Best Practices for Laptop/Netbook Management-RDP Environment

10-12 laptops currently accessing office over SSH using Tunnelier

Sonicwall VPN router in place - only 2 licenses of SSL-VPN

Currently, none of the laptops are on the domain.  The users have to login to the computer, login to the VPN, login to the RDP, login to the specialized software.  Most users are not very familiar with computer usage, and are confused at the number of logins (and confused at the RDP concept).

After assessing the situation, I would like to ditch the SSH, and move everyone to the VPN because it connects more reliably.

In general, what type of best practices can I utilize to simplify the management of these laptops?  Also, how can I maintain security at a reasonable level and not have to use four different logins?  In principle, there is no vulnerable data stored on the laptops themselves, just on the RDP server.

Thoughts?
CreeksidetechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RohitBagchiCommented:
Hello there,

Before I state any longer personal opinions, since I have to deal with similar user issues, do your users have sufficient bandwidth while mobile? If yes, are you willing to go in for a little investment? If yes, then you may wish to evaluate a solution such as Citrix XenApp, which will bring you a step closer to securing your systems while seriously reducing end user issues such as the ones you mention... Doing away with the need for a lot of the extras you have at the moment.

RB.
0
CreeksidetechAuthor Commented:
As far as bandwidth goes, most are using their laptops from home with some type of broadband.  I may be able to make a good case for an investment if necessary.  I am not familiar with Citrix XenApp - I'll look at it now.
0
CreeksidetechAuthor Commented:
Although something other than RDP like the Citrix option may be our plan for the near future, what are some ways that I can mitigate the management problems with our current setup?
0
Rich RumbleSecurity SamuraiCommented:
Joining them to the domain could make a few things easier, especially if your vpn can use active directory authentication. Citrix/Xen or even a Microsoft Terminal server can accomplish the same result for the amount of clients you have to support. Making them VPN, then RDP into your xen/ts server gives you a single place to maintain patches and av, and effectively separates even the most infected laptop from the rest of your network and applications.
There are some great documents here that might help you setup your own M$ VPN server: http://technet.microsoft.com/en-us/network/bb545442.aspx
NetGear has a good hardware firewall/vpn server that supports 50 concurrent tunnels and works with AD authentication for around 199.00: http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FVS338.aspx 
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CreeksidetechAuthor Commented:
Thanks Rich, I hadn't thought of using LDAP to authenticate through the Sonicwall - I believe the model I have is capable.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Laptops Notebooks

From novice to tech pro — start learning today.