Apple Remote Access MultiPort Server User Manual
1 Introducing the Apple Remote Access
MultiPort Server
This chapter provides a basic introduction to the Apple Remote Access
MultiPort Server, including all hardware, software, and network requirements.
This chapter also describes the role of a remote access server on your network.
About the Remote Access MultiPort Server and Remote Access Manager
The Remote Access MultiPort Server is a product that turns a computer
running the Mac OS into a remote access server supporting up to 16 lines for
remote connection by users. Remote Access Manager is the application for
configuring ports and controlling user access to the server.
Remote Access allows users to use network services, such as f ile sharing, electronic
mail, and print servers, that are available on an AppleTalk local area network.
Users can print on a remote printer, send data to or retrie v e data from file
servers, or access remote computers and network-based host systems. In
practical terms, users can access their offices from home or on the road.
The remote access server administrator uses Remote Access Manager software
to set up and administer the server. These tasks include the following:
m setting server preferences
m registering users
m configuring ports for dial-in and callback access
m establishing server security
Note: There are a number of ways to establish server security. Refer to
Chapter 3 for more information about the types of security available for a
Remote Access MultiPort Server.
2 Chapter 1 / Introducing the Apple Remote Access MultiPort Server
Users can access their offices
from home or on the road.
The administrator uses Remote Access Manager software to set up
and administer the server.
About the Remote Access MultiPort Server and Remote Access Manager 3
Requirements for using the Remote Access MultiPort Server
The following sections list the minimum hardware, software, and network
requirements for using the server. You will need additional RAM to run
other applications or services. Also, the more powerful the computer, the
better the performance.
Hardware requirements
The following are the minimum hardware requirements for setting up and
running a Remote Access MultiPort Server:
m a PowerPC™-based computer with one or more PCI slots, running the
Mac OS
m 8 megabytes (MB) of RAM
m a hard disk
n a CD-ROM drive
m a Smart Serial 6 expansion card and a Smart Serial 6 cable, included with
your Remote Access MultiPort Server
m one or more high-speed asynchronous serial devices, such as a modem or an
ISDN adapter
m a telephone line for each device
Software requirements
Your Remote Access MultiPort Server CD-ROM disc contains all the software
you need to run the Remote Access MultiPort Server and Remote Access
Manager application, including the software for the Smart Serial 6 PCI card.
Additionally, you must be using system software version 7.5.2 or later on your
server computer. If your server is an Apple Network Server, a Power
Macintosh 7500, 8500, or 9500, or equivalent, you must use Macintosh system
software 7.5.3 or later.
IMPORTANT
installing the Remote Access Server. If you don’t have this software, contact
your Apple-authorized reseller or representative before proceeding.
4 Chapter 1 / Introducing the Apple Remote Access MultiPort Server
Install the correct system software on the server computer before
Network requirements
Connect your Remote Access MultiPort Server to an AppleTalk network using
the same type of networking software and cable as used with other devices on
your network. Any AppleTalk network is capable of supporting a Remote
Access MultiPort Server. The most common network choices are LocalTalk,
Ethernet, and token ring.
IMPORTANT
Server to an existing network. If not, consult the documentation that came with
the network materials you plan to use before continuing with this guide.
This guide assumes that you are adding the Remote Access MultiPort
Client software requirements
Users can access the Remote Access MultiPort Server using any version of the
Remote Access Client software, but upgrading to the current version is
recommended. Remote Access Client version 2.1 is included on the MultiPort
Server installation CD-ROM disc, and one copy of the client user manual is
included in the MultiPort Server package. For information on volume
licensing, contact your Apple-authorized reseller or representative. Once you
have the correct licensing, users can upgrade over the network from the CDROM disc, or the administrator can use Disk Copy to make an installation
floppy disk from the image file on the disc.
Using the Remote Access MultiPort Server
with other networking software
The MultiPort Server is compatible with many but not all additional
networking programs.
Apple Internet Router
The Apple Remote Access MultiPort Server and the Apple Internet Router
version 3.0.1 or later can run concurrently on the same computer. If you have
Apple Internet Router 3.0 installed, you need to upgrade to v. 3.0.1 before
installing the MultiPort Server.
Requirements for using the Remote Access MultiPort Server 5
SNMP AppleTalk Transport v.1.0 is not compatible with the MultiPort Server.
If you have SNMP AppleTalk Transport v.1.0 installed, remove it. If you
intend to use SNMP network management with either the Internet Router or
the MultiPort Server, install SNMP AppleTalk Transport v. 1.1 after installing
the Internet Router and before installing the MultiPort Server.
