+ Post New Thread
Results 1 to 10 of 10
How do you do....it? Thread, Network entry in Technical; Hello, I'd like to create a single point of entry to our network from the outside and to be able ...
  1. #1


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,687
    Thank Post
    352
    Thanked 794 Times in 714 Posts
    Rep Power
    346

    Network entry

    Hello,

    I'd like to create a single point of entry to our network from the outside and to be able to publish/set up some kind of routing system to access devices/services within.

    I'm looking at I suppose an ISA style set up but whether this will do what I'm after I don't know; and I'd like some best practice.

    Things it needs to allow me to do:

    1) Single login (authenticated against AD) through some kind of webpage/applet?

    2) Allow RDP to 'any' internal IP or have a list of boxes to choose from.

    3) Allow HTTP access to 'any' internal IP or have a list of sites/services to choose from.

    I guess really a VPN solution might be easier, but I'm just wondering whether there is some means of achieving this?

    I'm imagining it'd need to create some kind of port redirect if I had say 3 open ports on the firewall it could dynamically ssh tunnel or something?

    Or would it just be easier to have a box running ISA with Terminal Services web connector to RDP to itself and from there to wherever?

    Many thanks for your time.

    Kim.

  2. #2

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,382
    Thank Post
    368
    Thanked 637 Times in 519 Posts
    Rep Power
    158
    Microsoft Windows 2008 TS Gateway, HTTPS page, so you don't have to worry about NAT\Firewall to the end user, you only also need to open\forward port 443 on your firewall.

  3. Thanks to matt40k from:

    kmount (23rd December 2008)

  4. #3


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,687
    Thank Post
    352
    Thanked 794 Times in 714 Posts
    Rep Power
    346
    Wow, that sounds like the ticket!

    Cheers.

  5. #4

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    112
    If you want to make it a little more shiny for users TSWeb Access lets you run applications as though they're local, rather than having a second desktop. They're still running on the server and have normal access to the network, but appear on your own desktop.

  6. #5

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,382
    Thank Post
    368
    Thanked 637 Times in 519 Posts
    Rep Power
    158
    RemoteApps.... looks a cool feature. Might be good to allow staff a copy of office at home, without giving them the CD. Yes, you Office license allows you a copy at home and at work. This would be a nice way to limit it to current staff only.

  7. #6
    tosh74's Avatar
    Join Date
    Dec 2006
    Location
    Scotland
    Posts
    136
    Thank Post
    27
    Thanked 43 Times in 27 Posts
    Rep Power
    23

  8. #7
    Zimmer's Avatar
    Join Date
    Nov 2008
    Location
    Chadderton
    Posts
    116
    Thank Post
    10
    Thanked 10 Times in 10 Posts
    Rep Power
    13
    Server 2008 TS Gateway will do the job just fine.

    Currently our IT Support team members use Remote Desktop to access their office workstations while at home, rather than using a VPN, directly RDP'ing to the workstations was just easy and simple.

    However, I have always worried about the level of security of RDP traffic through our primary Internet connection. So when we started to roll out 2008 boxes in the server farm I decided to setup a TS Gateway Server just for a play around - Now we all use it by standard!

    Basically the RDP packet payload is encapsulated in SSH then bundled into an SSL session, essentially making the Remote Desktop session impossible to listen to on the wire Plus it gives the added bonus of allowing anyone with an external workstation that has port 443 access to the Internet can remote into their office machine (providing the client has the latest version of the MS RDP application).
    Last edited by Zimmer; 24th December 2008 at 10:34 AM.

  9. #8

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Native RDP without going through any form of security / encryption is being closed down within Northants, hence Kim's look at other methods.

    Now all I need to do is to dig out which schools are using native RDP, find out which servers they are going to (some might actually be connecting directly to DCs or the MIS box) and give them some advice / example of how other local / national schools are doing things.

  10. #9

    Join Date
    Mar 2011
    Location
    Canberra
    Posts
    108
    Thank Post
    0
    Thanked 10 Times in 10 Posts
    Rep Power
    11
    TS Gateway works well....

  11. #10
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,192
    Thank Post
    134
    Thanked 340 Times in 287 Posts
    Rep Power
    84
    I would just go all out with either a VPN (we use TMG for ours) - that way you will have full seamless remote access to your network (has been a big hit with out teaching staff).

    That or have a look at Forefront UAG - it gives you that 'web portal' like experiance you have described.

SHARE:
+ Post New Thread

Similar Threads

  1. Strange DHCP entry
    By jcs808 in forum Windows
    Replies: 13
    Last Post: 28th February 2012, 10:57 AM
  2. Query about BETT entry..
    By Gatt in forum BETT 2014
    Replies: 9
    Last Post: 15th January 2009, 05:02 PM
  3. ePortal Assessment Entry
    By djmiles in forum MIS Systems
    Replies: 1
    Last Post: 26th November 2008, 07:12 PM
  4. DNS Entry Query
    By Gibbo in forum Windows
    Replies: 3
    Last Post: 23rd July 2008, 03:12 PM
  5. [ACS] Double Entry - Report
    By mark80 in forum MIS Systems
    Replies: 3
    Last Post: 7th June 2007, 02:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •