Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote Access Ideas

Status
Not open for further replies.
Stevehewitt

Stevehewitt

IS-IT--Management
Jun 7, 2001
2,075
GB
Hi All,

I've just started at a small company who mainly use a VPN between a firewall/router and laptops for remote access.

First off we pay per licence, so if we're going to continue the VPN route I'd look at using Win2k3 Server R2 for authentication instead.

However I don't like VPN's. In particular laptops are nasty. People could do all sorts with them. Save they're passwords and then they get nicked. Have a virus, etc.

What alternatives could i look at using?

I'm a big fan of remote desktop - however to use it securely I would need mutliple IP's on our firewall (which we can do without a problem) but I would insist on the client having a static IP too.

We are putting in Exchange so OWA will be in full swing, as will our CRM system hopefully (MS CRM 3.0) and possibly web based IM via Live Comms Server.

Problem will still be people accessing they're files - OWA will do email, LCS will do IM and CRM will be from CRM but I'm still stuck regarding files.
Unless of course we do something like FTP - which isn't really very modern for a remote solution.

Any ideas?

Cheers,




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Sort by date Sort by votes
When you say small company, did you look at Microsoft SBS? It has the Remote Web Workplace (RWW) feature which, among other things, provides a browser based Remote Desktop to a host machine.

Since you've already invested in all the other components, without further information I'm not sure what direction to adivse you there.
 
Upvote 0 Downvote
SBS wouldn't be very suitable. We're a web development company - server count is 26, although the vast majority are development servers.

Thanks,




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Upvote 0 Downvote
I have to ask why the static IP on the remote user end for RDP? (I know the so you can restrict via remote IP answer)

As far as remote access is it that you are more interested in people running applications on your servers or are you more interested in file access? Are both a requirement?

As far as VPNs are you looking at using the Windows based RRAS or something more network based like a PIX firewall?

With Windows terminal server you don't need multiple IP addresses. If you wish to use RDP to provide access directly to all your servers in remote administration mode then you do need multiple IP addresses.

I suggest looking into a VPN solution that provides very granular control of what network resources are accessable.

If you want anything less vague you need to provide more detail on what kind of access is needed, ie file sharing, RDP, email or all of the above.

Jeremy Giacobbe
MCSE, CCNA

Don't look at the letters after my name. There is still a distinct possibility I am an id10t.
 
Upvote 0 Downvote
I'm implementing Exchange, CRM and Live Comms Server within the next few months (sounds like overkill - but i've been brought in to sort the IT out. The developers did it internally and it's a bit of a mess!).

So in theory people will be able to access OWA, Live Comms Server and CRM over the internet anyway. It's backoffice works who will need access rather than developers; so the only thing I can't really provide non-VPN access to will be files.
I was thinking of using RDP for users to terminal service to there desktop from home. That would be the ideal solution but security is an issue as is people without a static IP.

VPN wise - I'd rather use Windows. We already have it and we'd save on licencing (we have a FortiGate that we are using for VPN amongst other things but we pay per VPN user which isn't ideal) Also, I don't like VPN's much. Call me paranoid, but I just don't like the idea of a semi-managed laptop (if it's hardly on the network then I can't manage it as well as a desktop) connecting up to the main network. Viruses, stolen machines, copying data locally etc. Just doesn't fulfill my whole security requirements.

Any ideas with using RDP would be great. (Maybe setting up a dedicated Terminal Server in application mode will all the apps they need would be a possible contender?)

Cheers,




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Upvote 0 Downvote
Terminal Server would be a good choice. You can do RDP with a single forward facing IP address, just by changing the port numbers for the remote machines. I'd still lean towards Terminal Server. Easier to manage.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)
Want to know how email works? Read for yourself -
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
219
MaioMaio
MaioMaio
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
123
hairlessupportmonkey
hairlessupportmonkey
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
116
StevenFromSouth
StevenFromSouth
iCDT
  • Locked
  • Question
Remote Desktop Web Access ( No application available)
Replies
2
Views
118
hairlessupportmonkey
hairlessupportmonkey
demetrio
  • Locked
  • Question
Remote Desktop Gateway server is temporarily unavailable
Replies
1
Views
99
technome
technome

Part and Inventory Search

Sponsor

Back
Top