VPN greatly amplifies the risk. It creates a direct link between the client and the server for all sorts of traffic. With RD Gateway it's only RDP traffic over https.
Even for large firms, a thin solution often makes a lot more sense. The data is kept on the server so there are all the benefits of centralilsed data. Performance is great as there is no perceivable difference between opening a 2MB file vs a 20MB file. No special client is needed for Windows devices, they can even go to a RDWEB page on ANY windows device and login. Whether that is a home computer, hotel kiosk etc. That means virtually zero effort required by helpdesk/desktop support as they don't have to install and configure vpn clients, manage OS and application patches or security software. The user experience is greatly improved as the user is accessing the same desktop each time. All their shortcuts and settings are the same. They don't have to copy files from device to device. The list of benefits far outweighs a VPN solution. As Robert has a 400Mbps internet link I don't think the small cost of 6 RD licenses is going to break the bank. James. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Sunday, 12 January 2014 2:33 PM To: [email protected] Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access VPN means the data /may/ be copied to the mobile device - but if I open a file from a file server, make my edits, and then save the file, it'd be saved back to the file server, and not reside on my device. Given that these people are in the office normally, they can simply copy the files onto their device when they're in the office. Having a VPN doesn't really amplify the risk. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Susan Bradley Sent: Sunday, 12 January 2014 3:30 PM To: [email protected] Subject: Re: [NTSysADM] Small Remote Office Remote File Server Access VPN means the data will be on the laptops and on ipads. Remote desktop services means that the files stay in the network where you can protect them better. On 1/11/2014 10:17 AM, Chyka, Robert wrote: > That is where my mind is at. Still I see simple VPN into the Watchguard then > direct access to the server shares. I just haven't been in the loop with > smaller office technologies so I wanted to see if I was missing anything that > is newer, quicker, better without compromising security. > > -Bob C. > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Ken Schaefer > Sent: Saturday, January 11, 2014 5:05 AM > To: [email protected] > Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access > > What's wrong with a simple VPN? > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Susan Bradley > Sent: Saturday, 11 January 2014 5:43 PM > To: [email protected] > Subject: Re: [NTSysADM] Small Remote Office Remote File Server Access > > A remote desktop server that they can hit via rdgateway. Especially those > ipads. > That would also entail a VL version of Office to be installed on that RDS > server. > > Small businesses don't buy the VL licenses in order to support direct access. > > On 1/10/2014 8:42 PM, Chyka, Robert wrote: >> We have a small remote office (6 users) with a Windows 2008R2 DC and >> a Windows 2012 DC/File server. The only activity this office performs >> on the network is web research and a lot of legal case document >> creation and editing - mostly in Word. >> >> At our main office we use VON to access our file server and home >> directories remotely (Cisco ASA 5520s for VPN) and have 400 megs of >> bandwidth. At our small remote site we have the following gear: >> >> -Time Warner Business Class 25/10 >> >> -WatchGuard XTM 25 Firewall (inherited, not spec'd) >> >> For remote access to our 2012 file server using either Windows >> laptops or Ipads what do you recommend for best performance and connectivity? >> >> I was looking at Windows 2012 Anywhere Access but wanted to get >> expert opinions in the small business sector. > > > > >
