Re: Terminal Server or VPN?

2010-11-15 Thread Angus Scott-Fleming
On 10 Nov 2010 at 15:22, Joseph Heaton  wrote:

 Bad weather event?  wow, the rivers would have to be really over the banks
 for that to happen here in Sacramento.  No snow, no tornados, man we don't
 get any of that fun stuff. 

Earthquake upgrades force temporary move for Sacramento's St. Francis 
elementary school 
http://www.sacbee.com/2010/07/06/2871970/earthquake-upgrades-force-temporary.html

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


RE: Terminal Server or VPN?

2010-11-12 Thread David Lum
You don't understand how this org things, which is probably a good thing...

We'd still use the TS machines post-move, the move just accelerated my (and 
thus their) thought processes

From: Jacob [mailto:ja...@excaliburfilms.com]
Sent: Thursday, November 11, 2010 10:53 AM
To: NT System Admin Issues
Subject: RE: Terminal Server or VPN?

Just one day.. I would just give them the day off. Too much of a headache for 
one day.

We had to move back in April. We gave the employees Friday off, with pay, while 
us techs moved and setup all the workstations/servers/etc... We talked about 
having employees, like data entry, work from home. Just not with the extra time 
and effort. 80 employees.

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, November 10, 2010 1:17 PM
To: NT System Admin Issues
Subject: Terminal Server or VPN?

In a few weeks (Dec 17th) we'll be having a massive work from home day  
(200-ish users, because we're moving our office to a different city) and we 
have the option of standing up some Terminal Servers or just running with VPN. 
Most users are expected to just want MS Office apps and Internet Explorer. 
Several (a couple dozen) will also want RDP access to their desktops.

We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up 
more 2008 TS servers. I have no experience setting up TS farms or getting them 
available for ability to his via Internet, although both of these appear to be 
pretty straightforward. I am also under the impression that TS via Internet 
uses less bandwidth than a straight-up VPN connection.

VPN is already established but we'll certainly have many users using their home 
PC that don't currently have VPN configured and would much rather have them 
connect via Terminal Server than install, configure and then connect an unknown 
system  - from a security/patched/AV standpoint - to VPN.

I think it's kind of six of one half dozen of another as far as overall effort, 
but I REALLY don't want unmanaged home PC's connecting via VPN...
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Terminal Server or VPN? Now TS on VM Q's too

2010-11-11 Thread Anders Blomgren
You're better of using more and smaller TS VM's per host. Given that SMP is
a lie with todays Nehalem cpus, which are actually NUMA, scheduling a 4vcpu
or larger VM will take more resources from the host. Might not be noticable
if the host isn't loaded but also see the flexibility point that Andrew
makes.

-Anders

On Thu, Nov 11, 2010 at 3:03 AM, David Lum david@nwea.org wrote:

  Andrew this is actually my thinking. Licensing is quite cheap (under $2K
 for 100 seats), a purchase req got submitted this week - I am fortunate that
 $2K is quite small beans in light of the other costs of this move.

 My next question is - given an 8CPU 64Gb RAM host system (times two), does
 it make sense to have more than 1 TS Server VM per physical host? ESX is the
 VM host softwware, so I don't know if it make sense to have 1 monster 64-bit
 VM per physical system or have 2-3 per. I'm thinking one big TS VM per side
 saves overhead of additional VM systems.

 Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent,
 it doesn't cover VM's thoroughly enough to answer that question.

 I have TS Web access working internaly, and a basic TS 2K8 server up, the
 practice I don't have is TS Gateway. I think I can get there in 3-4 weeks
 and have some testing time, but we'll see...

 Dave



  --
 *From:* Andrew S. Baker [asbz...@gmail.com]
 *Sent:* Wednesday, November 10, 2010 2:58 PM
 *To:* NT System Admin Issues
 *Subject:* Re: Terminal Server or VPN?

  Sometimes you don't really have a choice, as it makes good business sense
 to allow it.

 A VPN can be configured to allow appropriate-only access.  It does not have
 to be synonymous with a free-for-all connection.

 The TS solution has licensing implications, as well.  Hopefully, 5 weeks is
 enough time for you to get the nuances of this solution in place.  I would
 recommend ensuring that the VPN is a viable plan B, in case there are some
 issues.  I can almost foresee that you'll be supporting both on the 17th...


  *ASB *(My XeeSM Profile) http://xeesm.com/AndrewBaker
 *Exploiting Technology for Business Advantage...*
 * *



 On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.comwrote:

  I would never, ever, allow non-company-managed PCs to connect to our
 VPN. As you think, that’s just asking for all kinds of trouble.



 Since most of your home users won’t have MS Office on their home PCs,
 they’ll get more done if you give them TS access to your standard corporate
 suite of applications. I’m not sure how you could give the users RDP to
 their actual desktop PCs if the PCs are in a moving van headed to your new
 offices.



 -Malcolm



 *From:* David Lum [mailto:david@nwea.org]
 *Sent:* Wednesday, November 10, 2010 15:17
 *To:* NT System Admin Issues
 *Subject:* Terminal Server or VPN?



 In a few weeks (Dec 17th) we’ll be having a massive “work from home” day
  (200-ish users, because we’re moving our office to a different city) and we
 have the option of standing up some Terminal Servers or just running with
 VPN. Most users are expected to just want MS Office apps and Internet
 Explorer. Several (a couple dozen) will also want RDP access to their
 desktops.



 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand
 up more 2008 TS servers. I have no experience setting up TS farms or getting
 them available for ability to his via Internet, although both of these
 appear to be pretty straightforward. I am also under the impression that TS
 via Internet uses less bandwidth than a straight-up VPN connection.



 VPN is already established but we’ll certainly have many users using their
 home PC that don’t currently have VPN configured and would much rather have
 them connect via Terminal Server than install, configure and then connect an
 unknown system  - from a security/patched/AV standpoint - to VPN.



 I think it’s kind of six of one half dozen of another as far as overall
 effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN…

 *David Lum** **// *SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 *// *(Cell) 503.267.9764



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here

Re: Terminal Server or VPN? Now TS on VM Q's too

2010-11-11 Thread Richard Stovall
Have you looked at the TS / RD Gateway feature?  It's essentially just
SSL-encrypted RDP proxied through the Terminal Server.  The TS licensing
implications are the same as for 'regular' TS desktop users (each user or
remote device requires a TS CAL), but it's dead simple to set up, and you
literally don't have to do anything else for those who already have desktops
they can remote in to.  It might not be appropriate for you or this
scenario, but it doesn't sound from your deliberations like you've
considered it.

The one gotcha that I know of pops up if you use a wildcart cert for SSL.
 In that scenario your remote clients must have the RDP client from XP SP3,
Vista SP1, or 7.  They will not be able to connect if they don't since
earlier versions of the RDP client don't allow connections using wildcard
certs.

http://technet.microsoft.com/en-us/library/cc775357(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc775357(WS.10).aspx

On Wed, Nov 10, 2010 at 9:03 PM, David Lum david@nwea.org wrote:

  Andrew this is actually my thinking. Licensing is quite cheap (under $2K
 for 100 seats), a purchase req got submitted this week - I am fortunate that
 $2K is quite small beans in light of the other costs of this move.

 My next question is - given an 8CPU 64Gb RAM host system (times two), does
 it make sense to have more than 1 TS Server VM per physical host? ESX is the
 VM host softwware, so I don't know if it make sense to have 1 monster 64-bit
 VM per physical system or have 2-3 per. I'm thinking one big TS VM per side
 saves overhead of additional VM systems.

 Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent,
 it doesn't cover VM's thoroughly enough to answer that question.

 I have TS Web access working internaly, and a basic TS 2K8 server up, the
 practice I don't have is TS Gateway. I think I can get there in 3-4 weeks
 and have some testing time, but we'll see...

 Dave



  --
 *From:* Andrew S. Baker [asbz...@gmail.com]
 *Sent:* Wednesday, November 10, 2010 2:58 PM
 *To:* NT System Admin Issues
 *Subject:* Re: Terminal Server or VPN?

  Sometimes you don't really have a choice, as it makes good business sense
 to allow it.

  A VPN can be configured to allow appropriate-only access.  It does not
 have to be synonymous with a free-for-all connection.

  The TS solution has licensing implications, as well.  Hopefully, 5 weeks
 is enough time for you to get the nuances of this solution in place.  I
 would recommend ensuring that the VPN is a viable plan B, in case there are
 some issues.  I can almost foresee that you'll be supporting both on the
 17th...


   *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker
 *Exploiting Technology for Business Advantage...*
 * *



 On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.comwrote:

  I would never, ever, allow non-company-managed PCs to connect to our
 VPN. As you think, that’s just asking for all kinds of trouble.



 Since most of your home users won’t have MS Office on their home PCs,
 they’ll get more done if you give them TS access to your standard corporate
 suite of applications. I’m not sure how you could give the users RDP to
 their actual desktop PCs if the PCs are in a moving van headed to your new
 offices.



 -Malcolm



 *From:* David Lum [mailto:david@nwea.org]
 *Sent:* Wednesday, November 10, 2010 15:17
 *To:* NT System Admin Issues
 *Subject:* Terminal Server or VPN?



 In a few weeks (Dec 17th) we’ll be having a massive “work from home” day
  (200-ish users, because we’re moving our office to a different city) and we
 have the option of standing up some Terminal Servers or just running with
 VPN. Most users are expected to just want MS Office apps and Internet
 Explorer. Several (a couple dozen) will also want RDP access to their
 desktops.



 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand
 up more 2008 TS servers. I have no experience setting up TS farms or getting
 them available for ability to his via Internet, although both of these
 appear to be pretty straightforward. I am also under the impression that TS
 via Internet uses less bandwidth than a straight-up VPN connection.



 VPN is already established but we’ll certainly have many users using their
 home PC that don’t currently have VPN configured and would much rather have
 them connect via Terminal Server than install, configure and then connect an
 unknown system  - from a security/patched/AV standpoint - to VPN.



 I think it’s kind of six of one half dozen of another as far as overall
 effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN…

 *David Lum** **// *SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 *// *(Cell) 503.267.9764



  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http

RE: Terminal Server or VPN? Now TS on VM Q's too

2010-11-11 Thread David Lum
Yep that’s one item I am checking out now, thanks!

Dave

From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Thursday, November 11, 2010 3:29 AM
To: NT System Admin Issues
Subject: Re: Terminal Server or VPN? Now TS on VM Q's too

Have you looked at the TS / RD Gateway feature?  It's essentially just 
SSL-encrypted RDP proxied through the Terminal Server.  The TS licensing 
implications are the same as for 'regular' TS desktop users (each user or 
remote device requires a TS CAL), but it's dead simple to set up, and you 
literally don't have to do anything else for those who already have desktops 
they can remote in to.  It might not be appropriate for you or this scenario, 
but it doesn't sound from your deliberations like you've considered it.

The one gotcha that I know of pops up if you use a wildcart cert for SSL.  In 
that scenario your remote clients must have the RDP client from XP SP3, Vista 
SP1, or 7.  They will not be able to connect if they don't since earlier 
versions of the RDP client don't allow connections using wildcard certs.

http://technet.microsoft.com/en-us/library/cc775357(WS.10).aspx

On Wed, Nov 10, 2010 at 9:03 PM, David Lum 
david@nwea.orgmailto:david@nwea.org wrote:
Andrew this is actually my thinking. Licensing is quite cheap (under $2K for 
100 seats), a purchase req got submitted this week - I am fortunate that $2K is 
quite small beans in light of the other costs of this move.

My next question is - given an 8CPU 64Gb RAM host system (times two), does it 
make sense to have more than 1 TS Server VM per physical host? ESX is the VM 
host softwware, so I don't know if it make sense to have 1 monster 64-bit VM 
per physical system or have 2-3 per. I'm thinking one big TS VM per side saves 
overhead of additional VM systems.

Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent, it 
doesn't cover VM's thoroughly enough to answer that question.

I have TS Web access working internaly, and a basic TS 2K8 server up, the 
practice I don't have is TS Gateway. I think I can get there in 3-4 weeks and 
have some testing time, but we'll see...

Dave




From: Andrew S. Baker [asbz...@gmail.commailto:asbz...@gmail.com]
Sent: Wednesday, November 10, 2010 2:58 PM
To: NT System Admin Issues
Subject: Re: Terminal Server or VPN?
Sometimes you don't really have a choice, as it makes good business sense to 
allow it.

A VPN can be configured to allow appropriate-only access.  It does not have to 
be synonymous with a free-for-all connection.

The TS solution has licensing implications, as well.  Hopefully, 5 weeks is 
enough time for you to get the nuances of this solution in place.  I would 
recommend ensuring that the VPN is a viable plan B, in case there are some 
issues.  I can almost foresee that you'll be supporting both on the 17th...



ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker
Exploiting Technology for Business Advantage...



On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz 
malcolm.re...@live.commailto:malcolm.re...@live.com wrote:
I would never, ever, allow non-company-managed PCs to connect to our VPN. As 
you think, that’s just asking for all kinds of trouble.

Since most of your home users won’t have MS Office on their home PCs, they’ll 
get more done if you give them TS access to your standard corporate suite of 
applications. I’m not sure how you could give the users RDP to their actual 
desktop PCs if the PCs are in a moving van headed to your new offices.

-Malcolm

From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org]
Sent: Wednesday, November 10, 2010 15:17
To: NT System Admin Issues
Subject: Terminal Server or VPN?

In a few weeks (Dec 17th) we’ll be having a massive “work from home” day  
(200-ish users, because we’re moving our office to a different city) and we 
have the option of standing up some Terminal Servers or just running with VPN. 
Most users are expected to just want MS Office apps and Internet Explorer. 
Several (a couple dozen) will also want RDP access to their desktops.

We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up 
more 2008 TS servers. I have no experience setting up TS farms or getting them 
available for ability to his via Internet, although both of these appear to be 
pretty straightforward. I am also under the impression that TS via Internet 
uses less bandwidth than a straight-up VPN connection.

VPN is already established but we’ll certainly have many users using their home 
PC that don’t currently have VPN configured and would much rather have them 
connect via Terminal Server than install, configure and then connect an unknown 
system  - from a security/patched/AV standpoint - to VPN.

I think it’s kind of six of one half dozen of another as far as overall effort, 
but I REALLY don’t want unmanaged home PC’s connecting via VPN…
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell

RE: Terminal Server or VPN?

2010-11-11 Thread Jacob
Just one day.. I would just give them the day off. Too much of a headache
for one day.

 

We had to move back in April. We gave the employees Friday off, with pay,
while us techs moved and setup all the workstations/servers/etc. We talked
about having employees, like data entry, work from home. Just not with the
extra time and effort. 80 employees.

