If the OP already has a 2012 server (or 2008 for that matter) and sufficient RD CAL's then he may not have much CAPEX at all. Add the role, configure it, configure the firewall, purchase a cheap ssl cert and off you go. It's incredibly easy to configure on 2008 server and above and even easier again if it's a sbs product.
Perhaps his business prefers lower OPEX than CAPEX too. You seem quite focused on the CAPEX side of things but that may not be how the OP's business works. The RDG solution would certainly result in lower OPEX than VPN as there is far less management of the clients. Overtime this may easily justify the initial CAPEX. Citrix of course adds another layer of expense and based on what we know is required it would be overkill. Providing the users with access from any device to the same desktop (whether that be a physical computer, a virtual desktop, or even a RD Session Host) has many benefits. Users don't like change, if they get the exact same thing no matter what device they connect from then that's a good thing. VPN does provide the offline option(although you can copy files to and from an RDG session if enabled) but unless you use offline files etc and the end client/device is fully managed it isn't the nicest user experience. I find that more and more these days peoples devices are connected to the internet and they don't want to use it if it isn't! There are some that still want to compose emails on a plane but they are few and far between. Whether it's a Mac, Windows, Android or iOS there is support for RDG. That can't be said for many of the vpn options out there. I've lost count of the times I've been able to quickly run mstsc and connect to a host behind a RDG from wherever I happen to be at the time. No special client install required, just the hostname, creds and the rd gateway details. James. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ken Schaefer Sent: Monday, 13 January 2014 12:29 PM To: [email protected] Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Susan Bradley Sent: Monday, 13 January 2014 1:07 PM To: [email protected] Subject: Re: [NTSysADM] Small Remote Office Remote File Server Access > Server 2012 R2 > Enable the Essentials role. > You now have Rdgateway server deployed via a wizard. Open up RDP > settings, put in the rdgateway url and you are off and running. So, OP is already up for a new OS license, since they don't have 2012 R2. Possibly new hardware to run this OS instance on, and what are they RD-ing into? If they've taken their laptop out of the office, the presumably you need a RD host as well (which means RDP CAL licensing)? Or am I misunderstanding how this works? > I'm not talking Citrix, it's merely RDgateway/TS. Why not deploy a Citrix solution? I mean, it has even more features and benefits than basic Microsoft RDP based solution. The only downside is even more cost - but cost seems to be irrelevant here for some reason :-| > VPN truly does bring in way more risk than a RDS solution. "Way more risk" - what risk specifically? VPN would allow people to work offline/disconnected on documents. It could also be implemented for $0 in CAPEX, and if it doesn't work out, you could always buy what's necessary for an RDP solution. If it does work out, then a whole bunch of spending's been avoided. Surely that's a relevant consideration as well? > Added to that I can now offer up the same desktop experience. I don't understand this. The users are taking their laptops or iPads with them. They don't get "the same desktop" experience by utilising the same device in-office and out-of-office? I'm not saying "don't go RDP", but I'm just not seeing any real requirement that justifies the extra expense that will be involved. Cheers Ken -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Susan Bradley Sent: Monday, 13 January 2014 1:07 PM To: [email protected] Subject: Re: [NTSysADM] Small Remote Office Remote File Server Access Server 2012 R2 Enable the Essentials role. You now have Rdgateway server deployed via a wizard. Open up RDP settings, put in the rdgateway url and you are off and running. I'm not talking Citrix, it's merely RDgateway/TS. I don't spend a billion dollars in IT, however I am a small business and thus there are different pros and cons based on the space each of us work in. VPN truly does bring in way more risk than a RDS solution. Added to that I can now offer up the same desktop experience. On 1/12/2014 4:15 PM, Ken Schaefer wrote: > I work in a "large organisation" - we spend well over a billion dollars a > year on IT&T. We have both huge Citrix farms, and we have VPNs as well. I'm > quite familiar with the pros/cons of the options. > > No