jump server (terminal server each site) and RDP over site-to-site VPN connections would be a solution.
if it is too much to have site-to-site VPN, then have a jump server with VPN client on the customer site, so that the customer can initiate the connection back to you when needed. Even in this case, I'd still have a jump server on my end. Rami On Mon, May 2, 2016 at 3:01 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > All, > > $Company has a set of support engineers whose job it is to connect > with customer sites which run our product. There are over 50 of these > customer sites, and of course we hope to get more. > > Our systems at the customer sites are not normally the customers' main > set of IT resources, but are usually critical to their operations, so > their IT staffs have their own opinions on how to grant access for us > to their environments. > > Therefore, each site has different requirements for remote access, > having a multitude of different VPN units (Sonicwall, Juniper, Cisco, > etc.) and requirements for different brands of Antivirus installation, > and whether or not split tunneling is allowed, etc. > > Currently our support engineers are using 3 desktop machines with > varied OSes, and using a set of VMs running in VMware player, but not > nearly enough of them, so that there are frequent conflicts in the > configurations of the VMs, what with different versions of VPN and AV > software. > > I expect normally no more than 4 or 5 VMs to be in use at a time - and > usually only 1 or 2. > > My thought currently is to have a set of VMs (one per customer) on a > small cluster in a DMZ - our support engineers would be able to access > the host, start the required VM, and be on their way. > > My solution starts to run into conceptual problems, however, when I > think about how to power down VMs that aren't in use, and also how to > wake up VMs periodically so that they keep patches and antivirus > updates. Are there products our there for a given platform that will > detect VMs not in use and shut them down, and that will also wake > those not running, to let them get patches and AV updates, then shut > them down? I'm platform agnostic - we run both VMware (production) and > Hyper-V (DMZ) here, and I don't care which one I implement. > > Of course, whatever solution is proposed should detect machines in > use, and not shut them down. > > Thoughts, input, suggestions? > > Thanks, > > Kurt > > >