 

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, November 10, 2010 1:17 PM
To: NT System Admin Issues
Subject: Terminal Server or VPN?

 

In a few weeks (Dec 17th) we'll be having a massive work from home day
(200-ish users, because we're moving our office to a different city) and we
have the option of standing up some Terminal Servers or just running with
VPN. Most users are expected to just want MS Office apps and Internet
Explorer. Several (a couple dozen) will also want RDP access to their
desktops. 

 

We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up
more 2008 TS servers. I have no experience setting up TS farms or getting
them available for ability to his via Internet, although both of these
appear to be pretty straightforward. I am also under the impression that TS
via Internet uses less bandwidth than a straight-up VPN connection.

 

VPN is already established but we'll certainly have many users using their
home PC that don't currently have VPN configured and would much rather have
them connect via Terminal Server than install, configure and then connect an
unknown system  - from a security/patched/AV standpoint - to VPN.

 

I think it's kind of six of one half dozen of another as far as overall
effort, but I REALLY don't want unmanaged home PC's connecting via VPN.

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Terminal Server or VPN?

2010-11-11 Thread Jacob
Likewise 400 miles south on the I5 ;-)

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Wednesday, November 10, 2010 3:22 PM
To: NT System Admin Issues
Subject: RE: Terminal Server or VPN?

Bad weather event?  wow, the rivers would have to be really over the banks
for that to happen here in Sacramento.  No snow, no tornados, man we don't
get any of that fun stuff.

 David Lum david@nwea.org 11/10/2010 2:31 PM 
PC's will be online during the day of the 17th, the org is taking this
opportunity to treat it as a bad weather event to simulate the weather
being too bad for 95% of the folks to get into the office.

From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Sent: Wednesday, November 10, 2010 1:50 PM
To: NT System Admin Issues
Subject: RE: Terminal Server or VPN?

I would never, ever, allow non-company-managed PCs to connect to our VPN. As
you think, that's just asking for all kinds of trouble.

Since most of your home users won't have MS Office on their home PCs,
they'll get more done if you give them TS access to your standard corporate
suite of applications. I'm not sure how you could give the users RDP to
their actual desktop PCs if the PCs are in a moving van headed to your new
offices.

-Malcolm

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, November 10, 2010 15:17
To: NT System Admin Issues
Subject: Terminal Server or VPN?

In a few weeks (Dec 17th) we'll be having a massive work from home day
(200-ish users, because we're moving our office to a different city) and we
have the option of standing up some Terminal Servers or just running with
VPN. Most users are expected to just want MS Office apps and Internet
Explorer. Several (a couple dozen) will also want RDP access to their
desktops.

We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up
more 2008 TS servers. I have no experience setting up TS farms or getting
them available for ability to his via Internet, although both of these
appear to be pretty straightforward. I am also under the impression that TS
via Internet uses less bandwidth than a straight-up VPN connection.

VPN is already established but we'll certainly have many users using their
home PC that don't currently have VPN configured and would much rather have
them connect via Terminal Server than install, configure and then connect an
unknown system  - from a security/patched/AV standpoint - to VPN.

I think it's kind of six of one half dozen of another as far as overall
effort, but I REALLY don't want unmanaged home PC's connecting via VPN...
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftwa
re.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftwa
re.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


RE: Terminal Server or VPN? Now TS on VM Q's too

2010-11-11 Thread Webster
I am not a TS person and have only ever setup 1 pure TS in my career.  I
would advise looking at the recommendation from Project: Virtual Reality
Check.  They will give you unbiased info/data on what works best for
configuration details.  Project: VRC has gotten so influential that
Microsoft, Citrix, VMware, HP and other vendors now use the VRC scripts for
all their testing and design white papers.  VMware has gotten burned by VRC
in the past and had to fix major bugs in their software.  Several VMware
public fixes were originally private fixes specifically for TS issues that
VRC found.

 

Of course, the two guys heading up VRX are fellow CTPs! J

 

Thanks

 

 

Carl Webster

Citrix Technology Professional

http://dabcc.com/Webster

 

 

From: David Lum [mailto:david@nwea.org] 
Subject: RE: Terminal Server or VPN? Now TS on VM Q's too

 

Andrew this is actually my thinking. Licensing is quite cheap (under $2K for
100 seats), a purchase req got submitted this week - I am fortunate that $2K
is quite small beans in light of the other costs of this move.

 

My next question is - given an 8CPU 64Gb RAM host system (times two), does
it make sense to have more than 1 TS Server VM per physical host? ESX is the
VM host softwware, so I don't know if it make sense to have 1 monster 64-bit
VM per physical system or have 2-3 per. I'm thinking one big TS VM per side
saves overhead of additional VM systems. 

 

Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent,
it doesn't cover VM's thoroughly enough to answer that question.

 

I have TS Web access working internaly, and a basic TS 2K8 server up, the
practice I don't have is TS Gateway. I think I can get there in 3-4 weeks
and have some testing time, but we'll see...


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Terminal Server or VPN? Now TS on VM Q's too

2010-11-11 Thread David Lum
Excellent reference point, thanks Carl!

From: Webster [mailto:carlwebs...@gmail.com]
Sent: Thursday, November 11, 2010 11:15 AM
To: NT System Admin Issues
Subject: RE: Terminal Server or VPN? Now TS on VM Q's too

I am not a TS person and have only ever setup 1 pure TS in my career.  I would 
advise looking at the recommendation from Project: Virtual Reality Check.  They 
will give you unbiased info/data on what works best for configuration details.  
Project: VRC has gotten so influential that Microsoft, Citrix, VMware, HP and 
other vendors now use the VRC scripts for all their testing and design white 
papers.  VMware has gotten burned by VRC in the past and had to fix major bugs 
in their software.  Several VMware public fixes were originally private fixes 
specifically for TS issues that VRC found.

Of course, the two guys heading up VRX are fellow CTPs! :)

Thanks


Carl Webster
Citrix Technology Professional
http://dabcc.com/Webster


From: David Lum [mailto:david@nwea.org]
Subject: RE: Terminal Server or VPN? Now TS on VM Q's too

Andrew this is actually my thinking. Licensing is quite cheap (under $2K for 
100 seats), a purchase req got submitted this week - I am fortunate that $2K is 
quite small beans in light of the other costs of this move.

My next question is - given an 8CPU 64Gb RAM host system (times two), does it 
make sense to have more than 1 TS Server VM per physical host? ESX is the VM 
host softwware, so I don't know if it make sense to have 1 monster 64-bit VM 
per physical system or have 2-3 per. I'm thinking one big TS VM per side saves 
overhead of additional VM systems.

Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent, it 
doesn't cover VM's thoroughly enough to answer that question.

I have TS Web access working internaly, and a basic TS 2K8 server up, the 
practice I don't have is TS Gateway. I think I can get there in 3-4 weeks and 
have some testing time, but we'll see...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Terminal Server or VPN?

2010-11-11 Thread Andrew Laya
Did the 'talent' get the day off with pay too?  :-)



On 11/11/10, Jacob ja...@excaliburfilms.com wrote:
 Just one day.. I would just give them the day off. Too much of a headache
 for one day.



 We had to move back in April. We gave the employees Friday off, with pay,
 while us techs moved and setup all the workstations/servers/etc. We talked
 about having employees, like data entry, work from home. Just not with the
 extra time and effort. 80 employees.



 From: David Lum [mailto:david@nwea.org]
 Sent: Wednesday, November 10, 2010 1:17 PM
 To: NT System Admin Issues
 Subject: Terminal Server or VPN?



 In a few weeks (Dec 17th) we'll be having a massive work from home day
 (200-ish users, because we're moving our office to a different city) and we
 have the option of standing up some Terminal Servers or just running with
 VPN. Most users are expected to just want MS Office apps and Internet
 Explorer. Several (a couple dozen) will also want RDP access to their
 desktops.



 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up
 more 2008 TS servers. I have no experience setting up TS farms or getting
 them available for ability to his via Internet, although both of these
 appear to be pretty straightforward. I am also under the impression that TS
 via Internet uses less bandwidth than a straight-up VPN connection.



 VPN is already established but we'll certainly have many users using their
 home PC that don't currently have VPN configured and would much rather have
 them connect via Terminal Server than install, configure and then connect an
 unknown system  - from a security/patched/AV standpoint - to VPN.



 I think it's kind of six of one half dozen of another as far as overall
 effort, but I REALLY don't want unmanaged home PC's connecting via VPN.

 David Lum // SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 // (Cell) 503.267.9764



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

-- 
Sent from my mobile device

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Re: Terminal Server or VPN?

2010-11-11 Thread Andrew Laya
Did the 'talent' get the day off with pay too?  :-)



On 11/11/10, Jacob ja...@excaliburfilms.com wrote:
 Just one day.. I would just give them the day off. Too much of a headache
 for one day.



 We had to move back in April. We gave the employees Friday off, with pay,
 while us techs moved and setup all the workstations/servers/etc. We talked
 about having employees, like data entry, work from home. Just not with the
 extra time and effort. 80 employees.



 From: David Lum [mailto:david@nwea.org]
 Sent: Wednesday, November 10, 2010 1:17 PM
 To: NT System Admin Issues
 Subject: Terminal Server or VPN?



 In a few weeks (Dec 17th) we'll be having a massive work from home day
 (200-ish users, because we're moving our office to a different city) and we
 have the option of standing up some Terminal Servers or just running with
 VPN. Most users are expected to just want MS Office apps and Internet
 Explorer. Several (a couple dozen) will also want RDP access to their
 desktops.



 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up
 more 2008 TS servers. I have no experience setting up TS farms or getting
 them available for ability to his via Internet, although both of these
 appear to be pretty straightforward. I am also under the impression that TS
 via Internet uses less bandwidth than a straight-up VPN connection.



 VPN is already established but we'll certainly have many users using their
 home PC that don't currently have VPN configured and would much rather have
 them connect via Terminal Server than install, configure and then connect an
 unknown system  - from a security/patched/AV standpoint - to VPN.



 I think it's kind of six of one half dozen of another as far as overall
 effort, but I REALLY don't want unmanaged home PC's connecting via VPN.

 David Lum // SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 // (Cell) 503.267.9764



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

-- 
Sent from my mobile device

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Re: Terminal Server or VPN?

2010-11-11 Thread Jonathan Link
Their work is already in the can, as it were.

On Thu, Nov 11, 2010 at 6:20 PM, Andrew Laya andrew.l...@gmail.com wrote:

  Did the 'talent' get the day off with pay too?  :-)



 On 11/11/10, Jacob ja...@excaliburfilms.com wrote:
  Just one day.. I would just give them the day off. Too much of a headache
  for one day.
 
 
 
  We had to move back in April. We gave the employees Friday off, with pay,
  while us techs moved and setup all the workstations/servers/etc. We
 talked
  about having employees, like data entry, work from home. Just not with
 the
  extra time and effort. 80 employees.
 
 
 
  From: David Lum [mailto:david@nwea.org]
  Sent: Wednesday, November 10, 2010 1:17 PM
  To: NT System Admin Issues
  Subject: Terminal Server or VPN?
 
 
 
  In a few weeks (Dec 17th) we'll be having a massive work from home day
  (200-ish users, because we're moving our office to a different city) and
 we
  have the option of standing up some Terminal Servers or just running with
  VPN. Most users are expected to just want MS Office apps and Internet
  Explorer. Several (a couple dozen) will also want RDP access to their
  desktops.
 
 
 
  We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand
 up
  more 2008 TS servers. I have no experience setting up TS farms or getting
  them available for ability to his via Internet, although both of these
  appear to be pretty straightforward. I am also under the impression that
 TS
  via Internet uses less bandwidth than a straight-up VPN connection.
 
 
 
  VPN is already established but we'll certainly have many users using
 their
  home PC that don't currently have VPN configured and would much rather
 have
  them connect via Terminal Server than install, configure and then connect
 an
  unknown system  - from a security/patched/AV standpoint - to VPN.
 
 
 
  I think it's kind of six of one half dozen of another as far as overall
  effort, but I REALLY don't want unmanaged home PC's connecting via VPN.
 
  David Lum // SYSTEMS ENGINEER
  NORTHWEST EVALUATION ASSOCIATION
  (Desk) 971.222.1025 // (Cell) 503.267.9764
 
 
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
  http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
  http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin

 --
 Sent from my mobile device

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Terminal Server or VPN?

2010-11-11 Thread Richard Stovall
I think they're on a break.  Probably having fluffernutters.

On Thu, Nov 11, 2010 at 6:38 PM, Jonathan Link jonathan.l...@gmail.comwrote:

 Their work is already in the can, as it were.


 On Thu, Nov 11, 2010 at 6:20 PM, Andrew Laya andrew.l...@gmail.comwrote:

  Did the 'talent' get the day off with pay too?  :-)



 On 11/11/10, Jacob ja...@excaliburfilms.com wrote:
  Just one day.. I would just give them the day off. Too much of a
 headache
  for one day.
 
 
 
  We had to move back in April. We gave the employees Friday off, with
 pay,
  while us techs moved and setup all the workstations/servers/etc. We
 talked
  about having employees, like data entry, work from home. Just not with
 the
  extra time and effort. 80 employees.
 
 
 
  From: David Lum [mailto:david@nwea.org]
  Sent: Wednesday, November 10, 2010 1:17 PM
  To: NT System Admin Issues
  Subject: Terminal Server or VPN?
 
 
 
  In a few weeks (Dec 17th) we'll be having a massive work from home day
  (200-ish users, because we're moving our office to a different city) and
 we
  have the option of standing up some Terminal Servers or just running
 with
  VPN. Most users are expected to just want MS Office apps and Internet
  Explorer. Several (a couple dozen) will also want RDP access to their
  desktops.
 
 
 
  We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to
 stand up
  more 2008 TS servers. I have no experience setting up TS farms or
 getting
  them available for ability to his via Internet, although both of these
  appear to be pretty straightforward. I am also under the impression that
 TS
  via Internet uses less bandwidth than a straight-up VPN connection.
 
 
 
  VPN is already established but we'll certainly have many users using
 their
  home PC that don't currently have VPN configured and would much rather
 have
  them connect via Terminal Server than install, configure and then
 connect an
  unknown system  - from a security/patched/AV standpoint - to VPN.
 
 
 
  I think it's kind of six of one half dozen of another as far as overall
  effort, but I REALLY don't want unmanaged home PC's connecting via VPN.
 
  David Lum // SYSTEMS ENGINEER
  NORTHWEST EVALUATION ASSOCIATION
  (Desk) 971.222.1025 // (Cell) 503.267.9764
 
 
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
  http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin
 
 
  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~
 
  ---
  To manage subscriptions click here:
  http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin

 --
 Sent from my mobile device

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Terminal Server or VPN?