one is saying that the RD solution doesn't have benefits. But there is a > CAPEX and an ongoing OPEX cost to building and supporting a RD gateway > solution, and it will probably be significantly more than a VPN, when the > sole purpose is to access an existing file share. > > -- > http://au.linkedin.com/in/kschaefer > Typed on a Lenovo Helix - apologies for brevity > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of James Hill > Sent: Monday, 13 January 2014 10:54 AM > To: [email protected] > Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access > > VPN greatly amplifies the risk. It creates a direct link between the client > and the server for all sorts of traffic. With RD Gateway it's only RDP > traffic over https. > > Even for large firms, a thin solution often makes a lot more sense. The > data is kept on the server so there are all the benefits of centralilsed > data. Performance is great as there is no perceivable difference between > opening a 2MB file vs a 20MB file. No special client is needed for Windows > devices, they can even go to a RDWEB page on ANY windows device and login. > Whether that is a home computer, hotel kiosk etc. That means virtually zero > effort required by helpdesk/desktop support as they don't have to install and > configure vpn clients, manage OS and application patches or security software. > > The user experience is greatly improved as the user is accessing the same > desktop each time. All their shortcuts and settings are the same. They > don't have to copy files from device to device. The list of benefits far > outweighs a VPN solution. > > As Robert has a 400Mbps internet link I don't think the small cost of 6 RD > licenses is going to break the bank. > > James. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Ken Schaefer > Sent: Sunday, 12 January 2014 2:33 PM > To: [email protected] > Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access > > VPN means the data /may/ be copied to the mobile device - but if I open a > file from a file server, make my edits, and then save the file, it'd be saved > back to the file server, and not reside on my device. > > Given that these people are in the office normally, they can simply copy the > files onto their device when they're in the office. Having a VPN doesn't > really amplify the risk. > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Susan Bradley > Sent: Sunday, 12 January 2014 3:30 PM > To: [email protected] > Subject: Re: [NTSysADM] Small Remote Office Remote File Server Access > > VPN means the data will be on the laptops and on ipads. > > Remote desktop services means that the files stay in the network where you > can protect them better. > On 1/11/2014 10:17 AM, Chyka, Robert wrote: >> That is where my mind is at. Still I see simple VPN into the Watchguard >> then direct access to the server shares. I just haven't been in the loop >> with smaller office technologies so I wanted to see if I was missing >> anything that is newer, quicker, better without compromising security. >> >> -Bob C. >> >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Ken Schaefer >> Sent: Saturday, January 11, 2014 5:05 AM >> To: [email protected] >> Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access >> >> What's wrong with a simple VPN? >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Susan Bradley >> Sent: Saturday, 11 January 2014 5:43 PM >> To: [email protected] >> Subject: Re: [NTSysADM] Small Remote Office Remote File Server Access >> >> A remote desktop server that they can hit via rdgateway. Especially those >> ipads. >> That would also entail a VL version of Office to be installed on that RDS >> server. >> >> Small businesses don't buy the VL licenses in order to support direct access. >> >> On 1/10/2014 8:42 PM, Chyka, Robert wrote: >>> We have a small remote office (6 users) with a Windows 2008R2 DC and >>> a Windows 2012 DC/File server. The only activity this office >>> performs on the network is web research and a lot of legal case >>> document creation and editing - mostly in Word. >>> >>> At our main office we use VON to access our file server and home >>> directories remotely (Cisco ASA 5520s for VPN) and have 400 megs of >>> bandwidth. At our small remote site we have the following gear: >>> >>> -Time Warner Business Class 25/10 >>> >>> -WatchGuard XTM 25 Firewall (inherited, not spec'd) >>> >>> For remote access to our 2012 file server using either Windows >>> laptops or Ipads what do you recommend for best performance and >>> connectivity? >>> >>> I was looking at Windows 2012 Anywhere Access but wanted to get >>> expert opinions in the small business sector. >> >> >> >> > > > > > > > > >
