The issue is not the multiplicity of our devices at the customers - it's the multiplicity of gaining access to their environments. Once we're in, there isn't usually a problem (AFAIK) dealing with our equipment - it's just the damnable profusion of perimeter requirements that we have to navigate.
Kurt On Mon, May 2, 2016 at 3:18 PM, Wolf, Daniel <da.w...@neopost.com> wrote: > Get a Bomgar and setup jump clients on each customer device. You can think of > it like VNC over HTTPS. The client maintains a small connection back to you > 24/7 so you can then jump to the device with a full session whenever you > want. No firewall changes or VPN needed. > > We used to do what you do, and trust me you're wasting your time. > > -----Original Message----- > From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] > On Behalf Of Kurt Buff > Sent: Monday, May 2, 2016 5:02 PM > To: ntsysadm <ntsys...@lists.myitforum.com> > Subject: [NTSysADM] Looking for some ideas > > All, > > $Company has a set of support engineers whose job it is to connect with > customer sites which run our product. There are over 50 of these customer > sites, and of course we hope to get more. > > Our systems at the customer sites are not normally the customers' main set of > IT resources, but are usually critical to their operations, so their IT > staffs have their own opinions on how to grant access for us to their > environments. > > Therefore, each site has different requirements for remote access, having a > multitude of different VPN units (Sonicwall, Juniper, Cisco, > etc.) and requirements for different brands of Antivirus installation, and > whether or not split tunneling is allowed, etc. > > Currently our support engineers are using 3 desktop machines with varied > OSes, and using a set of VMs running in VMware player, but not nearly enough > of them, so that there are frequent conflicts in the configurations of the > VMs, what with different versions of VPN and AV software. > > I expect normally no more than 4 or 5 VMs to be in use at a time - and > usually only 1 or 2. > > My thought currently is to have a set of VMs (one per customer) on a small > cluster in a DMZ - our support engineers would be able to access the host, > start the required VM, and be on their way. > > My solution starts to run into conceptual problems, however, when I think > about how to power down VMs that aren't in use, and also how to wake up VMs > periodically so that they keep patches and antivirus updates. Are there > products our there for a given platform that will detect VMs not in use and > shut them down, and that will also wake those not running, to let them get > patches and AV updates, then shut them down? I'm platform agnostic - we run > both VMware (production) and Hyper-V (DMZ) here, and I don't care which one I > implement. > > Of course, whatever solution is proposed should detect machines in use, and > not shut them down. > > Thoughts, input, suggestions? > > Thanks, > > Kurt > >