Solved

Remote Desktop Solution

Posted on 2011-09-08
5
309 Views
Last Modified: 2012-05-12
Looking for a good RDP solution…

I manage a corporate network where users require remote access to their computers so they can work from home. To date I have been assigning static IP addresses to workstations via DHCP reservations and then opening a random port on the firewall and forwarding the connection to the users static IP address on port 3389. The solution works but has become unmanageable as the number of users requesting this kind of access continues to grow. Too many port forwarding rules that correlate to dhcp reservations etc.

I can implement a VPN solution and have users rdp to their computers by computer name. I have thought about a terminal server but not a great solution as users would have two different computers… their ts computer and their workstation which they use everyday.

Any suggestions?
0
Comment
Question by:oetcc
5 Comments
 
LVL 5

Expert Comment

by:Iekos
Comment Utility
Terminal Server / Remote Desktop 2008 is great.  Yes there are two desktops but you can set windows to join a domain and have group policy to make it into a dumb terminal?

For eg, some of my clients i have, simply switch on their PS, and they have nothing otheir desktop but 'Connect to Server' icon that connects to Terminal Server.  You can even put it in the start up so it automatically connects to the server.

Server 2008 or Citrix is the way forward for you I thinks
0
 
LVL 7

Assisted Solution

by:karllangston
karllangston earned 50 total points
Comment Utility
You have prety much covered the choices that I would opt for. Are you thinking of a Hardware, Software or Windows VPN? A VPN would be the easiest to manage as you would only have to open the VPN port up on your router and then the users could RDP to their individual PC's by name (with a Windows VPN this works well)
0
 
LVL 5

Assisted Solution

by:KGNickl
KGNickl earned 50 total points
Comment Utility
The most standard corporate solution I have seen in use is Cisco VPN to get into the network. Once you are on the network have the user connect via static IP address or if not static then the host name. RDP works great and it free because its part of windows.

Then the standard rule is if you are working remotely on an ongoing basis you should have a laptop, which uses VPN to get onto the corporate network.

If you using RDP just to occasionally work remotely then your ok, but you are responsible for any issues that may occur. Such as frozen computer, non-responding network card, friend thinking its funny to hit your power button, etc.... Basically its your responsibility to either be able to get to the office and get your computer online or have someone there you can call.
0
 
LVL 8

Accepted Solution

by:
gsmartin earned 400 total points
Comment Utility
Allowing users access to the computers remotely is a management and security nightmare.  There are a number of remote access technologies that can be used vs. RDP; such as GoToMyPC, Team Viewer, Log Mein, etc...  These are products that would ease your firewall administration tasks, but circumvent your network security - leaving without much control.  Therefore, I would advise against these types of tools.  
RDP over HTTPS would be the most appropriate, given your infrastructure architecture, but would certainly increase your management tasks. This would be require redirecting port 3389 over HTTPS vs. HTTP, for better security; and requires an SSL certificate (wildcard certificate preferably).  Note opening port 3389 publically is not a good security practice.  Also, I recommend using a port other than the default ports for these types of services.
In my infrastructure we use a combination of Cisco's SSL VPN using Cisco's AnyConnect VPN Client - select small groups of users with RADIUS/AD authentication.  With this option you don't need to management often if configured and secured properly.  This would also work well with your environment.
Now, if you have a large group of users require this type of access.  I would recommend either a Terminal Server or Citrix Server solution.  In my case, 93% of my company (250+ users) is using Citrix XenApp 6 and/or Citrix XenDesktop 5 with SSL VPN over an Citrix Access Gateway.  In our case, we are using Citrix NetScalers for this purpose however there are other lower cost alternatives. We centrally manage all applications and desktops via this platform without worrying about managing or backing up users individual workstations.  Matter of fact, the majority of users our using HP Thin Clients.  This is my preferred architecture especially for small-to-medium size user environments with at least 50+ users.  This platform allows users to use any type of device (PC, MAC, iPAD, iPhone, etc...) from anywhere inside and outside the corporate network.
The simplest and least expensive of these options would be RDP over HTTPs.  FYI... When using HTTPS you won't need to filter the users’ public IP address on the firewall.  The next option Cisco SSL VPN is a good alternative as well, but will still require at least RDP.  Which the user should then use a static IP Address or more preferably DNS if using DHCP internally.  Now, Citrix is the most expensive approach, but my preference for centrally managing company resources.
0
 

Expert Comment

by:Vermilion_Chaos
Comment Utility
If you only had one terminal server it could work but you would need to have roaming home drives for staff, that way they can log onto the one server thats got all relevant software on it and their documents come with them instead of having one per user.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
Let’s list some of the technologies that enable smooth teleworking. 
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now