RE: RAS appliances
I'm pretty happy with my new Sonicwall SSL 2000 VPN appliance $2000.00. I chose it because I wanted to allow remote access to remote desktop hosts on my network without having to worry too much about the integrity of the remote user's machine. I disabled all the networking on the appliance and only allow RDP connections. Only the appliance actually contacts the Remote Desktop Host, and the user sees the proxy in ActiveX or Java. I can allow my accountants to access sensitive data since I can control copying and printing to the remote user's machine. I've only had it up for a month, and I only have 20 users, but so far so good. The users love it because they can use pretty much any computer and don't have to worry about lugging their own machine around just in case they might need access. Also there is no VPN software to install, run, or troubleshoot. Any browser from any platform that can handle Java or ActiveX will do. It will even run from a live Linux CD. (pclinuxos 2009) Set up was a little less than intuitive, but I had it running and validating user logins against AD in a few hours. Bill From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, April 17, 2009 4:36 AM To: NT System Admin Issues Subject: RAS appliances We're currently using a managed service for our remote access. We've no complaints except for the cost. It's used for doctors' offices and staff to connect; about 120 users at this time. I am looking into alternatives. Can someone tell me what they're using and how they like it? Thanks, Paul Chinnery Network Administrator Memorial Medical Center 231-845-2319 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RAS appliances
The TS Gateway feature of Server 2008 Terminal Services works well and is pretty easy to set up. You can also limit resource redirection via policy. Your users have to be running a native RDP client, however. Richard From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] Sent: Friday, April 17, 2009 4:13 PM To: NT System Admin Issues Subject: RE: RAS appliances m pretty happy with my new Sonicwall SSL 2000 VPN appliance $2000.00. I chose it because I wanted to allow remote access to remote desktop hosts on my network without having to worry too much about the integrity of the remote us�s machine. I disabled all the networking on the appliance and only allow RDP connections. Only the appliance actually contacts the Remote Desktop Host, and the user sees the proxy in ActiveX or Java. I can allow my accountants to access sensitive data since I can control copying and printing to the remote us�s machine. I���ve only had it up for a month, and I only have 20 users, but so far so good. The users love it because they can use pretty much any computer and d�t have to worry about lugging their own machine around just in case they might need access. Also there is no VPN software to install, run, or troubleshoot. Any browser from any platform that can handle Java or ActiveX will do. It will even run from a live Linux CD. (pclinuxos 2009) Set up was a little less than intuitive, but I had it running and validating user logins against AD in a few hours. Bill From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, April 17, 2009 4:36 AM To: NT System Admin Issues Subject: RAS appliances We're currently using a managed service for our remote access. We've no complaints except for the cost. It's used for doctors' offices and staff to connect; about 120 users at this time. I am looking into alternatives. Can someone tell me what they're using and how they like it? Thanks, Paul Chinnery Network Administrator Memorial Medical Center 231-845-2319 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: RAS appliances
How do you ensure the remote PC's are properly protected and not infected with some virii/malware/spyware that could infiltrate your network? On Fri, Apr 17, 2009 at 1:13 PM, Bill Songstad (WCUL) administra...@waleague.org wrote: I’m pretty happy with my new Sonicwall SSL 2000 VPN appliance $2000.00. I chose it because I wanted to allow remote access to remote desktop hosts on my network without having to worry too much about the integrity of the remote user’s machine. I disabled all the networking on the appliance and only allow RDP connections. Only the appliance actually contacts the Remote Desktop Host, and the user sees the proxy in ActiveX or Java. I can allow my accountants to access sensitive data since I can control copying and printing to the remote user’s machine. I’ve only had it up for a month, and I only have 20 users, but so far so good. The users love it because they can use pretty much any computer and don’t have to worry about lugging their own machine around just in case they might need access. Also there is no VPN software to install, run, or troubleshoot. Any browser from any platform that can handle Java or ActiveX will do. It will even run from a live Linux CD. (pclinuxos 2009) Set up was a little less than intuitive, but I had it running and validating user logins against AD in a few hours. *Bill * *From:* Chinnery, Paul [mailto:pa...