AppleShare
The Apple Remote Access MultiPort Server and AppleShare v. 4.0.1 or later
can run concurrently on the same Mac OS computer. They will share the same
Users & Groups Data File.
Macintosh file sharing
The Apple Remote Access MultiPort Server cannot run concurrently with
Macintosh file sharing. If you install the MultiPort Server on a Mac OS
computer on which file sharing is enabled, you will be asked to convert the
Users & Groups Data File. After conversion, only the MultiPort Server and
AppleShare 4.0.1 or later can access the Users & Groups Data File.
6 Chapter 1 / Introducing the Apple Remote Access MultiPort Server
2 Getting Started
This chapter provides step-by-step instructions for getting your Apple Remote
Access MultiPort Server ready to work, from preparing the server computer to
installing the Remote Access Manager software.
During the setup process you may need to consult the manuals that came with
your computer, expansion cards, and serial communications devices for general
information, installation instructions, and troubleshooting.
Preparing the server computer
Set up the server computer exactly as you would any other computer running
the Mac OS, giving extra consideration to the server’s physical security. If you
have any concerns about physical security, you should consider putting the
server computer in a separate room with controlled access. Physical security is
your first line of defense for server security. For information about other types
of security, refer to Chapter 3.
The following instructions assume that you have chosen to use a new computer
for the server.
Note: You can set up the server on a computer that you are currently using for
other network services. If you plan to use a computer that is already in use,
some of the steps will not apply to you.
To prepare the server computer:
1 Set up the server computer.
Follow the unpacking and setup instructions that came with the computer.
2 If necessary, install a network communications card.
You may need to do this if you plan to connect your computer to a token ring or
Ethernet network. Follow the directions in the user’s guide supplied with the card.
3 Connect the server computer to your AppleTalk network.
Follow the directions in the user’s guide for your cable system.
4 Make sure that the AppleTalk option is active.
The AppleTalk Active option should be selected. If it isn’t, open the Chooser and
click the AppleT alk Acti v e b utton in the lo wer -right corner of the Chooser windo w.
8 Chapter 2 / Getting Started
Installing expansion cards
The number of expansion cards that you can install in the server computer
depends upon the number of slots available in the computer. For example, if
you are using an Apple Workgroup Server 8150 as the server computer, you
can install a maximum of three 6-port serial cards, resulting in sixteen possible
ports, with two left over.
Make sure the
AppleTalk Active
button is selected.
IMPORTANT
Each Remote Access MultiPort Server package contains a Smart
Serial 6 six-port expansion card and six-ended connector cable. You must
purchase an Apple Remote Access MultiPort Server package for each
additional six ports you wish to use, up to the sixteen-port maximum.
You can use an Apple Remote Access MultiPort Server package to expand an
Apple Remote Access version 2.1 server, or to upgrade and expand an existing
Remote Access version 2.0 server. The expansion card must be compatible
with the system you are upgrading or expanding.
Instructions for installing the expansion card are provided in the card
installation guide that accompanies the product.
Installing expansion cards 9
Attaching the serial devices
Use the Smart Serial 6 cable included with your expansion card to attach all
serial devices. Attach a telephone line to each device, following the installation
instructions provided with the device.
Installing the software
The CD-ROM disc included in your Remote Access MultiPort Serv er package
contains all the software you need to run the Remote Access Manager
application and the server.
To install the software:
1 Insert the
the server computer.
2 Double-click the Installer icon.
The Installer screen appears.
Apple Remote Access MultiPort Server
CD-ROM disc into the CD-ROM drive of
10 Chapter 2 / Getting Started
3 Click OK.
The Easy Install screen appears.
4 Click Install.
Note: Be sure to use Easy Install. Clicking Customize allows you to install the
software elements individually. However, all the software elements are
required for successful installation, so use of the Customize option is not
recommended. After installation is complete, a dialog box appears informing
you that installation was successful.
5 Click Restart.
The computer ejects the installation disc, the computer restarts, and you’re
back in the Finder, ready to set up the server.
6 Check the clock.
The server computer’ s internal clock is the source for all time entries in the Remote
Access Manager’s records, such as the serv er activity log. Before you set up
remote access service, make sure that the computer’ s clock is accurate.
Installing the software 11
3 Setting Up the Server
This chapter provides information about and instructions for setting up basic
remote access service—including setting server preferences, configuring the
ports, and registering users.
This chapter also provides information about the different types of security
you can establish for the server using the Remote Access Manager application.
