General discussion

  • Creator
    Topic
  • #2267829

    Terminal Services or VPN

    Locked

    by chilli_willie ·

    We are launching a new POS software and the company does not support a multi-location practice. They did go as far as to recommend using termina services as the method of allowing the remote office to access the data on the server. I have static IP’s in each office and I think I can setup Terminal Services, but I dont know how to set it all up to allow 2 people in the same software (being that my boss is cheap and is using the server as a workstation for the software as well)

All Comments

  • Author
    Replies
    • #2490474

      Cutting corners will only hurt you later. Implement a Citrix Solution

      by why me worry? ·

      In reply to Terminal Services or VPN

      and you won’t have to worry about terminal services. I think your boss is assuming that Windows NT 4.0 is still the defacto server O/S if he is implying that you use terminal services. If you need to provide remote access to Windows based applications, setup a Citrix Solution that allows for remote access over a web browser into a secure and encrypted Citrix session. Yes, it will cost you, but it’s better that going the cheap ad hoc way of providing unsecure remote access over a connection that wasn’t designed for the intended purpose.

    • #2510460

      Duplicate Post – Please ignore

      by alex ·

      In reply to Terminal Services or VPN

      Duplicate Post – Please ignore

    • #2510459

      Cheap, Simple, Low Cost Solution

      by alex ·

      In reply to Terminal Services or VPN

      Hi,

      First off, confirm that the software this company uses is actually a multi user software. If not, maybe its time to find a new piece software or new software vendor.

      Terminal Services allow multiple users to connect to the same Termial Server simultaneously. So they can basically run almost every application that a desktop user (a.k.a. console user) can.

      Secondly I can only assume that being connected to the Internet means that you have some type of firewall implemented. If so, you can simply add a rule to allow Terminal service connections only from the IP YOU SPECIFY using NAT to tunnel directly to your Terminal Server’s Port (whether this be an IP address from the remote office, or the Bosses home, etc…).

      This method locks down Terminal Service connections only from Static IP’s that you have specified, not allowing anonymous access from other IP’s.

      If not, then you’ll need to either adopt a firewall to suite this practice, or do as others may do, and use encryption+authentication over the remote desktop connection (either citrix or vpn).

      Using Windows Server 2000 or above, you can allow VPN users PTPP access or Lan – to – Lan IPSEC access. Although this is probably best left upto the network hardware.

      Finally, You’ll need to verify your means if you want to keep the costs down. Otherwise splurge out on some extra proprietary hardware and/or software. Worst case scenario consider Outsourcing.

      Hope this helps!

      • #2510400

        Inexpensive Remote Access

        by dailogle ·

        In reply to Cheap, Simple, Low Cost Solution

        We use Terminal Services along with Cisco Pix Firewalls to connect all of our locations. Best decision I ever made.

        The Pix 501 allows up to 10 networks to be connected together by IPSEC VPN simultaneously. They come in different packages with 10 to 50 vpn sessions and 50 to unlimited internet connections. I agree with Alex that this sort of thing is best left to hardware. You may need help from an outside vendor to set this up but once in place its pretty trouble free.

        This setup works fine over DSL internet access. You do of course need to have static IP addresses at all the locations.

        Then using Terminal Services on Windows 2000 or 2003 server, users can access programs at pretty much the same speed as the local network. There’s a good bit of flexibility with this too as you can restrict them to just one program that starts as soon as they connect and ends when they disconnect, or let them see the desktop so they can run multiple programs.

        There are some printing issues with Terminal Services, due to there being different printer driver names between server operating systems and desktop OS’s. This can be overcome with a list that tells the server which driver to use when it encounters a different driver name. In some cases you may have to share the printer on the client’s computer and map to it on the server. Then the remote user can set their printer as default inside their terminal services session. Lots of documentation on this on the internet.

        Your boss will not notice when the remote users are running the programs, even if he is using the server as a workstation like you said.

        For 2 locations, this could be done for around $1,500.00 including outside support costs.

        Good luck!

        • #2498115

          Sure could use some printer help here

          by mikeaaaaaaaaa9 ·

          In reply to Inexpensive Remote Access

          I am using TriCerats license (a $1500 pop) and wouldn’t mind some help on how you accomplish this “”This can be overcome with a list that tells the server which driver to use when it encounters a different driver name. In some cases you may have to share the printer on the client’s computer and map to it on the server. Then the remote user can set their printer as default inside their terminal services session.””

        • #2494514

          Simplify Printer Management

          by alex ·

          In reply to Sure could use some printer help here

          Personally I discourage printers connected directly to workstations, they tend to be harder to manage.

          What I’d do in a situation like this is:

          – Try to keep the printers as standard as possible (eg. all same brand, similar models that use similar drivers) [i know its probably too late]

          – Since you run a network; its time to put the printers on the network (give the port an IP address). Buying a simple print server or connecting the printers to a Windows Server are the best options here. (remeber, you want to manage the printers. [google: ip printing])

          – Once printers are on the network, share them on the local server (Local Print Server), so that they may be accessed by all local clients, and the remote Termial Server.

