MIS Systems Thread, SIMS From Home running on a TS, setup help needed. in Technical; We have recently just got our VPN connection working and i want to look into letting staff run sims from ...
21st January 2010, 10:33 AM #1
SIMS From Home running on a TS, setup help needed.
We have recently just got our VPN connection working and i want to look into letting staff run sims from home. Ive decided the best way would be to RDP into the school from their laptops at home and runs sims that way.
Therefore im going to look into setting up a Terminal Server for staff to log onto as a default user and run sims and office apps only. Ive never done this before so firstly i was thinking about running it on our SIMS server seeing as nothing runs on it during the evening as everyone is at home.
The spec of the server is; 2x 2ghz Xeon CPU with 4 gig of RAM
Would this be sufficient and if so for how many concurrent connections do you think? It is x86 OS so if it would need more ram that would be a stumbling block.
Ive also heard someone mention load balancing? i could do with some pointing in the right direction on how to do that and what needs to be done.
And anything else i should be made aware of?
IDG Tech News
21st January 2010, 10:37 AM #2
Would recommend you don't go down the route of "default user" as you're in effect asking for it, especially if an enterprising student fires an rdp session internally plus if staff start saving stuff in Office it'll be confusing for them to then find it later.
Set the TS up with a separate TS Profile etc so it doesn't interfere with your normal activities.
How many users are you looking to cater for concurrently?
And I would seriously suggest you do not use your SIMS server for this.
21st January 2010, 10:48 AM #3
when i say default user i meant log on the TS with those credentials but then obviously log into sims with their own account as i thought id read other schools using that method although the issue of saving documents would be worth thinking about.
We have roughly 120 members of staff so we'd want to cater for that (although im not sure about the limitations of our VPN as it wasnt setup by us)
And if we didnt use our SIMS server is there a rough spec you think we'd need as it might mean a completely new server in that case?
21st January 2010, 11:06 AM #4
Build TS as member server in its own OU and then using loopback GPO it will be able to use AD for usernames and passwords and you can lock it down with your own GPO on that OU.
We have 128b encryption and no allowing users to map drives or printers. When users login in we have a script which automatically runs Pulsar.exe and just pulls up the Sims login where the Staff just login in using their Sims credentials.
Has been working really well and is very quick even with low spec staff computers/laptops.
This is realised from a link on our website that requires a secure key which only the staff have and this then allows them to download the icon which is used to gain access to the TS login. 3 passwords and 128bit encryption no mapped drives or printers, AUP and all works well.
Capita have it documented somewhere on their website about remote access and how it should be set up using VPN. If I find it in the meantime will post on here.
21st January 2010, 11:08 AM #5
I would strongly suggest you have them use their 'own' account to log onto the system. Another reason I guess would be the 'default' user would need access to the sims drive which again if a student landed on there would ring alarm bells for me.
There's a good thread here started by dhicks talking about speccing up terminal servers with various opinions from different people but you will not get 120 concurrent people on that single server especially (and I really wouldn't do this) if it's the SIMS server.
21st January 2010, 11:12 AM #6
Found it please see attatched:
2 Thanks to bossman:
cookie_monster (21st January 2010), farquea (21st January 2010)
21st January 2010, 11:17 AM #7
Originally Posted by bossman
We use Citrix Secure Gateway which uses 128Bit SSL, that should be an acceptable alternative to a VPN shouldn't it?
21st January 2010, 11:19 AM #8
No need. Have the user log in to Terminal Services with their standard Active Directory acount details, then set their SIMS account up to trust their AD account, automatically logging them in when SIMS starts. You can set up an RDP client shortcut that automatically starts the SIMS application after logon, and if you are using Server 2008 on your TS server you can set up application publishing and make SIMS look as though is running locally, so as far as the user is concerned they click on the "SIMS" shortcut, they type in their normal username and password, SIMS starts, done. This, by the way, is what Capita mean when they say "SIMS autheticates against Active Directory" or "SIMS does single sign on with Active Directory" - they actually mean the SIMS client reads the Windows USER variable and hopes for the best.
