Remote Desktop Solution

Posted on 2011-09-08
Last Modified: 2012-05-12
Looking for a good RDP solution…

I manage a corporate network where users require remote access to their computers so they can work from home. To date I have been assigning static IP addresses to workstations via DHCP reservations and then opening a random port on the firewall and forwarding the connection to the users static IP address on port 3389. The solution works but has become unmanageable as the number of users requesting this kind of access continues to grow. Too many port forwarding rules that correlate to dhcp reservations etc.

I can implement a VPN solution and have users rdp to their computers by computer name. I have thought about a terminal server but not a great solution as users would have two different computers… their ts computer and their workstation which they use everyday.

Any suggestions?
Question by:oetcc

Expert Comment

ID: 36506820
Terminal Server / Remote Desktop 2008 is great.  Yes there are two desktops but you can set windows to join a domain and have group policy to make it into a dumb terminal?

For eg, some of my clients i have, simply switch on their PS, and they have nothing otheir desktop but 'Connect to Server' icon that connects to Terminal Server.  You can even put it in the start up so it automatically connects to the server.

Server 2008 or Citrix is the way forward for you I thinks

Assisted Solution

karllangston earned 50 total points
ID: 36506830
You have prety much covered the choices that I would opt for. Are you thinking of a Hardware, Software or Windows VPN? A VPN would be the easiest to manage as you would only have to open the VPN port up on your router and then the users could RDP to their individual PC's by name (with a Windows VPN this works well)

Assisted Solution

KGNickl earned 50 total points
ID: 36506855
The most standard corporate solution I have seen in use is Cisco VPN to get into the network. Once you are on the network have the user connect via static IP address or if not static then the host name. RDP works great and it free because its part of windows.

Then the standard rule is if you are working remotely on an ongoing basis you should have a laptop, which uses VPN to get onto the corporate network.

If you using RDP just to occasionally work remotely then your ok, but you are responsible for any issues that may occur. Such as frozen computer, non-responding network card, friend thinking its funny to hit your power button, etc.... Basically its your responsibility to either be able to get to the office and get your computer online or have someone there you can call.

Accepted Solution

gsmartin earned 400 total points
ID: 36507395
Allowing users access to the computers remotely is a management and security nightmare.  There are a number of remote access technologies that can be used vs. RDP; such as GoToMyPC, Team Viewer, Log Mein, etc...  These are products that would ease your firewall administration tasks, but circumvent your network security - leaving without much control.  Therefore, I would advise against these types of tools.  
RDP over HTTPS would be the most appropriate, given your infrastructure architecture, but would certainly increase your management tasks. This would be require redirecting port 3389 over HTTPS vs. HTTP, for better security; and requires an SSL certificate (wildcard certificate preferably).  Note opening port 3389 publically is not a good security practice.  Also, I recommend using a port other than the default ports for these types of services.
In my infrastructure we use a combination of Cisco's SSL VPN using Cisco's AnyConnect VPN Client - select small groups of users with RADIUS/AD authentication.  With this option you don't need to management often if configured and secured properly.  This would also work well with your environment.
Now, if you have a large group of users require this type of access.  I would recommend either a Terminal Server or Citrix Server solution.  In my case, 93% of my company (250+ users) is using Citrix XenApp 6 and/or Citrix XenDesktop 5 with SSL VPN over an Citrix Access Gateway.  In our case, we are using Citrix NetScalers for this purpose however there are other lower cost alternatives. We centrally manage all applications and desktops via this platform without worrying about managing or backing up users individual workstations.  Matter of fact, the majority of users our using HP Thin Clients.  This is my preferred architecture especially for small-to-medium size user environments with at least 50+ users.  This platform allows users to use any type of device (PC, MAC, iPAD, iPhone, etc...) from anywhere inside and outside the corporate network.
The simplest and least expensive of these options would be RDP over HTTPs.  FYI... When using HTTPS you won't need to filter the users’ public IP address on the firewall.  The next option Cisco SSL VPN is a good alternative as well, but will still require at least RDP.  Which the user should then use a static IP Address or more preferably DNS if using DHCP internally.  Now, Citrix is the most expensive approach, but my preference for centrally managing company resources.

Expert Comment

ID: 36535200
If you only had one terminal server it could work but you would need to have roaming home drives for staff, that way they can log onto the one server thats got all relevant software on it and their documents come with them instead of having one per user.

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
In this article, I'll explain how to setup a Plex Media Server ( on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question