Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Web based solution rather than VPN

From: Jeff Lane <crash () pinehurst net>
Date: Mon, 18 Aug 2003 14:08:36 -0400
Not sure if this would help you out any, but:

http://www.avocent.com/web/en.nsf/Content/SwitchViewIP
Basically lets you take your KVM output and provide tcp/ip access to that kvm via secure browser connection.
I dont know that much about htis thing, but seems to me that this can be set up to grand access to specific machines to specific users... so it may be of benefit.
I may know more soon, we are looking at things like this for remote admin use since we dont want to allow terminal services from any IP other than a select few internal IPs... 

Jeff


Jeff Lewis wrote:

Help wanted.
I work in a small (under 25 employees) company that has been primarily AS400 based. I am helping to migrate them to a new application that is Windows/SQL Server based.
They are used to dialing in via a couple of modems and working from home on the AS400. This is strictly 5250 terminal emulation, so everything works just like it does in the office. Speed isn't an issue.
Rather than play with more modems, RAS and Terminal Services via 56k, I would like to move to internet access. We do have a full T1, so bandwidth on this end is not an issue. Most of the users have already gone to broadband at home, so that is not an issue.
There are several reasons that I don't want to setup VPN's with these employees. First, I am IT. That's it. No more IT employees and setting up and maintaining these VPNs is not going to be easy. Second, the employees are NOT technically savvy at all. I have actually taught lessons on Cut and Paste, as well as basic filing. Third, half of the users move around alot (sales) so that establishing network access is going to come from lots of different locations. And key to me, I am concerned about Comcast and Verizon's TOS and AUP with respect to VPNs. It has been rumoured that both providers are scanning their networks for VPN usage, and then bump those offenders to business service because it is a violation of the TOS. (I have no proof of this, nor do I know of a single case of this happening. I would like to know of any actual incidents.) If this is what the future is going to bring, I don't want to invest the time and effort into it, only to find that people are going to get a large bill and then blame me for a "horrible solution". 
A potential solution is to use a product like Netilla. www.netilla.com
It is a firewall/proxy/webserver that interfaces with Windows TS. The great part about this package is that my users just need a browser. It uses SSL to gain secure access to the Terminal Server. Setup takes about an hour. Users can move about and if they can achieve internet access, they can get into the system. Netilla uses your Username to access the TS license so a single user routinely using multiple computers is not a problem. Gets rid of alot of the licensing issues that using Terminal Services and a VPN would normally have.
The problem? It's expensive. $15k to get started and 50 users is the minimum seating. I believe that my company will cover it as long as it is successful, but I would be remiss if I didn't look for alternatives. I do like their approach though. Is anyone aware of other web-based solutions that can access Terminal Services? (Please don't use the $itrix word -- been there, done that, ripped up the T-shirt.) 
Jeff Lewis
Director of IT and CMO (Chief Mouse Cleaner)

__________________________________________________________________
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397

Get AOL Instant Messenger 5.1 free of charge.  Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455

---------------------------------------------------------------------------
----------------------------------------------------------------------------





--
Jeffrey Lane, RHCE
Systems Adminstrator
ConnectNC, Inc
DSL and Web hosting: http://www.connectnc.com
List your child-related organization Online!  http://www.sandhillskids.com



---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: