Re: Terminal Server or VPN?
On 10 Nov 2010 at 15:22, Joseph Heaton wrote: Bad weather event? wow, the rivers would have to be really over the banks for that to happen here in Sacramento. No snow, no tornados, man we don't get any of that fun stuff. Earthquake upgrades force temporary move for Sacramento's St. Francis elementary school http://www.sacbee.com/2010/07/06/2871970/earthquake-upgrades-force-temporary.html -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN?
You don't understand how this org things, which is probably a good thing... We'd still use the TS machines post-move, the move just accelerated my (and thus their) thought processes From: Jacob [mailto:ja...@excaliburfilms.com] Sent: Thursday, November 11, 2010 10:53 AM To: NT System Admin Issues Subject: RE: Terminal Server or VPN? Just one day.. I would just give them the day off. Too much of a headache for one day. We had to move back in April. We gave the employees Friday off, with pay, while us techs moved and setup all the workstations/servers/etc... We talked about having employees, like data entry, work from home. Just not with the extra time and effort. 80 employees. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 1:17 PM To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN? Now TS on VM Q's too
You're better of using more and smaller TS VM's per host. Given that SMP is a lie with todays Nehalem cpus, which are actually NUMA, scheduling a 4vcpu or larger VM will take more resources from the host. Might not be noticable if the host isn't loaded but also see the flexibility point that Andrew makes. -Anders On Thu, Nov 11, 2010 at 3:03 AM, David Lum david@nwea.org wrote: Andrew this is actually my thinking. Licensing is quite cheap (under $2K for 100 seats), a purchase req got submitted this week - I am fortunate that $2K is quite small beans in light of the other costs of this move. My next question is - given an 8CPU 64Gb RAM host system (times two), does it make sense to have more than 1 TS Server VM per physical host? ESX is the VM host softwware, so I don't know if it make sense to have 1 monster 64-bit VM per physical system or have 2-3 per. I'm thinking one big TS VM per side saves overhead of additional VM systems. Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent, it doesn't cover VM's thoroughly enough to answer that question. I have TS Web access working internaly, and a basic TS 2K8 server up, the practice I don't have is TS Gateway. I think I can get there in 3-4 weeks and have some testing time, but we'll see... Dave -- *From:* Andrew S. Baker [asbz...@gmail.com] *Sent:* Wednesday, November 10, 2010 2:58 PM *To:* NT System Admin Issues *Subject:* Re: Terminal Server or VPN? Sometimes you don't really have a choice, as it makes good business sense to allow it. A VPN can be configured to allow appropriate-only access. It does not have to be synonymous with a free-for-all connection. The TS solution has licensing implications, as well. Hopefully, 5 weeks is enough time for you to get the nuances of this solution in place. I would recommend ensuring that the VPN is a viable plan B, in case there are some issues. I can almost foresee that you'll be supporting both on the 17th... *ASB *(My XeeSM Profile) http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.comwrote: I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that’s just asking for all kinds of trouble. Since most of your home users won’t have MS Office on their home PCs, they’ll get more done if you give them TS access to your standard corporate suite of applications. I’m not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, November 10, 2010 15:17 *To:* NT System Admin Issues *Subject:* Terminal Server or VPN? In a few weeks (Dec 17th) we’ll be having a massive “work from home” day (200-ish users, because we’re moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we’ll certainly have many users using their home PC that don’t currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it’s kind of six of one half dozen of another as far as overall effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here
Re: Terminal Server or VPN? Now TS on VM Q's too
Have you looked at the TS / RD Gateway feature? It's essentially just SSL-encrypted RDP proxied through the Terminal Server. The TS licensing implications are the same as for 'regular' TS desktop users (each user or remote device requires a TS CAL), but it's dead simple to set up, and you literally don't have to do anything else for those who already have desktops they can remote in to. It might not be appropriate for you or this scenario, but it doesn't sound from your deliberations like you've considered it. The one gotcha that I know of pops up if you use a wildcart cert for SSL. In that scenario your remote clients must have the RDP client from XP SP3, Vista SP1, or 7. They will not be able to connect if they don't since earlier versions of the RDP client don't allow connections using wildcard certs. http://technet.microsoft.com/en-us/library/cc775357(WS.10).aspx http://technet.microsoft.com/en-us/library/cc775357(WS.10).aspx On Wed, Nov 10, 2010 at 9:03 PM, David Lum david@nwea.org wrote: Andrew this is actually my thinking. Licensing is quite cheap (under $2K for 100 seats), a purchase req got submitted this week - I am fortunate that $2K is quite small beans in light of the other costs of this move. My next question is - given an 8CPU 64Gb RAM host system (times two), does it make sense to have more than 1 TS Server VM per physical host? ESX is the VM host softwware, so I don't know if it make sense to have 1 monster 64-bit VM per physical system or have 2-3 per. I'm thinking one big TS VM per side saves overhead of additional VM systems. Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent, it doesn't cover VM's thoroughly enough to answer that question. I have TS Web access working internaly, and a basic TS 2K8 server up, the practice I don't have is TS Gateway. I think I can get there in 3-4 weeks and have some testing time, but we'll see... Dave -- *From:* Andrew S. Baker [asbz...@gmail.com] *Sent:* Wednesday, November 10, 2010 2:58 PM *To:* NT System Admin Issues *Subject:* Re: Terminal Server or VPN? Sometimes you don't really have a choice, as it makes good business sense to allow it. A VPN can be configured to allow appropriate-only access. It does not have to be synonymous with a free-for-all connection. The TS solution has licensing implications, as well. Hopefully, 5 weeks is enough time for you to get the nuances of this solution in place. I would recommend ensuring that the VPN is a viable plan B, in case there are some issues. I can almost foresee that you'll be supporting both on the 17th... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.comwrote: I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that’s just asking for all kinds of trouble. Since most of your home users won’t have MS Office on their home PCs, they’ll get more done if you give them TS access to your standard corporate suite of applications. I’m not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, November 10, 2010 15:17 *To:* NT System Admin Issues *Subject:* Terminal Server or VPN? In a few weeks (Dec 17th) we’ll be having a massive “work from home” day (200-ish users, because we’re moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we’ll certainly have many users using their home PC that don’t currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it’s kind of six of one half dozen of another as far as overall effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http
RE: Terminal Server or VPN? Now TS on VM Q's too
Yep that’s one item I am checking out now, thanks! Dave From: Richard Stovall [mailto:rich...@gmail.com] Sent: Thursday, November 11, 2010 3:29 AM To: NT System Admin Issues Subject: Re: Terminal Server or VPN? Now TS on VM Q's too Have you looked at the TS / RD Gateway feature? It's essentially just SSL-encrypted RDP proxied through the Terminal Server. The TS licensing implications are the same as for 'regular' TS desktop users (each user or remote device requires a TS CAL), but it's dead simple to set up, and you literally don't have to do anything else for those who already have desktops they can remote in to. It might not be appropriate for you or this scenario, but it doesn't sound from your deliberations like you've considered it. The one gotcha that I know of pops up if you use a wildcart cert for SSL. In that scenario your remote clients must have the RDP client from XP SP3, Vista SP1, or 7. They will not be able to connect if they don't since earlier versions of the RDP client don't allow connections using wildcard certs. http://technet.microsoft.com/en-us/library/cc775357(WS.10).aspx On Wed, Nov 10, 2010 at 9:03 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Andrew this is actually my thinking. Licensing is quite cheap (under $2K for 100 seats), a purchase req got submitted this week - I am fortunate that $2K is quite small beans in light of the other costs of this move. My next question is - given an 8CPU 64Gb RAM host system (times two), does it make sense to have more than 1 TS Server VM per physical host? ESX is the VM host softwware, so I don't know if it make sense to have 1 monster 64-bit VM per physical system or have 2-3 per. I'm thinking one big TS VM per side saves overhead of additional VM systems. Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent, it doesn't cover VM's thoroughly enough to answer that question. I have TS Web access working internaly, and a basic TS 2K8 server up, the practice I don't have is TS Gateway. I think I can get there in 3-4 weeks and have some testing time, but we'll see... Dave From: Andrew S. Baker [asbz...@gmail.commailto:asbz...@gmail.com] Sent: Wednesday, November 10, 2010 2:58 PM To: NT System Admin Issues Subject: Re: Terminal Server or VPN? Sometimes you don't really have a choice, as it makes good business sense to allow it. A VPN can be configured to allow appropriate-only access. It does not have to be synonymous with a free-for-all connection. The TS solution has licensing implications, as well. Hopefully, 5 weeks is enough time for you to get the nuances of this solution in place. I would recommend ensuring that the VPN is a viable plan B, in case there are some issues. I can almost foresee that you'll be supporting both on the 17th... ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.commailto:malcolm.re...@live.com wrote: I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that’s just asking for all kinds of trouble. Since most of your home users won’t have MS Office on their home PCs, they’ll get more done if you give them TS access to your standard corporate suite of applications. I’m not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Wednesday, November 10, 2010 15:17 To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we’ll be having a massive “work from home” day (200-ish users, because we’re moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we’ll certainly have many users using their home PC that don’t currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it’s kind of six of one half dozen of another as far as overall effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell
RE: Terminal Server or VPN?
