Go Premium for a chance to win a PS4. Enter to Win


Remote Desktop Solution

Posted on 2011-09-08
Medium Priority
Last Modified: 2012-05-12
Looking for a good RDP solution…

I manage a corporate network where users require remote access to their computers so they can work from home. To date I have been assigning static IP addresses to workstations via DHCP reservations and then opening a random port on the firewall and forwarding the connection to the users static IP address on port 3389. The solution works but has become unmanageable as the number of users requesting this kind of access continues to grow. Too many port forwarding rules that correlate to dhcp reservations etc.

I can implement a VPN solution and have users rdp to their computers by computer name. I have thought about a terminal server but not a great solution as users would have two different computers… their ts computer and their workstation which they use everyday.

Any suggestions?
Question by:oetcc

Expert Comment

ID: 36506820
Terminal Server / Remote Desktop 2008 is great.  Yes there are two desktops but you can set windows to join a domain and have group policy to make it into a dumb terminal?

For eg, some of my clients i have, simply switch on their PS, and they have nothing otheir desktop but 'Connect to Server' icon that connects to Terminal Server.  You can even put it in the start up so it automatically connects to the server.

Server 2008 or Citrix is the way forward for you I thinks

Assisted Solution

karllangston earned 200 total points
ID: 36506830
You have prety much covered the choices that I would opt for. Are you thinking of a Hardware, Software or Windows VPN? A VPN would be the easiest to manage as you would only have to open the VPN port up on your router and then the users could RDP to their individual PC's by name (with a Windows VPN this works well)

Assisted Solution

KGNickl earned 200 total points
ID: 36506855
The most standard corporate solution I have seen in use is Cisco VPN to get into the network. Once you are on the network have the user connect via static IP address or if not static then the host name. RDP works great and it free because its part of windows.

Then the standard rule is if you are working remotely on an ongoing basis you should have a laptop, which uses VPN to get onto the corporate network.

If you using RDP just to occasionally work remotely then your ok, but you are responsible for any issues that may occur. Such as frozen computer, non-responding network card, friend thinking its funny to hit your power button, etc.... Basically its your responsibility to either be able to get to the office and get your computer online or have someone there you can call.

Accepted Solution

gsmartin earned 1600 total points
ID: 36507395
Allowing users access to the computers remotely is a management and security nightmare.  There are a number of remote access technologies that can be used vs. RDP; such as GoToMyPC, Team Viewer, Log Mein, etc...  These are products that would ease your firewall administration tasks, but circumvent your network security - leaving without much control.  Therefore, I would advise against these types of tools.  
RDP over HTTPS would be the most appropriate, given your infrastructure architecture, but would certainly increase your management tasks. This would be require redirecting port 3389 over HTTPS vs. HTTP, for better security; and requires an SSL certificate (wildcard certificate preferably).  Note opening port 3389 publically is not a good security practice.  Also, I recommend using a port other than the default ports for these types of services.
In my infrastructure we use a combination of Cisco's SSL VPN using Cisco's AnyConnect VPN Client - select small groups of users with RADIUS/AD authentication.  With this option you don't need to management often if configured and secured properly.  This would also work well with your environment.
Now, if you have a large group of users require this type of access.  I would recommend either a Terminal Server or Citrix Server solution.  In my case, 93% of my company (250+ users) is using Citrix XenApp 6 and/or Citrix XenDesktop 5 with SSL VPN over an Citrix Access Gateway.  In our case, we are using Citrix NetScalers for this purpose however there are other lower cost alternatives. We centrally manage all applications and desktops via this platform without worrying about managing or backing up users individual workstations.  Matter of fact, the majority of users our using HP Thin Clients.  This is my preferred architecture especially for small-to-medium size user environments with at least 50+ users.  This platform allows users to use any type of device (PC, MAC, iPAD, iPhone, etc...) from anywhere inside and outside the corporate network.
The simplest and least expensive of these options would be RDP over HTTPs.  FYI... When using HTTPS you won't need to filter the users’ public IP address on the firewall.  The next option Cisco SSL VPN is a good alternative as well, but will still require at least RDP.  Which the user should then use a static IP Address or more preferably DNS if using DHCP internally.  Now, Citrix is the most expensive approach, but my preference for centrally managing company resources.

Expert Comment

ID: 36535200
If you only had one terminal server it could work but you would need to have roaming home drives for staff, that way they can log onto the one server thats got all relevant software on it and their documents come with them instead of having one per user.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Haven’t we all been there – Mom (or Grandma) needs help on her computer, so calls her IT son (or grandson) for help.  Wouldn’t it be so much easier to just remotely connect to her computer and fix the thing rather than trying to go through it on the…
Remote Desktop Connections allow you to control remote host machines via the magic of the Internet and RDP (Remote Desktop Protocol). For the purposes of this article we will assume you are connecting from your home PC or laptop to a remote offic…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question