@mmcwm.com] *Sent:* Friday, April 17, 2009 4:36 AM *To:* NT System Admin Issues *Subject:* RAS appliances We're currently using a managed service for our remote access. We've no complaints except for the cost. It's used for doctors' offices and staff to connect; about 120 users at this time. I am looking into alternatives. Can someone tell me what they're using and how they like it? Thanks, *Paul Chinnery* *Network Administrator* *Memorial Medical Center* *231-845-2319* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RAS appliances
We're doing the same thing with our Cisco ASA over web based SSL VPN for less than 1K. It's our poor man's terminal server. And we set the landing page on the ASA to publish links to other internal resources like Intranet, webmail, etc. Niles From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] Sent: Friday, April 17, 2009 3:13 PM To: NT System Admin Issues Subject: RE: RAS appliances I'm pretty happy with my new Sonicwall SSL 2000 VPN appliance $2000.00. I chose it because I wanted to allow remote access to remote desktop hosts on my network without having to worry too much about the integrity of the remote user's machine. I disabled all the networking on the appliance and only allow RDP connections. Only the appliance actually contacts the Remote Desktop Host, and the user sees the proxy in ActiveX or Java. I can allow my accountants to access sensitive data since I can control copying and printing to the remote user's machine. I've only had it up for a month, and I only have 20 users, but so far so good. The users love it because they can use pretty much any computer and don't have to worry about lugging their own machine around just in case they might need access. Also there is no VPN software to install, run, or troubleshoot. Any browser from any platform that can handle Java or ActiveX will do. It will even run from a live Linux CD. (pclinuxos 2009) Set up was a little less than intuitive, but I had it running and validating user logins against AD in a few hours. Bill From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, April 17, 2009 4:36 AM To: NT System Admin Issues Subject: RAS appliances We're currently using a managed service for our remote access. We've no complaints except for the cost. It's used for doctors' offices and staff to connect; about 120 users at this time. I am looking into alternatives. Can someone tell me what they're using and how they like it? Thanks, Paul Chinnery Network Administrator Memorial Medical Center 231-845-2319 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RAS appliances
Microsoft IAG (N Appliance) SSL VPN with ISA 2006 on it. Very configurable but does take a little reading to get it right. It does endpoint checks for a slew of possibilities that you decide upon like AV update/Scan minimums, Windows updates, etc... A little overkill for some but it works well for us. Oh, and it'll publish Sharepoint as well as several other apps. Not cheap but you get what you pay for. John W. Cook Systems Administrator Partnership For Strong Families 315 SE 2nd Ave Gainesville, Fl 32601 Office (352) 393-2741 x320 Cell (352) 215-6944 Fax (352) 393-2746 MCSE, MCTS, MCP+I,CompTIA A+, N+ From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, April 17, 2009 7:36 AM To: NT System Admin Issues Subject: RAS appliances We're currently using a managed service for our remote access. We've no complaints except for the cost. It's used for doctors' offices and staff to connect; about 120 users at this time. I am looking into alternatives. Can someone tell me what they're using and how they like it? Thanks, Paul Chinnery Network Administrator Memorial Medical Center 231-845-2319 CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RAS appliances
I'm at the mercy of the nerds at Sonicwall for the info since I don't have a big enough propeller to test it myself, but they assured me that since the remote client is connecting to a server page on the Sonicwall VPN device, and the Sonicwall is making a separate connection to the RDP host, no traffic actually connects the infected client to the secure RDP host. They said that it all falls apart if I enable any of the networking features on the Sonicwall VPN device, but as long as I only run the RDP client, it works like a proxy that blocks any pass-through traffic. I'd be grateful if anyone knew how to test their assertion. Bill From: Don Ely [mailto:don@gmail.com] Sent: Friday, April 17, 2009 1:20 PM To: NT System Admin Issues Subject: Re: RAS appliances How do you ensure the remote PC's are properly protected and not infected with some virii/malware/spyware that could infiltrate your network? On Fri, Apr 17, 2009 at 1:13 PM, Bill Songstad (WCUL) administra...