Thankfully, Microsoft has already done the hard part and figured out how you can maximize your license purchase. :-)
On Mon, May 4, 2009 at 2:08 PM, Joe Heaton <[email protected]> wrote: > No, I knew about that.ΓΏ Just trying to figure out how to minimize > license purchase, lol. > > > > Joe Heaton > > Employment Training Panel > > > > *From:* Richard Stovall [mailto:[email protected]] > *Sent:* Monday, May 04, 2009 10:53 AM > *To:* NT System Admin Issues > *Subject:* RE: Remote access options > > > > Nope TS CALs are either user or device CALs You pick what type you want > when you purchase them. > > Remote desktop for administration (formerly remote administration mode in > 2000) doet require CALs and maxes out at 2 simultaneous remote session > Maybe thas what you were thinking of? > > *From:* Joe Heaton [mailto:[email protected]] > *Sent:* Monday, May 04, 2009 1:32 PM > *To:* NT System Admin Issues > *Subject:* RE: Remote access options > > TS licenses are concurrent connection licenses, right? So when one > connection drops, another can happen? > > Joe Heaton > > Employment Training Panel > > *From:* Jim Dandy [mailto:[email protected]] > *Sent:* Monday, May 04, 2009 9:28 AM > *To:* NT System Admin Issues > *Subject:* RE: Remote access options > > Bummer > > *From:* Richard Stovall [mailto:[email protected]] > *Sent:* Friday, May 01, 2009 11:53 AM > *To:* NT System Admin Issues > *Subject:* RE: Remote access options > > > > Yeah, I was kinda bummed when I dug into it and found out. At least TS CALs > aret too expensiv > > You dont need a TS CAL to remote directly into a workstation, but you do if > you go through a TS Gateway. > > From Licensing Windows Server 2008 Terminal Services.do @ > > > http://download.microsoft.com/download/6/9/5/695ba00d-c790-4c90-813a-f10539d97991/Licensing%20Windows%20Server%202008%20Terminal%20Services.doc > > (http://tinyurl.com/64ykh7) > > *Do I need a TS CAL if I am not running a multiuser environment but use > functionality in Terminal Servicfor example, Terminal Services Gateway?* > > Yes. A TS CAL is required for the use of any functionality included in the > Terminal Services role in Windows Server. For example, if you are using TS > Gateway and/or TS Web Access to provide access to a Windows Client operating > system on an individual PC, both a TS CAL and Windows Server CAL are > required. > > RS > > > > *From:* Jim Dandy [mailto:[email protected]] > *Sent:* Friday, May 01, 2009 2:25 PM > *To:* NT System Admin Issues > *Subject:* RE: Remote access options > > > > Are you sure each TS Gateway user or device requires a TS CA I thought you > only needed a CAL if you were going into a TS and that remote desktop > connections to desktop computers were free. > > Curt > > *From:* Richard Stovall [mailto:[email protected]] > *Sent:* Thursday, April 30, 2009 12:51 PM > *To:* NT System Admin Issues > *Subject:* RE: Remote access options > > > > Its really easy to set up and works quite well in my experience. There are > only a couple of potential gotchas that I found. > > 1) Each TS Gateway user or device requires a TS CAL. > > 2) Wildcard certs work fine, but you need to have XP SPs RDP client > on XP, or Service Pack 1 on Vista I dont think you can download the Vista > SP1 RDP client by itself. > > *From:* Tom Miller [mailto:[email protected]] > *Sent:* Thursday, April 30, 2009 3:39 PM > *To:* NT System Admin Issues > *Subject:* Re: Remote access options > > > > TS 2008, Gateway Role, is over SSL only. I set up a nat on my firewall and > https only to the gateway server and that's all you need to do (other than > configuring the Gateway role, getting a certificate for the farm, blah blah > blah.........) > > > > > > >>> Jeff Brown <[email protected]> 4/30/2009 1:29 PM >>> > Our firewall allows for a relatively simple ssl connection, which then > grants access to a TS server. Very simple to deploy and use, and (I think) > more secure than a hole straight through to a TS server on network or DMZ. > > On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller <[email protected]> wrote: > > Terminal Server 2008 has the Gateway role for external users. Still clunky > compared to Citrix, but much less costly. I have a Citrix farm for external > users, and starting to use Terminal Server for internal users. I'd go 100% > Citrix if it were not so ridiculously expensive. > > Tom Miller > Engineer, Information Technology > Hampton-Newport News Community Services Board > 757-788-0528 > > >>> "Erik Goldoff" <[email protected]> 4/30/2009 12:23 PM >>> > > You *could* try a quick rollout of Terminal Server, temporary licenses are > good for 90 days ( still true I think ) > Erik Goldoff > > *IT Consultant* > > *Systems, Networks, & Security * > > > ------------------------------ > > *From:* Joe Heaton [mailto:[email protected]] > *Sent:* Thursday, April 30, 2009 12:17 PM > *To:* NT System Admin Issues > *Subject:* RE: Remote access options > > Thats more the waym leaning as well, dont want to put more processing load > than necessary on the firewall. But, push come to shove, if they demand > something within a day or two, VPN would have to be used, as I dot have the > web stuff for Citrix, or an Access Gateway setup. > > Joe Heaton > > Employment Training Panel > > *From:* Erik Goldoff [mailto:[email protected]] > *Sent:* Thursday, April 30, 2009 8:46 AM > *To:* NT System Admin Issues > *Subject:* RE: Remote access options > > my choice to connect a disparate collection of nonstandard home users from > their own equipment would be Terminal Server / Citrix , *should* keep your > interior network more secure than a VPN tunnel. > > And not being familiar with your firewall or quantities of tunnels needed, > performance may be an issue. If you have large numbers of 3DES or better > encrypted tunnels ( large relating to the capabilities of your firewall ) > then you could overwhelm the firewall processor and buffers, impacting > overall performance and reliability of network connections. RDP/ICA is > simply traffic the firewall will process, and not spend time > encrypting/decrypting with whatever VPN encryption engine it has > Erik Goldoff > > *IT Consultant* > > *Systems, Networks, & Security * > ------------------------------ > > *From:* Joe Heaton [mailto:[email protected]] > *Sent:* Thursday, April 30, 2009 11:40 AM > *To:* NT System Admin Issues > *Subject:* Remote access options > > With thepandemi, ve been tasked with coming up with a plan for remote > access, in order to keep the business running, in case of having to have > people stay home. So, with that, ve decided to ask you guys what youre > using/doing, for teleworking. > > A couple of options I thought of off the top of my head: > > 1) VPN simple, gives the user a good desktop experience. Slow, at least > slower than working from your desk. > > 2) Citrix same as above, can publish specific apps, or entire desktop if > needed. Low bandwidth requirements. > > I listed those two, as our firewall has built-in VPN capabilities, which we > are currently using, and therefore would be the quickest option to > implement. We also have Citrix already, although only a single server, > running PS 4.0. I know Id want to implement an Access Gateway, etc with the > Citrix option. > > Thanks, > > Joe Heaton > > AISA > > Employment Training Panel > > 1100 J Street, 4th Floor > > Sacramento, CA 95814 > > (916) 327-5276 > > [email protected] > > <pr > > <pr > > <pr > > <pr > > > > Confidentiality Notice: This e-mail message, including attachments, is for > the sole use of the intended recipient(s) and may contain confidential and > privileged information. Any unauthorized review, use, disclosure, or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > <pre > > > > > > > > > > Confidentiality Notice: This e-mail message, including attachments, is for > the sole use of the intended recipient(s) and may contain confidential and > privileged information. Any unauthorized review, use, disclosure, or > distribution is prohibited. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