2010-11-10 Thread Tom Miller
Might be a good chance to get up to speed on TS.  We have a TS 2008 farm
here, but I'm moving those servers to XenApp.  It worked fine, although
I had some issues with wildcard certificates.  I think that was an issue
with the version and is not presented in 2008 R2 from what I understand.
 Use the Gateway role to expose your TS system to the Internet and
you'll be fine.
 
We make the remote desktop icon available to those persons who wish to
connect to their PCs via Terminal Services.
 
Get thee the Terminal Services 2008 Resource Kit.  It's excellent.  
 
Tom

 David Lum david@nwea.org 11/10/2010 4:17 PM 

In a few weeks (Dec 17th) we’ll be having a massive “work from home”
day  (200-ish users, because we’re moving our office to a different
city) and we have the option of standing up some Terminal Servers or
just running with VPN. Most users are expected to just want MS Office
apps and Internet Explorer. Several (a couple dozen) will also want RDP
access to their desktops. 
 
We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to
stand up more 2008 TS servers. I have no experience setting up TS farms
or getting them available for ability to his via Internet, although both
of these appear to be pretty straightforward. I am also under the
impression that TS via Internet uses less bandwidth than a straight-up
VPN connection.
 
VPN is already established but we’ll certainly have many users using
their home PC that don’t currently have VPN configured and would much
rather have them connect via Terminal Server than install, configure and
then connect an unknown system  - from a security/patched/AV standpoint
- to VPN.
 
I think it’s kind of six of one half dozen of another as far as overall
effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN…
David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:  This e-mail message, including attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure, or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Terminal Server or VPN?

2010-11-10 Thread Malcolm Reitz
I would never, ever, allow non-company-managed PCs to connect to our VPN. As
you think, that's just asking for all kinds of trouble.

 

Since most of your home users won't have MS Office on their home PCs,
they'll get more done if you give them TS access to your standard corporate
suite of applications. I'm not sure how you could give the users RDP to
their actual desktop PCs if the PCs are in a moving van headed to your new
offices.

 

-Malcolm

 

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, November 10, 2010 15:17
To: NT System Admin Issues
Subject: Terminal Server or VPN?

 

In a few weeks (Dec 17th) we'll be having a massive work from home day
(200-ish users, because we're moving our office to a different city) and we
have the option of standing up some Terminal Servers or just running with
VPN. Most users are expected to just want MS Office apps and Internet
Explorer. Several (a couple dozen) will also want RDP access to their
desktops. 

 

We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up
more 2008 TS servers. I have no experience setting up TS farms or getting
them available for ability to his via Internet, although both of these
appear to be pretty straightforward. I am also under the impression that TS
via Internet uses less bandwidth than a straight-up VPN connection.

 

VPN is already established but we'll certainly have many users using their
home PC that don't currently have VPN configured and would much rather have
them connect via Terminal Server than install, configure and then connect an
unknown system  - from a security/patched/AV standpoint - to VPN.

 

I think it's kind of six of one half dozen of another as far as overall
effort, but I REALLY don't want unmanaged home PC's connecting via VPN.

David Lum // SYSTEMS ENGINEER 
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Terminal Server or VPN?

2010-11-10 Thread Richard Stovall
If their PCs are available for remoting into, just use TS Gateway on the
2008 terminal server.  (I think it's called RD Gateway on R2).  It's really
easy to configure and there's nothing else to do.

On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.comwrote:

 I would never, ever, allow non-company-managed PCs to connect to our VPN.
 As you think, that’s just asking for all kinds of trouble.



 Since most of your home users won’t have MS Office on their home PCs,
 they’ll get more done if you give them TS access to your standard corporate
 suite of applications. I’m not sure how you could give the users RDP to
 their actual desktop PCs if the PCs are in a moving van headed to your new
 offices.



 -Malcolm



 *From:* David Lum [mailto:david@nwea.org]
 *Sent:* Wednesday, November 10, 2010 15:17
 *To:* NT System Admin Issues
 *Subject:* Terminal Server or VPN?



 In a few weeks (Dec 17th) we’ll be having a massive “work from home” day
  (200-ish users, because we’re moving our office to a different city) and we
 have the option of standing up some Terminal Servers or just running with
 VPN. Most users are expected to just want MS Office apps and Internet
 Explorer. Several (a couple dozen) will also want RDP access to their
 desktops.



 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand
 up more 2008 TS servers. I have no experience setting up TS farms or getting
 them available for ability to his via Internet, although both of these
 appear to be pretty straightforward. I am also under the impression that TS
 via Internet uses less bandwidth than a straight-up VPN connection.



 VPN is already established but we’ll certainly have many users using their
 home PC that don’t currently have VPN configured and would much rather have
 them connect via Terminal Server than install, configure and then connect an
 unknown system  - from a security/patched/AV standpoint - to VPN.



 I think it’s kind of six of one half dozen of another as far as overall
 effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN…

 *David Lum** **// *SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 *// *(Cell) 503.267.9764



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Terminal Server or VPN?

2010-11-10 Thread David Lum
PC's will be online during the day of the 17th, the org is taking this 
opportunity to treat it as a bad weather event to simulate the weather being 
too bad for 95% of the folks to get into the office.

From: Malcolm Reitz [mailto:malcolm.re...@live.com]
Sent: Wednesday, November 10, 2010 1:50 PM
To: NT System Admin Issues
Subject: RE: Terminal Server or VPN?

I would never, ever, allow non-company-managed PCs to connect to our VPN. As 
you think, that's just asking for all kinds of trouble.

Since most of your home users won't have MS Office on their home PCs, they'll 
get more done if you give them TS access to your standard corporate suite of 
applications. I'm not sure how you could give the users RDP to their actual 
desktop PCs if the PCs are in a moving van headed to your new offices.

-Malcolm

From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, November 10, 2010 15:17
To: NT System Admin Issues
Subject: Terminal Server or VPN?

In a few weeks (Dec 17th) we'll be having a massive work from home day  
(200-ish users, because we're moving our office to a different city) and we 
have the option of standing up some Terminal Servers or just running with VPN. 
Most users are expected to just want MS Office apps and Internet Explorer. 
Several (a couple dozen) will also want RDP access to their desktops.

We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up 
more 2008 TS servers. I have no experience setting up TS farms or getting them 
available for ability to his via Internet, although both of these appear to be 
pretty straightforward. I am also under the impression that TS via Internet 
uses less bandwidth than a straight-up VPN connection.

VPN is already established but we'll certainly have many users using their home 
PC that don't currently have VPN configured and would much rather have them 
connect via Terminal Server than install, configure and then connect an unknown 
system  - from a security/patched/AV standpoint - to VPN.

I think it's kind of six of one half dozen of another as far as overall effort, 
but I REALLY don't want unmanaged home PC's connecting via VPN...
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Terminal Server or VPN?

2010-11-10 Thread Kurt Buff
My preference would be for a good web-based SSL VPN solution. For your
size of environment, SonicWall has some nice appliances that allow
ActiveX and Java apps (so that even folks with Mac and *Nix boxes can
get in) that provide a great RDP session interface in a web browser,
as well as file directory access, ssh terminal sessions, etc. I'm sure
other vendors have equivalent offerings, but haven't played with them.

