Improve company productivity with a Business Account.Sign Up


Remote Desktop Solution

Posted on 2011-09-08
Medium Priority
Last Modified: 2012-05-12
Looking for a good RDP solution…

I manage a corporate network where users require remote access to their computers so they can work from home. To date I have been assigning static IP addresses to workstations via DHCP reservations and then opening a random port on the firewall and forwarding the connection to the users static IP address on port 3389. The solution works but has become unmanageable as the number of users requesting this kind of access continues to grow. Too many port forwarding rules that correlate to dhcp reservations etc.

I can implement a VPN solution and have users rdp to their computers by computer name. I have thought about a terminal server but not a great solution as users would have two different computers… their ts computer and their workstation which they use everyday.

Any suggestions?
Question by:oetcc

Expert Comment

ID: 36506820
Terminal Server / Remote Desktop 2008 is great.  Yes there are two desktops but you can set windows to join a domain and have group policy to make it into a dumb terminal?

For eg, some of my clients i have, simply switch on their PS, and they have nothing otheir desktop but 'Connect to Server' icon that connects to Terminal Server.  You can even put it in the start up so it automatically connects to the server.

Server 2008 or Citrix is the way forward for you I thinks

Assisted Solution

karllangston earned 200 total points
ID: 36506830
You have prety much covered the choices that I would opt for. Are you thinking of a Hardware, Software or Windows VPN? A VPN would be the easiest to manage as you would only have to open the VPN port up on your router and then the users could RDP to their individual PC's by name (with a Windows VPN this works well)

Assisted Solution

KGNickl earned 200 total points
ID: 36506855
The most standard corporate solution I have seen in use is Cisco VPN to get into the network. Once you are on the network have the user connect via static IP address or if not static then the host name. RDP works great and it free because its part of windows.

Then the standard rule is if you are working remotely on an ongoing basis you should have a laptop, which uses VPN to get onto the corporate network.

If you using RDP just to occasionally work remotely then your ok, but you are responsible for any issues that may occur. Such as frozen computer, non-responding network card, friend thinking its funny to hit your power button, etc.... Basically its your responsibility to either be able to get to the office and get your computer online or have someone there you can call.

Accepted Solution

gsmartin earned 1600 total points
ID: 36507395
Allowing users access to the computers remotely is a management and security nightmare.  There are a number of remote access technologies that can be used vs. RDP; such as GoToMyPC, Team Viewer, Log Mein, etc...  These are products that would ease your firewall administration tasks, but circumvent your network security - leaving without much control.  Therefore, I would advise against these types of tools.  
RDP over HTTPS would be the most appropriate, given your infrastructure architecture, but would certainly increase your management tasks. This would be require redirecting port 3389 over HTTPS vs. HTTP, for better security; and requires an SSL certificate (wildcard certificate preferably).  Note opening port 3389 publically is not a good security practice.  Also, I recommend using a port other than the default ports for these types of services.
In my infrastructure we use a combination of Cisco's SSL VPN using Cisco's AnyConnect VPN Client - select small groups of users with RADIUS/AD authentication.  With this option you don't need to management often if configured and secured properly.  This would also work well with your environment.
Now, if you have a large group of users require this type of access.  I would recommend either a Terminal Server or Citrix Server solution.  In my case, 93% of my company (250+ users) is using Citrix XenApp 6 and/or Citrix XenDesktop 5 with SSL VPN over an Citrix Access Gateway.  In our case, we are using Citrix NetScalers for this purpose however there are other lower cost alternatives. We centrally manage all applications and desktops via this platform without worrying about managing or backing up users individual workstations.  Matter of fact, the majority of users our using HP Thin Clients.  This is my preferred architecture especially for small-to-medium size user environments with at least 50+ users.  This platform allows users to use any type of device (PC, MAC, iPAD, iPhone, etc...) from anywhere inside and outside the corporate network.
The simplest and least expensive of these options would be RDP over HTTPs.  FYI... When using HTTPS you won't need to filter the users’ public IP address on the firewall.  The next option Cisco SSL VPN is a good alternative as well, but will still require at least RDP.  Which the user should then use a static IP Address or more preferably DNS if using DHCP internally.  Now, Citrix is the most expensive approach, but my preference for centrally managing company resources.

Expert Comment

ID: 36535200
If you only had one terminal server it could work but you would need to have roaming home drives for staff, that way they can log onto the one server thats got all relevant software on it and their documents come with them instead of having one per user.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

As an IT person for a call center we are always looking for tools to make our jobs easier. Well I found the ultimate application for the job. SmartCode VNC Manager gets the job done. Its easy to get up and running just run the wizard to pul…
Let’s list some of the technologies that enable smooth teleworking. 
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question