VPN Question

[John Harris]

HI,
I am new to VPN (haven't set one up yet) and have read a number of posts
here. The scenario I have is I want to set up my Receptionist with a new
computer that will have Win XP and Quickbooks (Multi-user) installed on it.
I have two remote offices.

My question is, if I set her computer up as a VPN server and share her
Quickbooks database can the remote sites access her computer whilst she is
still working?

 

[Sharoon Shetty K [MSFT]]

In WinXP you would need to use incoming connections to configure the remote
access. However it is design to provide only one type of connection
simultaneously i.e. you can have one VPN / Dialup / DCC connection. If you
donot have a requirement of multiple users access the server simultaneously
they this should work.

 

[Chris Inacio]

HI,
I am new to VPN (haven't set one up yet) and have read a number of posts
here. The scenario I have is I want to set up my Receptionist with a new
computer that will have Win XP and Quickbooks (Multi-user) installed on it.
I have two remote offices.

My question is, if I set her computer up as a VPN server and share her
Quickbooks database can the remote sites access her computer whilst she is
still working?

I think you would be A LOT better off with a simple VPN appliance.
Netgear makes some, (along with linksys, dlink, <your favorite company
here>). They're relatively cheap, and can handle multiple VPN
connections. ~$100 - $200 probably for the class device that would suit
your needs. Securing a small firewall appliance is A LOT easier than a
machine someone sits at, plus, administration of it should be easier,
and when the power goes out, it pops right back up, all by itself -- no
hard drive to worry about etc.

good luck
chris

 

[Jerry Baker]

I think you would be A LOT better off with a simple VPN appliance.
Netgear makes some, (along with linksys, dlink, <your favorite company
here>). They're relatively cheap, and can handle multiple VPN
connections. ~$100 - $200 probably for the class device that would suit
your needs. Securing a small firewall appliance is A LOT easier than a
machine someone sits at, plus, administration of it should be easier,
and when the power goes out, it pops right back up, all by itself -- no
hard drive to worry about etc.

good luck
chris

Why would someone be a lot better opff spending $200 for a device when
they just want to share one file on another PC. That is overkill if I
have ever heard of it.

 

[Chris Inacio]

Because 99.9% of the population can't secure a single PC!! (It's
probably more like 99.999%.) And if you have to ask the question about
setting up a PC with your ACCOUNTING information shared on it, then you
definitely shouldn't do it. Plus, he can get a Netgear FVS318 for about
$110.00 which will more than suit his needs. (If he's really smart,
he'll quickly figure out that he can download for free the necessary
IPSec VPN clients and not have to buy those too.)

It amazes me that people think that after microsoft working on it for 2
years (with a lot of bright people,) and not getting it right, that they
can do it better, quickly and easily. Appliances get a lot closer to
secure-by-design, (most aren't that great, but they're crap loads better
than ANY* PC you're gonna put out there.) Plus, they crash A LOT less
and come write back up after stuff like power outages, no disk failure,
no fan failures....

And he wants someone to sit at the machine in question, he's nuts. He
might as well post his accounting information on a web site.

chris

* - you can buy PC's that are way better than the consumer
security/router appliances, but people usually don't have a clue how to
use a machine like that with role based security and compartmentalized
systems let alone want to pay for it.

 

[Lanwench [MVP - Exchange]]

In addition to the other answers:

1. You'd need Quickbooks in multi-user mode if multiple users were to access
the same file at the same time - requires additional licenses.

2. Accessing database files of any sort, including Quickbooks, across a
VPN/WAN connection of any sort can be an unpleasant experience. Depending on
the speed and quality of the connection, you may end up with a mess. I'd
look into Remote Desktop for this sort of access - or if simultaneous access
is required, Terminal Services on a Windows server (as RD supports only one
login at a time).

 

[John Harris]

Thank you for the answers. Although not recommended for security reasons
(among others) I think I'll probably have to go to SBS2000 and TS until I
can afford to go to SBS2003 and TS on a separate server.

 

[Lanwench [MVP - Exchange]]

Hi - don't install TS in application mode on your SBS server - it is a huge
security risk, for one thing (and note that you can't even install TS in app
mode on SBS2003 because MS finally got the joke). Your server should just be
a server.

Don't install any user/desktop software on your server, and don't let users
log into it. If you can't use TS on a dedicated server, pick up a couple of
workstations with XP Pro and use them for Remote Desktop.

