+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
Internet Related/Filtering/Firewall Thread, Giving offsite access to staff and students in Technical; Good Morning, Over summer I'm planning to introduce offsite access to our network for staff and students. I need them ...
  1. #1

    Join Date
    Jul 2007
    Location
    West Sussex
    Posts
    265
    Thank Post
    35
    Thanked 11 Times in 11 Posts
    Rep Power
    16

    Question Giving offsite access to staff and students

    Good Morning,

    Over summer I'm planning to introduce offsite access to our network for staff and students.
    I need them to be able to access their home areas, shared areas, and to use Sims.net (staff only).

    We are in the process of changing internet provider (just choosing supplier) and it looks like my preferred supplier will use a fortinet UTM with VPN facility. That gives me the ability to easily implement the access but I think it leaves me with a problem.

    Obviously I don't want to have the need for staff or students to map drives or creating shortcuts etc.
    I was wondering if you could let me know your thoughts on what is the quickest and easiest way to setup a facility where users can just open an app or something which will automatically have shortcuts to the various drives/resources and also which would allow users to run sims without installing it locally.

    I've only just started looking into this but I was wondering RemoteApp would do what I need?

    Thanks

  2. #2

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,230
    Thank Post
    603
    Thanked 1,094 Times in 842 Posts
    Blog Entries
    15
    Rep Power
    486
    Home Access Plus along with remoteapp for Sims is what we use, and it does so wonderfully. Works across PC and Mac without issue, although Mac users need a small program from Microsoft for the RDP side of it.

    Incidentally, I hope you're not relying on Fortinet for content filtering (slightly off topic, sorry) - it's not good enough on it's own.

  3. #3

    Join Date
    Jul 2007
    Location
    West Sussex
    Posts
    265
    Thank Post
    35
    Thanked 11 Times in 11 Posts
    Rep Power
    16
    Thanks, Firstly no, filtering will be through Lightspeed ;-)

    Is Home Access Plus aqnd RemoteApp quick and easy to setup. I've got to implement this over summer around an already rammed full job list!

    Thanks

  4. #4

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,230
    Thank Post
    603
    Thanked 1,094 Times in 842 Posts
    Blog Entries
    15
    Rep Power
    486
    Yeah, the documentation is a little sparse but a search on here will provide some good how-tos. Roughly you just need to run it on IIS, update the web.config file as required and then go through the first-run setup page to add in the shared drives you wish to show, and who see's what. Remoteapp is a bit more of a pain, and please check your licensing on using it (I've long forgotten what's required, sorry!) but should work well when it's done. We use a specific remote server running IIS for home access plus and remote services so it's separate from anything else. They don't take up a huge amount of resource though so anything lying around should do fine.

  5. #5
    exa_mark's Avatar
    Join Date
    May 2012
    Location
    Bingley
    Posts
    18
    Thank Post
    5
    Thanked 2 Times in 2 Posts
    Rep Power
    5
    Hi IT_Man_Dan

    Bit of blatant pitching here, but if you would like a quote from us (if you haven't already) please just PM me and I'll make sure we get this across to you, or get our local partner in West Sussex, who has already moved around a 100 West Sussex schools to us in the last few months, and happy to give you some local schools to speak to too.

  6. #6
    SJA
    SJA is offline

    Join Date
    Mar 2012
    Posts
    12
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    6

  7. #7
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,096
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122
    Another plus from me using Home Access Plus for file access. We dont give access to SIMS remotely.

  8. #8

    Join Date
    Apr 2012
    Location
    Leeds
    Posts
    312
    Thank Post
    0
    Thanked 68 Times in 54 Posts
    Rep Power
    37
    Quote Originally Posted by IT_Man_Dan View Post
    Good Morning,

    Over summer I'm planning to introduce offsite access to our network for staff and students.
    I need them to be able to access their home areas, shared areas, and to use Sims.net (staff only).

    We are in the process of changing internet provider (just choosing supplier) and it looks like my preferred supplier will use a fortinet UTM with VPN facility. That gives me the ability to easily implement the access but I think it leaves me with a problem.

    Obviously I don't want to have the need for staff or students to map drives or creating shortcuts etc.
    I was wondering if you could let me know your thoughts on what is the quickest and easiest way to setup a facility where users can just open an app or something which will automatically have shortcuts to the various drives/resources and also which would allow users to run sims without installing it locally.

    I've only just started looking into this but I was wondering RemoteApp would do what I need?

    Thanks
    hi @IT_Man_Dan

    sounds like that may be us then

    Thank you very much for joining us.

    There are a couple of ways you can do this using our Fortinet solution.

    Either you can create them a script which will automatically map them the drives once they are connected to the VPN (via IPSEC or SSL) or I think you can use the Fortinets SSL web portal. This will give your end users a simple button via a web front end to be able to map drives. I'd suggest you call your account manager and he'll setup a call with one of our technical consultants for you who can find the best solution in combination with our products as this certainly isn't anything unique.

