• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 994
  • Last Modified:

Needing a solution to RDP and remote clients

I'm hoping I can get some sound (and hopefully simple) solutions to this problem.  I have inherited a client who recently migrated their server to SBS 2011.  They have since terminated their relationship with the company who did their support and migration.  I will preface this scenario with the fact that -- yes, Server Standard should have been installed instead of SBS 2011.  That said, here's what they have:

Windows SBS 2011 on a rackmount server with a modest Xeon processor and 32 GB of RAM, RAID 5 with plenty of storage.  Three clients (local) need to have an active RDP session on the server running on their client PCs simultaneously.  This is to access proprietary software which is run on the server tied to its database.  Additionally, they have an important remote client who needs to a) access his files (excel, word documents) and b) be able to run and access his Sage ACT! database remotely (whether he runs the ACT! locally or from the server).  The customer has 25 CALs (enough to include the 3 RDP clients and the remote client).  The only other caveat is that the customer is in a very rural location and only has access to a T1 (~1.5 Mb down), thus bandwidth is an issue.  

Obviously, RWW would be a simple solution for accessing the remote client's files, but doesn't solve having access to the Sage ACT! database.

Without buying expensive hardware (2nd RDS server, etc.) what are some viable options to accomplish the above needs of the client as I've described above?  The customer has already spent a fortune getting the migration done, so I don't want to give them any solutions with a sticker shock.
  • 3
  • 3
  • 2
  • +2
2 Solutions
I would buy 5 RD CALs and allow the 3 internal users + 1 external user to access the server via RD.
GPOs should be set in order to limit user's capabilities on the server (hide C: drive and things like that).

All the customer has to spend is:
a. The 5 RD CALs,
b. The time needed to set GPOs and test everything,

If the external user uses low resolution (1024x768) and low color depth (15/16 bit) even a 1.5Mb will work fine. You posted the DOWN bandwidth. Please post the UP bandwidth as well.
Allowing users to access the server directly is a terrible idea (highly unlikely you'll be able to lock it down completely). Did the client purchase the SBS 2011 Premium Add-on as well?

If so, I would run a P2V conversion on the SBS machine and then turn the physical server into a hypervisor (either ESXi free edition or Hyper-V Server 2012). This will allow you to run both the SBS and fire up a separate RDS for the end users to access.

Local users would simply RDP to the RDS and remote users could access the RDS through the built in RD Gateway on the SBS.
Yes - a RDP server / terminal server would suit you best - either physically or virtually.
For three users you could really do it with a basic i7/16Gb System it doesn't have to be expensive. - you could virtualize later.
This will get the users OFF the file server which is never a good idea.
Don't be confused by the first solution offered - SBS2011 users must be admins to remote to the server - it will cost you a lot of time to try and lock down the risks.
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


"...SBS2011 users must be admins to remote to the server..."

This is FALSE!
David Johnson, CD, MVPOwnerCommented:
This will get the users OFF the file server which is never a good idea.  With SBS you are kind of stuck, if you want to stay with the cheap, all in one solution, run the wizards, type of operation that SBS is .

You didn't say which version of SBS 2011 (Essentials or Standard?)

Cheaper to set up a VPN into the network http://blog.ronnypot.nl/?p=693.  RDP is not really an option without spending a fair bunch of change, (RDP CAL's, additional hardware, Premium Add on, need I go on to add the Terminal Services (remote desktop services) function).

With the VPN you just access the file shares as required as if you were located on the lan in the office..
Omegaman55Author Commented:
Thanks for the responses so far.  The version is SBS 2011 Standard.  No they haven't purchased the Premium add-on pack.

I understand running the VPN for the remote client, but a VPN won't get me the third RDP session I need, unless I go with a second server.

What are my options for virtualization? I didn't think SBS would run Hyper-V so then do I need to go with a third party VM solution?

I agree allowing users admin access to the file system is not ideal at all and it is currently an on-going discussion with the client, however, we are stuck with what we have for now until they can make more decisions regarding new hardware/software.  It's not the best decision but it's what I (we) have to work with right now.

I seem to see conflicting comments regarding whether or not SBS 2011 can support TS CALs, etc.  I was under the impression that SBS isn't built for that.  Are you guys referring to third party software to accomplish this or some server hack?

I think I agree that the VPN solution is probably the best solution right now for the remote client, however, I still seem confused or undecided on the best RDP session solution for the customer.  Any and all further input would be appreicated.  Thanks to those who have responded thus far.
David Johnson, CD, MVPOwnerCommented:
SBS does not support being a hyper-v server.  It CAN be installed as a CLIENT in vmware/hyper-v/other virtualization platforms

They DON'T need RDP into the server IF the client end can be put on a windows machine and the database reside on the server... , paying for the cals and the premium pack and another server just keeps adding up costs.. the pricing works in larger scales but is a fair bit of change for (4 total users) ( 3 local + 1 remote) .. SBS also does not support remote desktop session host.

http://social.technet.microsoft.com/Forums/en-US/67fe9e9b-9dd1-4aae-8c66-4fab7ac6d287/remote-desktop-services-terminal-services-licenses-on-sbs-2011 explains the SBS Licensing FAQ in a more readable format.  Can't each client run the !ACT locally and just access the database on the server?  This way all you'd need is a spare desktop (under $700 or client supplied) in the local LAN that the remote user can RDP into once they connect in via vpn?  Really trying to save you some money here..
if you can get the app to run on a workstation then you are halfway there - this should be your first priority as it will open up choices for you. It may be a little slower but if it works then you can address the speed later.
Then you can use RWW to give access to a spare PC for the really remote user to run the app, and the two local users can run it as they should from their workstations.
What app is it - I bet someone on here knows how to make it work from a share rather than straight off C:
David Johnson, CD, MVPOwnerCommented:
Then you can use RWW to give access to a spare PC for the really remote user to run the app, and the two local users can run it as they should from their workstations.  Substitute RDP for RWW and then I'd agree with you.. (I see an echo here)

Read my lips, SBS does not support Terminal Services as Session Host is disabled in SBS 2011 Standard (An RD Session host server is the server that’s hosts Windows-based programs or the full Windows desktop for Remote Desktop Services clients). To implement Remote Desktop Services with Session Host, you would need to add another server to the domain running either the SBS 2011 Premium Add-on or Windows Server 2008 or 2008 R2 and acquire RDS CAL’s for either users or devices.

Q. Do I require RDS Cal’s to access the SBS 2011 Server using RDS Admin Mode?
A. No, SBS 2011 provides you 2 connections via RDS Admin mode to remotely administer your server.

source: http://social.technet.microsoft.com/Forums/en-US/67fe9e9b-9dd1-4aae-8c66-4fab7ac6d287/remote-desktop-services-terminal-services-licenses-on-sbs-2011
Remote web Workplace (RWW) in sbs2011 will provide a neat little console to let you RDP through to a workstation. So a spare PC can be used to allow 1 user to connect, or a terminal server will allow multiple, and both can be easily accessed via the RWW webpage.

I agree the SBS server will not allow you any more than 2 connections as admins which is messy - but can help out on very odd occasions  - it can even be tidy to setup a rdp client that runs the app straight away to really hide that it is an admin on the server. But still not the solution for the third user.

We need the original asker to talk about the app!
VPN may work - but databases particularly nonsql ones, can be very crappy over VPN. Remote Control of a PC will often be faster and less likely to corrupt data if the connection drops.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now