That's more the way I'm leaning as well, don't want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I don't have the web stuff for Citrix, or an Access Gateway setup.
Joe Heaton Employment Training Panel From: Erik Goldoff [mailto:[email protected]] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Joe Heaton [mailto:[email protected]] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With the "pandemic", I've been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I've decided to ask you guys what you're using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN - simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix - same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I'd want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
