Well now that I got into the firewall that was left here (WatchGuard) - the maintenance has been expired by almost 2 years. There is also an ASA on the shelf - ASA 5505 that is under current Smartnet - I have no clue what the guy who managed the gear in this location was doing. I think I am going to install the ASA since I know the product already and EBay the WatchGuard.
[cid:3366368584_1217441] From: [email protected] [mailto:[email protected]] On Behalf Of J- P Sent: Tuesday, January 14, 2014 5:02 PM To: [email protected] Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access if you have the licensing RD will make your life easier if not VPN, but I didnt hear any mention of SSL-VPN those allow access through most web browsers to file shares, what is the firewall you have? PS: we ran time EOC 3mb for 5+yrs with the following Citrix XA ~25 users Exchange 2010 60 users and to make matters worse the 3 meg was also dynamic for phones internally , although, never had more than 8 concurrent calls. You have AMPLE bandwidth Jean-Paul Natola > From: [email protected]<mailto:[email protected]> > To: [email protected]<mailto:[email protected]> > Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access > Date: Tue, 14 Jan 2014 20:43:51 +0000 > > Just to clarify some points: > > - We have a 2012 server where the files are located that our workers need > access to from their homes or hotel rooms. > > - we have 8-10 users needing remote access to that file server listed above > > - It will be a mix of laptops and IOS devices needing the remote access to > the files to edit, make changes, start new docs etc. > > - We have Time Warner Business class cable > > - the laptop users use both their corporate laptops and laptops at their homes > > - the 2 choices from the list are VPN, or Remote access gateway or ?? > > Am I straight with this so far? > > > > > > -----Original Message----- > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]] On Behalf Of Ken Schaefer > Sent: Monday, January 13, 2014 5:29 PM > To: [email protected]<mailto:[email protected]> > Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access > > > > -----Original Message----- > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]] On Behalf Of James Hill > Sent: Tuesday, 14 January 2014 8:25 AM > To: [email protected]<mailto:[email protected]> > Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access > > >>> No mention of existing RDP CALs. Or a server to run RD Gateway or RD Host. > > There was mention of a server, " For remote access to our 2012 file server" > > There was the actual Windows 2012 file server. Are you suggesting that the OP > run RD Gateway and RD Host on the file server? > > >>> Configuring PPTP or L2E VPN on 6 clients isn't really a major OPEX cost. > >>> I'd say it's comparable to patching/managing a server. > > It is more than RDG and what do you do for devices that you can't get > > access to? > > There is a much higher chance that the client is a windows device with > > RDP already built-in. Ongoing OPEX will be higher than RDG. > > How do you figure this? > > OP already mentioned they were using VPN via Cisco ASAs for their main site, > so I made the assumption they already had some expertise in managing VPNs. > > >> The users already have laptops. If they take their laptop with them, they > >> already get the "exact same thing" > > If it's the same laptop that they use in the office and if it is the "only" > > device they use, which is unlikely. > > How do you figure "it's unlikely"? There doesn't seem to be anything in the > OP's post to suggest this - he's asking about how to get access for their > laptops and iPads. That implies they already have them. > > > I LOL'd at your latest big thing about Ken fact. Do you keep all this stuff > > in a Wiki so you don't forget? > > Actually - I do: http://flightdiary.net/anonymouscoward (for the flights I've > managed to get around to entering). > > But I don't know why you LOL - you made the claim - I'm trying to rebut it. > Deal with the actual issue at hand, rather than laughing at my personal > expense. > > You can't just claim "they are few and far between", when you've got no real > basis for suggesting such a thing. Especially when it's pretty easy to get > stats on how many passengers airlines carry every year, and then take a peek > on a few planes to see what % of those people are doing work on a plane. > > In any case, I see people working on trains, buses and a bunch of other > places they might not have ready internet access (or it might not be > convenient to enable constant connectivity). > > Either way, I disagree with your claim, but who knows what the working habits > of OP's employees are. It's a pretty moot discussion until he's willing to > clarify. > > >>> What version of Windows or IOS doesn't support L2TP/IPSec or PPTP? > > You conveniently left out Android there as well as that many VPN solutions > > have their own custom client. > > I left off Android because the OP stated that his requirement was for Windows > and IOS support. I also left off Symbian, VMS, AIX and Solaris for the same > reason. > > > > > > -----Original Message----- > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]] On Behalf Of James Hill > Sent: Monday, 13 January 2014 8:54 PM > To: [email protected]<mailto:[email protected]> > Subject: RE: [NTSysADM] Small Remote Office Remote File Server Access > > If the OP already has a 2012 server (or 2008 for that matter) and sufficient > RD CAL's then he may not have much CAPEX at all. Add the role, configure it, > configure the firewall, purchase a cheap ssl cert and off you go. It's > incredibly easy to configure on 2008 server and above and even easier again > if it's a sbs product. > > > Perhaps his business prefers lower OPEX than CAPEX too. You seem quite > focused on the CAPEX side of things but that may not be how the OP's business > works. The RDG solution would certainly result in lower OPEX than VPN as > there is far less management of the clients. Overtime this may easily justify > the initial CAPEX. Citrix of course adds another layer of expense and based > on what we know is required it would be overkill. > > >> Configuring PPTP or L2E VPN on 6 clients isn't really a major OPEX cost. > >> I'd say it's comparable to patching/managing a server. > >> FWIW, for environments like mine, OPEX is our major expense. My guess was > >> that CAPEX is the major expense in small business environments. > > Providing the users with access from any device to the same desktop (whether > that be a physical computer, a virtual desktop, or even a RD Session Host) > has many benefits. Users don't like change, if they get the exact same thing > no matter what device they connect from then that's a good thing. > > >> The users already have laptops. If they take their laptop with them, they > >> already get the "exact same thing" > > VPN does provide the offline option(although you can copy files to and from > an RDG session if enabled) but unless you use offline files etc and the end > client/device is fully managed it isn't the nicest user experience. I find > that more and more these days peoples devices are connected to the internet > and they don't want to use it if it isn't! There are some that still want to > compose emails on a plane but they are few and far between. > > >> The option is for already existing devices. > >> I did LOL at the "only few and far between want to compose emails on a > >> plane" - flown well over 1m KMs on planes, and there are lots and lots of > >> people writing emails, reviewing docs and so forth. > > Whether it's a Mac, Windows, Android or iOS there is support for RDG. That > can't be said for many of the vpn options out there. > > >> What version of Windows or IOS doesn't support L2TP/IPSec or PPTP? > > Cheers > Ken > > > > > > > > > > > > >
<<inline: image001.png>>