          – Create a network printer on the remote Terminal Server, that sends jobs over IP to the Local Print Server (if your cluey enough, you can set Quality of Service (QoS) over the network so it doesnt overkill your bandwidth)

          – Print test page from remote Terminal Server to Local Print Server

          – Create a group policy to deny automatic printer mapping from originating clients

          – Map printers for local users when connected to the remote Terminal Server (group policy or manually)

          – Test page from Terminal Server user (Optional for debuging purposes)

          – Use SNMP to monitor the printers page throughput and other fancy statistics. (Optional)

          Now you can directly manage printers and each queue, without restoring to desktop violence.

          — If you can’t be bothered or dont know how, I suggest you stick to paying the $1800.

    • #2510397

      Terminal Services all the way…

      by support ·

      In reply to Terminal Services or VPN

      Hi, I am the IT guy at an equipment rental / hardware store and our proprietary rental software is the same way. It does not offer multi location connectivity. Our solution was to get a windows 2003 server with Terminal Services running on it. It was not hard at all to set up but does require CAL licenses per seat for each person that is going to connected to the terminal server. If your computers run XP though, you can bypass this because XP comes with its own CAL pre-installed. You will need one CAL for the server though and can get that from any Microsft partner or someone like dell or cdw. Let me know if you have any further questions if you decide to go this route and I would be glad to help you out.

    • #2510354

      Tell your boss that business isn’t for cheapskates

      by stalphonzo ·

      In reply to Terminal Services or VPN

      As others have pointed out Terminal Services will work but you still need CAL’s for each client that accesses the application. Also be very careful to ensure this application can run in a terminal server environment. There are many applications that cannot and will crash. Don’t bother with Citrix. As you’ve already pointed out your boss is cheap, therefore Citrix is way out of his/her league.

      Finally, tell your boss that if he wishes to make money he needs to spend money. It really is that simple. Otherwise tell him to go hawk hot dogs on the street or come to work for me so I can teach him/her a few things about business.

      • #2498245

        “Isn’t for cheapskates” – I agree

        by laduerksen ·

        In reply to Tell your boss that business isn’t for cheapskates

        Using the Terminal Server for a workstation is like not running regular backups.

        Ask him how much it would cost him if all the users that need access to that Terminal Server cannot get access to it for 24/48 hours because he did something stupid on the server.

    • #2498116

      TS is not cutting corners

      by mikeaaaaaaaaa9 ·

      In reply to Terminal Services or VPN

      You have to make sure the desired woftware works in a terminal environmment (ask the mfg). If it does, you don’t even need to install a Terminal Server. 2 users (sessions really) are allowed to conect to a pc. Set it up like normal, create the 2 users for the machine (each with the same programs). If you have older teechnology, download the terminal clients and install. Works on XP media Cntr, Pro, server 2003 (all flavors).
      Printing – well, this I have found to be tough without going to a tricerat ($1500) client. I wouldn’t mind help on how to create those driver lists so the ts connectors and print to their local printers, it would save me a fortune. I run 5 terminal servers and over a couple hundred users in over 24 seperate domains and it works like a charm and a TON less than Citrix

      • #2494638

        Where to put TS Server, Inside, Outside, DMZ?

        by dball ·

        In reply to TS is not cutting corners

        In the type of situation where access to internal network resources is needed, where do you setup the TS server? I’m looking into a similar situation in the next few months. Have been considering VPN to RDP on XP Desktops.

        David

        • #2494510

          Where would you like to put it?

          by alex ·

          In reply to Where to put TS Server, Inside, Outside, DMZ?

          This depends on how you secure your server.

          Personally, I’d put it inside. It doesnt worry me unless it stops working.

          Reasoning:
          1/. Firewall is only allowing TS connections to the port from Manually Added IP addresses from the Allowed Originating sites only. No unauthorised access by any other IP addresses will pass through the firewall to even attempt a login to the terminal server.

          2/. Your TS would probably have access to your files, applications and other network resources. So if someone breaks in, your system is compromised anyway.

          3/. If you have it in DMZ or Outside, you will need to muck around and add firewall ‘pin holes’ for each of your network services. (depending what you need to access)

          4/. VPN is not favourable, adds overhead to your TCP/IP packets. What happens when the VPN tunnel is down?? (you’ll probably need to manually reconnect it because it wont automatically)
          Maybe you can get a Private Network managed by your carrier. Probably cheaper to use in the long run and costs less if you are adding VPN hardware or licensing.

          — If your unsure, find a consulant who can help. Otherwise you’ll go through this process more than once.
          (Don’t waste resources, our planet is precious)

    • #2534112

      Simple solution

      by fcleroux ·

      In reply to Terminal Services or VPN

      If your boss is doing all the wrong things the solution is simle. Quit. Obviously he can’t afford to pay you properly.

Viewing 6 reply threads