The Sonicwall 2000 unit I have was really easy to set up, too.

However, I disable the tunnel connectivity, because of the risk from
home PCs. The thought of someone starting a random PC out in the world
and downloading the app that gives them a tunnel into my network makes
me shudder.

OTOH, I haven't played with TS under Win2k8, so can't comment on the
facilities available natively.

Kurt

On Wed, Nov 10, 2010 at 13:17, David Lum david@nwea.org wrote:
 In a few weeks (Dec 17th) we’ll be having a massive “work from home” day
  (200-ish users, because we’re moving our office to a different city) and we
 have the option of standing up some Terminal Servers or just running with
 VPN. Most users are expected to just want MS Office apps and Internet
 Explorer. Several (a couple dozen) will also want RDP access to their
 desktops.



 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up
 more 2008 TS servers. I have no experience setting up TS farms or getting
 them available for ability to his via Internet, although both of these
 appear to be pretty straightforward. I am also under the impression that TS
 via Internet uses less bandwidth than a straight-up VPN connection.



 VPN is already established but we’ll certainly have many users using their
 home PC that don’t currently have VPN configured and would much rather have
 them connect via Terminal Server than install, configure and then connect an
 unknown system  - from a security/patched/AV standpoint - to VPN.



 I think it’s kind of six of one half dozen of another as far as overall
 effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN…

 David Lum // SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 // (Cell) 503.267.9764



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



Re: Terminal Server or VPN?

2010-11-10 Thread Roger Wright
Have you considered something like LogMeIn for remote access?  Perhaps a
trial during the month of December so you can cover that one day.


Roger Wright
___

Life isn't like a box of chocolates. It's more like a jar of jalapenos: what
you do today might burn your butt tomorrow.




On Wed, Nov 10, 2010 at 4:17 PM, David Lum david@nwea.org wrote:

  In a few weeks (Dec 17th) we’ll be having a massive “work from home” day
  (200-ish users, because we’re moving our office to a different city) and we
 have the option of standing up some Terminal Servers or just running with
 VPN. Most users are expected to just want MS Office apps and Internet
 Explorer. Several (a couple dozen) will also want RDP access to their
 desktops.



 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand
 up more 2008 TS servers. I have no experience setting up TS farms or getting
 them available for ability to his via Internet, although both of these
 appear to be pretty straightforward. I am also under the impression that TS
 via Internet uses less bandwidth than a straight-up VPN connection.



 VPN is already established but we’ll certainly have many users using their
 home PC that don’t currently have VPN configured and would much rather have
 them connect via Terminal Server than install, configure and then connect an
 unknown system  - from a security/patched/AV standpoint - to VPN.



 I think it’s kind of six of one half dozen of another as far as overall
 effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN…

 *David Lum** **// *SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 *// *(Cell) 503.267.9764



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here:
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Terminal Server or VPN?

2010-11-10 Thread Andrew S. Baker
Sometimes you don't really have a choice, as it makes good business sense to
allow it.

A VPN can be configured to allow appropriate-only access.  It does not have
to be synonymous with a free-for-all connection.

The TS solution has licensing implications, as well.  Hopefully, 5 weeks is
enough time for you to get the nuances of this solution in place.  I would
recommend ensuring that the VPN is a viable plan B, in case there are some
issues.  I can almost foresee that you'll be supporting both on the 17th...


*ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker
*Exploiting Technology for Business Advantage...*
* *



On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.comwrote:

 I would never, ever, allow non-company-managed PCs to connect to our VPN.
 As you think, that’s just asking for all kinds of trouble.



 Since most of your home users won’t have MS Office on their home PCs,
 they’ll get more done if you give them TS access to your standard corporate
 suite of applications. I’m not sure how you could give the users RDP to
 their actual desktop PCs if the PCs are in a moving van headed to your new
 offices.



 -Malcolm



 *From:* David Lum [mailto:david@nwea.org]
 *Sent:* Wednesday, November 10, 2010 15:17
 *To:* NT System Admin Issues
 *Subject:* Terminal Server or VPN?



 In a few weeks (Dec 17th) we’ll be having a massive “work from home” day
  (200-ish users, because we’re moving our office to a different city) and we
 have the option of standing up some Terminal Servers or just running with
 VPN. Most users are expected to just want MS Office apps and Internet
 Explorer. Several (a couple dozen) will also want RDP access to their
 desktops.



 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand
 up more 2008 TS servers. I have no experience setting up TS farms or getting
 them available for ability to his via Internet, although both of these
 appear to be pretty straightforward. I am also under the impression that TS
 via Internet uses less bandwidth than a straight-up VPN connection.



 VPN is already established but we’ll certainly have many users using their
 home PC that don’t currently have VPN configured and would much rather have
 them connect via Terminal Server than install, configure and then connect an
 unknown system  - from a security/patched/AV standpoint - to VPN.



 I think it’s kind of six of one half dozen of another as far as overall
 effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN…

 *David Lum** **// *SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 *// *(Cell) 503.267.9764




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Terminal Server or VPN?

2010-11-10 Thread Joseph Heaton
Bad weather event?  wow, the rivers would have to be really over the banks for 
that to happen here in Sacramento.  No snow, no tornados, man we don't get any 
of that fun stuff.

 David Lum david@nwea.org 11/10/2010 2:31 PM 
PC's will be online during the day of the 17th, the org is taking this 
opportunity to treat it as a bad weather event to simulate the weather being 
too bad for 95% of the folks to get into the office.

From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
Sent: Wednesday, November 10, 2010 1:50 PM
To: NT System Admin Issues
Subject: RE: Terminal Server or VPN?

I would never, ever, allow non-company-managed PCs to connect to our VPN. As 
you think, that's just asking for all kinds of trouble.

Since most of your home users won't have MS Office on their home PCs, they'll 
get more done if you give them TS access to your standard corporate suite of 
applications. I'm not sure how you could give the users RDP to their actual 
desktop PCs if the PCs are in a moving van headed to your new offices.

-Malcolm

From: David Lum [mailto:david@nwea.org] 
Sent: Wednesday, November 10, 2010 15:17
To: NT System Admin Issues
Subject: Terminal Server or VPN?

In a few weeks (Dec 17th) we'll be having a massive work from home day  
(200-ish users, because we're moving our office to a different city) and we 
have the option of standing up some Terminal Servers or just running with VPN. 
Most users are expected to just want MS Office apps and Internet Explorer. 
Several (a couple dozen) will also want RDP access to their desktops.

We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up 
more 2008 TS servers. I have no experience setting up TS farms or getting them 
available for ability to his via Internet, although both of these appear to be 
pretty straightforward. I am also under the impression that TS via Internet 
uses less bandwidth than a straight-up VPN connection.

VPN is already established but we'll certainly have many users using their home 
PC that don't currently have VPN configured and would much rather have them 
connect via Terminal Server than install, configure and then connect an unknown 
system  - from a security/patched/AV standpoint - to VPN.

I think it's kind of six of one half dozen of another as far as overall effort, 
but I REALLY don't want unmanaged home PC's connecting via VPN...
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



RE: Terminal Server or VPN?

2010-11-10 Thread Webster
Yours are mostly economic events!


Webster

 -Original Message-
 From: Joseph Heaton [mailto:jhea...@dfg.ca.gov]
 Subject: RE: Terminal Server or VPN?
 
 Bad weather event?  wow, the rivers would have to be really over the banks
 for that to happen here in Sacramento.  No snow, no tornados, man we don't
 get any of that fun stuff.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


RE: Terminal Server or VPN?