Just one day.. I would just give them the day off. Too much of a headache for one day. We had to move back in April. We gave the employees Friday off, with pay, while us techs moved and setup all the workstations/servers/etc. We talked about having employees, like data entry, work from home. Just not with the extra time and effort. 80 employees. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 1:17 PM To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN?
Likewise 400 miles south on the I5 ;-) -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: Wednesday, November 10, 2010 3:22 PM To: NT System Admin Issues Subject: RE: Terminal Server or VPN? Bad weather event? wow, the rivers would have to be really over the banks for that to happen here in Sacramento. No snow, no tornados, man we don't get any of that fun stuff. David Lum david@nwea.org 11/10/2010 2:31 PM PC's will be online during the day of the 17th, the org is taking this opportunity to treat it as a bad weather event to simulate the weather being too bad for 95% of the folks to get into the office. From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Wednesday, November 10, 2010 1:50 PM To: NT System Admin Issues Subject: RE: Terminal Server or VPN? I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that's just asking for all kinds of trouble. Since most of your home users won't have MS Office on their home PCs, they'll get more done if you give them TS access to your standard corporate suite of applications. I'm not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 15:17 To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftwa re.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftwa re.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN? Now TS on VM Q's too
I am not a TS person and have only ever setup 1 pure TS in my career. I would advise looking at the recommendation from Project: Virtual Reality Check. They will give you unbiased info/data on what works best for configuration details. Project: VRC has gotten so influential that Microsoft, Citrix, VMware, HP and other vendors now use the VRC scripts for all their testing and design white papers. VMware has gotten burned by VRC in the past and had to fix major bugs in their software. Several VMware public fixes were originally private fixes specifically for TS issues that VRC found. Of course, the two guys heading up VRX are fellow CTPs! J Thanks Carl Webster Citrix Technology Professional http://dabcc.com/Webster From: David Lum [mailto:david@nwea.org] Subject: RE: Terminal Server or VPN? Now TS on VM Q's too Andrew this is actually my thinking. Licensing is quite cheap (under $2K for 100 seats), a purchase req got submitted this week - I am fortunate that $2K is quite small beans in light of the other costs of this move. My next question is - given an 8CPU 64Gb RAM host system (times two), does it make sense to have more than 1 TS Server VM per physical host? ESX is the VM host softwware, so I don't know if it make sense to have 1 monster 64-bit VM per physical system or have 2-3 per. I'm thinking one big TS VM per side saves overhead of additional VM systems. Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent, it doesn't cover VM's thoroughly enough to answer that question. I have TS Web access working internaly, and a basic TS 2K8 server up, the practice I don't have is TS Gateway. I think I can get there in 3-4 weeks and have some testing time, but we'll see... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN? Now TS on VM Q's too
Excellent reference point, thanks Carl! From: Webster [mailto:carlwebs...@gmail.com] Sent: Thursday, November 11, 2010 11:15 AM To: NT System Admin Issues Subject: RE: Terminal Server or VPN? Now TS on VM Q's too I am not a TS person and have only ever setup 1 pure TS in my career. I would advise looking at the recommendation from Project: Virtual Reality Check. They will give you unbiased info/data on what works best for configuration details. Project: VRC has gotten so influential that Microsoft, Citrix, VMware, HP and other vendors now use the VRC scripts for all their testing and design white papers. VMware has gotten burned by VRC in the past and had to fix major bugs in their software. Several VMware public fixes were originally private fixes specifically for TS issues that VRC found. Of course, the two guys heading up VRX are fellow CTPs! :) Thanks Carl Webster Citrix Technology Professional http://dabcc.com/Webster From: David Lum [mailto:david@nwea.org] Subject: RE: Terminal Server or VPN? Now TS on VM Q's too Andrew this is actually my thinking. Licensing is quite cheap (under $2K for 100 seats), a purchase req got submitted this week - I am fortunate that $2K is quite small beans in light of the other costs of this move. My next question is - given an 8CPU 64Gb RAM host system (times two), does it make sense to have more than 1 TS Server VM per physical host? ESX is the VM host softwware, so I don't know if it make sense to have 1 monster 64-bit VM per physical system or have 2-3 per. I'm thinking one big TS VM per side saves overhead of additional VM systems. Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent, it doesn't cover VM's thoroughly enough to answer that question. I have TS Web access working internaly, and a basic TS 2K8 server up, the practice I don't have is TS Gateway. I think I can get there in 3-4 weeks and have some testing time, but we'll see... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
