Remote Desktop Solution

Looking for a good RDP solution…

I manage a corporate network where users require remote access to their computers so they can work from home. To date I have been assigning static IP addresses to workstations via DHCP reservations and then opening a random port on the firewall and forwarding the connection to the users static IP address on port 3389. The solution works but has become unmanageable as the number of users requesting this kind of access continues to grow. Too many port forwarding rules that correlate to dhcp reservations etc.

I can implement a VPN solution and have users rdp to their computers by computer name. I have thought about a terminal server but not a great solution as users would have two different computers… their ts computer and their workstation which they use everyday.

Any suggestions?
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

gsmartinConnect With a Mentor Commented:
Allowing users access to the computers remotely is a management and security nightmare.  There are a number of remote access technologies that can be used vs. RDP; such as GoToMyPC, Team Viewer, Log Mein, etc...  These are products that would ease your firewall administration tasks, but circumvent your network security - leaving without much control.  Therefore, I would advise against these types of tools.  
RDP over HTTPS would be the most appropriate, given your infrastructure architecture, but would certainly increase your management tasks. This would be require redirecting port 3389 over HTTPS vs. HTTP, for better security; and requires an SSL certificate (wildcard certificate preferably).  Note opening port 3389 publically is not a good security practice.  Also, I recommend using a port other than the default ports for these types of services.
In my infrastructure we use a combination of Cisco's SSL VPN using Cisco's AnyConnect VPN Client - select small groups of users with RADIUS/AD authentication.  With this option you don't need to management often if configured and secured properly.  This would also work well with your environment.
Now, if you have a large group of users require this type of access.  I would recommend either a Terminal Server or Citrix Server solution.  In my case, 93% of my company (250+ users) is using Citrix XenApp 6 and/or Citrix XenDesktop 5 with SSL VPN over an Citrix Access Gateway.  In our case, we are using Citrix NetScalers for this purpose however there are other lower cost alternatives. We centrally manage all applications and desktops via this platform without worrying about managing or backing up users individual workstations.  Matter of fact, the majority of users our using HP Thin Clients.  This is my preferred architecture especially for small-to-medium size user environments with at least 50+ users.  This platform allows users to use any type of device (PC, MAC, iPAD, iPhone, etc...) from anywhere inside and outside the corporate network.
The simplest and least expensive of these options would be RDP over HTTPs.  FYI... When using HTTPS you won't need to filter the users’ public IP address on the firewall.  The next option Cisco SSL VPN is a good alternative as well, but will still require at least RDP.  Which the user should then use a static IP Address or more preferably DNS if using DHCP internally.  Now, Citrix is the most expensive approach, but my preference for centrally managing company resources.
Terminal Server / Remote Desktop 2008 is great.  Yes there are two desktops but you can set windows to join a domain and have group policy to make it into a dumb terminal?

For eg, some of my clients i have, simply switch on their PS, and they have nothing otheir desktop but 'Connect to Server' icon that connects to Terminal Server.  You can even put it in the start up so it automatically connects to the server.

Server 2008 or Citrix is the way forward for you I thinks
karllangstonConnect With a Mentor Commented:
You have prety much covered the choices that I would opt for. Are you thinking of a Hardware, Software or Windows VPN? A VPN would be the easiest to manage as you would only have to open the VPN port up on your router and then the users could RDP to their individual PC's by name (with a Windows VPN this works well)
KGNicklConnect With a Mentor Commented:
The most standard corporate solution I have seen in use is Cisco VPN to get into the network. Once you are on the network have the user connect via static IP address or if not static then the host name. RDP works great and it free because its part of windows.

Then the standard rule is if you are working remotely on an ongoing basis you should have a laptop, which uses VPN to get onto the corporate network.

If you using RDP just to occasionally work remotely then your ok, but you are responsible for any issues that may occur. Such as frozen computer, non-responding network card, friend thinking its funny to hit your power button, etc.... Basically its your responsibility to either be able to get to the office and get your computer online or have someone there you can call.
If you only had one terminal server it could work but you would need to have roaming home drives for staff, that way they can log onto the one server thats got all relevant software on it and their documents come with them instead of having one per user.
All Courses

From novice to tech pro — start learning today.