@waleague.org wrote: I'm pretty happy with my new Sonicwall SSL 2000 VPN appliance $2000.00. I chose it because I wanted to allow remote access to remote desktop hosts on my network without having to worry too much about the integrity of the remote user's machine. I disabled all the networking on the appliance and only allow RDP connections. Only the appliance actually contacts the Remote Desktop Host, and the user sees the proxy in ActiveX or Java. I can allow my accountants to access sensitive data since I can control copying and printing to the remote user's machine. I've only had it up for a month, and I only have 20 users, but so far so good. The users love it because they can use pretty much any computer and don't have to worry about lugging their own machine around just in case they might need access. Also there is no VPN software to install, run, or troubleshoot. Any browser from any platform that can handle Java or ActiveX will do. It will even run from a live Linux CD. (pclinuxos 2009) Set up was a little less than intuitive, but I had it running and validating user logins against AD in a few hours. Bill From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, April 17, 2009 4:36 AM To: NT System Admin Issues Subject: RAS appliances We're currently using a managed service for our remote access. We've no complaints except for the cost. It's used for doctors' offices and staff to connect; about 120 users at this time. I am looking into alternatives. Can someone tell me what they're using and how they like it? Thanks, Paul Chinnery Network Administrator Memorial Medical Center 231-845-2319 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RAS appliances
You might consider preventing resource redirection as well then via GPO. From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] Sent: Friday, April 17, 2009 3:18 PM To: NT System Admin Issues Subject: RE: RAS appliances I'm at the mercy of the nerds at Sonicwall for the info since I don't have a big enough propeller to test it myself, but they assured me that since the remote client is connecting to a server page on the Sonicwall VPN device, and the Sonicwall is making a separate connection to the RDP host, no traffic actually connects the infected client to the secure RDP host. They said that it all falls apart if I enable any of the networking features on the Sonicwall VPN device, but as long as I only run the RDP client, it works like a proxy that blocks any pass-through traffic. I'd be grateful if anyone knew how to test their assertion. Bill From: Don Ely [mailto:don@gmail.com] Sent: Friday, April 17, 2009 1:20 PM To: NT System Admin Issues Subject: Re: RAS appliances How do you ensure the remote PC's are properly protected and not infected with some virii/malware/spyware that could infiltrate your network? On Fri, Apr 17, 2009 at 1:13 PM, Bill Songstad (WCUL) administra...@waleague.orgmailto:administra...@waleague.org wrote: I'm pretty happy with my new Sonicwall SSL 2000 VPN appliance $2000.00. I chose it because I wanted to allow remote access to remote desktop hosts on my network without having to worry too much about the integrity of the remote user's machine. I disabled all the networking on the appliance and only allow RDP connections. Only the appliance actually contacts the Remote Desktop Host, and the user sees the proxy in ActiveX or Java. I can allow my accountants to access sensitive data since I can control copying and printing to the remote user's machine. I've only had it up for a month, and I only have 20 users, but so far so good. The users love it because they can use pretty much any computer and don't have to worry about lugging their own machine around just in case they might need access. Also there is no VPN software to install, run, or troubleshoot. Any browser from any platform that can handle Java or ActiveX will do. It will even run from a live Linux CD. (pclinuxos 2009) Set up was a little less than intuitive, but I had it running and validating user logins against AD in a few hours. Bill From: Chinnery, Paul [mailto:pa...@mmcwm.commailto:pa...@mmcwm.com] Sent: Friday, April 17, 2009 4:36 AM To: NT System Admin Issues Subject: RAS appliances We're currently using a managed service for our remote access. We've no complaints except for the cost. It's used for doctors' offices and staff to connect; about 120 users at this time. I am looking into alternatives. Can someone tell me what they're using and how they like it? Thanks, Paul Chinnery Network Administrator Memorial Medical Center 231-845-2319 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~