2010-11-10 Thread Joseph Heaton
I'd laugh, but it just hurts too much :(

At least we're down to about a 10% reduction, with a 5% pay cut, a 3% increase 
in contributions to our retirement, and an increase in benefit premiums.  12 
months from now, the 5% pay cut is supposed to go away, but we'll see.  It's 
pretty sad when a decrease in the amount lost seems like a raise...

 Webster carlwebs...@gmail.com 11/10/2010 3:33 PM 
Yours are mostly economic events!


Webster

 -Original Message-
 From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
 Subject: RE: Terminal Server or VPN?
 
 Bad weather event?  wow, the rivers would have to be really over the banks
 for that to happen here in Sacramento.  No snow, no tornados, man we don't
 get any of that fun stuff.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



Re: Terminal Server or VPN?

2010-11-10 Thread Jonathan Link
What about earthquakes?

On Wednesday, November 10, 2010, Joseph Heaton jhea...@dfg.ca.gov wrote:
 Bad weather event?  wow, the rivers would have to be really over the banks 
 for that to happen here in Sacramento.  No snow, no tornados, man we don't 
 get any of that fun stuff.

 David Lum david@nwea.org 11/10/2010 2:31 PM 
 PC's will be online during the day of the 17th, the org is taking this 
 opportunity to treat it as a bad weather event to simulate the weather 
 being too bad for 95% of the folks to get into the office.

 From: Malcolm Reitz [mailto:malcolm.re...@live.com]
 Sent: Wednesday, November 10, 2010 1:50 PM
 To: NT System Admin Issues
 Subject: RE: Terminal Server or VPN?

 I would never, ever, allow non-company-managed PCs to connect to our VPN. As 
 you think, that's just asking for all kinds of trouble.

 Since most of your home users won't have MS Office on their home PCs, they'll 
 get more done if you give them TS access to your standard corporate suite of 
 applications. I'm not sure how you could give the users RDP to their actual 
 desktop PCs if the PCs are in a moving van headed to your new offices.

 -Malcolm

 From: David Lum [mailto:david@nwea.org]
 Sent: Wednesday, November 10, 2010 15:17
 To: NT System Admin Issues
 Subject: Terminal Server or VPN?

 In a few weeks (Dec 17th) we'll be having a massive work from home day  
 (200-ish users, because we're moving our office to a different city) and we 
 have the option of standing up some Terminal Servers or just running with 
 VPN. Most users are expected to just want MS Office apps and Internet 
 Explorer. Several (a couple dozen) will also want RDP access to their 
 desktops.

 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up 
 more 2008 TS servers. I have no experience setting up TS farms or getting 
 them available for ability to his via Internet, although both of these appear 
 to be pretty straightforward. I am also under the impression that TS via 
 Internet uses less bandwidth than a straight-up VPN connection.

 VPN is already established but we'll certainly have many users using their 
 home PC that don't currently have VPN configured and would much rather have 
 them connect via Terminal Server than install, configure and then connect an 
 unknown system  - from a security/patched/AV standpoint - to VPN.

 I think it's kind of six of one half dozen of another as far as overall 
 effort, but I REALLY don't want unmanaged home PC's connecting via VPN...
 David Lum // SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 // (Cell) 503.267.9764


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to 
 listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to 
 listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/
 or send an email to listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



Re: Terminal Server or VPN?

2010-11-10 Thread Joseph Heaton
Not here in Sacramento.  I hear California is overdue for a really big quake 
though.

 Jonathan Link jonathan.l...@gmail.com 11/10/2010 4:07 PM 
What about earthquakes?

On Wednesday, November 10, 2010, Joseph Heaton jhea...@dfg.ca.gov wrote:
 Bad weather event?  wow, the rivers would have to be really over the banks 
 for that to happen here in Sacramento.  No snow, no tornados, man we don't 
 get any of that fun stuff.

 David Lum david@nwea.org 11/10/2010 2:31 PM 
 PC's will be online during the day of the 17th, the org is taking this 
 opportunity to treat it as a bad weather event to simulate the weather 
 being too bad for 95% of the folks to get into the office.

 From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
 Sent: Wednesday, November 10, 2010 1:50 PM
 To: NT System Admin Issues
 Subject: RE: Terminal Server or VPN?

 I would never, ever, allow non-company-managed PCs to connect to our VPN. As 
 you think, that's just asking for all kinds of trouble.

 Since most of your home users won't have MS Office on their home PCs, they'll 
 get more done if you give them TS access to your standard corporate suite of 
 applications. I'm not sure how you could give the users RDP to their actual 
 desktop PCs if the PCs are in a moving van headed to your new offices.

 -Malcolm

 From: David Lum [mailto:david@nwea.org] 
 Sent: Wednesday, November 10, 2010 15:17
 To: NT System Admin Issues
 Subject: Terminal Server or VPN?

 In a few weeks (Dec 17th) we'll be having a massive work from home day  
 (200-ish users, because we're moving our office to a different city) and we 
 have the option of standing up some Terminal Servers or just running with 
 VPN. Most users are expected to just want MS Office apps and Internet 
 Explorer. Several (a couple dozen) will also want RDP access to their 
 desktops.

 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up 
 more 2008 TS servers. I have no experience setting up TS farms or getting 
 them available for ability to his via Internet, although both of these appear 
 to be pretty straightforward. I am also under the impression that TS via 
 Internet uses less bandwidth than a straight-up VPN connection.

 VPN is already established but we'll certainly have many users using their 
 home PC that don't currently have VPN configured and would much rather have 
 them connect via Terminal Server than install, configure and then connect an 
 unknown system  - from a security/patched/AV standpoint - to VPN.

 I think it's kind of six of one half dozen of another as far as overall 
 effort, but I REALLY don't want unmanaged home PC's connecting via VPN...
 David Lum // SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 // (Cell) 503.267.9764


 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/ 
 or send an email to 
 listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/ 
 or send an email to 
 listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
 with the body: unsubscribe ntsysadmin

 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/ 
 or send an email to listmana...@lyris.sunbeltsoftware.com 
 with the body: unsubscribe ntsysadmin



 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
 ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

 ---
 To manage subscriptions click here: 
 http://lyris.sunbelt-software.com/read/my_forums/ 
 or send an email to listmana...@lyris.sunbeltsoftware.com 
 with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



RE: Terminal Server or VPN?

2010-11-10 Thread James Hill
I'd go with the TS/RD Gateway option.  It is very very easy to configure and 
just works imo.  TS/RD Gateway can be configured to allow members of security 
groups to only be able to rdp to certain machines etc.

We don't allow any VPN access as it just isn't necessary.
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, 11 November 2010 7:17 AM
To: NT System Admin Issues
Subject: Terminal Server or VPN?

In a few weeks (Dec 17th) we'll be having a massive work from home day  
(200-ish users, because we're moving our office to a different city) and we 
have the option of standing up some Terminal Servers or just running with VPN. 
Most users are expected to just want MS Office apps and Internet Explorer. 
Several (a couple dozen) will also want RDP access to their desktops.

We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up 
more 2008 TS servers. I have no experience setting up TS farms or getting them 
available for ability to his via Internet, although both of these appear to be 
pretty straightforward. I am also under the impression that TS via Internet 
uses less bandwidth than a straight-up VPN connection.