    Thanks again and we're looking forward to work with you

    David

  9. #9
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    849
    Thank Post
    99
    Thanked 196 Times in 160 Posts
    Rep Power
    69
    I'm glad David has chipped in.

    I'd suggest his second option is the best way forward. You can tie your fortinet into AD and allow access to your SSL web portal. I believe you can create different portal pages for different security groups if you want. You can customize the portal, and create a series of bookmarks. These could be links to shares on your network, intranet sites or RDP servers for example.

    I'd be cautious about external sims access though personally. I'd probably only allow the very well trained and most security conscious staff access to that particular service.

  10. #10

    Join Date
    Apr 2012
    Location
    Leeds
    Posts
    312
    Thank Post
    0
    Thanked 68 Times in 54 Posts
    Rep Power
    37
    Quote Originally Posted by IrritableTech View Post
    I'm glad David has chipped in.

    I'd suggest his second option is the best way forward. You can tie your fortinet into AD and allow access to your SSL web portal. I believe you can create different portal pages for different security groups if you want. You can customize the portal, and create a series of bookmarks. These could be links to shares on your network, intranet sites or RDP servers for example.

    I'd be cautious about external sims access though personally. I'd probably only allow the very well trained and most security conscious staff access to that particular service.
    No problem @IrritableTech, for sims access I'd recommend using a Fortitoken which will do you your 2 factor authentication. The Fortinet can then only allow access to certain Windows AD users those with the token too.

    Dave

  11. #11
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    849
    Thank Post
    99
    Thanked 196 Times in 160 Posts
    Rep Power
    69
    Quote Originally Posted by SchoolsBroadband View Post
    No problem @IrritableTech, for sims access I'd recommend using a Fortitoken which will do you your 2 factor authentication. The Fortinet can then only allow access to certain Windows AD users those with the token too.
    Indeed that would add an additional safeguard, however my worry was more with the way sims works, and how data can be easily extracted in one fell swoop once past the fortinet. Being able to run a report, from home (airport, starbucks...) which can extract all personal and sensitive data about students and staff past and present into a handy csv file worries me.

    The connection may be safe, but the device once that data has passed over the connection, may not be. A user training issue rather than a technical one generally.

  12. #12

    Join Date
    Feb 2012
    Location
    West Midlands
    Posts
    46
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    7
    Congratulations on making the leap!

    Have you considered just using remote desktop to a dedicated server?
    All users can then access most of your usual network software as well as shared areas/printers the lot. You can use a 2 factor plugin if need be.
    RDP is generally lighter and more responsive than copying whole files up and down a VPN link. It also doesnt matter if they are using a virus riddled device.
    Im pretty sure you will require separate VPN licenses from fortinet above the one or two built in.

    As a web based/webdav file manager I use http commander and cook it into OWA so essentially SSO.

    Hope this helps :-)

  13. #13

    Join Date
    Apr 2012
    Location
    Leeds
    Posts
    312
    Thank Post
    0
    Thanked 68 Times in 54 Posts
    Rep Power
    37
    Quote Originally Posted by Synkrox View Post
    Congratulations on making the leap!

    Have you considered just using remote desktop to a dedicated server?
    All users can then access most of your usual network software as well as shared areas/printers the lot. You can use a 2 factor plugin if need be.
    RDP is generally lighter and more responsive than copying whole files up and down a VPN link. It also doesnt matter if they are using a virus riddled device.
    Im pretty sure you will require separate VPN licenses from fortinet above the one or two built in.

    As a web based/webdav file manager I use http commander and cook it into OWA so essentially SSO.

    Hope this helps :-)
    Fear not Fortinet and Schools Broadband give you unlimited VPN licenses included in our normal annual charge

  14. #14
    Jasbo's Avatar
    Join Date
    Mar 2014
    Location
    West Sussex
    Posts
    152
    Thank Post
    12
    Thanked 20 Times in 20 Posts
    Rep Power
    5
    @exa_mark

    What west sussex based company is this?

  15. #15
    rob_coles's Avatar
    Join Date
    Mar 2007
    Location
    Hull
    Posts
    114
    Thank Post
    16
    Thanked 16 Times in 12 Posts
    Rep Power
    18
    We use RDP with sms pass code for 2 form auth for staff and moodle smb for students.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 11
    Last Post: 6th March 2014, 09:51 PM
  2. [SIMS] CommandReporter script to export all staff and students
    By dunc in forum MIS Systems
    Replies: 3
    Last Post: 24th April 2013, 11:30 AM
  3. Deny Student access to Staff intranet
    By kamikaze in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 20th January 2010, 12:31 PM
  4. Remote access for staff and students
    By ITWombat in forum How do you do....it?
    Replies: 11
    Last Post: 14th December 2009, 11:33 AM
  5. Offsite access to school's MIS for staff - reimbuse costs?
    By cheredenine in forum General Chat
    Replies: 30
    Last Post: 4th June 2009, 03:59 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •