Looking to

I'm looking for some guidance on how to allow Remote Users to access system applications. We currently are running a phase 1 setup where users are sent home with company equipment and use Sonicwall Global VPN software and Remote Desktop to remote into their own computers, located on site.

This is not, however, ideal, as it requires equipment on both ends.

Ideally what I'm looking for is to have a way for a user to have equipment at home, use a secure VPN connection with the Sonicwall Global Client, and then have the user access a desktop that is not in use. One way, obviously, is to have a bank of PC's with one dedicated to each person, but this seems cost prohibitive. So my thought is a virtual desktop.

I currently have two Windows 2016 Servers running my main system, including DNS and Active Directory, among other, core services. Is there a way I can build virtual desktops within that server? Should I have a separate server dedicated just to this task? What would be my starting point? Would I use Microsoft's built in Hyper-V? Would I use VMWare in some way?


The first group will probably be only 5-10 users, though this number may go up. I know there are options like Citrix which would provide a web interface but the way our applications are setup they would require a direct connection and so I don't know if Citrix and the like would work, though I am looking into this as well.


We have hundreds of available DHCP over VPN connections through our firewall, and the application has worked very well with this first batch. Now I just want to try and find a way to have an environment where each user can login to a single (Or fewer) machines at the same time without taking up valuable, individual PC resources.

Further information of my environment:


Users: About 120 total. Of those 120, About 8 are currently using the Global client to remote in but they are remoting in to their own PCs. Second proposed to group would use some kind of virtual setup or Citrix environment, if possible.


Firewall: NSA 4600.


Windows Environment: Two Windows Server 2016 servers running Hypver-V for Domain Controllers. Windows Update, Active directory, etc included. Domain Controllers are mirrored.


PC Environment: Windows 10 Pro across the board.

Any help would be greatly appreciated.
TarkisalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DonNetwork AdministratorCommented:
Just join the laptops to the domain, provide the software they need on them, and have them connect to the network thru the VPN. Then they should be good to go.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TarkisalAuthor Commented:
Don,

Thanks for the quick response. That would be an easy solution, but the problem is the application they are using. It's an EMR that often has to use established VPN tunnels to other clients to connect to servers elsewhere. Therefore, we run into what I've dubbed the 'double hop' problem. The Global VPN will allow you to remote into the network here, and they can access any clients within the EMR that are located here, but any clients that are located through another tunnel it won't jump twice and times out.

If you know a way to solve this problem with the Global VPN client that would actually solve multiple problems I've had. So far, I haven't found a work around.
0
Blue Street TechLast KnightCommented:
Hi Tarkisal,

users are sent home with company equipment and use Sonicwall Global VPN software and Remote Desktop to remote into their own computers, located on site.

This is not, however, ideal, as it requires equipment on both ends.
What do you mean by equipment, PCs?

Ideally what I'm looking for is to have a way for a user to have equipment at home, use a secure VPN connection with the Sonicwall Global Client, and then have the user access a desktop that is not in use. One way, obviously, is to have a bank of PC's with one dedicated to each person, but this seems cost prohibitive. So my thought is a virtual desktop.
I don't understand your need...if a Remote User leaves the office and goes home is there a reason they cannot login to their workstation they left at work? This is the traditional model. If they only have company laptops then all they would need is a VPN connection to access company resources.

It sounds like you want Microsoft RDS (Remote Desktop Services), formerly known as Terminal Services but from what you have written I don't see the business need.

Can you explain the EMR double VPN a little more?

Let me know if you have any questions!
0
TarkisalAuthor Commented:
Sure thing.

To your first question: I meant, PC's, yes. We provide Remote users with company issued PCs that they use as a "gateway" of sorts that has the Sonicwall Global VPN on it to allow them to remote into the system. I'll explain the double VPN more down below and try to explain it better as to why they can't just use the computers at home and need to remote into a PC located on site.

The problem is most of the users won't have computers to login to or desks to sit in. We are trying to move multiple users to work from home so, if they did come in, they would work on a shared PC, not their own PC. So if User A   works Monday, Wednesday and Friday, from home, and Tuesday and Thursday in the office, then User B is unable to use that computer at all since User A is remoting into it from home.

The problem is less about giving users that work in the office the chance to remote into their own computer and more about freeing up computers so we have Remote users (Some of which may not work in the office at all) and then other users that have their own dedicated computers in the office.  Imagine it as like having a PC sitting on an empty desk. No one is sitting there, but we can't use it because someone is remoting in from home.

Regarding double hop and VPN - So our main application works in two ways: Our own server and a client's (Offices we do work for)  own server. So, for instance, we have some clients that have their information stored on our local server here. In this case, a remote user using the Global VPN client would have no problems. They remote in, get a local IP, and they're good to go. The EMR has a local IP so they can connect.


The problem, however, is when the application is housed remotely. To create this remote connection we use site-to-site VPN tunnels. The Sonicwall Global VPN does not seem to allow a connection twice. So, in this case, the user remotes into the network here. So far, so good. However, for reasons I can't fully explain, if they then try to connect to a remote connection, that is, someone that has their application housed remotely over a site-to-site tunnel, the connection will fail. The Global VPN doesn't seem to like to create a connection to the main site, and then jump over that site-to-site tunnel to make another connection. Hence, the double hop.


I realize this is a tad confusing, and I hope I am explaining myself well. If anyone knows a work around that would allow this function, I'd be very happy to hear it.
0
TarkisalAuthor Commented:
I was able to get around my problem by fixing the initial issue with the VPN - namely, the double hop issue. I just had to add the site-to-site VPNs as a group within the Remote VPN configuration for the WAN Group VPN. Once I added that functionality, I was able to connect to all clients both local and remote, and I'll now be able to just have the users at home use their computers there, and they won't need to remote into anything else local besides the Sonicwall Global VPN. Thank you to everyone for your help!
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.