About server security
You can establish and control server security through a number of features in
the Remote Access Manager software:
m user registration
m password and callback options
m zone access
m Security Zone
m external security
Guests and registered users
Guest user is a generic account for guest users of remote access service. Anyone
on the network can be a guest; a guest is not assigned a password and generally
has limited network access. In the interest of security, you should limit the
amount of access that guests have on your network.
A registered user is anyone for whom you ha v e assigned a user name, passw ord,
and security options.
The user database, or User List, contains the names of all users and guests who
can access the server. Information about each user, such as user name and
password, appears in a User information window.
Password and callback security
You can increase the security of your network by requiring that each registered
user enter a password to access the server. You should provide registered users
with a unique password the first time they log in and require that they change
the password at that time. Select the Require New Password on Next Login
option in the User information window to ensure that all users must change
their passwords after the first time they log in. For more information about this
and other password options, refer to “Registering Users,” later in this chapter.
14 Chapter 3 / Setting Up the Server
Requiring a callback number for users further ensures security because users
can only connect to the server using a telephone number that they have
provided to you. When a user successfully logs in, he or she is immediately
disconnected from the server. The server then attempts to make a connection at
the callback number listed for that user. If the telephone number is valid, a
connection is made.
To maintain a high level of security for your network, you should require all
users to supply callback numbers. For users who require “roving access”—
that is, users who need to access the server remotely but aren’t always in the
same location—you should implement external security software. For more
information about this option, refer to “External Security,” later in this chapter.
IMPORTANT
to improve communications reliability. Because cellular phones vary in the
way they receive incoming calls, cellular phones equipped with MNP 10
modems generally cannot receive callbacks. Use a security method other than
callback for cellular clients.
Many cellular modems use the MNP 10 error-correction protocol
Zone access
Zones are logical subdivisions of a network in which services such as file
servers, printers, and other individual computers reside. Zones appear in the
Chooser window. You can use zones to organize services into logical groups.
Groupings can be by type of resource, along organizational boundaries, or in
any manner the network administrator decides. The Apple Remote Access
MultiPort Server administrator can assign each user access to specified zones
on the network.
Note: Although zone access cannot be considered “true” security when compared
with password and external security, it does provide a way for you to control
access to the network.
Including a large number of zones in users’ zone access privileges can slow
down server performance. If you want to exclude a user from a large number
of zones, choose “All Zones Except Listed,” or “Only Zones Listed” instead of
naming the zones specifically. See “Creating a New User,” later in this chapter,
for more information. For best performance, always try to minimize the
number of zones per zone list.
About server security 15
Security Zone
The Security Zone feature prevents indi viduals from setting up an Apple Remote
Access MultiPort Server or Apple Remote Access Personal Server without an
authorizing password. Security Zone software is provided in the Apple Remote
Access MultiPort Server Toolkit folder included on the installation CD-ROM
disc. For instructions on how to implement this feature, see the Read Me file
provided with the software in the Apple Remote Access Security folder.
IMPORTANT
is available when the Remote Access MuliPort Server ports are configured and
turned on. Otherwise users will be disconnected and the port turned off when
they attempt to dial in. See the Read Me file provided with the Security Zone
software for more information.
If a router advertises a security zone, make sure the security zone
External security
You can provide an additional level of security by implementing third-party,
external security. For example, additional security would be appropriate for
those who need roving access. Two types of external security are available:
line-level security and protocol-level security.
Line-level security provides security at the telephone-line level and usually
consists of hardware that is connected to the server and a security software
module that is placed on the clients’ workstations.
Protocol-level security provides security at the software level and usually
consists of security software modules that are placed on both the server and
the clients’ workstations. You can install more than one security module on an
Apple Remote Access MultiPort Server computer and client workstations, but
you can activate only one security module at a time.
Once you install the security module, you can decide if all users or only selected
users must be validated by this type of security when they dial in to the server.
16 Chapter 3 / Setting Up the Server
Note: Example screens throughout this manual display “Third-Party Security”
as the security module. This name does not refer to a specific product, but is
intended for illustration purposes only. See your Apple-authorized reseller or
representative for specific product recommendations.
Starting the Remote Access Manager software
The Remote Access Manager application does not have to be running for the
server to be active; however, you must run Remote Access Manager once to
start up the server. After that, you can quit Remote Access Manager and the
server will keep running.
IMPORTANT
the server to restart after a power failure, place an alias of the Remote Access
Manager application in the Startup Items folder, located in the System Folder.
