Remote Access - VPN vs. Terminal Server vs. 3rd Party

  • Thread starter Thread starter F3
  • Start date Start date
F

F3

Windows 2000 Small Business Server
With Windows XP Pro Workstations

I am to give users the ability to login remotely (e.g.: from home) and
manipulate files (possibly also use software). Can any of you give me a
Compare and Contrast between using VPN, Terminal Server, and/or third
party software. Also, is one a requirement for the other? In case it
makes a difference, there are fewer than a dozen employees and a single
private domain. Web and email are off site.

Thanks.
Fred

P.S.: Server has a single NIC (Gigabit) connected to a Linksys WiFi
router (Draft 802.11n w/Gigabit, Firewall, and VPN), which is then
connected to the T1
 
RWW is the best Solution for them.
*Them Connecting to their PC at work and working through that.

It also depends on what type of data they are working on.

Large files, they won't even WANT to use VPN, because how slow it is.

Not knowing all the details RWW is best.

What Data are you talking about?

UH and you say email is offsite?
So you aren't taking advantage of SBS/Exchange and RPC over HTTP? WHY?

Russ

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
World Wide Remote SBS2003 Support - http://www.SBITS.Biz
Information on Small Business Server 2008 - http://www.sbs2008.com
Information on Essentials Business Server - http://www.ebs2008.com



-
 
Russ its a SBS 2000 box so the OP really posted in the wrong newsgroup.
Therefore as you know no RWW etc.
 
Oh Sorry It's 2008 and I assumed that everyone has upgraded to 2003 by now.

UGH!

Thanks for the Catch Steve,

FRED, It's time to upgrade, or at least plan it for this fall. :)

Russ

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
World Wide Remote SBS2003 Support - http://www.SBITS.Biz
Information on Small Business Server 2008 - http://www.sbs2008.com
Information on Essentials Business Server - http://www.ebs2008.com



-
 
Actually, he cross posted to 5 or 6 groups.

Fred, you won't get much help from non SBS groups for SBS, unless an SBSer
finds your post.

For SBS 2000, you can use VPN plus TS/RDP.

Works fine.

However, I suggest a second box for the TS, as 1. There is enough going on
with SBS, and 2. TS on a Domain Controller is/was never a good idea.
 
Rather than write a long and boring post about the benefits of SBS 2003,
I'll just say that I hope you consider the alternative of upgrading. You'll
get RWW, which should be a great solution to your remote access needs, but
also IMO it's just time to get off of the 2K platform. There are already
patch issues with Win2K (DST patches come to mind), and I'd recommend
getting current for security reasons if nothing else.
 
Larry,

The server running SBS 2K has only 1 NIC installed (Gigabit). I have a
Draft N WiFi Router with a 4-port Gigabit switch (and VPN and Firewall)
built-in connecting the T1 connection to the LAN. We're hosting the
website and email off-site (a hosting company), so there is NO URL to
this network.

We do have a second server running Windows 2003 Server. This is sharing
DNS duties and acting as the primary file server. We have client
license packs for the SBS 2K, but not for the W2K3 Server. The W2K3
Server also has only 1 NIC installed, also Gigabit.

If you were to setup the VPN plus TS/RDP (as you suggested) making the
most of what is currently available (i.e.: NO purchases, only existing
hardware and software), how would you do it (if possible)?

I know that I need to upgrade the SBS 2K server to W2K3 or W2K8 server,
and that is in the plan for the 3rd quarter of this year. However, the
owners want this done yesterday and done with little or no additional cost.

Maybe I should call myself "Barney Collier" and you, "James Phelps" ;-) ?

Thanks.

Fred
 
Hi Fred:

Without spending any more money you may not be able to make this work, at
least not legally.

As I remember the terms of Server 2000, a Desktop 2000 was granted a TS
license. I may be mistaken, and there is a chance that the license extends
to XP.

For TS to anything, you have to open the appropriate ports on your router
and forward them to the ip address of your server.

The router must pass GRE 47, and you have to open and forward 1723.

For MS networks, you then use the Add a Network Connection Wiz to add the
VPN connection to "The Network at My Workplace" and feed it the ip numbers
of your public facing device, typically the router/firewall.

For Hardware capable VPNs you may need an identical device on each end, or
you may need some piece of software that installs on the remote computer
that creates the tunnel. Check with your mfg.

Once the VPN connection is made, you use RDP to connect to the ip address of
the server. This works because the VPN connection is issued an IP in the
correct range for the VPN to be in the same network as the server. You find
that little gem in Start - Programs - Accessories - Communications.

One rule is that the remote and the office use different subnets, so if the
office was on 192.168.16.X, the home systems internal side has to be
anything else.

You can't use the W2K3 server, as it requires the installation of TS
licenses, ($90 ea and would require spending money) which were granted by
W2K as a part of the package. Although truthfully this is the way to go, a
second box for TS.

Lastly, you need really strong pass phrases if you are going to do this. My
C@t has 10K flea$ is a pretty good one. Can't be forgotten, and a zombie is
not going to hit it.
 
Larry,

Firstly, thanks for the directions and suggestions.

Secondly, The SBS 2K came with 5 TS licenses, I believe. The company
had purchased additional client license packs totaling at least 25 - 30
additional TS licenses, all for SBS 2K (if I'm reading the packages
correctly). The packages say
"CLIENT ACCESS LICENSE FOR SMALL BUSINESS SERVER 2000 MIGRATION PACK
LICENSES: 5"
on each of the packages in fine print next to a couple bar codes, and
"Microsoft® Client License Pak" in ¾" high letters. Are these TS licenses?

Thirdly, I'll go to the documentation/CD for the router and look at the
VPN support that it came with. Maybe it'll work for our purposes, maybe
I need to look at VPN via one of the servers.

Again, Thanks.

Fred
 
SBS 2K CAL's included all the SBS goodies. As I remember, it was the
combination of W2K Server and W2K Desktop that made the "free" TS CAL
possible. You might google for W2K and Terminal Services and see what you
get. But the SBS CAL's had nothing to do with it.

This page implies that you need either W2K Professional (Desktop) OR a TS
License if you have any other OS on the desktop /remote.

http://www.microsoft.com/technet/prodtechnol/win2kts/evaluate/featfunc/tslicens.mspx
 
Larry,

I'm reading through that article and I'm trying to figure out
everything. Thanks.

Regarding the VPN, the router came with a software client which
installs on the laptops/PC's which are to access the network remotely.
I've printed some pertinent pages from the PDF manual the router came
with and I'll have a go at it (as our associates from across the pond
would say).

Did you get the reference to James Phelps? James "Jim" Phelps is the
name of the leader of the IMF (Impossible Missions Force) from the
"Mission: Impossible" TV series in the late 1960's to early 70's.
Barney Collier was the name of one of Jim's frequent team members.

Thanks again.

Fred
 
Back
Top