Remote access programs , 8 workstations : advice wanted

Forums › IT Pro and developers › Remote access programs , 8 workstations : advice wanted

1101

3141 posts

Uber Geek
+1 received by user: 1143

#289355 1-Sep-2021 10:41

For a small company..
If RDC isnt a good option, for various reasons (VPN isnt a easy option with this site)

What recommendations for remote access software, to work from home and access work PC's ?
Must support multimonitor , and look as good as RDC (so not via a browser) & be idiot proof.
2 factor login support (or similar) would be a bounus , or be able to limit access to certain PC's only via an allow list

I use Teamveiwer myself , but the multimonitor support takes extra clicks (not idiot proof)
Anydesk is king of ugly .
What other options for remote access software have you setup for around 8 users/workstations & you would recommend ?

Splashtop ?
something else ?

cheers

1 | 2

3848 posts

Uber Geek
+1 received by user: 1220

Trusted

Lifetime subscriber

#2769730 1-Sep-2021 10:51

I have been using google remote desktop in chrome for the last year, works well for what i use it for. Only issue is that the 2 machines needs to be logged into the same google account. But if its more about people working from home and logging into a work machine then it should be ok. The way multi screens works in chrome however might not be what you're after

OzoneNZ

102 posts

Master Geek
+1 received by user: 79

ID Verified

#2769734 1-Sep-2021 10:54

If they have a Windows Server and an Active Directory domain on-premise then RD Gateway would be a good fit - works exactly the same as normal RDP but with VPN-less tunneling so its secure to expose to the public internet

Dolts

214 posts

Master Geek
+1 received by user: 76

#2769750 1-Sep-2021 11:09

Have used https://www.zerotier.com/ quite a bit for this.

You get 50 endpoints on the free tier and can allow or deny PCs in the portal.

Can use RDP and never really had connection dropouts.

Have even used it to play Warcraft 3 LAN mode with people in Aussie with no issues :)

1101

3141 posts

Uber Geek
+1 received by user: 1143

#2770078 1-Sep-2021 15:54

OK new information/requirements

Any remote connection MUST require a VPN (so thats teamveiwer & other remote software out)
RDC or other remote access MUST have 2fa . So I'll need to use a 3rd party program for 2fa , Im looking at USERLOCK

Both are new requirements of their insurance cover .

VPN : I would usually just put in a Draytek router & setup VPN in that , hardware that supported 10 encrypted VPN connections
Their ISP has locked down their router and has zero support for 3rd party routers .
Their ISP want to sell a Cloud Firewall service for VPN's (approx $4k per year)
If I just replace their router there will be no help if any issues with IP Phones ( cloud PBX) : also supplied via their ISP

sparkz25

750 posts

Ultimate Geek
+1 received by user: 284
Inactive user

#2770093 1-Sep-2021 16:20

1101:

OK new information/requirements

Any remote connection MUST require a VPN (so thats teamveiwer & other remote software out)
RDC or other remote access MUST have 2fa . So I'll need to use a 3rd party program for 2fa , Im looking at USERLOCK

Both are new requirements of their insurance cover .

VPN : I would usually just put in a Draytek router & setup VPN in that , hardware that supported 10 encrypted VPN connections
Their ISP has locked down their router and has zero support for 3rd party routers .
Their ISP want to sell a Cloud Firewall service for VPN's (approx $4k per year)
If I just replace their router there will be no help if any issues with IP Phones ( cloud PBX) : also supplied via their ISP

Zerotier would be one option as mentioned above.

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#2770095 1-Sep-2021 16:22

Sonicwall VPN ( I think Duo works well) , or Fortigate with FortiTokens for 2FA, then RDP internally.

I'd switch ISP's if they won't let you operate without your own firewall.

Lego

Shop now for Lego sets and other gifts (affiliate link).

clinty

1201 posts

Uber Geek
+1 received by user: 402

Lifetime subscriber

#2770098 1-Sep-2021 16:25

1101:

OK new information/requirements

Any remote connection MUST require a VPN (so thats teamveiwer & other remote software out)
RDC or other remote access MUST have 2fa . So I'll need to use a 3rd party program for 2fa , Im looking at USERLOCK

Both are new requirements of their insurance cover .

