With the Swine Flu H1N1 virus going around, chances are you may have staff or yourself needing to be able to work remotely. Some might be off for the flu itself, others may be off work to care for loved ones who have fallen ill. Regardless of the reason, as a network administrator one of our tasks is going to be supporting staff and allowing them to connect back into the office. Some of us who are already supporting road warriors might find we need to scale up our solution and some of us will need to design and deploy a whole new solution.
One of the simplest devices I have seen which works well is a Sonicwall VPN device. You set up how you want your users to authenticate and then you create pointers to resources, which could be RDP sessions, internal websites, document shares or Outlook Web Access ( Microsoft Exchange OWA). It also has a VPN client you can provision to give a person full access to your local network. You have a lot of flexibility to how tight or lose you make it for your end user. Its a really simple setup but it does work well and does it securely. I am sure other hardware vendors make a similar device, I just happen to be familiar with the Sonicwall device. The point I am trying to make is you just setup the device and off you go.
Another method is to create a RAS dial-in for your Windows Client VPN connection. You can provision a Windows Server box or use a Linux box with PPTPd installed. The Windows Server box, you add the Network Policy and Access role and follow the instructions. With PPTPd, you basically follow the instructions. If you have the server box behind a firewall you need to point port 1723 from the firewall to the server you have setup for your dial-in connection. I have used both Windows boxes and Linux boxes to handle this. Selecting which one to use will depend on your environment. If your setup is already a Windows domain, adding the Network Policy and Access role to a server is somewhat easier then needing to setup users or realm trusts on a Linux server.
Something new in Windows Server 2008 R2 and Windows 7 Enterprise or Ultimate is DirectAccess. Basically, it is like an invisible, always on VPN connection that makes your remote computer behave and feel like it is on the local network. There is quite a bit of planning and deployment involved in making this work, so it isn’t a quick, install it in an hour, and off you go solution; it will require some planning. People who have used it, tell me its great. I have never used it so I have to take their word. If you want information on Direct Access, checkout the Microsoft Springboard site or look at the Direct Access information on TechNet.
That’s a quick look at some of the solutions out there.
Hope it helps and try and keep healthy.