Starting the Remote Access Manager application also starts the server, if it is
not already running. The first time you start the application, you will be prompted
to enter information about the server.
To start the server and the Remote Access Manager application:
1 Double-click the Remote Access Manager icon.
If you have installed Remote Access Manager on a computer on which
AppleShare is not installed, the following message appears:
If you want the server to start up automatically, or if you want
Starting the Remote Access Manager software 17
2 Click Continue.
The Server Preferences dialog box appears. If you have installed the Remote
Access manager software on the same computer as an AppleShare server, or if
you have named your computer, the server or computer name appears in the
Server/Macintosh Name text box. If these circumstances do not apply, “Apple
Remote Access Server” appears in the name box. If AppleShare is installed,
bullets appear in the Administrative Password text box; each bullet indicates a
character in the Admin Key for your AppleShare server.
3 If necessary, enter a new name for the server and an Administrative Password.
The Administrative Password helps prevent unauthorized use of the server and
some features of Remote Access Manager . The password can be any combination
of up to eight characters and can include uppercase and lowercase letters.
IMPORTANT
Any changes you make to either of these items are also applied to
the AppleShare server.
18 Chapter 3 / Setting Up the Server
IMPORTANT
Replacing an Administrative Passw ord is difficult. If you record
your administrative password, guard it carefully. If you lose or forget it, see “The
Administrative Passw ord Has Been Lost” in the Appendix, “Troubleshooting.”
4 Select password options by clicking the appropriate checkboxes and entering a value
when required in the text box.
The password options in the Server Preferences dialog box allo w you to control
server security at the password lev el. The following options apply to user passw ords:
m Minimum Number of Characters in Password The minimum number of
characters for a user password. The minimum is one; the maximum is
eight. As a general rule, the longer the password, the safer. Encourage
users to choose passwords that combine letters and numbers and that are
not actual words.
m Number of Days until Password Expires The range of days is 1–1000.
Select this option to require users to change their passwords regularly.
m Maximum Number Password Attempts Before Disconnect The maximum
number of times a user can enter an incorrect password before being
disconnected. Each incorrect attempt is also applied to the Number of
Password Attempts Before User Disabled option if you have selected it
and entered a value. The default is seven attempts.
Starting the Remote Access Manager software 19
m Number of Password Attempts Before User Disabled The number of times
a user can attempt to log in to the server without success before the user’s
account is disabled. This number should be greater than the Maximum Number
Password Attempts Before Disconnect. A count of consecutive bad password
attempts is kept. When it equals the Number of Password Attempts Before
User Disabled, the user’s access is disabled. Access must be reenabled by
the administrator before the user can connect again. The count is reset to
zero each time the user successfully connects with the correct password.
m Always Require User to Enter Password This option requires all users to
enter their passwords when logging in, even if they have selected the Save My
Password option in their Remote Access connection documents. Selecting
this option prevents anyone from using a “stolen” connection document in
which the password has been saved.
20 Chapter 3 / Setting Up the Server
5 If you have installed a third-party external security module and want to implement it,
choose its name from the Module pop-up menu.
External security provides an additional layer of security for your server and is
applicable for current users and users you register in the future. You can determine
whether this type of security is required for all users or only for selected users.
Regardless of your choice, a checkbox with the name of the security module
will appear in each User information window. (For more information about the
User information window, refer to “Creating a New User,” later in this chapter.)
See the documentation that came with your third-party security product for more
information on installation and use.
Note: You cannot select more than one security module from the Module popup menu.
6 Click the External Security Required for All Users checkbox if you want to implement
external security for all users.
Depending on the external security module you selected, you may need to
configure settings for each user. For more information, refer to “Creating a
New User,” later in this chapter.
When you register new users, this option is automatically selected in the User
information window.
Starting the Remote Access Manager software 21
7 Click OK when you have finished entering information and selecting security options.
If you do not enter an Administrative Password, the following warning appears:
8 Click OK to confirm that you do not want to enter an Administrative Password, or click
Cancel to enter an Administrative Password.
Note: To change the Server Preferences at any time, choose Set Server
Preferences from the Server menu.
Configuring the modem ports
IMPORTANT
You cannot use the built-in serial ports on the computer for
Apple Remote Access. Use only the ports provided on the installed serial
card or cards.
This section describes how to configure the modem por ts for dial-in and callback
access. Before continuing, make sure that you’ve installed all expansion cards
and attached all serial communications devices correctly.
There are three basic ways to configure the modem ports: Dial-in Access, Dial-in
and Transfer, and Callback Only.
