Re: Remote Terminal Services / SharePoint Servers

[Russell Fulton <r.fulton () AUCKLAND AC NZ>]

Bristol, Gary L. wrote:
> Besides the use of  SSL VPN devices, which we have a couple flavors
> of, another option that we use are SSH Bastion hosts.
>
> I have several in place that provide different parts of the user
> community access to the resources they need.
> The Hosts are linux based and authenicate the users via Kerberos to
> the Microsoft AD domain controllers.
> This provides a very effective means of connecting securely and still
> having the resources on the inside available to the users and isolated
> from common off campus access, ie hackers.
We also operate ssh gateway machines (in our case protected by two
factor Auth) and it is used almost exclusively by systems administration
staff and the odd tech savy academic.  The thought of getting 'ordinary'
users to do this  make me rather nervous because of the support issues.
The big disadvantage that I see is that each service requires
configuration in the ssh client and then the user has to do something
different with each application that the want to use.  The big advantage
of a decent VPN is that once the connection is established it is largely
transparent to the user.  Everything works just as if they are on campus
-- so long as they have a nice fast DSL connection.

Currently we use Cisco VPN which works OK for the most part.  I have the
odd problem with the Mac client which sometimes throws it toys out of
the cot declaring that it "cant initialise VPN system because there are
no internet connections"  at which point I give up on it and use SSH.

Russell