Bummer
From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Friday, May 01, 2009 11:53 AM To: NT System Admin Issues Subject: RE: Remote access options Yeah, I was kinda bummed when I dug into it and found out. At least TS CALs aret too expensiv You dont need a TS CAL to remote directly into a workstation, but you do if you go through a TS Gateway. From Licensing Windows Server 2008 Terminal Services.do @ http://download.microsoft.com/download/6/9/5/695ba00d-c790-4c90-813a-f10539d97991/Licensing%20Windows%20Server%202008%20Terminal%20Services.doc (http://tinyurl.com/64ykh7) Do I need a TS CAL if I am not running a multiuser environment but use functionality in Terminal Servicfor example, Terminal Services Gateway? Yes. A TS CAL is required for the use of any functionality included in the Terminal Services role in Windows Server. For example, if you are using TS Gateway and/or TS Web Access to provide access to a Windows Client operating system on an individual PC, both a TS CAL and Windows Server CAL are required. RS From: Jim Dandy [mailto:jda...@asmail.ucdavis.edu] Sent: Friday, May 01, 2009 2:25 PM To: NT System Admin Issues Subject: RE: Remote access options Are you sure each TS Gateway user or device requires a TS CA I thought you only needed a CAL if you were going into a TS and that remote desktop connections to desktop computers were free. Curt From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Thursday, April 30, 2009 12:51 PM To: NT System Admin Issues Subject: RE: Remote access options Its really easy to set up and works quite well in my experience. There are only a couple of potential gotchas that I found. 1) Each TS Gateway user or device requires a TS CAL. 2) Wildcard certs work fine, but you need to have XP SPs RDP client on XP, or Service Pack 1 on Vista I dont think you can download the Vista SP1 RDP client by itself. From: Tom Miller [mailto:tmil...@hnncsb.org] Sent: Thursday, April 30, 2009 3:39 PM To: NT System Admin Issues Subject: Re: Remote access options TS 2008, Gateway Role, is over SSL only. I set up a nat on my firewall and https only to the gateway server and that's all you need to do (other than configuring the Gateway role, getting a certificate for the farm, blah blah blah.........) >>> Jeff Brown <2jbr...@gmail.com> 4/30/2009 1:29 PM >>> Our firewall allows for a relatively simple ssl connection, which then grants access to a TS server. Very simple to deploy and use, and (I think) more secure than a hole straight through to a TS server on network or DMZ. On Thu, Apr 30, 2009 at 11:37 AM, Tom Miller <tmil...@hnncsb.org> wrote: Terminal Server 2008 has the Gateway role for external users. Still clunky compared to Citrix, but much less costly. I have a Citrix farm for external users, and starting to use Terminal Server for internal users. I'd go 100% Citrix if it were not so ridiculously expensive. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528 >>> "Erik Goldoff" <egold...@gmail.com> 4/30/2009 12:23 PM >>> You *could* try a quick rollout of Terminal Server, temporary licenses are good for 90 days ( still true I think ) Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 12:17 PM To: NT System Admin Issues Subject: RE: Remote access options Thats more the waym leaning as well, dont want to put more processing load than necessary on the firewall. But, push come to shove, if they demand something within a day or two, VPN would have to be used, as I dot have the web stuff for Citrix, or an Access Gateway setup. Joe Heaton Employment Training Panel From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, April 30, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Remote access options my choice to connect a disparate collection of nonstandard home users from their own equipment would be Terminal Server / Citrix , *should* keep your interior network more secure than a VPN tunnel. And not being familiar with your firewall or quantities of tunnels needed, performance may be an issue. If you have large numbers of 3DES or better encrypted tunnels ( large relating to the capabilities of your firewall ) then you could overwhelm the firewall processor and buffers, impacting overall performance and reliability of network connections. RDP/ICA is simply traffic the firewall will process, and not spend time encrypting/decrypting with whatever VPN encryption engine it has Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Thursday, April 30, 2009 11:40 AM To: NT System Admin Issues Subject: Remote access options With thepandemi, ve been tasked with coming up with a plan for remote access, in order to keep the business running, in case of having to have people stay home. So, with that, ve decided to ask you guys what youre using/doing, for teleworking. A couple of options I thought of off the top of my head: 1) VPN simple, gives the user a good desktop experience. Slow, at least slower than working from your desk. 2) Citrix same as above, can publish specific apps, or entire desktop if needed. Low bandwidth requirements. I listed those two, as our firewall has built-in VPN capabilities, which we are currently using, and therefore would be the quickest option to implement. We also have Citrix already, although only a single server, running PS 4.0. I know Id want to implement an Access Gateway, etc with the Citrix option. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov <pr <pr <pr <pr Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. <pre Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~