That is a reasonable short-term solution as the users already use TS for the LOB app. But I keep thinking there's a better way to manage the whole thing...
Our experience with TS/Citrix-type solutions is that for some reason the users can't quite grasp the entire remote machine concept. They just want to be able to work on "their" computer. In the mid-to-large company space, this isn't as big a problem, but in the small (10-50 users) space, it's been an issue for us. I think we're probably going to have to have a serious discussion with client management about the global options, but I'd sure like to be aware of all the good ones that are out there... *********************** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *********************** -----Original Message----- From: Kramer, Jack [mailto:jack.kra...@cabs.msu.edu] Sent: Tuesday, July 24, 2012 6:38 AM To: NT System Admin Issues Subject: Re: Looking for options... Mobile workforce and central resources Honestly, it really does sound like either a Citrix solution (XenApp?) or a VDI solution would be your best bet for application access. (I'm partial to VMware View, but I also have a substantial VMware investment already.) Combine with a tool for remote account unlocks and password resets (we use Scriptlogic's Desktop Authority Password Self-Service) and that helps solve the password expiration problem-lots of advanced warning and a self-service HTTPS portal with security questions for credential management. I'd say go that route and manage it as a BYOD environment rather than trying to get credentials onto the remote machines. ---- Jack Kramer Manager of Information Technology Communications and Brand Strategy Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Charlie Kaiser <charl...@golden-eagle.org> Reply-To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> Date: Monday, July 23, 2012 9:33 PM To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> Subject: Looking for options... Mobile workforce and central resources We're looking for some options for a client with what is to us a new set of challenges and requirements that will no doubt become more prevalent with other clients over the next year or so. Client is a business with around 75 users. Client business is real-estate related, so most data is somewhat sensitive but not secret or regulated. Client management allows/encourages/requires remote work. Over half the workforce is on laptops. Most users have either Android or iphone mobile devices for email. AD domain, file server, LOB app (on 2 RDP servers) and Exchange 2010 are hosted with small hosting company. Main office has a DC locally, VPN'd to hosting site. Email is accessed via Outlook Anywhere. Remote users are on laptops (XP and W7, a few Macs) that are not domain-joined. Most of them never see the office. As you can imagine, the combination of local user accounts, domain creds, and a LOB app that is not LDAP-aware makes identity management a PITA. This has been in place for about 6 months now (we just inherited it recently) and today all the passwords expired. Let's just say our help desk phone is a puddle of molten plastic... I'm figuring there must be a way to make it easier to manage the remote user credentials stuff without implementing a fire-up-on-demand VPN. I've taken a very brief look at DirectAccess, and while it looks like it does a lot of what I'm envisioning, the requirements for 2008R2 and W7 could make this a showstopper or at least a major hurdle for this or other clients. I know I'm not the only one out there with clients in this configuration. In the past, I'd have said VPN, domain joined, etc. or everything through RDP. But I'm thinking there's got to be other solutions. Anyone doing anything like this? What's working for you? What's NOT? Thanks... *********************** Charlie Kaiser charl...@golden-eagle.org Kingman, AZ *********************** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ <http://lyris.sunbelt-software.com/read/my_forums/> or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin