Wireless Networks Thread, Terminal Services over Internet? in Technical; We've got a few outcentres that need access to our MIS system for taking enrolments etc. At the moment we've ...
8th January 2009, 10:21 AM #1
Terminal Services over Internet?
We've got a few outcentres that need access to our MIS system for taking enrolments etc. At the moment we've had VPN connections in at those centres which meant...
IPCop firewall PC
Domained PC for VPN
Which is obviously a fair bit of kit and setup.
What I was thinking of doing was setting up a virtual server with the MIS app on and making it accessible via remote desktop over the web. Could cut the config down and just require an Internet connected PC but I'm not sure about the security implications?
Has anyone done this and what tips would you give?
8th January 2009, 10:30 AM #2
- Rep Power
We have a computer running SIMS.net that a couple of senior members of staff can access from home using a simple Remote Desktop session.
They're responsible and understand the security implications completely always ensuring to log out and not give information out at all that may compromise the system.
8th January 2009, 10:38 AM #3
What operating system are you using? I ask because Windows 2008 has a nice little Remote Apps over web service that sounds like it would be perfect for what you're trying. Sets up a web page with icons for programs which can be run, then acts as though they're being run natively on the client PC, depending on how you've set it up.
8th January 2009, 10:39 AM #4
Check this out SIMS Remote Access [Bishop Barrington IT Wiki]
We have since updated a couple of items but in principle this works great and 128 Bit encryption for security.
All our Teaching Staff are using it to do certain tasks in Sims.net.
8th January 2009, 10:41 AM #5
As long as your endpoint computers are secure with propper AV + malware protection and you are using something like server 2008 SSL VPNs for the remote app traffic this should be secure enough depending on your passwords.
Personally I would not trust raw RDP traffic, the encryption is better in teh newer versions but I would still be securing it with some extra form of encryption if it was me.
Out of interest why the need for a domain machine at the remote site, you can still use VPN without the station being domain joined. Using RDP from your new virtual server over the existing VPN infrastructure could be your easiest solution.
8th January 2009, 11:19 AM #6
The MIS app in question needs an ODBC connection to get to the SQL data, which relies on Windows Authentication so without logging in as domain user it probably wouldn't work. It's been set up that way for longer than I've been here so guess that was the reason.
The Server 2008 remote app does sound nice but until I get my Hyper-V server running I haven't got any 2k8-compatible hardware to run it on (stupid SuperMicro servers ) Had to buy add-on cards for NIC and SCSI to get this Hyper-V box ready so fingers crossed it will do the trick.
With the Remote Apps is it only "well behaved" apps that will run? We don't use SIMS, it's an app made for Adult Education, as mentioned before needs the ODBC connection and some other bits and bobs set up for it to work.
If we still need the VPN to connect over it probably won't make much difference as the problem is with the cost of the extra Internet lines and need for firewall box to protect it as well.
Out of interest what speeds does a VPN need to run well? We've got these Griffin Copperstream lines at the moment thta are 512kb up and down, which is mega slow... could we just use a normal ADSL line with slower upload speeds? I've disabled roaming profiles on the VPN machines via Group Policy to try and speed things up as logon times were shocking before
8th January 2009, 01:03 PM #7
Here is a MS paper on TS scaeling which should give you an idea:
The bandwidth usage is minimal though around 20k per session depending on how complicated the screen is, less under 2008 server due to better compression.
8th January 2009, 02:35 PM #8
How about VPN, particularly upload, is it quite heavy on the connection?
8th January 2009, 02:43 PM #9
VPN is just encryption on the traffic that you are sending/reciving, depending on the data it can add probably 5-10% onto the amount of data transmitted in either direction but this also depends on the type of VPN in use.
If you mean RDP its upload footprint is less as there is just mouse and keyboard input to redirect usually.
8th January 2009, 04:47 PM #10
In that case I guess the faster download the better as far as login goes. The MIS app probably is sending data both ways but I think the BT Total Broadband connection we're looking at should beat 512kb up\down in worst case scenario anyway
8th January 2009, 06:12 PM #11
- Rep Power
My understanding was that up until server 2k8, TS encyrption is fairly flawed
8th January 2009, 08:18 PM #12
it all depends on the client encryption, but it is better than no encryption and as i don't have the money to build a VPN server plus licenses for the staff RDP via terminal services will suffice until I get sims web parts next budget and then I will have SSL through normal browser (better still).
8th January 2009, 10:50 PM #13
- Rep Power
We've got RDP port forwarding over SSH.
9th January 2009, 09:42 PM #14
I've done this as well (to connect to machines at home) - easy to set up and quite secure. Worth checking out.
Originally Posted by kylewilliamson
By Tiger in forum MIS Systems
Last Post: 23rd April 2008, 10:33 PM
By HodgeHi in forum Windows
Last Post: 6th March 2008, 11:00 AM
By tarquel in forum Windows
Last Post: 10th January 2008, 03:24 PM
By wesleyw in forum Thin Client and Virtual Machines
Last Post: 30th June 2006, 12:34 PM
Last Post: 1st June 2006, 10:37 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)