Looking for solutions to allow remote users access to their internal psychical computers
-
I know this topic is all the buzz right now..
Currently we are having our users remotely access their internal computers by using secured laptops as "dumb terminals" as they establish an SSLVPN connection to our firewall/security appliance and then RDP from said laptop into their workstation. It works ok but the user experience is clunky with multiple logins and we have had various issues/concerns and hope to eventually get something in place that works better.
I was looking at Citrix and VMware Horizon 7 and they have some "remote to PC" options that are included with each of their main packages. It would obviously be a waste to purchase an expensive product for the purpose of using one single side-feature that lets remote users access their internal company computers. So I wanted to see if you guys could provide any suggestions.
I understand there may be a lot of resistance here against a lot of these products since they are big and expensive and may not be wise business choices, but I am trying to work with what I have and what I know and I know that I don't know much..
If anyone can point to a product/service/mixture of technologies that would help users directly connect to their internal computers while providing a simple and solid user experience, that would be a huge help.
-
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
I know this topic is all the buzz right now..
Currently we are having our users remotely access their internal computers by using secured laptops as "dumb terminals" as they establish an SSLVPN connection to our firewall/security appliance and then RDP from said laptop into their workstation. It works ok but the user experience is clunky with multiple logins and we have had various issues/concerns and hope to eventually get something in place that works better.
I was looking at Citrix and VMware Horizon 7 and they have some "remote to PC" options that are included with each of their main packages. It would obviously be a waste to purchase an expensive product for the purpose of using one single side-feature that lets remote users access their internal company computers. So I wanted to see if you guys could provide any suggestions.
I understand there may be a lot of resistance here against a lot of these products since they are big and expensive and may not be wise business choices, but I am trying to work with what I have and what I know and I know that I don't know much..
If anyone can point to a product/service/mixture of technologies that would help users directly connect to their internal computers while providing a simple and solid user experience, that would be a huge help.
ZeroTier (with Flow rules) + RDP is how I solved this for my clients.
-
@JaredBusch said in Looking for solutions to allow remote users access to their internal psychical computers:
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
I know this topic is all the buzz right now..
Currently we are having our users remotely access their internal computers by using secured laptops as "dumb terminals" as they establish an SSLVPN connection to our firewall/security appliance and then RDP from said laptop into their workstation. It works ok but the user experience is clunky with multiple logins and we have had various issues/concerns and hope to eventually get something in place that works better.
I was looking at Citrix and VMware Horizon 7 and they have some "remote to PC" options that are included with each of their main packages. It would obviously be a waste to purchase an expensive product for the purpose of using one single side-feature that lets remote users access their internal company computers. So I wanted to see if you guys could provide any suggestions.
I understand there may be a lot of resistance here against a lot of these products since they are big and expensive and may not be wise business choices, but I am trying to work with what I have and what I know and I know that I don't know much..
If anyone can point to a product/service/mixture of technologies that would help users directly connect to their internal computers while providing a simple and solid user experience, that would be a huge help.
ZeroTier (with Flow rules) + RDP is how I solved this for my clients.
Thanks Jared, I will check that out now. Do you have any sort of latency issues or anything or is it pretty snappy through and through?
-
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
@JaredBusch said in Looking for solutions to allow remote users access to their internal psychical computers:
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
I know this topic is all the buzz right now..
Currently we are having our users remotely access their internal computers by using secured laptops as "dumb terminals" as they establish an SSLVPN connection to our firewall/security appliance and then RDP from said laptop into their workstation. It works ok but the user experience is clunky with multiple logins and we have had various issues/concerns and hope to eventually get something in place that works better.
I was looking at Citrix and VMware Horizon 7 and they have some "remote to PC" options that are included with each of their main packages. It would obviously be a waste to purchase an expensive product for the purpose of using one single side-feature that lets remote users access their internal company computers. So I wanted to see if you guys could provide any suggestions.
