Ben Scott wrote: > > Define "access his office network". > > After all, it's unlikely your client actually cares about his office > network, per se. What he really wants is probably something like > "open these Excel spreadsheets and Word docs", or "do QuickBooks data > entry" or similar things. > > I'm not just being pedantic. The nature of the end goal is > critically important to finding the *right* remote access solution. > Sad experience has taught me that VPNs are quite often the wrong (or > at least incomplete) solution.
Exactly the response I needed, thanks. > That being said, I find OpenVPN does really, really well. It's > really easy to install. Define "really easy." Is that "really easy" for Ben Scott or "really easy" for mere mortals? <g,d&r> > Dealing with X.509 certificates, especially for a CA-based PKI, is > something of a pain, but I understand there are "turn-key Certificate > Authority" packages out there these days that make it a lot easier. Hmmm... interesting acronyms. I bet they mean something. Ref "really easy" up above. > One thing you'll want to know is that SMB is pretty bad over high > latency links, and certain parts of Windows Explorer and Microsoft > Office absolutely *SUCK* over high latency links. Right. SMB is pretty chatty and intended to be non-routable and contained on the LAN. One client with megabit-class DSL using their megabit-class DSL connection *might* be okay, but you know the client will then take this on the road on a notebook and want it to work over some shared wireless at a hotel, or dial-up. Perhaps RDP tunneled over the VPN would be a good choice. It just requires a bit more customer education about what he's seeing on his screen and "where" his documents are when he's working on them. > "High latency" > basically means "anything not LAN". This typically shows up as > symptoms like "Opening a small Excel spreadsheet over the VPN takes > ten minutes for no good reason". I've been dealing with this at work > myself, and haven't found much in the way of a good solution so far. We do a fair amount of remote support of Windows applications with clients using everything from PC Anywhere to Cisco VPNs to VNC tunnelled over SSH. A lot of the solutions are too arcane to expect a non-techie customer to feel comfortable with them. But "click the icon named VPN and then the one labeled Remote Desktop" sound about right. The other issue is security of their Windows network. Yes, that's a funny concept. But, as I've explained to clients who want me to VPN into their network, when you VPN, it is just as if you plugged your remote machine directly into their network, and every nasty thing running around the inside of their network can now have at my machine, just as if I plugged it in and forgot to turn on the firewalls and other protection. A screen-scraper doesn't have these problems; it leaves the network worms on the network. -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/