Did the 'talent' get the day off with pay too? :-) On 11/11/10, Jacob ja...@excaliburfilms.com wrote: Just one day.. I would just give them the day off. Too much of a headache for one day. We had to move back in April. We gave the employees Friday off, with pay, while us techs moved and setup all the workstations/servers/etc. We talked about having employees, like data entry, work from home. Just not with the extra time and effort. 80 employees. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 1:17 PM To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
Did the 'talent' get the day off with pay too? :-) On 11/11/10, Jacob ja...@excaliburfilms.com wrote: Just one day.. I would just give them the day off. Too much of a headache for one day. We had to move back in April. We gave the employees Friday off, with pay, while us techs moved and setup all the workstations/servers/etc. We talked about having employees, like data entry, work from home. Just not with the extra time and effort. 80 employees. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 1:17 PM To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
Their work is already in the can, as it were. On Thu, Nov 11, 2010 at 6:20 PM, Andrew Laya andrew.l...@gmail.com wrote: Did the 'talent' get the day off with pay too? :-) On 11/11/10, Jacob ja...@excaliburfilms.com wrote: Just one day.. I would just give them the day off. Too much of a headache for one day. We had to move back in April. We gave the employees Friday off, with pay, while us techs moved and setup all the workstations/servers/etc. We talked about having employees, like data entry, work from home. Just not with the extra time and effort. 80 employees. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 1:17 PM To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
I think they're on a break. Probably having fluffernutters. On Thu, Nov 11, 2010 at 6:38 PM, Jonathan Link jonathan.l...@gmail.comwrote: Their work is already in the can, as it were. On Thu, Nov 11, 2010 at 6:20 PM, Andrew Laya andrew.l...@gmail.comwrote: Did the 'talent' get the day off with pay too? :-) On 11/11/10, Jacob ja...@excaliburfilms.com wrote: Just one day.. I would just give them the day off. Too much of a headache for one day. We had to move back in April. We gave the employees Friday off, with pay, while us techs moved and setup all the workstations/servers/etc. We talked about having employees, like data entry, work from home. Just not with the extra time and effort. 80 employees. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 1:17 PM To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
Might be a good chance to get up to speed on TS. We have a TS 2008 farm here, but I'm moving those servers to XenApp. It worked fine, although I had some issues with wildcard certificates. I think that was an issue with the version and is not presented in 2008 R2 from what I understand. Use the Gateway role to expose your TS system to the Internet and you'll be fine. We make the remote desktop icon available to those persons who wish to connect to their PCs via Terminal Services. Get thee the Terminal Services 2008 Resource Kit. It's excellent. Tom David Lum david@nwea.org 11/10/2010 4:17 PM In a few weeks (Dec 17th) we’ll be having a massive “work from home” day (200-ish users, because we’re moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we’ll certainly have many users using their home PC that don’t currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it’s kind of six of one half dozen of another as far as overall effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN?
I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that's just asking for all kinds of trouble. Since most of your home users won't have MS Office on their home PCs, they'll get more done if you give them TS access to your standard corporate suite of applications. I'm not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 15:17 To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
If their PCs are available for remoting into, just use TS Gateway on the 2008 terminal server. (I think it's called RD Gateway on R2). It's really easy to configure and there's nothing else to do. On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.comwrote: I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that’s just asking for all kinds of trouble. Since most of your home users won’t have MS Office on their home PCs, they’ll get more done if you give them TS access to your standard corporate suite of applications. I’m not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, November 10, 2010 15:17 *To:* NT System Admin Issues *Subject:* Terminal Server or VPN? In a few weeks (Dec 17th) we’ll be having a massive “work from home” day (200-ish users, because we’re moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we’ll certainly have many users using their home PC that don’t currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it’s kind of six of one half dozen of another as far as overall effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN?