I understand there may be a lot of resistance here against a lot of these products since they are big and expensive and may not be wise business choices, but I am trying to work with what I have and what I know and I know that I don't know much..
If anyone can point to a product/service/mixture of technologies that would help users directly connect to their internal computers while providing a simple and solid user experience, that would be a huge help.
ZeroTier (with Flow rules) + RDP is how I solved this for my clients.
Thanks Jared, I will check that out now. Do you have any sort of latency issues or anything or is it pretty snappy through and through?
It is point to point, so as fast as the network segments can be
-
@JaredBusch said in Looking for solutions to allow remote users access to their internal psychical computers:
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
@JaredBusch said in Looking for solutions to allow remote users access to their internal psychical computers:
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
I know this topic is all the buzz right now..
Currently we are having our users remotely access their internal computers by using secured laptops as "dumb terminals" as they establish an SSLVPN connection to our firewall/security appliance and then RDP from said laptop into their workstation. It works ok but the user experience is clunky with multiple logins and we have had various issues/concerns and hope to eventually get something in place that works better.
I was looking at Citrix and VMware Horizon 7 and they have some "remote to PC" options that are included with each of their main packages. It would obviously be a waste to purchase an expensive product for the purpose of using one single side-feature that lets remote users access their internal company computers. So I wanted to see if you guys could provide any suggestions.
I understand there may be a lot of resistance here against a lot of these products since they are big and expensive and may not be wise business choices, but I am trying to work with what I have and what I know and I know that I don't know much..
If anyone can point to a product/service/mixture of technologies that would help users directly connect to their internal computers while providing a simple and solid user experience, that would be a huge help.
ZeroTier (with Flow rules) + RDP is how I solved this for my clients.
Thanks Jared, I will check that out now. Do you have any sort of latency issues or anything or is it pretty snappy through and through?
It is point to point, so as fast as the network segments can be
Gravy. I'm assuming you're referring to zerotier.com?
-
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
@JaredBusch said in Looking for solutions to allow remote users access to their internal psychical computers:
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
@JaredBusch said in Looking for solutions to allow remote users access to their internal psychical computers:
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
I know this topic is all the buzz right now..
Currently we are having our users remotely access their internal computers by using secured laptops as "dumb terminals" as they establish an SSLVPN connection to our firewall/security appliance and then RDP from said laptop into their workstation. It works ok but the user experience is clunky with multiple logins and we have had various issues/concerns and hope to eventually get something in place that works better.
I was looking at Citrix and VMware Horizon 7 and they have some "remote to PC" options that are included with each of their main packages. It would obviously be a waste to purchase an expensive product for the purpose of using one single side-feature that lets remote users access their internal company computers. So I wanted to see if you guys could provide any suggestions.
I understand there may be a lot of resistance here against a lot of these products since they are big and expensive and may not be wise business choices, but I am trying to work with what I have and what I know and I know that I don't know much..
If anyone can point to a product/service/mixture of technologies that would help users directly connect to their internal computers while providing a simple and solid user experience, that would be a huge help.
ZeroTier (with Flow rules) + RDP is how I solved this for my clients.
Thanks Jared, I will check that out now. Do you have any sort of latency issues or anything or is it pretty snappy through and through?
It is point to point, so as fast as the network segments can be
Gravy. I'm assuming you're referring to zerotier.com?
Yes. See this recent thread for flow rules.
-
Horizon is great. You could do the RDP exactly as you are, and draw back on all the deployed hardware. End users migrate to their own devices (any device) and still get their own desktop experience. You could pivot to full VDI later, or use it to add a desktop for consultant access, or whatever. It's very flexible.
This is definitely a situation where you get what you pay for, and if you go cheap, you'll get cheap.
-
@Grey said in Looking for solutions to allow remote users access to their internal psychical computers:
Horizon is great. You could do the RDP exactly as you are, and draw back on all the deployed hardware. End users migrate to their own devices (any device) and still get their own desktop experience. You could pivot to full VDI later, or use it to add a desktop for consultant access, or whatever. It's very flexible.