VPN is already established but we'll certainly have many users using their home 
PC that don't currently have VPN configured and would much rather have them 
connect via Terminal Server than install, configure and then connect an unknown 
system  - from a security/patched/AV standpoint - to VPN.

I think it's kind of six of one half dozen of another as far as overall effort, 
but I REALLY don't want unmanaged home PC's connecting via VPN...
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Terminal Server or VPN? Now TS on VM Q's too

2010-11-10 Thread David Lum
Andrew this is actually my thinking. Licensing is quite cheap (under $2K for 
100 seats), a purchase req got submitted this week - I am fortunate that $2K is 
quite small beans in light of the other costs of this move.

My next question is - given an 8CPU 64Gb RAM host system (times two), does it 
make sense to have more than 1 TS Server VM per physical host? ESX is the VM 
host softwware, so I don't know if it make sense to have 1 monster 64-bit VM 
per physical system or have 2-3 per. I'm thinking one big TS VM per side saves 
overhead of additional VM systems.

Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent, it 
doesn't cover VM's thoroughly enough to answer that question.

I have TS Web access working internaly, and a basic TS 2K8 server up, the 
practice I don't have is TS Gateway. I think I can get there in 3-4 weeks and 
have some testing time, but we'll see...

Dave




From: Andrew S. Baker [asbz...@gmail.com]
Sent: Wednesday, November 10, 2010 2:58 PM
To: NT System Admin Issues
Subject: Re: Terminal Server or VPN?

Sometimes you don't really have a choice, as it makes good business sense to 
allow it.

A VPN can be configured to allow appropriate-only access.  It does not have to 
be synonymous with a free-for-all connection.

The TS solution has licensing implications, as well.  Hopefully, 5 weeks is 
enough time for you to get the nuances of this solution in place.  I would 
recommend ensuring that the VPN is a viable plan B, in case there are some 
issues.  I can almost foresee that you'll be supporting both on the 17th...


ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker
Exploiting Technology for Business Advantage...




On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz 
malcolm.re...@live.commailto:malcolm.re...@live.com wrote:
I would never, ever, allow non-company-managed PCs to connect to our VPN. As 
you think, that’s just asking for all kinds of trouble.

Since most of your home users won’t have MS Office on their home PCs, they’ll 
get more done if you give them TS access to your standard corporate suite of 
applications. I’m not sure how you could give the users RDP to their actual 
desktop PCs if the PCs are in a moving van headed to your new offices.

-Malcolm

From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org]
Sent: Wednesday, November 10, 2010 15:17
To: NT System Admin Issues
Subject: Terminal Server or VPN?

In a few weeks (Dec 17th) we’ll be having a massive “work from home” day  
(200-ish users, because we’re moving our office to a different city) and we 
have the option of standing up some Terminal Servers or just running with VPN. 
Most users are expected to just want MS Office apps and Internet Explorer. 
Several (a couple dozen) will also want RDP access to their desktops.

We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up 
more 2008 TS servers. I have no experience setting up TS farms or getting them 
available for ability to his via Internet, although both of these appear to be 
pretty straightforward. I am also under the impression that TS via Internet 
uses less bandwidth than a straight-up VPN connection.

VPN is already established but we’ll certainly have many users using their home 
PC that don’t currently have VPN configured and would much rather have them 
connect via Terminal Server than install, configure and then connect an unknown 
system  - from a security/patched/AV standpoint - to VPN.

I think it’s kind of six of one half dozen of another as far as overall effort, 
but I REALLY don’t want unmanaged home PC’s connecting via VPN…
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Terminal Server or VPN? Now TS on VM Q's too

2010-11-10 Thread Andrew S. Baker
That beast of a box can support way more than 1 TS VM

Having a single VM gives you far more limited versatility should something
happen to that instance.  Having 4, for instance, would be much better, and
give you some flexibility.

We ran 6 TS VMs on a smaller system than yours (4x CPU, 32GB RAM) along with
other VMs, and performance was awesome.

As for licensing, remember to consider the apps that will be running on the
TS servers, not just the TS licenses themselves.


*ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker
*Exploiting Technology for Business Advantage...*
* *



On Wed, Nov 10, 2010 at 9:03 PM, David Lum david@nwea.org wrote:

  Andrew this is actually my thinking. Licensing is quite cheap (under $2K
 for 100 seats), a purchase req got submitted this week - I am fortunate that
 $2K is quite small beans in light of the other costs of this move.

 My next question is - given an 8CPU 64Gb RAM host system (times two), does
 it make sense to have more than 1 TS Server VM per physical host? ESX is the
 VM host softwware, so I don't know if it make sense to have 1 monster 64-bit
 VM per physical system or have 2-3 per. I'm thinking one big TS VM per side
 saves overhead of additional VM systems.

 Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent,
 it doesn't cover VM's thoroughly enough to answer that question.

 I have TS Web access working internaly, and a basic TS 2K8 server up, the
 practice I don't have is TS Gateway. I think I can get there in 3-4 weeks
 and have some testing time, but we'll see...

 Dave



  --
 *From:* Andrew S. Baker [asbz...@gmail.com]
 *Sent:* Wednesday, November 10, 2010 2:58 PM
 *To:* NT System Admin Issues
 *Subject:* Re: Terminal Server or VPN?

  Sometimes you don't really have a choice, as it makes good business sense
 to allow it.

  A VPN can be configured to allow appropriate-only access.  It does not
 have to be synonymous with a free-for-all connection.

  The TS solution has licensing implications, as well.  Hopefully, 5 weeks
 is enough time for you to get the nuances of this solution in place.  I
 would recommend ensuring that the VPN is a viable plan B, in case there are
 some issues.  I can almost foresee that you'll be supporting both on the
 17th...


   *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker
 *Exploiting Technology for Business Advantage...*
 * *



 On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.comwrote:

  I would never, ever, allow non-company-managed PCs to connect to our
 VPN. As you think, that’s just asking for all kinds of trouble.



 Since most of your home users won’t have MS Office on their home PCs,
 they’ll get more done if you give them TS access to your standard corporate
 suite of applications. I’m not sure how you could give the users RDP to
 their actual desktop PCs if the PCs are in a moving van headed to your new
 offices.



 -Malcolm



 *From:* David Lum [mailto:david@nwea.org]
 *Sent:* Wednesday, November 10, 2010 15:17
 *To:* NT System Admin Issues
 *Subject:* Terminal Server or VPN?



 In a few weeks (Dec 17th) we’ll be having a massive “work from home” day
  (200-ish users, because we’re moving our office to a different city) and we
 have the option of standing up some Terminal Servers or just running with
 VPN. Most users are expected to just want MS Office apps and Internet
 Explorer. Several (a couple dozen) will also want RDP access to their
 desktops.



 We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand
 up more 2008 TS servers. I have no experience setting up TS farms or getting
 them available for ability to his via Internet, although both of these
 appear to be pretty straightforward. I am also under the impression that TS
 via Internet uses less bandwidth than a straight-up VPN connection.



 VPN is already established but we’ll certainly have many users using their
 home PC that don’t currently have VPN configured and would much rather have
 them connect via Terminal Server than install, configure and then connect an
 unknown system  - from a security/patched/AV standpoint - to VPN.



 I think it’s kind of six of one half dozen of another as far as overall
 effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN…

 *David Lum** **// *SYSTEMS ENGINEER
 NORTHWEST EVALUATION ASSOCIATION
 (Desk) 971.222.1025 *// *(Cell) 503.267.9764






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin