Automate Install/Connection - VPN/TS Sessions

  • Thread starter Thread starter Jamie
  • Start date Start date
J

Jamie

Can someone get me pointed in the right direction on how to do this?

http://www.microsoft.com/windows2000/demos/mod09.htm


I have to give remote access to some of our teleworkers and at present only
want to give them access to ONE application which is the front-end to an
internal database. I have a WIN2003 server on the way that I believe can
handle VPN and TS sessions for all the users that will connect. What I need
to do is to automate the installation of the connection as well as severely
restrict the access. They will login and the app will launch as soon as the
close the app they will be logged off.

Actually I have two sets of users one group will get one app and another
group gets another different app.

I know that this is "doable" but can not figure out where to get the info on
getting it started. The client side can be 98/ME/2000/XP and possibly a
MAC...although the MAC is not a show stopper. Variety of connection
DSL/Cable/DU. I wanted to do PPTP VPN since my current firewall will not
pass the IPSEC "stuff" with its current load.

Thanks for any help.

Jamie
 
Have you considered using the Remote Desktop Web Connection which would allow
you do deliver the client & configuration settings via Internet Explorer?
You can restrict users to one application via their user account, but should
go further to restrict access to the servers resources, as it's not hard for
users to spawn an Explorer.exe, cmd.exe or Iexplore.exe via many applications.

http://www.workthin.com/tshta.htm#RemoteDesktopWebConnection

Customized RDWC with no server selection box, which is set in the default.htm:
http://www.workthin.com/ZIP/TSWeb.zip

VPN connection is NOT needed to connect to a Terminal Server, as RDP
Sessions are natively encrypted. I actually discourage the deployment of
VPNs unless they're site-to-site (router to router) VPNs.

Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com



Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com
 
Patrick,

Where do I find info on how to implement can you point me to a good how to
reference web or other? If there is a good book out I will buy it I have to
have this done soon.

Also the client is opened internally with a shortcut to an exe on a network
share....software developer restriction not mine. So I would need to be able
to start the app the same way from the web connection.

What I want to happen when they connect is the app is automatically run
which brings them to their login screen for the database. This has to be
easy and deployable over DU as well as broadband also.

Thanks much for the help,
Jamie
 
If you configure the user's account to launch this application, which is
installed on the Terminal Server, then when they launch the Remote Desktop
Web Connection they'll see a button that say's "connect", which will take
them to the logon, and launch your application.

I posted this link in my last reply, which as info on how-to setup the RDWC:
http://www.workthin.com/tshta.htm#RemoteDesktopWebConnection

The other option is to install the Remote Desktop Connection locally on each
remote computer, then give each user a RDP Connection to connect to launch
the application (which can even store their logon credentials).

How to configure the Remote Desktop Client
http://www.workthin.com/tshta.htm#RemoteDesktopClientConfiguration

Download the Remote Desktop Client or RDWC:
http://www.workthin.com/tsdown.htm

The problem with running the application front-end on each computer, and
connecting to the back-end over VPN, is that this usually requires a lot of
bandwidth, and I'm not rteferring to a T1, Cable or xDSL Connection. If you
run the app on a Terminal Server you can get by with as little as 26.4Kbps
per connection, and never have to go to the remote site to update the
database front-end, because it's running on your terminal server.

If you require the low bandwidth of a terminal server connection, but also
require the application to run as if it were installed on the local computer
(in a seamless window), you can look at applications like WTSPortal,
Tarantella Canaveral iQ, DAT Panther Server, or Citrix MetaFrame,... which
all do this, but each has more features in the order that I listed them.

How many users will be connecting over the Internet Connection?

Links to all of these here:
http://www.workthin.com/tsao.htm

A 384Kbps SDSL Connection can handle about 7-15 concurrent RDP Sessions,
depending on how graphical in nature the application is, and how much
printing and file transfer users do the their remote location.

Patrick Rouse
Microsoft MVp - Terminal Server
http://www.workthin.com
 
Patrick,

We will be having 100 or so connection at various times possibly 50 max at
the same time. We have a frac T-3 on site that will handle the sessions I am
sure. Our users will be connecting from home at various times over DU/DSL or
Cable.
If you configure the user's account to launch this application, which is
installed on the Terminal Server, then when they launch the Remote Desktop
Web Connection they'll see a button that say's "connect", which will take
them to the logon, and launch your application

The application will not be "installed" on the terminal server nor do I
have the option of installing the front end on the client computer it has to
run via the exe that is located in the network share in the same location as
the DB...so on the desktop on the internal network each user desktop has a
shortcut to \\server\dir1\subdir\application.exe which then interfaces with
a DB on the same server. I hope I am explaining this well enough and thanks
again for the help.

