So our company is going to send everyone home in the next week for an indeterminate amount of time due to COVID-19. I’ve been tasked with finding a solution to allowing people to work from home. Ideally, they would log in with their domain credentials, and have access to our shared drives.
This should be easy, set up RDS on our server and tell everyone how to log in. HOWEVER, our parent company refuses to provide us with a VPN, citing security reasons.
What I’m looking for is basically something like teamviewer, but that would allow lots of concurrent connections since we don’t have a lot of spare workstations to set up as a headless teamviewer host. Maybe 40-50 concurrent connections.
I’m sorry you are in this situation, because a VPN is used FOR security reasons, not against it.
Sounds like you need to set up RDS like you said, and have an RDP Gateway between the Internet and your RDP Hosts.
Workstations only allow 1 user at a time to log on, regardless of running teamviewer. So there is no way to get 40-50 users on just a few spare workstations.
By using an RDP Gateway you can have them log in with domain creds and then get into your internal RDP servers.
There are security reasons against VPN. You mean the secure way you should be handling connectivity. Ridiculous policies like that lead people to look at things such as TeamViewer. If they allowed TeamViewer, but not VPN, someone is very confused.
I will definitely look into this, thank you. This seems to be what I am looking for. The only problem will be allowing outside access to the RDP Gateway.
My failsafe solution would be to ask users to have users leave their company provided computers here, install teamviewer on all of them, and have them use their personal computers from home to access their work computer. I don’t really want to go that route, but it would net some sweet overtime for me.
My manager is in a meeting with the parent company now, pleading with them to throw us a bone. I was tasked by my manager to find a backup solution, in case they don’t. The GM and management team don’t want to send salaried employees home for 2 weeks/a month/more just to sit on their bottom and still pay them.
ZeroTier isn’t a bad idea. If anyone asks, just tell them it’s “remote access” instead of VPN
I’ve toyed with the idea of setting something like this up, but haven’t had time to do it. You’ll probably need to set something up to act as a router though. Domain controllers (I’m assuming this is a Windows environment) generally don’t like having multiple IPs.
SO one thing with this. If you have them all leave their PCs at the office, you will have to open a hole in your firewall for all of them to be able to get into their PCs in the office, or, have VPN or something like Teamviewer.
At least with an RDP Gateway, there is only 1 system exposed to the Internet, and security can be pretty locked down.
