Link to home
Start Free TrialLog in
Avatar of Geneyes008
Geneyes008Flag for Canada

asked on

New Remote office connection

I have opened a new remote office and need to have systems running at remote site jsut as the ones are running at main site.  there is an ADSL line at remote site and dedicated line at main site.
I have been using the Logmein hamachi, but it is painfully slow and the users end up not even using it.  Would a linksys dedicated VPN solutin be faster, what other options are there to run these type of configs?
Avatar of Netflo
Flag of United Kingdom of Great Britain and Northern Ireland image

Yes a hardware based VPN solution will be better.

I would consider looking an entry level option of Draytek ADSL routers which can do VPN tunnelling, rather than Linksys devices. Ideally something more powerful and up for the job would be a SonicWall, Juniper or Watchguard. If you want top end with most cost, then look at Cisco. As these are dedicated firewalls which can do this sort of job.

You essentially want to setup an IPSec tunnel using IKE or preferably IKEv2 which will help if you have low speed connections and you really want to get the most out of it.
Avatar of Rob Williams
Though a hardware based VPN will be more stable, the performance improvemnt will be minimal.  Keep in mind with a VPN WAN users are connecting with a speed about 1/100th of that of LAN users.  If performance is the primary requirement there is no question that adding a terminal server is your better option.
Avatar of Geneyes008


With a terminal server setup will the users still have a login to domain and then all the aps they have on local system?
Yes.  With a terminal server you connect to the corporate site and login as if you were sitting at a PC.  You get a new window which is a desktop on the server.  All apps are there, you need nothing on the cconnecting client/local system.  This also adds security as your data remains at the corporate site.

Peformance is excellent as no data is passed between client and host, only screen refreshes.
Bear in mind Remote Desktop Server (RDS) or formally known TS are expensive solutions. If you plan to have Office installed you will be required to buy X number of copies for the total number of provisioned RDS users / devices, plus an associated RDS User / Device CAL too.

RDS is a brilliant solution, but again you're going to need a good server and the performance gains also depend on the type of applications that are going to be run of the server itself. For example running Adobe Photoshop would not perform as expected in terms of rendering and will chew up all available RAM on the server itself, if you get my point.

To get the best performance on a RDS on a slow line, you would need Server 2008 R2 on the server side and Windows 7 clients running RDC 7.
So can I run TS on SBS 2003?
I am looking at upgrading to SBS 2011, can I use it on this as well?
NO.  No version of SBS supports terminal services, but you can add a terminal server to an SBS domain, either physical or virtual.
OK, I will try adding a 2008 server as a TS and see if that improves performance and user response times.
It should work well for you.
If buying new hardware you may want to consider remote FX which is terminal services on steroids.  It's no more expensive, you just enable additional 'features' but does require a compatible processor, video card Server 2008 R2 SP1 and Win7 SP1 clients (or newer).
I have placed the Server 2008R2 box at head office.  Clients at remote site are running Windows XP pro.
What is next step to get them connected?
You need to enable the Remote Desktop Service role on the server, and for now forward port 3389 from the router to the terminal server.  They can then connect using the public IP of the router and using the remote desktop client.  I strongly recommend enforcing strong passwords, and configuring account lockouts using group policy.

Long term though it would be better to configure the terminal services gateway service and buy a certificate.  This is more secure and uses port 443.

Within 120 days you have to configure a server (can be RDS server or another) to run the Remote Desktop Licensing service, buy CAL's for the users and install the CAL's.  For 120 days they can connect using temporary licenses, which is automatic.
How will this then forward them to the SBS 2003 DC that will allow them to have the access like they are at head office?
The RDS server acts much like a PC.  You join it to the domain, and install the applications on it.  The difference is people connect to it and work on it as if it was a local PC, but only screen refreshes are send 'over the wire'.

Though RDS basics are pretty straightforward there are a lot of options and considerations as outlined in the link below such as the RDS role, the licensing service, the RDS gateway service, adding a certificate, adding CAL's, application compatibility, configuring security (locking down the server), and using features such as Remote Apps which appear to the end user as if they are running the app on their local machine.

It would be best to get a little training as it is difficult to explain all aspects and things to consider in a forum.
So these desktops on the 2008 box will not have any applications that have not been locally installed then?  The users loggin in will have to tab back and forth to get their local desktop and the one on RDS?
I was looking for something that would allow a seamless experience just like they are at the head office, except they are remote.
Sounds like a point to point VPN might work better here.
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
With this solution how would they print to their current remote location?  They would be dialing in and running the apps, but they need to print it out on the local printer.
Remote Apps requires the drivers for the remote user's printer be installed on the RDS server, but once done they can print directly to their local printer.