OSX 10.5 to Improve .Mac: Point to Point VPN?

Most people believe that Apple’s .Mac service is overpriced and not updated frequently enough.  Honestly, I’m in that camp.  When the service was first introduced Apple claimed that users would have “free email for life.”  About a year later, the decision was reversed and Apple started charging $99 per year for the service that included email and a few other novelties such as synchronization of key data across computers.  When the switch-a-roo was pulled, I bailed on the services and registered Maclive.net to simply insure that I would never again have to change email providers.

I lamented for years with a great deal of irritation over the drastic increase of price.  Finally, last year I went back to the service strictly because I needed a good way to keep my calendar and address book synchronized between my tower and my MacBook.  I shell out the yearly blood money, but I do it with distain.

One of the .Mac features announced as part of the upcoming release of OSX 10.5 is something that might finally take the sting out of the yearly .Mac charge.  Apple calls the feature “Back to My Mac.”  It promises users the ability to access data on any of their Macs from anywhere on the web at any time.  It sounds ideal and it sounds like something the average Mac power user could really use.

Steve Jobs described the feature very simply on stage at this years WWDC (World Wider Developers Conference).  The inclusion of the feature in the presentation was almost anecdotal.  He mentioned it in a long list of new functionality and no one seemed to really pick up on the implications.  Mac users would have secure and immediate access to any data on their machine from anywhere in the world… sound simple and useful enough.  But the truth is, this isn’t a small feature that is easy to institute.

As a side note, those interested in watching Steve’s explanation of the technology, load up the keynote address video at this link http://www.apple.com/quicktime/qtv/wwdc07/ and skip ahead 23 minutes into the presentation.

Connecting all of the Mac’s that are registered in my .Mac profile is actually a profound technical accomplishment, if its to be done reliably and securely.  Most computers are behind some kind of firewall.  In business that could be a powerful firewall that will no doubt present some serious technical hurdles.  Not a big deal once Apple documents the ports that need to be mapped in order to allow access.  It will simply be a decision made by a companies IT department as to whether or not to allow access.  For the home user, things will be different.

The average home user is firewalled from the internet using a standard NAT router.  The router’s port mapping could be configured to allow someone from the outside access to a single machine, but there would be no way to let an outsider access the file on multiple machines on the home network.  As implied in Jobs presentation, an outsider with the proper login rights would have access to any number of Macs on a protected home network.  This means that NAT will be traversed or circumvented in some way.  Not something that’s easy to do.

That’s where the technology becomes interesting to me.  Not only will NAT routers need to be circumvented, but the communications will need to be encrypted if they are to remain secure.  Doing so would require a very specific technology that I have only found in one product to date.  Anyone who is familiar with the technology behind Hamachi might recognize the requirements of such a solution.

Hamachi is essentially a point to point VPN solution.  Encrypted tunnels are established between two computers by way of a 3rd intermediate system that helps them negotiate the NAT translations of routers before removing its self from the connection.  Hamachi is the only available system that I am aware of that does something like this.  And Hamachi works on the Mac, but not well.  It seems to me that Apple must be dealing with a similar proprietary system in order to accomplish the secure communication between two remotely located Macs connected only by the internet.

When I first considered the implications, it seemed like a stretch.  But the more I gave it thought, it just made more sense.  In this day and age, security is paramount.  That means encrypting all communication between any two computers transferring data over such a service.  Since we’re talk about Apple, it’s safe to bet that they will do more than simply encrypt the login information, but rather go so far as to encrypt all communication and that means some sort of point to point VPN implementation.  And just as Hamachi uses the off site Hamachi servers to establish communication between 2 remote systems, Apple’s .Mac servers could do the same sort of thing.

Still not convinced?  A home user connecting to the internet via a NAT based router (which most home users do) can make the shares on one of their networked Macs available to anyone who knows the IP address of the home network.  Its not too difficult, one just needs to know a little bit about basic network and how to enter port maps into the router.  But this sort of thing is well beyond the skill set of the average home user.  And, Apple being the company we all know and love for its ability to develop systems that are easy to use and seem to “just work,” we have to believe the entire process will be much easier to implement.  That brings us back to a point to point VPN solution like Hamachi.

I’m trying to make a case describing the complexities that Apple engineers would face when trying to develop such a powerful feature that seems on the surface to be a subtle nicety added to the upcoming feature set of the new operating system.  If the feature works the way I believe it will, it will be a powerful tool in the hands of a Macintosh power user.  And if the security is sound and the implementation is as much of a no brainer that I expect, Apple engineers deserve a great deal of credit for bringing a feature like this to .Mac.  Though ideally a feature like this would be free of charge, it may finally take the sting out of my yearly $99 bloodletting.

For now, all we can do is wait and see if the feature set will be as complete as I expect when OSX 10.5 ships sometime this fall. My fingers are crossed while I look forward to this seemingly simple new feature.


Steve

3 Responses to OSX 10.5 to Improve .Mac: Point to Point VPN?
  1. Andreasfmpro Reply

    Well, has Apple shipped Leopard with this feature?

  2. smanke Reply

    It is a part of the current release of 10.5. I haven’t had a chance to evaluate it or read up on the technical details yet.

    In the .Mac control panel, its a feature called Back to My Mac.

    From what I understand, it doesn’t do a Hamachi like NAT traversal. Disappointingly it appears to rely on UPnP in the router, or NAT-PMP. I’m not yet clear on the full details.

  3. cosmicwombat Reply

    Well, I hope it works well. So, far I have not been able to get Hamachi and 10.5 to play nice :(

Leave a Reply

Your email address will not be published. Please enter your name, email and a comment.