Questions

Use app remotely via VPN?

+
0 Votes
Locked

Use app remotely via VPN?

jfuller05
Hello all.

My work is going to roll out a new application (HR, Payroll, etc.) called springbrook to our remote employees. The application runs on one of our physical servers (Win 2008 R2) and to use it locally, I had to map a network drive to the server on the local employee's computer. I created a desktop shortcut to the app so the user doesn't have to go inside the mapped drive and run it that way. They just click on the desktop shortcut.

Springbrook uses the LDAP protocol (in our case Active Directory) to authenticate the user trying to login against the login id
  • +
    0 Votes
    gechurch

    I'm guessing you don't have a terminal server. If you could use one that would be by far the best option - much easier, no authentication problems, and it would be fast (running any app over VPN is likely to be painfully slow). If you do have a terminal server, check out RemoteApp.

    Where do you set the VPN users passwords? Are you manually setting them on the Sonicwall (to be the same as their AD passwords)? If so this will be the problem - the users have authenticated against the Sonicwall instead of against AD. I've never used a Sonicwall and don't have general expertise in VPN routers, but presume this is the problem that enabling LDAP on the Sonicwall is meant to fix. I can only assume it is incorrectly configured. Hopefully someone else can give you troubleshooting tips in this area.

    As a test though I would enable VPN on one of your Windows servers. Test VPNing directly in and authenticating directly against AD. Does you app run properly this way? If so, is it acceptably fast? If not then you'll need to get a terminal server anyway.

    +
    0 Votes
    jfuller05

    I decided to go with the vpn feature in Server 2008 standard. It's nice. It was easy to setup on the server itself, easy to configure the rules in sonicwall and the client setup was also a breeze. I'm using pptp as the protocol and I only have the one remote user enabled for vpn use on the server. The best part? Our springbrook app works famously. :)

    Is this setup secure?

    +
    0 Votes
    gechurch

    That's great. Thanks for posting back with your results.

    Security is not boolean, it's a graduated scale. As someone who works with small-business clients, I would be perfectly happy with the level of security. Anyone that works with big business will rightly tell you that it's best practice to have two-factor authentication (ie. require VPN credentials, then separate AD credentials. Or require some other form of security along with the AD credentials, like biometric).

    The question to ask yourself is, "is this enough of a deterrant to would-be hackers?". The answer to that depends how valueable your data is to other people.

  • +
    0 Votes
    gechurch

    I'm guessing you don't have a terminal server. If you could use one that would be by far the best option - much easier, no authentication problems, and it would be fast (running any app over VPN is likely to be painfully slow). If you do have a terminal server, check out RemoteApp.

    Where do you set the VPN users passwords? Are you manually setting them on the Sonicwall (to be the same as their AD passwords)? If so this will be the problem - the users have authenticated against the Sonicwall instead of against AD. I've never used a Sonicwall and don't have general expertise in VPN routers, but presume this is the problem that enabling LDAP on the Sonicwall is meant to fix. I can only assume it is incorrectly configured. Hopefully someone else can give you troubleshooting tips in this area.

    As a test though I would enable VPN on one of your Windows servers. Test VPNing directly in and authenticating directly against AD. Does you app run properly this way? If so, is it acceptably fast? If not then you'll need to get a terminal server anyway.

    +
    0 Votes
    jfuller05

    I decided to go with the vpn feature in Server 2008 standard. It's nice. It was easy to setup on the server itself, easy to configure the rules in sonicwall and the client setup was also a breeze. I'm using pptp as the protocol and I only have the one remote user enabled for vpn use on the server. The best part? Our springbrook app works famously. :)

    Is this setup secure?

    +
    0 Votes
    gechurch

    That's great. Thanks for posting back with your results.

    Security is not boolean, it's a graduated scale. As someone who works with small-business clients, I would be perfectly happy with the level of security. Anyone that works with big business will rightly tell you that it's best practice to have two-factor authentication (ie. require VPN credentials, then separate AD credentials. Or require some other form of security along with the AD credentials, like biometric).

    The question to ask yourself is, "is this enough of a deterrant to would-be hackers?". The answer to that depends how valueable your data is to other people.