How do you deal with External clients

[mmoseley]

Evening all!

First of all!!! how cold is it!!! lol :P

Can anybody tell me how you deal with external companies/person(s) wanting access to your network, with either VPN or wifi...

The reason i ask, is this is something thats never happened to me, I had a person wanting external access to a device via VPN, which i wasnt overly happy about, Just curious of how you guys do things?

Curiousity

Ta,

Mart

[mbedford]

Hi Mart,

We have two ways we normally do things like this.

1. We have a citrix environment which allows us to provide access to Remote Desktop using a published application through the Citrix Web Access Environment.

2. (Simpler) Use an app called TeamViewer. TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet This allows remote access using HTTP traffic and is usually able to negotiate most corporate firewalls. It may not be allowed on your setup but its worth a go.

Hope this helps

Mike

[SYNACK]

If you dig deeply into the RRAS component you also have the option of only allowing a specific user access to the specific IP of the device in question which can be handy if it is something like a photocopier with limited potential for messing with the network. You can also do this through ISA if it handles your VPNs.

[mmoseley]

If you dig deeply into the RRAS component you also have the option of only allowing a specific user access to the specific IP of the device in question which can be handy if it is something like a photocopier with limited potential for messing with the network. You can also do this through ISA if it handles your VPNs.

That sounds PERFECT! thanks SYNACK, i will look into that tomorrow, i didnt realise you can do that!,

@mbedford - Thanks aswell, we are looking at implementing Remote Desktops using Server 2008 R2, its been massively improved and looks similar to Citrix i believe, also yeah ive heard and used TeamViewer before but never used it on the admin side, just as a user!

Thanks for your advice chaps, it..as always is appreciated!

[irsprint]

Possible stupid question about remote apps, is it advisable to have a separate server to deal with this? if several staff/ students wanted to use it for example?(Just thinking for future reference)

[SYNACK]

Possible stupid question about remote apps, is it advisable to have a separate server to deal with this? if several staff/ students wanted to use it for example?(Just thinking for future reference)

It depends on your security requirements and lock downs. Each session for each user is segmented and based on that users privilages so as long as the software can all coexist on the server so can all the users. If you have concers about really skilled users compromising other sessions on the servers using code or something then this is when you would look at putting the staff and students on seperate servers or seperate VMs under the same server to segment them further but so long as the apps are allocated and locked down by user type then it should not cause an issue.

[dalsoth]

Also make sure from a policy point of view that you are informing your superiors when 3rd parties access your system remotely. Even if it is simply just a form the head signs once a year to allow a selection of support companies to access parts of their software or service when needed. You know that when they blow your server up the head will crucify you otherwise for letting them do it.