Thank you for the answers. Although not recommended for security
reasons (among others) I think I'll probably have to go to SBS2000
and TS until I can afford to go to SBS2003 and TS on a separate
server.


"Lanwench [MVP - Exchange]"

In addition to the other answers:

1. You'd need Quickbooks in multi-user mode if multiple users were
to access the same file at the same time - requires additional
licenses.

2. Accessing database files of any sort, including Quickbooks,
across a VPN/WAN connection of any sort can be an unpleasant
experience. Depending on the speed and quality of the connection,
you may end up with a mess. I'd look into Remote Desktop for this
sort of access - or if simultaneous access is required, Terminal
Services on a Windows server (as RD supports only one login at a
time).

 

[Bill Sanderson]

I agree that your scenario will work, and believe it can be done securely,
without additional hardware. The suggestion of the additional hardware is
entirely reasonable, though--and you should think carefully about the
security issues involved.

However, the question I have is will this really be workable. It will be
easy to test.

Remember that the link across which your VPN tunnel is spanning, is
comparitively very slow. If you are accustomed to the speed and
responsiveness of Remote Desktop, this masks the slow basic connectivity.

Create an Incoming Connection, enable VPN, and connect using VPN. Move a
file of significant size in both directions over the link, and measure how
long it takes. Test out the actual application involved.

 

[Bill Sanderson]

I like this suggestion. Use the SBS-2000 machine to provide VPN services.
Connect from the remote location to the SBS-2000 via VPN, and then run
Remote Desktop talking to a dedicated PC providing the accounting software.
The issues of licensing for Quckbooks still apply.

I know someone doing precisely this without the SBS machine involved. It
isn't required, but if you have it, and are already using ISA Server as your
firewall, that's the natural way to provide good secure connectivity.

"Lanwench [MVP - Exchange]"

Hi - don't install TS in application mode on your SBS server - it is a
huge
security risk, for one thing (and note that you can't even install TS in
app
mode on SBS2003 because MS finally got the joke). Your server should just
be
a server.

Don't install any user/desktop software on your server, and don't let
users
log into it. If you can't use TS on a dedicated server, pick up a couple
of
workstations with XP Pro and use them for Remote Desktop.

Thank you for the answers. Although not recommended for security
reasons (among others) I think I'll probably have to go to SBS2000
and TS until I can afford to go to SBS2003 and TS on a separate
server.


"Lanwench [MVP - Exchange]"

In addition to the other answers:

1. You'd need Quickbooks in multi-user mode if multiple users were
to access the same file at the same time - requires additional
licenses.

2. Accessing database files of any sort, including Quickbooks,
across a VPN/WAN connection of any sort can be an unpleasant
experience. Depending on the speed and quality of the connection,
you may end up with a mess. I'd look into Remote Desktop for this
sort of access - or if simultaneous access is required, Terminal
Services on a Windows server (as RD supports only one login at a
time).

John Harris wrote:
HI,
I am new to VPN (haven't set one up yet) and have read a number of
posts here. The scenario I have is I want to set up my Receptionist
with a new computer that will have Win XP and Quickbooks
(Multi-user) installed on it. I have two remote offices.

My question is, if I set her computer up as a VPN server and share
her Quickbooks database can the remote sites access her computer
whilst she is still working?

 

[John Harris]

Part if my problem (actually a big part) is money. If I could I would have
the extra machine but right now I am stretched as it is. I can only use
SBS2000 because the company already has it but it was not installed because
at the time nobody knew how to. I have since taken over and do have some IT
experience but no money. We can afford a machine but not two. I realise
the risks involved but currently have very little choice. I have a large
contract going through and this will get us going next year (and I should be
able to afford the upgrade at that point) but right now I must go with what
I've got. I know running TS in Application Mode is a no-no, as is using it
as a workstation. However, right now I see no way out and I need these
branch offices to be able to work into me.

--
Harry

I like this suggestion. Use the SBS-2000 machine to provide VPN services.
Connect from the remote location to the SBS-2000 via VPN, and then run
Remote Desktop talking to a dedicated PC providing the accounting software.
The issues of licensing for Quckbooks still apply.

I know someone doing precisely this without the SBS machine involved. It
isn't required, but if you have it, and are already using ISA Server as your
firewall, that's the natural way to provide good secure connectivity.