This is definitely a situation where you get what you pay for, and if you go cheap, you'll get cheap.
Yeah I do like VMware and have heard that Horizon is good. I'm just a little nervous about cost which I haven't really even looked into yet. We do expect to have everyone eventually return to the office so it would kind of stink to spend a lot of money on something we aren't going to really utilize long term.
-
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
@Grey said in Looking for solutions to allow remote users access to their internal psychical computers:
Horizon is great. You could do the RDP exactly as you are, and draw back on all the deployed hardware. End users migrate to their own devices (any device) and still get their own desktop experience. You could pivot to full VDI later, or use it to add a desktop for consultant access, or whatever. It's very flexible.
This is definitely a situation where you get what you pay for, and if you go cheap, you'll get cheap.
Yeah I do like VMware and have heard that Horizon is good. I'm just a little nervous about cost which I haven't really even looked into yet. We do expect to have everyone eventually return to the office so it would kind of stink to spend a lot of money on something we aren't going to really utilize long term.
If that's the plan, then VDI is crazy, unless you have a real need for it.
-
When you say things are clunky - what exactly do you mean?
If you are seeing performance issues - that could easily be your ISP connection at the office is saturated. How many users do you have VPNing in? what size pipe to the internet?
-
@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:
When you say things are clunky - what exactly do you mean?
If you are seeing performance issues - that could easily be your ISP connection at the office is saturated. How many users do you have VPNing in? what size pipe to the internet?
Clunky means users have multiple logins and other user-unfriendly aspects of using RDP. It would be ideal to have them be able to connect with a single login (or even SSO) and then have their desktop delivered to them quickly and cleanly.
We have fiber Internet where I work and the speeds are great and we only have about 30 WFH users and the pipe is only like 30% utilized. The main pain-point with anything Internet related would user's home network/wifi setup - which we don't control.
-
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:
When you say things are clunky - what exactly do you mean?
If you are seeing performance issues - that could easily be your ISP connection at the office is saturated. How many users do you have VPNing in? what size pipe to the internet?
Clunky means users have multiple logins and other user-unfriendly aspects of using RDP. It would be ideal to have them be able to connect with a single login (or even SSO) and then have their desktop delivered to them quickly and cleanly.
Boy this is a lot to worry about for a temporary situation. I mean if you were looking to move to WFH in general, sure I'd care, but even for 60 days, I wouldn't spend the time or the money. But that's just me.
I'm trying to envision any of the other solutions being 'less clunky.' Sure SSO can help some, my office connects to several hospitals that have SSO, we still have to log into most systems at least twice - once into the citrix/webportal and again to an app on that portal (the app often being RDP inside that portal). Now some of the apps do work with the first login to the Citrix/webportal, but not all.
-
@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:
When you say things are clunky - what exactly do you mean?
If you are seeing performance issues - that could easily be your ISP connection at the office is saturated. How many users do you have VPNing in? what size pipe to the internet?
Clunky means users have multiple logins and other user-unfriendly aspects of using RDP. It would be ideal to have them be able to connect with a single login (or even SSO) and then have their desktop delivered to them quickly and cleanly.
Boy this is a lot to worry about for a temporary situation. I mean if you were looking to move to WFH in general, sure I'd care, but even for 60 days, I wouldn't spend the time or the money. But that's just me.
I'm trying to envision any of the other solutions being 'less clunky.' Sure SSO can help some, my office connects to several hospitals that have SSO, we still have to log into most systems at least twice - once into the citrix/webportal and again to an app on that portal (the app often being RDP inside that portal). Now some of the apps do work with the first login to the Citrix/webportal, but not all.
Well I mean who knows, it could actually end up being long term. It may be worth it if it runs through the year. Plus we may end up keeping some WFH users through all this.
