Call for Remote Access Solutions
Dec 9th, 2007 by Alex
I’ve got to research some options for remote access. The goal is to provide a Windows-based application — which is rather expensive to license and tedious to manage per-seat — to a group of remote users. The licensing is all taken care of from my perspective, so the remaining requirements are as follows.
- Sessions must be encrypted.
- Sessions must be initiated with minimal setup by the user.
- Multiple users need to be supported, preferably at the same time.
- Cost is a factor, the preference being to setup something and not have recurring cost (such as monthly service fees).
RealVNC is simple but decidedly out. The personal version doesn’t support encryption and the enterprise version is out due to the multi-user requirement.
The client suggested GoToMyPC. I believe it is a Citrix-based service, but I need to check their ability to support simultaneous users. Fog Creek Copilot is a possibility for technicial support, but I don’t think it’ll support users. I still want to try it out for its usefulness to me (cleaning PCs remotely, providing support, etc). Then there’s the “standard” Windows Terminal Services setup which is a bit tedious (and potentially pricey considering how many concurrent users they want to support) to setup initially but will work.
Update: My obscurity mindset was light on details earlier. The “server” will be located on a compartmentalized network, isolated from other systems and network resources. For all possible solutions no access to the other systems on the network will be permitted. Even if the system were compromised, the only thing it would be able to affect would be the upstream ISP. I hadn’t overlooked the security aspects of the possible solutions, but have to weigh them against the other factors (such as ease of maintenance, support, etc).
To the technically saavy readers/lurkers out there, are there any other tried-and-true options that you’ve used?
![[del.icio.us]](http://www.moundalexis.com/images/delicious.png){kind=small}
Have you considered Multi User Desktop? Although not as robust as Terminal Services it might get the job done. Additionally if you find a solution that works well, but doesn’t have the security you need, you could run the remote access by tunneling over SSH. I currently the built-in Remote Desktop Connection over SSH if I need to access my desktop while at work or on the road.
Do your users need a remote desktop or just remote connectivity to your network? I’m guessing based on you mentioning RealVNC & GoToMyPC they need the latter.
I haven’t looked into GoToMyPC but from a security perspective I would be leery of it on the face of it. Does it potentially expose any of your data to eves-dropping on the part of GoToMyPC? Do you really want to trust a 3rd party with the potential ability to access your network? That is just my gut reaction.
If RealVNC meets your bill in all respects minus securing the communication, you might consider setting up some more generic VPN solution and allow users to use RealVNC through it. Using a generic VPN is also a more resilient solution to future remote connectivity needs. Will the client need remote access to a unix box next year? what about Apples? a VPN can allow this access….GoToMyPC can’t.
just my 2 bit opinions.
Have you tested that this application is able to sustain concurrent use by multiple users?
How advanced is your user community? RDP/Terminal services seems like the most user-friendly way of providing this access that I’ve used for Windows (and it does a great job of fitting into available bandwidth).
Paul: They need the ability to run the app. That’s it. No other access to the network besides the application (that runs locally on the server). Third party access is a double-edged sword; on one hand yes it is possible (depending on their implementation) that they’d have access to the client data, but on the other hand support is included and they can be called upon to troubleshoot/support the remote connection itself. For a VPN to work, the traffic would have to be routed back to the server itself. Good points on the client’s OS, hadn’t considered that.
Mike: No I have not tested it, but I know that it can be used on multiple computers accessing a central data repository without issue. Worst case is it doesn’t support it and we’d only able to support one user at a time, while not preferred that’d be an acceptable result. Skills of the user community are an unknown quantity to me, but if they lack the expertise to configure the program locally… you get the idea.
I am glad I waited to comment on this post, as there were some questions I had about what was being done here.
Obviously, if the world were perfect, you would go with a Citrix solution that would either provide secure access to user desktops and/or publish the application that you need access to securely.
I really think the most direct and easiest way to do this would be to use TS to publish the application. I know the feeling of wanting to go the cost-effective route, but TS is going to work for the majority of users who require access to this application. The only issue I can see here is the resource requirements on the TS box–more users accessing the application means a beefy box from a memory/processor viewpoint.