Link to home
Create AccountLog in
Avatar of buddles
buddles

asked on

Remote into a SBS network

Hi,

Can anyone suggest the best way to remotely connect into a secure SBS network from a remote connection?

The Network has a SonicWall firewall in front of a SBS 2008 server.  There is also a Windows 2008 server used solely for BES.

Is it as simple of creating a VPN connection?  Do you need additional licenses to use Terminal services?  Is this advisable on a SBS server  

They only really need to use Outlook (OWA is not wanted) and have a few mapped drives so would not need to connect to a physical PC.  Any idea of pros and cons?
Avatar of Nat Wallis
Nat Wallis
Flag of Australia image

Sbs 2008 has very easy wizard for vpn setup.

Outlook can be setup via Outlook anyware for secure remote connection much like you have when connected on a physical network.

Terminal services licenses are additional and you can't use the sbs box as the terminal server for clients.
Technical you could use the BES server 08 as your terminal server but I am not sure how recommended this is.

How large are the files you will be working on? Just wondering how well working remotely will work with some mapped drives. Maybe sharepoint might be a good option.
Avatar of buddles
buddles

ASKER

Thanks for your reply.

Filesize was my major worry about using simple VPN but will have to see.

Just wanted to check that setting this up on the SBS will not impact on the VPN already functioning via the FW with a remote site?
SOLUTION
Avatar of Nat Wallis
Nat Wallis
Flag of Australia image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of buddles

ASKER

The vpn on the firewall connects a small remote site to the main site.  Both have the VPN configured via firewalls.

There are a couple of Users who need access from homes and are not part of this remote site.
ASKER CERTIFIED SOLUTION
Avatar of Larry Struckmeyer MVP
Larry Struckmeyer MVP
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Okay, probably a point to point vpn. I would guess this is probably ipsec.

Run the vpn wizard and forward port 1723 and check box tick vpn option for those users who need it and should be good to go.

I am not familiar with sonicwall so don't know if anything else will need to be done on the firewall.
Fly - how do you map a network drive in RWW?

When connected to the target computer inside the LAN, it works exactly as though you were sitting in the office at the keboard of the office computer.  If the drive was mapped on the desktop when you were in the office, it will be mapped when you logon via RWW.. standard desktops or RDS servers alike.

if you have ever used RDP or GoTo or LogMeIn or any remote control software, you can get the idea.  But RWW is MUCH better than any of the commercial web based services and it is included with SBS at no charge.
" would not need to be connected to a physical computer"

This was the request so that is why I didn't suggest RWW as I assumed that there was a reason not connecting to a physical computer or they didn't have enough computers for office and remote users at the same time.
But the op did ask about TS/RDS.  Depending on the number of remote users multiple VPN's can choke the bandwidth, and it is both slow and easy to corrupt the data.  if the VPN is lost due to a connection crash at the time data is being written it can easily corrupt the data, particularly if there is a database similiar to Access or most accounting programs in use.  SQL, or most client server type databases are much less problematic, but the opportunity for malware to infect the network from remote unmanaged computers continues.
Suppose will wait to see what they are looking at doing with the setup and budget as well.
You can have up to 2 remote desktop connection to your sbs server, any more than that and you would be going into needing terminal services licenses. As far as your setup, I'm not sure what model Sonicwall you would have, but i would definitely use VPN to connect to the server (don't allow remote administration through the firewall- Security NO NO) Eiether setup a group VPN and connect up to sonicwall for VPN access and then remote desktop into the or if the Sonicwall is newer you can use remote desktop as well..
mattd is partially correct.  You can have two RDC connections to the SBS for Administration purposes.  Not for running applications.  You can have multiple VPN's to the SBS for the purpose of opening files on the local station, (not on the SBS), but VPN's have been suplanted by RWW, a much better and safer approach.
Avatar of buddles

ASKER

Sorry for the delay.

Raw looks excellent however the issue is there are not often spare PCs to connect to.

They have used Linton before but again no spare PCs.

Can RWW be locked down so users can connect to the server?
Avatar of buddles

ASKER

Sorry predictive text!  They have used logmein before and was supposed to read RWW not raw...
The server can only be accessed remotely for administrative purposes.  Depending on the number of remote users with internal desktops, you can either fit a Terminal Server, now called a Remote Desktop Server (RDS), or one or more headless desktops for remote users to use.  A decent terminal server will run "in the area of" $1500.00  each license costs "in the neighborhood of" $80.  Destops that are capable of joining a domain, assuming you have room for more, are "in the neighborhood of $500.

Having a worm find its way in to your network over a VPN, or having your data corrupted when the VPN is dropped by one or the other ISP's?  Priceless.
You can setup direct connection to your network shares in Outlook Web Access.

This will give you secure access to your files without having to configure VPN. However you can not map a drive. But if all you want is to access some files on your shares you can do this.

Or you can use Windows Sharepoint Services (WSS3) or Companyweb as a document management solution.

Also comes down to speed of remote users internet connection and how much bandwidth you have available.

Probably also depends on how often people are going to be connected remotely.

Users are assigned which computers they can log into remotely so you can easily control which computers each user can or can not log into. You can also very easily disable them access to RWW if they should have remote access.
Avatar of buddles

ASKER

Apologies for the delay in replying.  Thanks for all your help