-
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
Clunky means users have multiple logins and other user-unfriendly aspects of using RDP. It would be ideal to have them be able to connect with a single login (or even SSO) and then have their desktop delivered to them quickly and cleanly.
You can do that with RDP. RDS specifically provides this as an option.
-
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:
@dave247 said in Looking for solutions to allow remote users access to their internal psychical computers:
@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:
When you say things are clunky - what exactly do you mean?
If you are seeing performance issues - that could easily be your ISP connection at the office is saturated. How many users do you have VPNing in? what size pipe to the internet?
Clunky means users have multiple logins and other user-unfriendly aspects of using RDP. It would be ideal to have them be able to connect with a single login (or even SSO) and then have their desktop delivered to them quickly and cleanly.
Boy this is a lot to worry about for a temporary situation. I mean if you were looking to move to WFH in general, sure I'd care, but even for 60 days, I wouldn't spend the time or the money. But that's just me.
I'm trying to envision any of the other solutions being 'less clunky.' Sure SSO can help some, my office connects to several hospitals that have SSO, we still have to log into most systems at least twice - once into the citrix/webportal and again to an app on that portal (the app often being RDP inside that portal). Now some of the apps do work with the first login to the Citrix/webportal, but not all.
Well I mean who knows, it could actually end up being long term. It may be worth it if it runs through the year. Plus we may end up keeping some WFH users through all this.
Creating apps that are LANLess would seem like a better solution if possible. Put them on the internet, and don't worry about RDP anymore. I realize this might not be possible, but it should at least be a consideration. You're potentially looking to fundamentally change your workflow... so evaluating the whole thing becomes worthwhile... Don't work from the "goal is to get remote desktop" instead work from - how do we best provide access to our stuff to offsite people.
-
Maybe take a step back. Why are they using an entire desktop? CAD? Something intense on CPU? Or just basic email and O365 stuff? If the latter, just use published apps on a standard MS RD server and (again) eliminate the issued equipment. You could take future steps to go with a thin client via pi0 or whatever, but at the end of the year, you'd have everyone using the RD farm through rdp as a full remote desktop or published apps.
-
I don't understand how the use of RDP could do anything to cause multiple logins?
If you RDP in to your desktop using the same login as usual then everything is exactly the same as if you're physically there.
-
@Pete-S said in Looking for solutions to allow remote users access to their internal psychical computers:
I don't understand how the use of RDP could do anything to cause multiple logins?
If you RDP in to your desktop using the same login as usual then everything is exactly the same as if you're physically there.
You'd want to setup a remote gateway and configure it to talk to all of your desktops.
-
@Pete-S said in Looking for solutions to allow remote users access to their internal psychical computers:
I don't understand how the use of RDP could do anything to cause multiple logins?
If you RDP in to your desktop using the same login as usual then everything is exactly the same as if you're physically there.
You log into VPN, then you log into RDP - I assumed that was the multiple logons he was talking about... beyond that, if there are additional ones that don't already exist when users are working onsite, then it seems like something would be wrong.
The idea to get away from two logons (VPN and RDP) seem like a lot of effort.
-
@Dashrender said in Looking for solutions to allow remote users access to their internal psychical computers:
@Pete-S said in Looking for solutions to allow remote users access to their internal psychical computers:
I don't understand how the use of RDP could do anything to cause multiple logins?
If you RDP in to your desktop using the same login as usual then everything is exactly the same as if you're physically there.
You log into VPN, then you log into RDP - I assumed that was the multiple logons he was talking about... beyond that, if there are additional ones that don't already exist when users are working onsite, then it seems like something would be wrong.
The idea to get away from two logons (VPN and RDP) seem like a lot of effort.
OK, maybe semantics but I wouldn't say you log into VPN. More like connect.
Most companies I know have 2FA (for VPN) and the user enters a pin code into that. But I guess that's a password too in a way.
