I was tasked with providing secure remote access for all the users in a 20 person office two years ago when bird flu was all the rage.
Budget: $0.00. Requirement: Easy for even dummies. Secure. Solution: existing VPN access through the firewall, using realvnc on windows desktops. (RDP wasn't an option due to Linux and Mac clients at the user's homes). Users were required to submit screenshots of up-to-date AV, firewalls, and MS patches prior to access every 30 days. Result: Not all that easy for dummies. VPN client software was difficult for some. Screenshot tracking was a pain. Came in on budget. VNC sucks compared to RDP. Improvement and current solution: RDP over a SonicWall SSL device with networking disabled on the device and RDP connections locked down preventing redirecting of resources. This is super easy for the user. No software to install. They have no extra password to remember as the SSL device authenticates against AD (though that isn't a requirement for those who hate the idea of anything accessing AD from the perimeter). Any internet ready computer will do. Mac, Linux, Whatever. No more screenshots since the users can't tunnel beyond the SSL device. The SonicWall device was a little non-intuitive to set up for me. Total cost $1700. Money well spent even on that super tight budget. Remote productivity alone justifies the $1700. Not sure how many users the device/bandwidth can effectively handle in this configuration, but so far everyone reports a huge performance boost over the previous solution. Of course, if you have a terminal server already and citrix et at, then this cheap solution might not be as good as what you can build with those tools. I couldn't say. But it might work for some of the lurkers from smaller shops with little budgets. Bill . From: Joe Heaton [mailto:[email protected]] Sent: Thursday, April 30, 2009 8:40 AM To: NT System Admin Issues Subject: Remote access options With the "pandemic", I've been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, I've decided to ask you guys what you're using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN - simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix - same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know I'd want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
