Solved

Remote into a SBS network

Posted on 2011-02-15
19
1,033 Views
Last Modified: 2012-05-11
Hi,

Can anyone suggest the best way to remotely connect into a secure SBS network from a remote connection?

The Network has a SonicWall firewall in front of a SBS 2008 server.  There is also a Windows 2008 server used solely for BES.

Is it as simple of creating a VPN connection?  Do you need additional licenses to use Terminal services?  Is this advisable on a SBS server  

They only really need to use Outlook (OWA is not wanted) and have a few mapped drives so would not need to connect to a physical PC.  Any idea of pros and cons?
0
Comment
Question by:buddles
  • 8
  • 5
  • 5
  • +1
19 Comments
 
LVL 6

Expert Comment

by:naughtynat
ID: 34896039
Sbs 2008 has very easy wizard for vpn setup.

Outlook can be setup via Outlook anyware for secure remote connection much like you have when connected on a physical network.

Terminal services licenses are additional and you can't use the sbs box as the terminal server for clients.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34896081
Technical you could use the BES server 08 as your terminal server but I am not sure how recommended this is.

How large are the files you will be working on? Just wondering how well working remotely will work with some mapped drives. Maybe sharepoint might be a good option.
0
 

Author Comment

by:buddles
ID: 34896148
Thanks for your reply.

Filesize was my major worry about using simple VPN but will have to see.

Just wanted to check that setting this up on the SBS will not impact on the VPN already functioning via the FW with a remote site?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 6

Assisted Solution

by:naughtynat
naughtynat earned 250 total points
ID: 34896495
You have vpn configured within the firewall? What type of vpn is configured? You will need to forward port 1723 to the server to use the pptp vpn that is built in. I am not sure how this will affect your current vpn setup. You maybe able to run both side by side or just use the current one that is in the firewall.

What does the current vpn actually do? Is this used at the remote office where these pcs are going to be in your discussion?
0
 

Author Comment

by:buddles
ID: 34898173
The vpn on the firewall connects a small remote site to the main site.  Both have the VPN configured via firewalls.

There are a couple of Users who need access from homes and are not part of this remote site.
0
 
LVL 22

Accepted Solution

by:
Larry Struckmeyer MVP earned 250 total points
ID: 34899254
Can anyone suggest the best way to remotely connect into a secure SBS network from a remote connection?

By far the best and easiest to use is RWW.  VPN is NOT the best.  You will need a cert, public DNS pointers, and to open (forward) the appropriate ports in your firewall.

Do you need additional licenses to use Terminal services?  Is this advisable on a SBS server  
You cannot run Terminal Services, now called RDS, in application mode on an SBS server.  You would need another server.  check with BES about the advisibilty of using that one.  Yes, you need RDS licenses for any user that connect to the RDS server and runs applications.

RDS (or RDC) connections to the SBS itself are limited to adminstration of the SBS only.  

VPNs are slow, flakey, dangerous to both the data and to the network.  RWW is there for a reason, you should use it.

0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34899268
Okay, probably a point to point vpn. I would guess this is probably ipsec.

Run the vpn wizard and forward port 1723 and check box tick vpn option for those users who need it and should be good to go.

I am not familiar with sonicwall so don't know if anything else will need to be done on the firewall.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34899744
Fly - how do you map a network drive in RWW?

0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34900888
When connected to the target computer inside the LAN, it works exactly as though you were sitting in the office at the keboard of the office computer.  If the drive was mapped on the desktop when you were in the office, it will be mapped when you logon via RWW.. standard desktops or RDS servers alike.

if you have ever used RDP or GoTo or LogMeIn or any remote control software, you can get the idea.  But RWW is MUCH better than any of the commercial web based services and it is included with SBS at no charge.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34902694
" would not need to be connected to a physical computer"

This was the request so that is why I didn't suggest RWW as I assumed that there was a reason not connecting to a physical computer or they didn't have enough computers for office and remote users at the same time.
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34903152
But the op did ask about TS/RDS.  Depending on the number of remote users multiple VPN's can choke the bandwidth, and it is both slow and easy to corrupt the data.  if the VPN is lost due to a connection crash at the time data is being written it can easily corrupt the data, particularly if there is a database similiar to Access or most accounting programs in use.  SQL, or most client server type databases are much less problematic, but the opportunity for malware to infect the network from remote unmanaged computers continues.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34903531
Suppose will wait to see what they are looking at doing with the setup and budget as well.
0
 
LVL 1

Expert Comment

by:matttd
ID: 34904115
You can have up to 2 remote desktop connection to your sbs server, any more than that and you would be going into needing terminal services licenses. As far as your setup, I'm not sure what model Sonicwall you would have, but i would definitely use VPN to connect to the server (don't allow remote administration through the firewall- Security NO NO) Eiether setup a group VPN and connect up to sonicwall for VPN access and then remote desktop into the or if the Sonicwall is newer you can use remote desktop as well..
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34905907
mattd is partially correct.  You can have two RDC connections to the SBS for Administration purposes.  Not for running applications.  You can have multiple VPN's to the SBS for the purpose of opening files on the local station, (not on the SBS), but VPN's have been suplanted by RWW, a much better and safer approach.
0
 

Author Comment

by:buddles
ID: 34916771
Sorry for the delay.

Raw looks excellent however the issue is there are not often spare PCs to connect to.

They have used Linton before but again no spare PCs.

Can RWW be locked down so users can connect to the server?
0
 

Author Comment

by:buddles
ID: 34916791
Sorry predictive text!  They have used logmein before and was supposed to read RWW not raw...
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 34920098
The server can only be accessed remotely for administrative purposes.  Depending on the number of remote users with internal desktops, you can either fit a Terminal Server, now called a Remote Desktop Server (RDS), or one or more headless desktops for remote users to use.  A decent terminal server will run "in the area of" $1500.00  each license costs "in the neighborhood of" $80.  Destops that are capable of joining a domain, assuming you have room for more, are "in the neighborhood of $500.

Having a worm find its way in to your network over a VPN, or having your data corrupted when the VPN is dropped by one or the other ISP's?  Priceless.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34927409
You can setup direct connection to your network shares in Outlook Web Access.

This will give you secure access to your files without having to configure VPN. However you can not map a drive. But if all you want is to access some files on your shares you can do this.

Or you can use Windows Sharepoint Services (WSS3) or Companyweb as a document management solution.

Also comes down to speed of remote users internet connection and how much bandwidth you have available.

Probably also depends on how often people are going to be connected remotely.

Users are assigned which computers they can log into remotely so you can easily control which computers each user can or can not log into. You can also very easily disable them access to RWW if they should have remote access.
0
 

Author Closing Comment

by:buddles
ID: 35019264
Apologies for the delay in replying.  Thanks for all your help
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question