The link that you provided (unless I am missing something) is a list of
links to MS site that explains what can be done but not how to....but again
I might be missing something.

Thanks again..

Jamie
 
I would look at a 3rd party program like Citrix MetaFrame to automate things
with this many users at different locations. Citrix has a better Web
Interface that can be used with virtually any browser, shows different
published applications, based on logged on user, has better printing support
and supports advanced load balancing features.

If you use Terminal Server (and optional Citrix MetaFrame), have you thought
of how many servers you'll need to support 50+ concurrent users of your
database?


P.S. Yes, it does, it just doesn't have pictures. The RDWC setup on a 2003
server takes about 2 minutes, via add/remove programs, just like stated in
this link:

http://www.microsoft.com/resources/...rd/proddocs/en-us/rdesktop_install_webcli.asp

"The link that you provided (unless I am missing something) is a list of
links to MS site that explains what can be done but not how to....but again
I might be missing something."

For an install of this size you should start in a lab environment to
simulate your deployment, so there are no surprises.

A shortcut to the exe can be launched in a terminal server session, of
Citrix Published Application just as easily as from your own desktop. What I
fear is that 50 concurrent fat client sessions to your DB + name resolution &
printing traffic will saturate your fractional T3 (how many channels?), which
is why you need to test in a lab to determine your actual bandwidth
requirements with VPN & Fat Client vs. Terminal Server/Citrix connection.

I'm not trying to push you to do one thing or another, but just to get to to
determine which meets all of your requirements.


Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com
 
I think I may have complicated things...I simply want to have my remote
people login from home and run one application via terminal services. There
will be peak times but it will be more like peek time of year than time of
day. I am in an educational k-12 setting and Citrix on top of a 13,000
server is not an option. If I could do just exactly what the demo did I
would be happy.:

http://www.microsoft.com/windows2000/demos/mod09.htm

It is a simple interface into our database. At the present time I can
create a VPN and then TS using internal IP scheme from home and access the
application on the network and access the DB. What I want to do now is
automate the install and the connection process just like the demo shows
accept I want to have my app instead of Outlook. I have been playing around
with CMAK and can create a connection file but getting the rest to happen is
eluding me. But I love this stuff....

Jamie
 
You can do this with terminal server, but without Citrix you'd have to
hardcode usernames in everyone's Remote Desktop Client to get them to your
application logon in one click.

Is it a big deal if they have to manually logon to Windows (on the Terminal
Server) before hitting the application logon?
 
Great, that'll save you a pile of $$$. Let me know if I can be of further
assistance, as I know what It's like to work on a tight budget. Remember
that educational institutions are usually qualified for Academic Licensing
thru your VAR, so do not pay full price.

Here's a site I often refer to, to get ballpark pricing & part numbers.
http://www.provantage.com/xc_MSOA.htm
 
Patrick,

Thanks fo the great advice and we are working thru a VAR and we have a good
MS contact so we make sure we do not over buy the lic stuff.

One thing that I have not been able to accomplish yet and I have read every
doc that I can find on this ...

I have been able to use CMAK to create a profile with VPN...I didn't want to
open a TS to the outside accessable by pub IP due to fear of a "crack"
attempt or something...perhaps I am being a little over cautious but, oh
well. So with the profile I can get the VPN connection but how exactly did
the genius that did the demo get the profile to spawn IE and goto their
TSWEB site?

Also from what I have read it is possible to publish applications lists on
TSWEB like a pick from list of applications they can run can you help me
with this?

Thanks,
Jamie
 
Coding the TSWeb site is beyond the scope of a newsgroup, but I can refer you
to a book that has indepth info on this. It's by Brian Madden and Ron
Oglesby and is called Advanced Technical Design Guide for Windows Server 2003
Terminal Services.

You can find it here:
http://www.workthin.com/tsbooks.htm

As for the CMAK, I haven't used this much so I don't know if I'd be much
help. I will assure you that PPTP VPN is absolutly no safer than connecting
over RDP. If you're trying to acheive higher security then go with
L2TP/IPSec VPN or Smart Card secondary authentication.
 
Back
Top