VPN : I would usually just put in a Draytek router & setup VPN in that , hardware that supported 10 encrypted VPN connections
Their ISP has locked down their router and has zero support for 3rd party routers .
Their ISP want to sell a Cloud Firewall service for VPN's (approx $4k per year)
If I just replace their router there will be no help if any issues with IP Phones ( cloud PBX) : also supplied via their ISP

Is the ISP allowing any incoming ports to be opened?

Clint

clinty

1201 posts

Uber Geek
+1 received by user: 402

Lifetime subscriber

#2770102 1-Sep-2021 16:29

1101:

OK new information/requirements

Any remote connection MUST require a VPN (so thats teamveiwer & other remote software out)

Also maybe check the wording on what the insurance company wants - it may just need to be an encrypted and secured connection

I would annoyed if an insurance company is mandating an IT policy when acceptable alternatives are available

Also agree with changing ISPs if they are not able to provide some flexibility

Clint

1101

3141 posts

Uber Geek
+1 received by user: 1143

#2770139 1-Sep-2021 17:30

clinty:

Also maybe check the wording on what the insurance company wants - it may just need to be an encrypted and secured connection

Ive asked for clarification on the requirements.
It seems it was cut & pasted with some nonsense in there :suggesting the option of finding a free VPN service :-)
But if its required , its going to be done .

requiring 2FA for BOTH RDC & VPN seems over the top , perhaps just badly worded ?

requiring VPN for ANY remote connection : so that means no further support from software vendors , support they will need & do have contacts for.
I know the answer they'll get when they require their various software support helpdesks use a VPN, for a 1 off support ticket.

They have a contract with the ISP for Internet , phones and printer . Breaking the contract not a simple option.
I do have option of just putting in another router/firewall & see what happens (should be OK)
but then the backup 4G internet wont work (part of the ISP's package) .

Another question
would saved/unchanging 2nd passwords be considered 2fa ?
eg: 2fa pass that doesnt ever change (eg Outlook 2fa , 2fa via USB hardware token )

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#2770141 1-Sep-2021 17:37

Heading into some pretty interesting territory. If you used screen connect for example, with 2FA enabled for every account, I can't see how any insurance company could reasonably decline a claim. It would almost certainly end up being litigated. It may not be of interest to the client, but I'd certainly be raising it with the broker. In the end they would have to prove the breach was related in some way to your remote access.

cyril7

9073 posts

Uber Geek
+1 received by user: 2499

ID Verified

Trusted

Subscriber

#2770144 1-Sep-2021 17:47

Why not just good old sshd on an inside machine, you will need a single port forward on the router, if you use keyfiles on the clients it pretty much mitigates brute force, then just ssh tunnel the RDP session to each users desktop, job done, if users are using their desktops via RDP then they dont need a complete VPN solution, simple SSH tunnel is sufficient, all you need is putty on their home machines and pull a keyfile off each.

Cyril

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

mme

161 posts

Master Geek
+1 received by user: 9

Lifetime subscriber

#2770211 1-Sep-2021 18:47

Could this be an option, as it allows you to use SSO with MFA

https://blog.cloudflare.com/protecting-remote-desktops-at-scale-with-cloudflare-access/

jjnz1

1371 posts

Uber Geek
+1 received by user: 195

Lifetime subscriber

#2770227 1-Sep-2021 19:39

I use guacamole integrated with Google 2FA/login credentials

It runs in a normal HTML5 browser over port 443 (https). Ie https://remote.domain.com
Gives you access to a ton of remote access protocols like RDP SSH VNC etc all behind Googles authentication

Also use Cloudflare to block non NZ access and to hide IP address.

Having access from anywhere where https 443 is allowed from any HTML5 client is awesome.

Sorry - missed you didn't want to use it over browser. But this solution for the user is grandma proof. Just takes a lot of knowledge and time to set up compared to others.

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#2770277 1-Sep-2021 22:50

Do you absolutely need to access those particular computers or could you stand up an Azure Virtual Desktop? Hint: the answer is yes you could, and it would be a far better and simpler experience for users and IT. There's also Windows 365 that's worth a look.

cisconz

cisconz
1348 posts

Uber Geek
+1 received by user: 179

ID Verified

Trusted

Lifetime subscriber

#2770336 2-Sep-2021 08:26

1101:

Another question
would saved/unchanging 2nd passwords be considered 2fa ?

2fa is defined as something you know (Password) and something you have (mfa device, hardware token, access to email account that code is sent to etc) so 2 passwords is dual authentication, not 2fa/mfa

Hmmmm

1 | 2