DIY: VPN vs. Terminal Services in a Windows Server 2003 environment

Jack Wallen offers a TechRepublic member advice about whether it's better to use a VPN or a terminal server to set up a remote access solution for a Windows Server 2003 environment.

Here's a question I recently received from a TechRepublic member. After you read my answer, please post any additional tips you have for the member in the discussion.

Q: First of all, thanks for this segment. It comes in handy. My question is related to a Win2K3 environment. I want to set up a server, so my customers can access their part remotely. Let's say, they have QuickBooks on the server. This way, I can manage a couple of servers from one point. Which is the best solution, VPN or Terminal Services? All ideas are welcomed. A: The answer to this question is not that simple; you need to consider how much security you need vs. how much security you trust your users with. But even with all of the possible variables, I want to focus on the one tangible piece of information that very much changes the equation: QuickBooks. I can say with 100 % certainty that you do not want your QuickBooks data file being written to over a VPN. QuickBooks might be one of the most sensitive applications I have ever worked with. The slightest hiccup in a network can cause a lost connection with the data server, and it can also cause data loss or corruption.

With QuickBooks out of the equation, then I would say the choice could be based on one very simple factor: Does your terminal server live on a WAN or within a LAN? If there is no public access, then a VPN will be required just to gain access to the machine with the LAN. If there is a machine that has an external IP (or traffic can be routed to that machine from the WAN), then allow those users to have access to a terminal server.

What I like about the terminal server option is that it will allow you to control what applications the user has access to while on your network. If you want those users to use only specific applications, you should install only those applications and lock out the ability for users to install applications.

Ask Jack: If you have a DIY question, email it to me, and I'll do my best to answer it. (Read guidelines about submitting DIY questions.)


Jack Wallen is an award-winning writer for TechRepublic and He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website

Editor's Picks