Note: Users cannot access a configured port until it has been turned on in the
Port Configuration window, as described later in this chapter.
22 Chapter 3 / Setting Up the Server
Dial-in Access allows dial-in and callback access on the same port. With this
method, a user who does not have callback enabled is able to dial in and
remain connected. This is useful if you have a number of users who are on the
road and cannot provide you with a callback number. If the user has callback
enabled, when the user dials in, the server checks that the user name and
password are correct. If they are correct, the user is disconnected, and the
server calls him or her back on the same port.
Ports set to Dial-in and Transfer are intended only for users who have callback
enabled. When such a user dials in, the server checks that the user name and
password are correct. If they are correct, the user is disconnected, and the
server calls him or her back through a different, callback-only port. Users for
whom you have not set up callback can dial in to Dial-in and Transfer ports,
but they will be disconnected. Users who do not have callback enabled must
use Dial-in Access ports.
Callback Only ports cannot receive calls. They are used only in conjunction
with ports that have been configured for Dial-in and Transfer. For example, you
can set up one port for Dial-in and Transfer and the rest for Callback Only.
Thus, you can have a maximum of 15 callback lines, depending on the number
of expansion cards installed and modems or other serial communications
devices connected to the ports. This method allows you to provide only one
telephone number to your remote access users.
Note: If you configure one port as Dial-in and Transfer and the rest as Callback
Only , the user will see the following alert box when all callback lines are in use:
Configuring the modem ports 23
To configure the serial ports:
1 Choose Configure Ports from the Server menu.
The Port Configuration window appears. This windo w contains information about
services installed on the server computer and the configuration of each port.
24 Chapter 3 / Setting Up the Server
2 Click the triangle next to Modem Service (or double-click the line) to display
all port groupings.
The two types of grouping are the ports on an expansion card or the
computer’s internal ports themselves.
Configuring the modem ports 25
3 Click the triangle next to the port grouping (or double-click the line) to display the name,
status, and configuration of each port.
The port name is determined by the slot in the computer in which the card is
installed and the number of the port on the card. For example, SS6 C1 Port #1
means that a Smart Serial 6 card is installed in Slot 1 in the server computer
and that Port 1 on the card is selected.
26 Chapter 3 / Setting Up the Server
4 Select the port you want to configure by clicking it.
The Open button becomes active. Initially ports are turned off; that is, they are
inactive. Once you configure a port, you can turn it on to make it active.
Configuring the modem ports 27
5 Click the Open button.
The Port window appears for the port you selected. The name of the port
appears in the title bar.
Note: You can also double-click the port name to open the Port window.
6 Enter text in the Port Info text box, such as the name of the modem connected to the port
and the telephone number of the line connected to the modem.
7 From the Port Access pop-up menu, select one of the following options: Dial-in Access,
Dial-in and Transfer, or Callback Only.
8 From the Modem pop-up menu, select the modem script for the modem you’ve attached
to the port.
See the Read Me file in the Apple Remote Access MP Folder for a list of
supported modems. If your modem does not appear on that list, check with
your modem vendor or consult the support information available on Apple’s
World Wide Web site at
programmer and want to write your own script, complete documentation and
prototyping software are included in the Apple Remote Access MultiPort
Server Toolkit folder on the installation CD-ROM disc.
28 Chapter 3 / Setting Up the Server
www.info.apple.com. If you are an experienced
9 Turn the modem speaker on or off by clicking the On or Off button.
When the modem speaker is on, you can hear when the modem is making a
connection with another modem. However, if modem noise is a concern, you
can turn off the modem speaker.
10 Select Tone or Pulse for the dialing capability of your telephone line.
Select Tone if the telephone line to which the modem is connected supports
touch-tone dialing. Select Pulse if the telephone line to which the modem is
connected supports pulse or rotary dialing.
11 Click the Ignore Dial Tone checkbox if you always want the modem to dial, regardless of
its ability to recognize the tone provided on the telephone line.
12 Click Save to save these settings for the port.
If you click Revert, the contents of the window are not saved.
Configuring the modem ports 29
13 Click the close box to close the Port window.
The Port Configuration window is still visible. Now that you’ve configured the
port, you must turn it on to make it active for receiving and making calls.
14 Select the port and click the Turn On button to turn on the port.
Note: If you are using the Security Zone software, you will be required to
enter a password at this point. You will only be required to enter this password
the first time you turn on a port.
Following is a sample Port Configuration window in which all ports on an
expansion card have been configured.
30 Chapter 3 / Setting Up the Server
Loading...