Deploying a 2 factor authenication for a remote admin connection

Currently using Radmin, but this is a not a sufficient form or a 2 factor authentication against our servers. Options I am currently investigating would be  1) VPN, 2) Purchasing Certificates 3) Setting up a Certificate Server.  Want to deploy the most cost effective means to ensure we have indeed a 2 factor authentication for remote admin. Any suggestions or other tools/methods would be more than welcome. Keeping in mind these machines are all standalone and not on any domain at this time.
cgooden01Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KimputerIT ManagerCommented:
VPN would be the cheapest method available. You could opt for PPTP (built-in Windows Server), or decide for the more complicated OpenVPN route.
In more advanced routers or security appliances, VPN is also built-in with various options ((L2TP or SSL based).
Since Radmin requires one single port, if any SSH server with tunneling is already available, you can use that too instead of VPN.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
No need to buy official certificates, you can use your own for free, e.g. created with OpenSSL. PPTP itself doesn't allow for certificates, AFAIK. L2TP/IPSec does, OpenVPN, and most IPSec VPN devices.

Building SSH tunnels is another (free) way to do it, again combined with certificates you can create yourself.

It depends on what your need exactly is. Do you want to provide administratrion to a few of locations, but many machines, or one machine per site, or ... As you say "standalone", I'm thinking more in direction of a POS, and centralized authentication (RADIUS) isn't available.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cgooden01Author Commented:
This purpose would only be to provide administration to only a few servers from one location.  I was thinking in the direction of SSH tunnels via VPN combined with self created certificates.  Just need to iron out this procedure.    The purpose is to allow remote administration from one to another.
cgooden01Author Commented:
So the direction i am leaning toward now is L2TP/IP thus fulfilling a stronger authentication by requiring 2 levels of authentication, using a computer level authentication certificate for the IPSec session and a user level authentication using a PPP authentication protocol for the L2TP tunnel.
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.