Internet Related/Filtering/Firewall Thread, Giving offsite access to staff and students in Technical; Good Morning,
Over summer I'm planning to introduce offsite access to our network for staff and students.
I need them ...
29th May 2014, 09:35 AM #1
29th May 2014, 09:37 AM #2
Home Access Plus along with remoteapp for Sims is what we use, and it does so wonderfully. Works across PC and Mac without issue, although Mac users need a small program from Microsoft for the RDP side of it.
Incidentally, I hope you're not relying on Fortinet for content filtering (slightly off topic, sorry) - it's not good enough on it's own.
29th May 2014, 09:39 AM #3
- Rep Power
Thanks, Firstly no, filtering will be through Lightspeed ;-)
Is Home Access Plus aqnd RemoteApp quick and easy to setup. I've got to implement this over summer around an already rammed full job list!
29th May 2014, 09:44 AM #4
Yeah, the documentation is a little sparse but a search on here will provide some good how-tos. Roughly you just need to run it on IIS, update the web.config file as required and then go through the first-run setup page to add in the shared drives you wish to show, and who see's what. Remoteapp is a bit more of a pain, and please check your licensing on using it (I've long forgotten what's required, sorry!) but should work well when it's done. We use a specific remote server running IIS for home access plus and remote services so it's separate from anything else. They don't take up a huge amount of resource though so anything lying around should do fine.
29th May 2014, 09:49 AM #5
Bit of blatant pitching here, but if you would like a quote from us (if you haven't already) please just PM me and I'll make sure we get this across to you, or get our local partner in West Sussex, who has already moved around a 100 West Sussex schools to us in the last few months, and happy to give you some local schools to speak to too.
29th May 2014, 09:53 AM #6
- Rep Power
29th May 2014, 10:34 AM #7
Another plus from me using Home Access Plus for file access. We dont give access to SIMS remotely.
29th May 2014, 12:07 PM #8
29th May 2014, 12:31 PM #9
I'm glad David has chipped in.
I'd suggest his second option is the best way forward. You can tie your fortinet into AD and allow access to your SSL web portal. I believe you can create different portal pages for different security groups if you want. You can customize the portal, and create a series of bookmarks. These could be links to shares on your network, intranet sites or RDP servers for example.
I'd be cautious about external sims access though personally. I'd probably only allow the very well trained and most security conscious staff access to that particular service.
29th May 2014, 12:34 PM #10
No problem @IrritableTech, for sims access I'd recommend using a Fortitoken which will do you your 2 factor authentication. The Fortinet can then only allow access to certain Windows AD users those with the token too.
Originally Posted by IrritableTech
29th May 2014, 12:43 PM #11
Indeed that would add an additional safeguard, however my worry was more with the way sims works, and how data can be easily extracted in one fell swoop once past the fortinet. Being able to run a report, from home (airport, starbucks...) which can extract all personal and sensitive data about students and staff past and present into a handy csv file worries me.
Originally Posted by SchoolsBroadband
The connection may be safe, but the device once that data has passed over the connection, may not be. A user training issue rather than a technical one generally.
30th May 2014, 10:09 AM #12
- Rep Power
Congratulations on making the leap!
Have you considered just using remote desktop to a dedicated server?
All users can then access most of your usual network software as well as shared areas/printers the lot. You can use a 2 factor plugin if need be.
RDP is generally lighter and more responsive than copying whole files up and down a VPN link. It also doesnt matter if they are using a virus riddled device.
Im pretty sure you will require separate VPN licenses from fortinet above the one or two built in.
As a web based/webdav file manager I use http commander and cook it into OWA so essentially SSO.
Hope this helps :-)
30th May 2014, 10:16 AM #13
Fear not Fortinet and Schools Broadband give you unlimited VPN licenses included in our normal annual charge
Originally Posted by Synkrox
31st May 2014, 09:17 AM #14
What west sussex based company is this?
31st May 2014, 12:28 PM #15
We use RDP with sms pass code for 2 form auth for staff and moodle smb for students.
By genesis in forum Windows Server 2012
Last Post: 6th March 2014, 09:51 PM
By dunc in forum MIS Systems
Last Post: 24th April 2013, 11:30 AM
By kamikaze in forum Internet Related/Filtering/Firewall
Last Post: 20th January 2010, 12:31 PM
By ITWombat in forum How do you do....it?
Last Post: 14th December 2009, 11:33 AM
By cheredenine in forum General Chat
Last Post: 4th June 2009, 03:59 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)