"Lanwench [MVP - Exchange]"

Hi - don't install TS in application mode on your SBS server - it is a
huge
security risk, for one thing (and note that you can't even install TS in
app
mode on SBS2003 because MS finally got the joke). Your server should just
be
a server.

Don't install any user/desktop software on your server, and don't let
users
log into it. If you can't use TS on a dedicated server, pick up a couple
of
workstations with XP Pro and use them for Remote Desktop.

Thank you for the answers. Although not recommended for security
reasons (among others) I think I'll probably have to go to SBS2000
and TS until I can afford to go to SBS2003 and TS on a separate
server.


"Lanwench [MVP - Exchange]"
message In addition to the other answers:

1. You'd need Quickbooks in multi-user mode if multiple users were
to access the same file at the same time - requires additional
licenses.

2. Accessing database files of any sort, including Quickbooks,
across a VPN/WAN connection of any sort can be an unpleasant
experience. Depending on the speed and quality of the connection,
you may end up with a mess. I'd look into Remote Desktop for this
sort of access - or if simultaneous access is required, Terminal
Services on a Windows server (as RD supports only one login at a
time).

John Harris wrote:
HI,
I am new to VPN (haven't set one up yet) and have read a number of
posts here. The scenario I have is I want to set up my Receptionist
with a new computer that will have Win XP and Quickbooks
(Multi-user) installed on it. I have two remote offices.

My question is, if I set her computer up as a VPN server and share
her Quickbooks database can the remote sites access her computer
whilst she is still working?

 

[Bill Sanderson]

It sounds to me as though you've got a good grasp of the issues involved.
There are lots of compromises involved in any security plan, and even in
using a tool such as SBS, which puts all the eggs in one basket.

I was hoping there'd be an old machine lying around in the corner, but in
the absence of that, you do what you need to do!

Part if my problem (actually a big part) is money. If I could I would
have
the extra machine but right now I am stretched as it is. I can only use
SBS2000 because the company already has it but it was not installed
because
at the time nobody knew how to. I have since taken over and do have some
IT
experience but no money. We can afford a machine but not two. I realise
the risks involved but currently have very little choice. I have a large
contract going through and this will get us going next year (and I should
be
able to afford the upgrade at that point) but right now I must go with
what
I've got. I know running TS in Application Mode is a no-no, as is using
it
as a workstation. However, right now I see no way out and I need these
branch offices to be able to work into me.

--
Harry

I like this suggestion. Use the SBS-2000 machine to provide VPN
services.
Connect from the remote location to the SBS-2000 via VPN, and then run
Remote Desktop talking to a dedicated PC providing the accounting software.
The issues of licensing for Quckbooks still apply.

I know someone doing precisely this without the SBS machine involved. It
isn't required, but if you have it, and are already using ISA Server as your
firewall, that's the natural way to provide good secure connectivity.

"Lanwench [MVP - Exchange]"

Hi - don't install TS in application mode on your SBS server - it is a
huge
security risk, for one thing (and note that you can't even install TS
in
app
mode on SBS2003 because MS finally got the joke). Your server should just
be
a server.

Don't install any user/desktop software on your server, and don't let
users
log into it. If you can't use TS on a dedicated server, pick up a
couple
of
workstations with XP Pro and use them for Remote Desktop.

John Harris wrote:
Thank you for the answers. Although not recommended for security
reasons (among others) I think I'll probably have to go to SBS2000
and TS until I can afford to go to SBS2003 and TS on a separate
server.


"Lanwench [MVP - Exchange]"
message In addition to the other answers:

1. You'd need Quickbooks in multi-user mode if multiple users were
to access the same file at the same time - requires additional
licenses.

2. Accessing database files of any sort, including Quickbooks,
across a VPN/WAN connection of any sort can be an unpleasant
experience. Depending on the speed and quality of the connection,
you may end up with a mess. I'd look into Remote Desktop for this
sort of access - or if simultaneous access is required, Terminal
Services on a Windows server (as RD supports only one login at a
time).

John Harris wrote:
HI,
I am new to VPN (haven't set one up yet) and have read a number of
posts here. The scenario I have is I want to set up my Receptionist
with a new computer that will have Win XP and Quickbooks
(Multi-user) installed on it. I have two remote offices.

My question is, if I set her computer up as a VPN server and share
her Quickbooks database can the remote sites access her computer
whilst she is still working?