Solved

Remote access to network for external sales consultants

Posted on 2012-04-02
10
509 Views
Last Modified: 2012-04-25
I am looking for advice on the best way to enable remote access for external sales to our network.

External sales guys currently own their own laptops, a range of  O/S, brands etc. They are not joined to our domain, they work independently with an email account only provided by the company.

Internal sales has requested that external sales have access to shared folder on our network for sales to login and update quotes etc.

What is the best way to enable this. I do not want to go down VPN route due to company not owning equipment, different o/s, no managment of Avirus etc, users have home o/s not business. Also the support and managment of this equipemnet.

Any suggesetions....?
0
Comment
Question by:collie3
  • 2
  • 2
  • 2
  • +3
10 Comments
 

Assisted Solution

by:netjon
netjon earned 125 total points
ID: 37796789
Do you have a Windows Server?  If you have SBS 2008 or 2011, you can port-forward 443 to the server and they can access your internal web site externally.  Security won't be a big deal since they need to log in using their domain credentials (which, if they have email through your server, they have credentials).  Then they can easily pick shared folders and access the files like they are on the network.

I'm not sure about Windows Standard editions, since this is one of those SBS features, like Remote Web Workplace.

Let us know what type of server/routing equipment you have.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37796804
can a Sharepoint server for sharing documents possible? then you can have a website on Internet side which can be accessed by external and Internal users for sharing the required documents with specific permissions.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37796824
It may be system failure event log is disabled. you can enable it to get more information when the system crashes.

right click on Mycomputer and click on properties.
select advanced Tab
enable the "Write an event to the system log" under system failure.

You can disable Automatically Restart so that you can view the BSOD when system crashes. but this can delay the reboot of the system as this will require manual reboot.
0
 
LVL 3

Expert Comment

by:clinker83
ID: 37796991
You could simply dedicate a computer on the network and enable remote desktop on it. Allowing the external sales guys to login using their credentials. However only one session will be allowed at a time unless using a server which is limitated at 2 if no additional terminal licences are purchased.
0
 
LVL 5

Assisted Solution

by:Gareth Tomlinson CISSP
Gareth Tomlinson CISSP earned 250 total points
ID: 37800299
I'm sorry, but not deploying a firewall based VPN is a short sighted decision that WILL come back to haunt you.
exposing your Windows server to the internet is a disaster waiting to happen, no matter how you restrict the ports and keep up to date with patches.
Buy a Fortigate firewall (they are fairly cheap). Use the SSL VPN so people can connect from a web browser and don't need a client, and apply antivirus and malware scanning (on the Fortigate) to the connections.
You can even carry out endpoint checking for up to date antivirus running on the clients, I'm not sure if that applies to the SSL users though.
Ideally your shared drive would be on a DMZ server, and not on your LAN.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 5

Assisted Solution

by:wtandrews
wtandrews earned 125 total points
ID: 37800845
If you are on SBS 2008 or 2011, going with the above suggestion concerning the built in Sharepoint (Companyweb) and/or shared folder access both via Remote Web Workplace is the way to go. That is one of the reasons it exists.
You could load a teminal server and purchase licenses for the salespeople and this would be a fine solution as well.
VPN's can work just fine depending on the bandwidth available but I understand your apprehension.
Give us more info as to the current setup so we can better advise.
0
 

Author Comment

by:collie3
ID: 37800986
Hi,

The current setup is as follows..

WebServer is offsite and hosted by host Ireland.
File Server is a windows 2003 SBS
We currently have a Fortinet 200B firewall, and a range of windows 2003 and windows 2008 SBS.

Remote access to a single PC would not work as there will be upto 10 people accessing this.

The SSL VPN connection on the Fortinet, I must research this option and see what the capabilites are?

Another option I was thinking of was FTP Server. Although they want to upload all quotes and a spreadsheet to be populated so a lot of manual work involved there....

My ideal solution would be
VPN's - Equipment owned and configured by company
A CRM System - Not just for this requirement, but basically the deparment is growing quite rapidly and they keep looking for quick fixes, they still dont know exactly what they want and have not documented exact requirements however in the meantime IT need to implement a solution.
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 250 total points
ID: 37801046
The SSL is a free feature on the Fortigate, you have 2 options with it.
First is "tunnel mode", which effectively gives the remote user access to all the internal resources, but it is tricky to set up correctly.
Second is a "portal" mode, where you log in via web browser and then have "shortcuts" to web, FTP and terminal servers that you click on from the web page.
The setup is documented by Fortigate on the knowledgebase, basically set up users, add them to a user group for SSL VPN, set up SSL VPN, configure the portal by adding the bookmarks you want the users to have access to, create a firewall policy (and filter profile for A/V, malware, IDS) to allow SSL users access to the portal.
It works very well indeed.
You can also have users authenticating via LDAP or Radius, but that's more complex.

Uploading a shared spreadsheet is hard, as you may well end up with more than one person editing it at a time; Sharepoint stops this if you implement "check out", but it's not simple to set up Sharepoint.
0
 
LVL 5

Expert Comment

by:wtandrews
ID: 37801176
Even with SBS2003, the Companyweb can be made avaiable remotely. Set port forwarding using port 444 to go to the Companyweb and set up an A record at your DNS host for companyweb.companyname.com
Use the documents section for the sales people to share docs.
Quick and easy, implement a SSL cert for added security instead of the self signed cert if you are concerned with it.
0
 

Author Comment

by:collie3
ID: 37837836
They have provided a final requirements list....

An excel spreadsheet with hyperlinks to quotes which are stored in a directory on our common drive on the internal LAN. Users need to be able to open the hyperlinks to view quotes. Each user must have a unique login and password and only access to their spreadsheet and quotes. A log of access is also required for each user.

This pretty much rules out sharepoing, webpage access, ftp, remote access on a single PC.

My only real option is VPN.?? I need to see if there is a way I can manage VPN's withough too much hassel or security implication using their own equipement.....

Unless anyone has any further recommendations.....
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

Suggested Solutions

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now