I am thinking about having employees use a remote desktop connection to connect to the server running windows server 2008 r2 to access programs and run programs from the server. The majority of their work and time would be running on the actual server through the RDC. The number of clients would be somewhere around 10-15 total. I do plan on Installing some form of Anti-virus software however, I am skeptical as to whether or not I should allow users to browse the internet on the main server computer but I don't have any other logical alternatives besides having them minimize the remote session and browse on their client PC. The question is whether or not it is recommended, or safe to browse the web on the server? I know that I could allow only certain websites that are trusted but I don't want to jump into limiting employees to 10 total websites right away. If it is not recommended to use the server for web browsing what kind of alternative can I use to allow them free-range access to browse the web?
2 Answers
This is my opinion, but you should never be browsing the web from a server.
Can you? Yeah. Should you? Absolutely not.
If you want a proper set up for your users, you want to plan out either a virtual desktop infrastructure, or a RemoteApp deployment.
- 55,011
- 9
- 138
- 197
-
Ok, this is the reassurance that I was looking for because while I was trying to research this a little I couldn't really find anything that said specifically if you should or shouldn't. – user3841709 Nov 19 '14 at 15:43
-
I will look into VDI and remoteApp but quickly, do they act the same as RDC? will each user have to connect in essentially the same way as they would with RDC? – user3841709 Nov 19 '14 at 15:44
-
@user3841709 No they are separate, complex technologies of their own, and you'll want to do a lot of learning and testing if you want to deploy them. – Ryan Ries Nov 19 '14 at 15:45
-
Sounds good, this offers the alternative I was looking for and probably steering me away from doing something stupid like browsing the internet on the server. Just personally, do you have a preference between VDI and RemoteApp? – user3841709 Nov 19 '14 at 15:48
-
@user3841709 Browsing from a server is generally as safe as browsing from a client PC. (And hopefully we all realize how safe... or not... that is.) Difference and problem being that when you browse form a server, any infections or "data leakage" impacts all the users of the server, which is generally a lot more than you have on a client PC. – HopelessN00b Nov 19 '14 at 15:50
-
@HopelessN00b Yes that's true, I was also thinking about the fact that all of the data and files as well would be located mainly on the server and that an infection would then wipe out possibly all of the data rather than just data on one PC. – user3841709 Nov 19 '14 at 15:53
As @HopelessN00b stated, browsing the internet from a server is about as safe/risky as doing it from a client workstation. The difference being that the scope of impact of a malware infection, hack, etc. is potentially much greater on the server. That being said, you are running an RDS server whose purpose is to host user sessions and run user applications. Users browse the internet. Asking them to minimize their RDS session every time they need to browse the internet strikes me as inefficient and may impact their productivity if they need to browse the internet as part of their job or business process(es). Many users us web based tools and applications as more and more vendors put their applications "in the cloud" (QuickBooks Online being just one example).
My recommendation would be to sufficiently secure the server (AV software, user and software restrictions, etc.) and make sure you're backing it up completely and regularly.
- 108,377
- 6
- 80
- 171
-
Thanks for the answer. I have began looking into RemoteApp as @RyanRies suggested and It looks pretty good to me. Once I create an installer package and deploy it, the users won't know the difference that its a remote app and not running on their local machine. This will then allow me to let IE or google chrome run on their local machine without risking internet browsing on the server. One question I have that maybe you could answer, I don't know how much you know about RemoteApp but, If I have 10 RemoteApps each on 10 computers, does this cause any major performance issues? – user3841709 Nov 20 '14 at 13:32
-
On the Client PC's I mean, Since they are running on the server I know that it depends on the hardware of the server but will the remote connections cause the client PC to slow if say multiple remote programs are opened at once. – user3841709 Nov 20 '14 at 13:38
-
With multiple RemoteApp's running on each client you'll likely have more data traversing the network (server to client screen data and client to server keystrokes and mouse clicks) and you'll have more graphics redraws on the clients but I don't think that should be cause to worry. Granted, I haven't yet deployed RemoteApp yet so I'm basing this comment on my knowledge of RDS in general. I'm sure that there are optimizations done on the client and the server – joeqwerty Nov 20 '14 at 15:33
-
Yea I didn't really think about that at first but I will need to make sure my internet connection is stable and reliable so that it's not constantly being disconnected with a large number of remote connections right? – user3841709 Nov 20 '14 at 15:42
-
Any type of RDS session (Desktop or RemoteApp) is fairly intolerant of network issues, whether they be bandwidth saturation, latency, packet loss or whatever. You'll have issues with screen lag, delayed characters when typing, etc. – joeqwerty Nov 20 '14 at 16:12
-
Ok Thanks, I will start doing a lot more research on remoteApps and everything else I can find and go from there. – user3841709 Nov 20 '14 at 16:14
-