My preference would be for a good web-based SSL VPN solution. For your size of environment, SonicWall has some nice appliances that allow ActiveX and Java apps (so that even folks with Mac and *Nix boxes can get in) that provide a great RDP session interface in a web browser, as well as file directory access, ssh terminal sessions, etc. I'm sure other vendors have equivalent offerings, but haven't played with them.
The Sonicwall 2000 unit I have was really easy to set up, too. However, I disable the tunnel connectivity, because of the risk from home PCs. The thought of someone starting a random PC out in the world and downloading the app that gives them a tunnel into my network makes me shudder. OTOH, I haven't played with TS under Win2k8, so can't comment on the facilities available natively. Kurt On Wed, Nov 10, 2010 at 13:17, David Lum <[email protected]> wrote: > In a few weeks (Dec 17th) we’ll be having a massive “work from home” day > (200-ish users, because we’re moving our office to a different city) and we > have the option of standing up some Terminal Servers or just running with > VPN. Most users are expected to just want MS Office apps and Internet > Explorer. Several (a couple dozen) will also want RDP access to their > desktops. > > > > We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up > more 2008 TS servers. I have no experience setting up TS farms or getting > them available for ability to his via Internet, although both of these > appear to be pretty straightforward. I am also under the impression that TS > via Internet uses less bandwidth than a straight-up VPN connection. > > > > VPN is already established but we’ll certainly have many users using their > home PC that don’t currently have VPN configured and would much rather have > them connect via Terminal Server than install, configure and then connect an > unknown system - from a security/patched/AV standpoint - to VPN. > > > > I think it’s kind of six of one half dozen of another as far as overall > effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… > > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
