?
Solved

Remote into a SBS network

Posted on 2011-02-15
19
Medium Priority
?
1,036 Views
Last Modified: 2012-05-11
Hi,

Can anyone suggest the best way to remotely connect into a secure SBS network from a remote connection?

The Network has a SonicWall firewall in front of a SBS 2008 server.  There is also a Windows 2008 server used solely for BES.

Is it as simple of creating a VPN connection?  Do you need additional licenses to use Terminal services?  Is this advisable on a SBS server  

They only really need to use Outlook (OWA is not wanted) and have a few mapped drives so would not need to connect to a physical PC.  Any idea of pros and cons?
0
Comment
Question by:buddles
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 5
  • +1
19 Comments
 
LVL 6

Expert Comment

by:naughtynat
ID: 34896039
Sbs 2008 has very easy wizard for vpn setup.

Outlook can be setup via Outlook anyware for secure remote connection much like you have when connected on a physical network.

Terminal services licenses are additional and you can't use the sbs box as the terminal server for clients.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34896081
Technical you could use the BES server 08 as your terminal server but I am not sure how recommended this is.

How large are the files you will be working on? Just wondering how well working remotely will work with some mapped drives. Maybe sharepoint might be a good option.
0
 

Author Comment

by:buddles
ID: 34896148
Thanks for your reply.

Filesize was my major worry about using simple VPN but will have to see.

Just wanted to check that setting this up on the SBS will not impact on the VPN already functioning via the FW with a remote site?
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 6

Assisted Solution

by:naughtynat
naughtynat earned 1000 total points
ID: 34896495
You have vpn configured within the firewall? What type of vpn is configured? You will need to forward port 1723 to the server to use the pptp vpn that is built in. I am not sure how this will affect your current vpn setup. You maybe able to run both side by side or just use the current one that is in the firewall.

What does the current vpn actually do? Is this used at the remote office where these pcs are going to be in your discussion?
0
 

Author Comment

by:buddles
ID: 34898173
The vpn on the firewall connects a small remote site to the main site.  Both have the VPN configured via firewalls.

There are a couple of Users who need access from homes and are not part of this remote site.
0
 
LVL 22

Accepted Solution

by:
Larry Struckmeyer MVP earned 1000 total points
ID: 34899254
Can anyone suggest the best way to remotely connect into a secure SBS network from a remote connection?

By far the best and easiest to use is RWW.  VPN is NOT the best.  You will need a cert, public DNS pointers, and to open (forward) the appropriate ports in your firewall.

Do you need additional licenses to use Terminal services?  Is this advisable on a SBS server  
You cannot run Terminal Services, now called RDS, in application mode on an SBS server.  You would need another server.  check with BES about the advisibilty of using that one.  Yes, you need RDS licenses for any user that connect to the RDS server and runs applications.

RDS (or RDC) connections to the SBS itself are limited to adminstration of the SBS only.  

VPNs are slow, flakey, dangerous to both the data and to the network.  RWW is there for a reason, you should use it.

0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34899268
Okay, probably a point to point vpn. I would guess this is probably ipsec.

Run the vpn wizard and forward port 1723 and check box tick vpn option for those users who need it and should be good to go.

I am not familiar with sonicwall so don't know if anything else will need to be done on the firewall.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34899744
Fly - how do you map a network drive in RWW?

0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34900888
When connected to the target computer inside the LAN, it works exactly as though you were sitting in the office at the keboard of the office computer.  If the drive was mapped on the desktop when you were in the office, it will be mapped when you logon via RWW.. standard desktops or RDS servers alike.

if you have ever used RDP or GoTo or LogMeIn or any remote control software, you can get the idea.  But RWW is MUCH better than any of the commercial web based services and it is included with SBS at no charge.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34902694
" would not need to be connected to a physical computer"

This was the request so that is why I didn't suggest RWW as I assumed that there was a reason not connecting to a physical computer or they didn't have enough computers for office and remote users at the same time.
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34903152
But the op did ask about TS/RDS.  Depending on the number of remote users multiple VPN's can choke the bandwidth, and it is both slow and easy to corrupt the data.  if the VPN is lost due to a connection crash at the time data is being written it can easily corrupt the data, particularly if there is a database similiar to Access or most accounting programs in use.  SQL, or most client server type databases are much less problematic, but the opportunity for malware to infect the network from remote unmanaged computers continues.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34903531
Suppose will wait to see what they are looking at doing with the setup and budget as well.
0
 
LVL 1

Expert Comment

by:matttd
ID: 34904115
You can have up to 2 remote desktop connection to your sbs server, any more than that and you would be going into needing terminal services licenses. As far as your setup, I'm not sure what model Sonicwall you would have, but i would definitely use VPN to connect to the server (don't allow remote administration through the firewall- Security NO NO) Eiether setup a group VPN and connect up to sonicwall for VPN access and then remote desktop into the or if the Sonicwall is newer you can use remote desktop as well..
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34905907
mattd is partially correct.  You can have two RDC connections to the SBS for Administration purposes.  Not for running applications.  You can have multiple VPN's to the SBS for the purpose of opening files on the local station, (not on the SBS), but VPN's have been suplanted by RWW, a much better and safer approach.
0
 

Author Comment

by:buddles
ID: 34916771
Sorry for the delay.

Raw looks excellent however the issue is there are not often spare PCs to connect to.

They have used Linton before but again no spare PCs.

Can RWW be locked down so users can connect to the server?
0
 

Author Comment

by:buddles
ID: 34916791
Sorry predictive text!  They have used logmein before and was supposed to read RWW not raw...
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34920098
The server can only be accessed remotely for administrative purposes.  Depending on the number of remote users with internal desktops, you can either fit a Terminal Server, now called a Remote Desktop Server (RDS), or one or more headless desktops for remote users to use.  A decent terminal server will run "in the area of" $1500.00  each license costs "in the neighborhood of" $80.  Destops that are capable of joining a domain, assuming you have room for more, are "in the neighborhood of $500.

Having a worm find its way in to your network over a VPN, or having your data corrupted when the VPN is dropped by one or the other ISP's?  Priceless.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34927409
You can setup direct connection to your network shares in Outlook Web Access.

This will give you secure access to your files without having to configure VPN. However you can not map a drive. But if all you want is to access some files on your shares you can do this.

Or you can use Windows Sharepoint Services (WSS3) or Companyweb as a document management solution.

Also comes down to speed of remote users internet connection and how much bandwidth you have available.

Probably also depends on how often people are going to be connected remotely.

Users are assigned which computers they can log into remotely so you can easily control which computers each user can or can not log into. You can also very easily disable them access to RWW if they should have remote access.
0
 

Author Closing Comment

by:buddles
ID: 35019264
Apologies for the delay in replying.  Thanks for all your help
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question