• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1040
  • Last Modified:

Remote into a SBS network

Hi,

Can anyone suggest the best way to remotely connect into a secure SBS network from a remote connection?

The Network has a SonicWall firewall in front of a SBS 2008 server.  There is also a Windows 2008 server used solely for BES.

Is it as simple of creating a VPN connection?  Do you need additional licenses to use Terminal services?  Is this advisable on a SBS server  

They only really need to use Outlook (OWA is not wanted) and have a few mapped drives so would not need to connect to a physical PC.  Any idea of pros and cons?
0
buddles
Asked:
buddles
  • 8
  • 5
  • 5
  • +1
2 Solutions
 
Nat WallisTechnical Services ManagerCommented:
Sbs 2008 has very easy wizard for vpn setup.

Outlook can be setup via Outlook anyware for secure remote connection much like you have when connected on a physical network.

Terminal services licenses are additional and you can't use the sbs box as the terminal server for clients.
0
 
Nat WallisTechnical Services ManagerCommented:
Technical you could use the BES server 08 as your terminal server but I am not sure how recommended this is.

How large are the files you will be working on? Just wondering how well working remotely will work with some mapped drives. Maybe sharepoint might be a good option.
0
 
buddlesAuthor Commented:
Thanks for your reply.

Filesize was my major worry about using simple VPN but will have to see.

Just wanted to check that setting this up on the SBS will not impact on the VPN already functioning via the FW with a remote site?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Nat WallisTechnical Services ManagerCommented:
You have vpn configured within the firewall? What type of vpn is configured? You will need to forward port 1723 to the server to use the pptp vpn that is built in. I am not sure how this will affect your current vpn setup. You maybe able to run both side by side or just use the current one that is in the firewall.

What does the current vpn actually do? Is this used at the remote office where these pcs are going to be in your discussion?
0
 
buddlesAuthor Commented:
The vpn on the firewall connects a small remote site to the main site.  Both have the VPN configured via firewalls.

There are a couple of Users who need access from homes and are not part of this remote site.
0
 
Larry Struckmeyer MVPCommented:
Can anyone suggest the best way to remotely connect into a secure SBS network from a remote connection?

By far the best and easiest to use is RWW.  VPN is NOT the best.  You will need a cert, public DNS pointers, and to open (forward) the appropriate ports in your firewall.

Do you need additional licenses to use Terminal services?  Is this advisable on a SBS server  
You cannot run Terminal Services, now called RDS, in application mode on an SBS server.  You would need another server.  check with BES about the advisibilty of using that one.  Yes, you need RDS licenses for any user that connect to the RDS server and runs applications.

RDS (or RDC) connections to the SBS itself are limited to adminstration of the SBS only.  

VPNs are slow, flakey, dangerous to both the data and to the network.  RWW is there for a reason, you should use it.

0
 
Nat WallisTechnical Services ManagerCommented:
Okay, probably a point to point vpn. I would guess this is probably ipsec.

Run the vpn wizard and forward port 1723 and check box tick vpn option for those users who need it and should be good to go.

I am not familiar with sonicwall so don't know if anything else will need to be done on the firewall.
0
 
Nat WallisTechnical Services ManagerCommented:
Fly - how do you map a network drive in RWW?

0
 
Larry Struckmeyer MVPCommented:
When connected to the target computer inside the LAN, it works exactly as though you were sitting in the office at the keboard of the office computer.  If the drive was mapped on the desktop when you were in the office, it will be mapped when you logon via RWW.. standard desktops or RDS servers alike.

if you have ever used RDP or GoTo or LogMeIn or any remote control software, you can get the idea.  But RWW is MUCH better than any of the commercial web based services and it is included with SBS at no charge.
0
 
Nat WallisTechnical Services ManagerCommented:
" would not need to be connected to a physical computer"

This was the request so that is why I didn't suggest RWW as I assumed that there was a reason not connecting to a physical computer or they didn't have enough computers for office and remote users at the same time.
0
 
Larry Struckmeyer MVPCommented:
But the op did ask about TS/RDS.  Depending on the number of remote users multiple VPN's can choke the bandwidth, and it is both slow and easy to corrupt the data.  if the VPN is lost due to a connection crash at the time data is being written it can easily corrupt the data, particularly if there is a database similiar to Access or most accounting programs in use.  SQL, or most client server type databases are much less problematic, but the opportunity for malware to infect the network from remote unmanaged computers continues.
0
 
Nat WallisTechnical Services ManagerCommented:
Suppose will wait to see what they are looking at doing with the setup and budget as well.
0
 
matttdCommented:
You can have up to 2 remote desktop connection to your sbs server, any more than that and you would be going into needing terminal services licenses. As far as your setup, I'm not sure what model Sonicwall you would have, but i would definitely use VPN to connect to the server (don't allow remote administration through the firewall- Security NO NO) Eiether setup a group VPN and connect up to sonicwall for VPN access and then remote desktop into the or if the Sonicwall is newer you can use remote desktop as well..
0
 
Larry Struckmeyer MVPCommented:
mattd is partially correct.  You can have two RDC connections to the SBS for Administration purposes.  Not for running applications.  You can have multiple VPN's to the SBS for the purpose of opening files on the local station, (not on the SBS), but VPN's have been suplanted by RWW, a much better and safer approach.
0
 
buddlesAuthor Commented:
Sorry for the delay.

Raw looks excellent however the issue is there are not often spare PCs to connect to.

They have used Linton before but again no spare PCs.

Can RWW be locked down so users can connect to the server?
0
 
buddlesAuthor Commented:
Sorry predictive text!  They have used logmein before and was supposed to read RWW not raw...
0
 
Larry Struckmeyer MVPCommented:
The server can only be accessed remotely for administrative purposes.  Depending on the number of remote users with internal desktops, you can either fit a Terminal Server, now called a Remote Desktop Server (RDS), or one or more headless desktops for remote users to use.  A decent terminal server will run "in the area of" $1500.00  each license costs "in the neighborhood of" $80.  Destops that are capable of joining a domain, assuming you have room for more, are "in the neighborhood of $500.

Having a worm find its way in to your network over a VPN, or having your data corrupted when the VPN is dropped by one or the other ISP's?  Priceless.
0
 
Nat WallisTechnical Services ManagerCommented:
You can setup direct connection to your network shares in Outlook Web Access.

This will give you secure access to your files without having to configure VPN. However you can not map a drive. But if all you want is to access some files on your shares you can do this.

Or you can use Windows Sharepoint Services (WSS3) or Companyweb as a document management solution.

Also comes down to speed of remote users internet connection and how much bandwidth you have available.

Probably also depends on how often people are going to be connected remotely.

Users are assigned which computers they can log into remotely so you can easily control which computers each user can or can not log into. You can also very easily disable them access to RWW if they should have remote access.
0
 
buddlesAuthor Commented:
Apologies for the delay in replying.  Thanks for all your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 8
  • 5
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now