Originally Posted by farquea
This has been discussed before:
SIMS under terminal services
Hopefully that thread summarises enough of what you need to know to get SIMS working under Terminal Services.
How many simultanious users? You will need a TS server separate to your SIMS server. Handily, we've just been discussing this, too:
We have roughly 120 members of staff so we'd want to cater for that
Hardware requirements for Terminal Server
I'm guessing something like a Dell 610 with two 2GHz Xeon E5504 quad-core processors and 24GB of 1333MHz UDIMM RAM should manage maybe 30 to 50 simultanious users. That's around £1,500 before VAT and with just a basic, single disk - I figure your storage will be somewhere else on the network. I'm not particularly recommending you buy a machine off Dell, their hardware is fine but trying to get specific answers about it out of their sales people can be tricky, but their website is handy for getting a rough price for hardware.
Seemingly 64 bit Windows offers (maybe considerably) better performance for Terminal Services, allowing you to support more users on the same hardware, but check that SIMS can run under 64 bit first (I know it couldn't last time I tried, but that was a little while ago). I am only going from information given in that other thread, though, I have no direct experience with supporting larger numbers of TS users. Our current TS server is supporting maybe 10 simultanious connections for SIMS and QuickBooks with no problems at all, and that's a 2.4GHz dual-core Core2 6600 with 2GB of RAM running 32-bit Windows Server 2003, purchased as parts from eBay.
Quick edit: Took a while to type that post, missed Bossman's comments above - he seems to have more direct experience using SIMS over an actual VPN, I'm currently just using SIMS over local RDP (have to get someone to cough up £2,000 for SmoothWall with VPN access).
Last edited by dhicks; 21st January 2010 at 11:23 AM.
Thanks to dhicks from:
bossman (21st January 2010)
21st January 2010, 11:25 AM #9
Good post my friend couldn't have put it better myself.
Just a footnote to say that you can virtualise as we have done which works well also if you have the setup already in place.
21st January 2010, 11:26 AM #10
The RemoteWorking.pdf document is a bit out of date. The section on iis security must be refering to iis5 rather than iis6 which has suffered only a small number of flaws since release certainly nothing near a monthly basis.
21st January 2010, 11:30 AM #11
Aye it is out of date by a few years (Just downloaded from their site a few minutes ago) but it does give the bare security essentials which are the nucleus for which way you could go.
I think it is Capitas way of protecting themselves from a barrage of legislation which would bite them on the preverbial if they did not give advice on the matter.
I think the crux is on security and the stronger you can make it the better obviously
21st January 2010, 11:33 AM #12
Originally Posted by bossman
Yes i can see where they're coming from, it could do with a refresh though.
21st January 2010, 11:34 AM #13
- Rep Power
Why not use remote app? That way users just click the Sims shortcut and it will run the Sims app and not the desktop. Stops you having to bugger about with locking the server start menus, desktops etc down.
We have our Sims setup so that it will logon using the users credentials. Makes life so much easier and I don't have quite so many teachers doing dumb things like writing their username and password down on a piece of paper and leaving it on their desk.
Thanks to davebanton from:
superfletch (9th March 2010)
9th March 2010, 11:52 PM #14
I had a good mess around with SIMS and TS Remote App not so long ago, I didn't have long to play with it, but it seems like a really nice way to go to me. On the basis of a few days messing around I'd say it is temping to make all connections to SIMS run that way, (at least until it becomes a natively web based app).
10th March 2010, 04:08 PM #15
- Rep Power
we are trying to run Sims from a Windows Server 2008 box using RemoteApps, however when users click on the icon they get an error saying "Fault Code 3441-8525-2000" and incorrect s:\sims\connect.ini file: system.exception.
Other apps such as Office 12 are working fine.
Can anyone help?
By brookesandrew in forum *nix
Last Post: 4th January 2010, 11:17 AM
By actech in forum Windows
Last Post: 16th December 2008, 12:25 AM
By netadmin in forum Wireless Networks
Last Post: 21st May 2008, 03:43 PM
By burgemaster in forum Windows
Last Post: 21st February 2008, 01:43 PM
By augustm in forum Windows
Last Post: 30th November 2007, 12:43 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)