Flu Season - Remote Office Users

Question

I have been tasked with the need for our employees to work from home if they are even feeling remotely sick. I work for a small business and if a few people are out sick that will put a large dent into our ability to serve our customers efficiently...

So a quick and dirty fix would be to have our VPN software on a CD to send home with them and set them up with a RDP connection to their desktops. This would be the quick and dirty way to do it with little to no cost, but not a solution.

I have been looking into to virtual desktops. I have been planning on doing this anyway to reduce the amount of hardware we have running thats not being used as well as keeping the desktops central. Not to mention the energy savings, speed (compared to what they have now), administrative time, and so on...

So, what solutions would you recommend for employees to have the option to work from home? This will not include phones.

Windows XP Desktops
Cisco IPSEC VPN & SSL VPN

Answer 1

Unless I'm reading you wrong, it sounds like you're having them install the VPN software on their home machines in order to connect up and RDP in? You have no control over what makes it onto a home PC and then once it's connected to your network you're in for trouble. If this is the case then I would HIGHLY advise against this.

Personally, I would invest in a couple of laptops that you can image with your VPN software (the Cisco client is great) and loan out. Even a low-cost machine will be sufficient for someone to VPN in and RDP into a desktop/terminal server. This way you're in control of the image and can set it to suit your environment with regards to OS, Antivirus, VPN config, etc.

If I'm reading this wrong, then please ignore my incessant rambling! :)

Answer 2

SonicWALL SSL VPN Appliance. They're pretty easy to configure and end-users just use their web browser to connect over the internet to the appliance. Sure beats messing around with installing and configuring IPsec clients.

From there users can launch an RDP session to connect to your terminal server (if you have one) or their work machine.

They have a demo site to see it in action.

Answer 3

A terminal server or RDP to the existing desktop machines is probably the way to go. You've already got a VPN solution that will be more than sufficient.

I'd argue that you've got to control the client devices in the homes. Setting aside the possibility of malware that might try and access your network (which can be mitigated to a great degree by filtering the incoming VPN traffic down to RDP only), nasty stuff like keyloggers, remote control backdoors, and screen capturing programs are a major risk.

This might be a great application for those horriffic little "Netbook" PCs, or those super-lightweight desktop computers like the Asus EEE Box! Who cares if it has only a Windows XP Home Edition license or 1GB of RAM. Just make sure the user doesn't have "Administrator" rights (so they can't junk it up), and lock it down so that it's forced into being a lean, mean, VPN and RDP client machine (w/ a local printer attached, possibly... people will just have to print... >grumble<).

Answer 4

Citrix! I can't believe that no one has recommended it yet! This is the perfect opportunity to recommend to your CEO the benefits of your remote users being able to go to one website, login with their credentials and have their entire system available to them. There will be some initial costs, but next flu season everyone will be ready to just login from hom and continue working. Also it saves the enourmous problems of users calling you up asking VPN setup questions... who knows what they are running, firewall settings, etc. Citrix is the answer. :)

Answer 5

There are several ways to skin this cat.

If you are looking to set them up with "virtual desktops" then a terminal server + VPN would do the trick. The good side to this is that they will have secure access to a centralized server, with centralized management. The downside is that you need to train them on VPN client access [good luck!].

If you are willing to keep them on their local desktops, I would highly recommend LogMeIn. They have a "free" version without file transfer, remote sound, and remote printing. Their Pro^2 version includes all of that and is only about $50-$70 a year (depending on how many licenses you have). The ease of use for the end-user and the simplicity for you to install it on their PCs will make it well worth the money.

You could also do this for free with a VPN+VNC solution, but take my word on this, putting the money into LogMeIn (or other competing remote desktop solution) is well worth it.

Answer 6

I went thru the same path recently where one of the top executives of my company wanted a home PC(not domain managed) to connect to office remotely and use his TWO computers(which has 3 monitors).

Server side: We use Juniper's WebVPN and setup a user role to map the office PC to a local loopback address using secure applications manager.

hostname1.domain.com:3389

is mapped to

127.0.10.11:8891

(the port number is the office extension and was available). Similarly for other PCs and users.

Remote user side: The user working from home will log on to WebVPN and start the Java Application. Once started, he/she can open mstsc.exe /span (/multimon for windows 7) and connect to 127.0.10.11:8891.

Windows XP users might have issue with spanning across multiple monitors, when you maximize a window it will stretch across all monitors. In that case, use SplitView.

Recommendation: WebVPN is much better than RRAS or client-based solution. You can setup many applications to stream thru VPN without needing to install it locally.

Manage Home PC over Internet:(If you have a situation like me) In order to manage the remote home PC over internet, we used a NetSupport with Gateway enabled feature. Configure Netsupport gateway on the DMZ server(preferably windows) and edit firewall rules to allow traffic over internet. On home PC setup the http communication to the public IP or DNS address. Then you can connect NetSuport console to the remote gateway and just connect to the PC over internet. It communicates over HTTPS.

We looked at MS Intune for this, but it doesn't allow unattended RDP which we needed as the executive might just walk-in and say, please fix my home PC. :/

Answer 7

If the desktops are not centralized (yet) I would recommend using Remote Desktop.

But, if you're wanting a quick and easy solution to use right now. How about installing Teamviewer onto each PC? It works well and all they need is the Teamviewer client software to login to their work PC.

If you turn off PC's overnight then when they call in sick they just need to ask for their PC to be switched on.

Answer 8

SunRays + a VPN concentrator they know how to use (I know that Cisco VPN works on them). Relatively easy to set up, low cost per user (compared to sending laptops home).

Answer 9

It best solution depends a lot on how the staff normally work and the applications they require but here are a few options.

1. VPN in and use their laptop or home PC
2. Use Terminal Services if you have that available already or can get it up quickly
3. RDP to their normal workstations through the VPN

Answer 10

If you're doing RDP over VPN and you're concerned about bandwidth usage then be sure to configure their RDP client to use minimal colors and no sounds. It's amazing the amount of bandwidth 32bit color eats up.