We help IT Professionals succeed at work.
Research Question

Using remote desktops over VPN - Need opinions

62 Views
Last Modified: 2020-10-27
Since Covid-19 outbreak like most companies we've been having employees work from home. This is the first time we have done this as a company. We are currently having them VPN into the network and then RDP into their workstation here in the office. I'd like to possibly setup some VMWare or Hyper-V virtual machines for this purpose so we aren't allocating 2 machines per employee (laptop & desktop in the office). In a previous life i used Citrix to push a full desktop to users, but that has been awhile. I'm looking to get ideas, recommendations on how to make this new reality a little more manageable and would love to hear about any products you might recommend to make life easier. Thank you!
Comment
Watch Question

CERTIFIED EXPERT

Commented:
What servers do you have? versions, hardware, licenses etc?
probably you already have everything you need.
Andrew Hancock (VMware vExpert PRO / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
What do they need access to, do they need a full virtual machine, or could a terminal based server computing such as RDS/Citrix work for them ?

What do they need to access the office for ?

Could they use Office 365, email, docs online and shared in one drive, using their home PCs ?
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
Why not just use laptops that can be used in both home and office?

Author

Commented:
Hi Arana, thanks for the response.
We have a mixed environment of VMWare and Hyper-V hosts running Windows Server 2012 R2.
The VMWare servers are (3) Vsphere version 6 Essentials. The Hyper-V servers are  2019 Standard & 2012 R2 Standard.


Author

Commented:
Hi 'some one'. i appreciate the comment. Management is nervous about having data outside the walls (we are a financial institution) and using the laptops as a "vehicle" to get the newly remote employees to the data seems to calm their fears a bit about potential data loss. 

Author

Commented:
Hi Andrew, they want all the access they have here in the office including office, email,  our ERP software and a few smaller programs. I believe terminal based computing would work as well. 
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
You say:
We are currently having them VPN into the network and then RDP into their workstation here in the office.  
One usually RDPs from a computer.  So this sounds like: "We are currently having them VPN into the network to get access to *a computer* on the network and then RDP into their workstation here in the office."  
That seems wasteful of computers by two.  
It only shows my confusion re: how it's being done.
Andrew Hancock (VMware vExpert PRO / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
So you need to analyze if the current applications can all work as RDS/Terminal Services.
Philip ElderTechnical Architect - HA/Compute/Storage
CERTIFIED EXPERT

Commented:
Simplest method is a Remote Desktop Gateway that arbitrates security (DUO for 2FA) to the internal endpoint. It's really that simple and that's all that is needed.
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
Hi Fred, my explanation may not have been totally on point. i'll try to do better. Our users are given a loaner laptop that they are using remotely to VPN into our network. Once they are connected via VPN they use a Remote Desktop connection that has been setup to go directly to their regular desktop computer here in the office.

Andrew, i am going to check into that. I am unsure if it does work over TS.

Phillip, thank you...i was unsure if i was overthinking it or not, but that may be the way that i end of going.

Hi SkullNoBrains (that feels like i'm berating you...lol), thanks for the feedback. Are you referring to Terminal Services? i've not set up a TS server before, but i can't imagine it is too hard. It is simply installing the service, obtaining the licenses from MS and then configuring, correct?

CERTIFIED EXPERT

Commented:

Are you referring to Terminal Services
yes. those are actually the exact same ones you currently use. the remote desktop access is merely a terminal server that allows a limited number of connections. i guess currently the limit is 1. additional advantage, they are going to connect with the same tsclient or whatever they are used to.

setting it up is absolutely trivial. what may or may not be complex is making sure each user has all the required files and apps they have on their current desktops.

Author

Commented:
Excellent...thanks for the info 'skullnobrains' i am going to start looking into that today :) 
Andrew Hancock (VMware vExpert PRO / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
Thank you, Andrew. Sounds like i may need to get a couple of licenses and mess with it a little bit and expand out from there. I appreciate all the answer and support. This is exactly what i was wanting. Much Appreciated!
Andrew Hancock (VMware vExpert PRO / EE Fellow)VMware and Virtualization Consultant
CERTIFIED EXPERT
Fellow
Expert of the Year 2017

Commented:
You can start now because RDS licenses are enabled as evaluation for 120 days.