PC's will be online during the day of the 17th, the org is taking this opportunity to treat it as a bad weather event to simulate the weather being too bad for 95% of the folks to get into the office. From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Wednesday, November 10, 2010 1:50 PM To: NT System Admin Issues Subject: RE: Terminal Server or VPN? I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that's just asking for all kinds of trouble. Since most of your home users won't have MS Office on their home PCs, they'll get more done if you give them TS access to your standard corporate suite of applications. I'm not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 15:17 To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
My preference would be for a good web-based SSL VPN solution. For your size of environment, SonicWall has some nice appliances that allow ActiveX and Java apps (so that even folks with Mac and *Nix boxes can get in) that provide a great RDP session interface in a web browser, as well as file directory access, ssh terminal sessions, etc. I'm sure other vendors have equivalent offerings, but haven't played with them. The Sonicwall 2000 unit I have was really easy to set up, too. However, I disable the tunnel connectivity, because of the risk from home PCs. The thought of someone starting a random PC out in the world and downloading the app that gives them a tunnel into my network makes me shudder. OTOH, I haven't played with TS under Win2k8, so can't comment on the facilities available natively. Kurt On Wed, Nov 10, 2010 at 13:17, David Lum david@nwea.org wrote: In a few weeks (Dec 17th) we’ll be having a massive “work from home” day (200-ish users, because we’re moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we’ll certainly have many users using their home PC that don’t currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it’s kind of six of one half dozen of another as far as overall effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
Have you considered something like LogMeIn for remote access? Perhaps a trial during the month of December so you can cover that one day. Roger Wright ___ Life isn't like a box of chocolates. It's more like a jar of jalapenos: what you do today might burn your butt tomorrow. On Wed, Nov 10, 2010 at 4:17 PM, David Lum david@nwea.org wrote: In a few weeks (Dec 17th) we’ll be having a massive “work from home” day (200-ish users, because we’re moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we’ll certainly have many users using their home PC that don’t currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it’s kind of six of one half dozen of another as far as overall effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
Sometimes you don't really have a choice, as it makes good business sense to allow it. A VPN can be configured to allow appropriate-only access. It does not have to be synonymous with a free-for-all connection. The TS solution has licensing implications, as well. Hopefully, 5 weeks is enough time for you to get the nuances of this solution in place. I would recommend ensuring that the VPN is a viable plan B, in case there are some issues. I can almost foresee that you'll be supporting both on the 17th... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.comwrote: I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that’s just asking for all kinds of trouble. Since most of your home users won’t have MS Office on their home PCs, they’ll get more done if you give them TS access to your standard corporate suite of applications. I’m not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, November 10, 2010 15:17 *To:* NT System Admin Issues *Subject:* Terminal Server or VPN? In a few weeks (Dec 17th) we’ll be having a massive “work from home” day (200-ish users, because we’re moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we’ll certainly have many users using their home PC that don’t currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it’s kind of six of one half dozen of another as far as overall effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN?
Bad weather event? wow, the rivers would have to be really over the banks for that to happen here in Sacramento. No snow, no tornados, man we don't get any of that fun stuff. David Lum david@nwea.org 11/10/2010 2:31 PM PC's will be online during the day of the 17th, the org is taking this opportunity to treat it as a bad weather event to simulate the weather being too bad for 95% of the folks to get into the office. From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Wednesday, November 10, 2010 1:50 PM To: NT System Admin Issues Subject: RE: Terminal Server or VPN? I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that's just asking for all kinds of trouble. Since most of your home users won't have MS Office on their home PCs, they'll get more done if you give them TS access to your standard corporate suite of applications. I'm not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 15:17 To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN?
Yours are mostly economic events! Webster -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Subject: RE: Terminal Server or VPN? Bad weather event? wow, the rivers would have to be really over the banks for that to happen here in Sacramento. No snow, no tornados, man we don't get any of that fun stuff. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN?
