Solved

Remote into a SBS network

Posted on 2011-02-15
19
1,029 Views
Last Modified: 2012-05-11
Hi,

Can anyone suggest the best way to remotely connect into a secure SBS network from a remote connection?

The Network has a SonicWall firewall in front of a SBS 2008 server.  There is also a Windows 2008 server used solely for BES.

Is it as simple of creating a VPN connection?  Do you need additional licenses to use Terminal services?  Is this advisable on a SBS server  

They only really need to use Outlook (OWA is not wanted) and have a few mapped drives so would not need to connect to a physical PC.  Any idea of pros and cons?
0
Comment
Question by:buddles
  • 8
  • 5
  • 5
  • +1
19 Comments
 
LVL 6

Expert Comment

by:naughtynat
ID: 34896039
Sbs 2008 has very easy wizard for vpn setup.

Outlook can be setup via Outlook anyware for secure remote connection much like you have when connected on a physical network.

Terminal services licenses are additional and you can't use the sbs box as the terminal server for clients.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34896081
Technical you could use the BES server 08 as your terminal server but I am not sure how recommended this is.

How large are the files you will be working on? Just wondering how well working remotely will work with some mapped drives. Maybe sharepoint might be a good option.
0
 

Author Comment

by:buddles
ID: 34896148
Thanks for your reply.

Filesize was my major worry about using simple VPN but will have to see.

Just wanted to check that setting this up on the SBS will not impact on the VPN already functioning via the FW with a remote site?
0
 
LVL 6

Assisted Solution

by:naughtynat
naughtynat earned 250 total points
ID: 34896495
You have vpn configured within the firewall? What type of vpn is configured? You will need to forward port 1723 to the server to use the pptp vpn that is built in. I am not sure how this will affect your current vpn setup. You maybe able to run both side by side or just use the current one that is in the firewall.

What does the current vpn actually do? Is this used at the remote office where these pcs are going to be in your discussion?
0
 

Author Comment

by:buddles
ID: 34898173
The vpn on the firewall connects a small remote site to the main site.  Both have the VPN configured via firewalls.

There are a couple of Users who need access from homes and are not part of this remote site.
0
 
LVL 21

Accepted Solution

by:
Larry Struckmeyer MVP earned 250 total points
ID: 34899254
Can anyone suggest the best way to remotely connect into a secure SBS network from a remote connection?

By far the best and easiest to use is RWW.  VPN is NOT the best.  You will need a cert, public DNS pointers, and to open (forward) the appropriate ports in your firewall.

Do you need additional licenses to use Terminal services?  Is this advisable on a SBS server  
You cannot run Terminal Services, now called RDS, in application mode on an SBS server.  You would need another server.  check with BES about the advisibilty of using that one.  Yes, you need RDS licenses for any user that connect to the RDS server and runs applications.

RDS (or RDC) connections to the SBS itself are limited to adminstration of the SBS only.  

VPNs are slow, flakey, dangerous to both the data and to the network.  RWW is there for a reason, you should use it.

0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34899268
Okay, probably a point to point vpn. I would guess this is probably ipsec.

Run the vpn wizard and forward port 1723 and check box tick vpn option for those users who need it and should be good to go.

I am not familiar with sonicwall so don't know if anything else will need to be done on the firewall.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34899744
Fly - how do you map a network drive in RWW?

0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 34900888
When connected to the target computer inside the LAN, it works exactly as though you were sitting in the office at the keboard of the office computer.  If the drive was mapped on the desktop when you were in the office, it will be mapped when you logon via RWW.. standard desktops or RDS servers alike.

if you have ever used RDP or GoTo or LogMeIn or any remote control software, you can get the idea.  But RWW is MUCH better than any of the commercial web based services and it is included with SBS at no charge.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 6

Expert Comment

by:naughtynat
ID: 34902694
" would not need to be connected to a physical computer"

This was the request so that is why I didn't suggest RWW as I assumed that there was a reason not connecting to a physical computer or they didn't have enough computers for office and remote users at the same time.
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 34903152
But the op did ask about TS/RDS.  Depending on the number of remote users multiple VPN's can choke the bandwidth, and it is both slow and easy to corrupt the data.  if the VPN is lost due to a connection crash at the time data is being written it can easily corrupt the data, particularly if there is a database similiar to Access or most accounting programs in use.  SQL, or most client server type databases are much less problematic, but the opportunity for malware to infect the network from remote unmanaged computers continues.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34903531
Suppose will wait to see what they are looking at doing with the setup and budget as well.
0
 
LVL 1

Expert Comment

by:matttd
ID: 34904115
You can have up to 2 remote desktop connection to your sbs server, any more than that and you would be going into needing terminal services licenses. As far as your setup, I'm not sure what model Sonicwall you would have, but i would definitely use VPN to connect to the server (don't allow remote administration through the firewall- Security NO NO) Eiether setup a group VPN and connect up to sonicwall for VPN access and then remote desktop into the or if the Sonicwall is newer you can use remote desktop as well..
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 34905907
mattd is partially correct.  You can have two RDC connections to the SBS for Administration purposes.  Not for running applications.  You can have multiple VPN's to the SBS for the purpose of opening files on the local station, (not on the SBS), but VPN's have been suplanted by RWW, a much better and safer approach.
0
 

Author Comment

by:buddles
ID: 34916771
Sorry for the delay.

Raw looks excellent however the issue is there are not often spare PCs to connect to.

They have used Linton before but again no spare PCs.

Can RWW be locked down so users can connect to the server?
0
 

Author Comment

by:buddles
ID: 34916791
Sorry predictive text!  They have used logmein before and was supposed to read RWW not raw...
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 34920098
The server can only be accessed remotely for administrative purposes.  Depending on the number of remote users with internal desktops, you can either fit a Terminal Server, now called a Remote Desktop Server (RDS), or one or more headless desktops for remote users to use.  A decent terminal server will run "in the area of" $1500.00  each license costs "in the neighborhood of" $80.  Destops that are capable of joining a domain, assuming you have room for more, are "in the neighborhood of $500.

Having a worm find its way in to your network over a VPN, or having your data corrupted when the VPN is dropped by one or the other ISP's?  Priceless.
0
 
LVL 6

Expert Comment

by:naughtynat
ID: 34927409
You can setup direct connection to your network shares in Outlook Web Access.

This will give you secure access to your files without having to configure VPN. However you can not map a drive. But if all you want is to access some files on your shares you can do this.

Or you can use Windows Sharepoint Services (WSS3) or Companyweb as a document management solution.

Also comes down to speed of remote users internet connection and how much bandwidth you have available.

Probably also depends on how often people are going to be connected remotely.

Users are assigned which computers they can log into remotely so you can easily control which computers each user can or can not log into. You can also very easily disable them access to RWW if they should have remote access.
0
 

Author Closing Comment

by:buddles
ID: 35019264
Apologies for the delay in replying.  Thanks for all your help
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now