Our firewall allows for a relatively simple ssl connection, which then grants access to a TS server. Very simple to deploy and use, and (I think) more secure than a hole straight through to a TS server on network or DMZ.
On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller <[email protected]> wrote: > Terminal Server 2008 has the Gateway role for external users. Still > clunky compared to Citrix, but much less costly. I have a Citrix farm for > external users, and starting to use Terminal Server for internal users. I'd > go 100% Citrix if it were not so ridiculously expensive. > > > > Tom Miller > Engineer, Information Technology > Hampton-Newport News Community Services Board > 757-788-0528 > > >>> "Erik Goldoff" <[email protected]> 4/30/2009 12:23 PM >>> > You *could* try a quick rollout of Terminal Server, temporary licenses > are good for 90 days ( still true I think ) > > Erik Goldoff > > *IT Consultant* > > *Systems, Networks, & Security * > > > ------------------------------ > *From:* Joe Heaton [mailto:[email protected]] > *Sent:* Thursday, April 30, 2009 12:17 PM > *To:* NT System Admin Issues > *Subject:* RE: Remote access options > > That’s more the way I’m leaning as well, don’t want to put more > processing load than necessary on the firewall. But, push come to shove, if > they demand something within a day or two, VPN would have to be used, as I > don’t have the web stuff for Citrix, or an Access Gateway setup. > > > > Joe Heaton > > Employment Training Panel > > > > *From:* Erik Goldoff [mailto:[email protected]] > *Sent:* Thursday, April 30, 2009 8:46 AM > *To:* NT System Admin Issues > *Subject:* RE: Remote access options > > > > my choice to connect a disparate collection of nonstandard home users from > their own equipment would be Terminal Server / Citrix , *should* keep your > interior network more secure than a VPN tunnel. > > > > And not being familiar with your firewall or quantities of tunnels needed, > performance may be an issue. If you have large numbers of 3DES or better > encrypted tunnels ( large relating to the capabilities of your firewall ) > then you could overwhelm the firewall processor and buffers, impacting > overall performance and reliability of network connections. RDP/ICA is > simply traffic the firewall will process, and not spend time > encrypting/decrypting with whatever VPN encryption engine it has > > > Erik Goldoff > > *IT Consultant* > > *Systems, Networks, & Security * > > > > > ------------------------------ > > *From:* Joe Heaton [mailto:[email protected]] > *Sent:* Thursday, April 30, 2009 11:40 AM > *To:* NT System Admin Issues > *Subject:* Remote access options > > With the “pandemic”, I’ve been tasked with coming up with a plan for remote > access, in order to keep the business running, in case of having to have > people stay home. So, with that, I’ve decided to ask you guys what you’re > using/doing, for teleworking. > > > > A couple of options I thought of off the top of my head: > > > > 1) VPN – simple, gives the user a good desktop experience. Slow, at > least slower than working from your desk. > > 2) Citrix – same as above, can publish specific apps, or entire > desktop if needed. Low bandwidth requirements. > > > > > > I listed those two, as our firewall has built-in VPN capabilities, which we > are currently using, and therefore would be the quickest option to > implement. We also have Citrix already, although only a single server, > running PS 4.0. I know I’d want to implement an Access Gateway, etc with > the Citrix option. > > > > Thanks, > > > > Joe Heaton > > AISA > > Employment Training Panel > > 1100 J Street, 4th Floor > > Sacramento, CA 95814 > > (916) 327-5276 > > [email protected] > > > > > > > > > > > > > > > > > > > > > Confidentiality Notice: This e-mail message, including attachments, is for > the sole use of the intended recipient(s) and may contain confidential and > privileged information. Any unauthorized review, use, disclosure, or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
