+ Post New Thread
Results 1 to 14 of 14
Wireless Networks Thread, Terminal Services over Internet? in Technical; We've got a few outcentres that need access to our MIS system for taking enrolments etc. At the moment we've ...
  1. #1
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,662
    Thank Post
    166
    Thanked 220 Times in 203 Posts
    Rep Power
    67

    Terminal Services over Internet?

    We've got a few outcentres that need access to our MIS system for taking enrolments etc. At the moment we've had VPN connections in at those centres which meant...

    ADSL line
    IPCop firewall PC
    Small switch
    Domained PC for VPN

    Which is obviously a fair bit of kit and setup.

    What I was thinking of doing was setting up a virtual server with the MIS app on and making it accessible via remote desktop over the web. Could cut the config down and just require an Internet connected PC but I'm not sure about the security implications?

    Has anyone done this and what tips would you give?

    Thanks

  2. #2
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,639
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    22
    We have a computer running SIMS.net that a couple of senior members of staff can access from home using a simple Remote Desktop session.

    They're responsible and understand the security implications completely always ensuring to log out and not give information out at all that may compromise the system.

  3. #3

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    113
    What operating system are you using? I ask because Windows 2008 has a nice little Remote Apps over web service that sounds like it would be perfect for what you're trying. Sets up a web page with icons for programs which can be run, then acts as though they're being run natively on the client PC, depending on how you've set it up.

  4. #4

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,942
    Thank Post
    1,199
    Thanked 1,069 Times in 760 Posts
    Rep Power
    330
    @gshaw:
    Check this out SIMS Remote Access [Bishop Barrington IT Wiki]

    We have since updated a couple of items but in principle this works great and 128 Bit encryption for security.
    All our Teaching Staff are using it to do certain tasks in Sims.net.

  5. #5

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,223
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    As long as your endpoint computers are secure with propper AV + malware protection and you are using something like server 2008 SSL VPNs for the remote app traffic this should be secure enough depending on your passwords.

    Personally I would not trust raw RDP traffic, the encryption is better in teh newer versions but I would still be securing it with some extra form of encryption if it was me.

    Out of interest why the need for a domain machine at the remote site, you can still use VPN without the station being domain joined. Using RDP from your new virtual server over the existing VPN infrastructure could be your easiest solution.

  6. #6
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,662
    Thank Post
    166
    Thanked 220 Times in 203 Posts
    Rep Power
    67
    The MIS app in question needs an ODBC connection to get to the SQL data, which relies on Windows Authentication so without logging in as domain user it probably wouldn't work. It's been set up that way for longer than I've been here so guess that was the reason.

    The Server 2008 remote app does sound nice but until I get my Hyper-V server running I haven't got any 2k8-compatible hardware to run it on (stupid SuperMicro servers ) Had to buy add-on cards for NIC and SCSI to get this Hyper-V box ready so fingers crossed it will do the trick.

    With the Remote Apps is it only "well behaved" apps that will run? We don't use SIMS, it's an app made for Adult Education, as mentioned before needs the ODBC connection and some other bits and bobs set up for it to work.

    If we still need the VPN to connect over it probably won't make much difference as the problem is with the cost of the extra Internet lines and need for firewall box to protect it as well.

    Out of interest what speeds does a VPN need to run well? We've got these Griffin Copperstream lines at the moment thta are 512kb up and down, which is mega slow... could we just use a normal ADSL line with slower upload speeds? I've disabled roaming profiles on the VPN machines via Group Policy to try and speed things up as logon times were shocking before

  7. #7

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,223
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    Here is a MS paper on TS scaeling which should give you an idea:
    http://www.microsoft.com/windowsserv...tsscaling.mspx

    The bandwidth usage is minimal though around 20k per session depending on how complicated the screen is, less under 2008 server due to better compression.

  8. #8
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,662
    Thank Post
    166
    Thanked 220 Times in 203 Posts
    Rep Power
    67
    How about VPN, particularly upload, is it quite heavy on the connection?

  9. #9

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,223
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    VPN is just encryption on the traffic that you are sending/reciving, depending on the data it can add probably 5-10% onto the amount of data transmitted in either direction but this also depends on the type of VPN in use.

    If you mean RDP its upload footprint is less as there is just mouse and keyboard input to redirect usually.

  10. #10
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,662
    Thank Post
    166
    Thanked 220 Times in 203 Posts
    Rep Power
    67
    In that case I guess the faster download the better as far as login goes. The MIS app probably is sending data both ways but I think the BT Total Broadband connection we're looking at should beat 512kb up\down in worst case scenario anyway

  11. #11

    Join Date
    Jan 2007
    Posts
    424
    Thank Post
    7
    Thanked 32 Times in 27 Posts
    Rep Power
    21
    My understanding was that up until server 2k8, TS encyrption is fairly flawed

  12. #12

    bossman's Avatar
    Join Date
    Nov 2005
    Location
    England
    Posts
    3,942
    Thank Post
    1,199
    Thanked 1,069 Times in 760 Posts
    Rep Power
    330
    @kylewilliamson:
    it all depends on the client encryption, but it is better than no encryption and as i don't have the money to build a VPN server plus licenses for the staff RDP via terminal services will suffice until I get sims web parts next budget and then I will have SSL through normal browser (better still).

  13. #13

    Join Date
    Jan 2007
    Posts
    424
    Thank Post
    7
    Thanked 32 Times in 27 Posts
    Rep Power
    21
    We've got RDP port forwarding over SSH.

  14. #14
    fiendishlyclever's Avatar
    Join Date
    Oct 2008
    Location
    Nottingham
    Posts
    173
    Thank Post
    27
    Thanked 28 Times in 25 Posts
    Rep Power
    17
    Quote Originally Posted by kylewilliamson View Post
    We've got RDP port forwarding over SSH.
    I've done this as well (to connect to machines at home) - easy to set up and quite secure. Worth checking out.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 8
    Last Post: 23rd April 2008, 10:33 PM
  2. Terminal Services
    By HodgeHi in forum Windows
    Replies: 0
    Last Post: 6th March 2008, 11:00 AM
  3. Replies: 8
    Last Post: 10th January 2008, 03:24 PM
  4. Terminal Services
    By wesleyw in forum Thin Client and Virtual Machines
    Replies: 2
    Last Post: 30th June 2006, 12:34 PM
  5. Terminal Services
    By faza in forum Windows
    Replies: 15
    Last Post: 1st June 2006, 10:37 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •