Terminal Services on 2000/2003 depending on the client. I'm a small consulting company in the Midwest and all of my clients use TS in one way or another. Client licenses are often free/embedded depending on OS. TS/RDP is sensitive to packet loss and will drop/disconnect the client if p/l is too high. That aside, RDP really mitigates connection speed and in my experience always performs better than VPN gateway or client. TS on 2003 let's you easily configure access to local drives and printers. Is easily controlled via GPO. One of my clients has all users (45) on TS and this greatly reduces desktop support issues, as you can imagine.
Cheers. ________________________________ From: Malcolm Reitz [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2008 2:05 PM To: NT System Admin Issues Subject: RE: VPN Client's vs. Hardware Go on :-). What do you have on the back-end to support this? What are your users RDP-ing in to? Malcolm From: Stephan Barr [mailto:[EMAIL PROTECTED] On Behalf Of lists Sent: Tuesday, 17 June, 2008 13:57 To: NT System Admin Issues Subject: RE: VPN Client's vs. Hardware I've moved from VPN to RDP for most remote folks. RDP reduces the bandwidth requirement and the hit to the router/firewall, easier to manage, fewer pieces to manage and mitigates to large extent the users internet connection speed/quality. I could go on. My $.02 Cheers. ________________________________ From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2008 1:30 PM To: NT System Admin Issues Subject: RE: VPN Client's vs. Hardware I wouldn't so much worry about tying up the bandwidth with multiple software clients. At least, no more than a hardware client would. In other words, 2 software clients talking using separate clients will generate the same amount of traffic as two clients talking through a hardware client. Also, keep in mind that NAT/PAT gateways can and do wreak havoc on IPSec VPNs. You can compound this problem when you have more than one VPN client initiating a tunnel from the *same* source global IP address to the *same* headend VPN device. Just food for thought... >From an efficiency standpoint, consider this: Software Clients with Independent VPN tunnels = 6 to 8 SAs (4 IKE and 2-4 IPSec) on your ASA firewall assuming you only have 2 clients connecting simultaneously. The number(s) can grow exponentially the more software clients you add. Hence, you can expect CPU spikes on your firewall. Hardware Client Alone = 2-4 SAs (2 IKE and 2 IPSec) on your ASA firewall with room to grow for several users. I don't know how many tunnels your ASA handles, but for efficiency sake (and best practice), I'd go with a hardware client. HTH, Aaron ________________________________ From: N Parr [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2008 12:19 PM To: NT System Admin Issues Subject: VPN Client's vs. Hardware We will be setting up a remote warehouse location with a couple workstations to start with. Initially I'm going to have them VPN to our ASA and then terminal back home. What I'm trying to figure out is if multiple VPN software clients eventually start using more overhead/bandwidth than a hardware VPN? And if so then at what point? Obviously hardware would be simpler for everyone involved but there's additional expense involved that I'd like to avoid as long as possible. No matter how we do it the big bandwidth hit will be pushing print jobs back to the remote location. The connection will most likely be T-1 to the same ISP as our in house provider since the location is only a few miles away. Thanks Niles ________________________________ This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution, or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