I'd laugh, but it just hurts too much :( At least we're down to about a 10% reduction, with a 5% pay cut, a 3% increase in contributions to our retirement, and an increase in benefit premiums. 12 months from now, the 5% pay cut is supposed to go away, but we'll see. It's pretty sad when a decrease in the amount lost seems like a raise... Webster carlwebs...@gmail.com 11/10/2010 3:33 PM Yours are mostly economic events! Webster -Original Message- From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Subject: RE: Terminal Server or VPN? Bad weather event? wow, the rivers would have to be really over the banks for that to happen here in Sacramento. No snow, no tornados, man we don't get any of that fun stuff. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
What about earthquakes? On Wednesday, November 10, 2010, Joseph Heaton jhea...@dfg.ca.gov wrote: Bad weather event? wow, the rivers would have to be really over the banks for that to happen here in Sacramento. No snow, no tornados, man we don't get any of that fun stuff. David Lum david@nwea.org 11/10/2010 2:31 PM PC's will be online during the day of the 17th, the org is taking this opportunity to treat it as a bad weather event to simulate the weather being too bad for 95% of the folks to get into the office. From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Wednesday, November 10, 2010 1:50 PM To: NT System Admin Issues Subject: RE: Terminal Server or VPN? I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that's just asking for all kinds of trouble. Since most of your home users won't have MS Office on their home PCs, they'll get more done if you give them TS access to your standard corporate suite of applications. I'm not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 15:17 To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN?
Not here in Sacramento. I hear California is overdue for a really big quake though. Jonathan Link jonathan.l...@gmail.com 11/10/2010 4:07 PM What about earthquakes? On Wednesday, November 10, 2010, Joseph Heaton jhea...@dfg.ca.gov wrote: Bad weather event? wow, the rivers would have to be really over the banks for that to happen here in Sacramento. No snow, no tornados, man we don't get any of that fun stuff. David Lum david@nwea.org 11/10/2010 2:31 PM PC's will be online during the day of the 17th, the org is taking this opportunity to treat it as a bad weather event to simulate the weather being too bad for 95% of the folks to get into the office. From: Malcolm Reitz [mailto:malcolm.re...@live.com] Sent: Wednesday, November 10, 2010 1:50 PM To: NT System Admin Issues Subject: RE: Terminal Server or VPN? I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that's just asking for all kinds of trouble. Since most of your home users won't have MS Office on their home PCs, they'll get more done if you give them TS access to your standard corporate suite of applications. I'm not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 10, 2010 15:17 To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN?
I'd go with the TS/RD Gateway option. It is very very easy to configure and just works imo. TS/RD Gateway can be configured to allow members of security groups to only be able to rdp to certain machines etc. We don't allow any VPN access as it just isn't necessary. From: David Lum [mailto:david@nwea.org] Sent: Thursday, 11 November 2010 7:17 AM To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we'll be having a massive work from home day (200-ish users, because we're moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we'll certainly have many users using their home PC that don't currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it's kind of six of one half dozen of another as far as overall effort, but I REALLY don't want unmanaged home PC's connecting via VPN... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Terminal Server or VPN? Now TS on VM Q's too
Andrew this is actually my thinking. Licensing is quite cheap (under $2K for 100 seats), a purchase req got submitted this week - I am fortunate that $2K is quite small beans in light of the other costs of this move. My next question is - given an 8CPU 64Gb RAM host system (times two), does it make sense to have more than 1 TS Server VM per physical host? ESX is the VM host softwware, so I don't know if it make sense to have 1 monster 64-bit VM per physical system or have 2-3 per. I'm thinking one big TS VM per side saves overhead of additional VM systems. Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent, it doesn't cover VM's thoroughly enough to answer that question. I have TS Web access working internaly, and a basic TS 2K8 server up, the practice I don't have is TS Gateway. I think I can get there in 3-4 weeks and have some testing time, but we'll see... Dave From: Andrew S. Baker [asbz...@gmail.com] Sent: Wednesday, November 10, 2010 2:58 PM To: NT System Admin Issues Subject: Re: Terminal Server or VPN? Sometimes you don't really have a choice, as it makes good business sense to allow it. A VPN can be configured to allow appropriate-only access. It does not have to be synonymous with a free-for-all connection. The TS solution has licensing implications, as well. Hopefully, 5 weeks is enough time for you to get the nuances of this solution in place. I would recommend ensuring that the VPN is a viable plan B, in case there are some issues. I can almost foresee that you'll be supporting both on the 17th... ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.commailto:malcolm.re...@live.com wrote: I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that’s just asking for all kinds of trouble. Since most of your home users won’t have MS Office on their home PCs, they’ll get more done if you give them TS access to your standard corporate suite of applications. I’m not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Wednesday, November 10, 2010 15:17 To: NT System Admin Issues Subject: Terminal Server or VPN? In a few weeks (Dec 17th) we’ll be having a massive “work from home” day (200-ish users, because we’re moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we’ll certainly have many users using their home PC that don’t currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it’s kind of six of one half dozen of another as far as overall effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Terminal Server or VPN? Now TS on VM Q's too
That beast of a box can support way more than 1 TS VM Having a single VM gives you far more limited versatility should something happen to that instance. Having 4, for instance, would be much better, and give you some flexibility. We ran 6 TS VMs on a smaller system than yours (4x CPU, 32GB RAM) along with other VMs, and performance was awesome. As for licensing, remember to consider the apps that will be running on the TS servers, not just the TS licenses themselves. *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Nov 10, 2010 at 9:03 PM, David Lum david@nwea.org wrote: Andrew this is actually my thinking. Licensing is quite cheap (under $2K for 100 seats), a purchase req got submitted this week - I am fortunate that $2K is quite small beans in light of the other costs of this move. My next question is - given an 8CPU 64Gb RAM host system (times two), does it make sense to have more than 1 TS Server VM per physical host? ESX is the VM host softwware, so I don't know if it make sense to have 1 monster 64-bit VM per physical system or have 2-3 per. I'm thinking one big TS VM per side saves overhead of additional VM systems. Thoughts, comments? I do have the 2008 TS Resource Kit and while excellent, it doesn't cover VM's thoroughly enough to answer that question. I have TS Web access working internaly, and a basic TS 2K8 server up, the practice I don't have is TS Gateway. I think I can get there in 3-4 weeks and have some testing time, but we'll see... Dave -- *From:* Andrew S. Baker [asbz...@gmail.com] *Sent:* Wednesday, November 10, 2010 2:58 PM *To:* NT System Admin Issues *Subject:* Re: Terminal Server or VPN? Sometimes you don't really have a choice, as it makes good business sense to allow it. A VPN can be configured to allow appropriate-only access. It does not have to be synonymous with a free-for-all connection. The TS solution has licensing implications, as well. Hopefully, 5 weeks is enough time for you to get the nuances of this solution in place. I would recommend ensuring that the VPN is a viable plan B, in case there are some issues. I can almost foresee that you'll be supporting both on the 17th... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Wed, Nov 10, 2010 at 4:49 PM, Malcolm Reitz malcolm.re...@live.comwrote: I would never, ever, allow non-company-managed PCs to connect to our VPN. As you think, that’s just asking for all kinds of trouble. Since most of your home users won’t have MS Office on their home PCs, they’ll get more done if you give them TS access to your standard corporate suite of applications. I’m not sure how you could give the users RDP to their actual desktop PCs if the PCs are in a moving van headed to your new offices. -Malcolm *From:* David Lum [mailto:david@nwea.org] *Sent:* Wednesday, November 10, 2010 15:17 *To:* NT System Admin Issues *Subject:* Terminal Server or VPN? In a few weeks (Dec 17th) we’ll be having a massive “work from home” day (200-ish users, because we’re moving our office to a different city) and we have the option of standing up some Terminal Servers or just running with VPN. Most users are expected to just want MS Office apps and Internet Explorer. Several (a couple dozen) will also want RDP access to their desktops. We have 3 TS servers now (1 2K8, 2 W2K3) but have the capability to stand up more 2008 TS servers. I have no experience setting up TS farms or getting them available for ability to his via Internet, although both of these appear to be pretty straightforward. I am also under the impression that TS via Internet uses less bandwidth than a straight-up VPN connection. VPN is already established but we’ll certainly have many users using their home PC that don’t currently have VPN configured and would much rather have them connect via Terminal Server than install, configure and then connect an unknown system - from a security/patched/AV standpoint - to VPN. I think it’s kind of six of one half dozen of another as far as overall effort, but I REALLY don’t want unmanaged home PC’s connecting via VPN… *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin