address.

Tags technology

Show Comments
[]