Remote Printing/Terminal Services

Thanks to everyone for your patience and in-depth responses.



I've passed along your suggestions to an outside firm that gives us IT
support and hopefully they'll be able to make this work for us.



Again - my deepest thanks to everyone.



Tricia





_____

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of
Nick
Sent: Monday, April 11, 2011 1:11 PM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Remote Printing/Terminal Services





Mark,

We currently have just a terminal server. So i guess that answers your first

question. Zac is correct that no matter how you set it up, if you are coming

in over a TS session, the drivers need to be installed on the host machine
prior to the connection. And Zac is also correct in that remote printing is
a pain in the butt. It has gotten much easier with server 2008 vs server
2000...but it still isnt the greatest. Also, MFP's are pretty much not
supported.

Tricia has basically 3 options.

1. Straight VPN. Setup VPN's for all remote clients. I do not reccomend this

option since I have no clue what AV software is on the clients and have no
idea what the security is like on them. This is a bad option. But setting up

a printer is much easier since it makes it look like the computer is
connected to the company LAN just like normal. This can be confusing for
people who dont know much about computers because they dont understand that
they need to be on the VPN first.

2. TS over VPN. Kinda what she is doing now. But I would never have a user
anywhere connect directly to my servers. Have a workstation in front or a
designated terminal server server. I dont want to clutter up my servers with

other user profiles and such. More overhead though since you need to
maintain the VPN session first and then an TS session. Same rules apply with

adding printers over a TS session. Gotta add them to the host first. This
is VERY confusing to the end users. We had this for people who were
traveling. I got calls EVERY TIME!

3. TS Gateway. If i am at home, i can connect directly to my work
computer(as long as its turned on) and work from it. This is advantageous
for my situation because I have access to all of my docs, my hard drive and
my personal items. You still need to add the printers with the same rules as

the TS over VPN, however, you only need to add 1 printer vs if you had a TS
server, you would have to add many printers for all of the remote users.
From experience, this is easy for end users. I wrote up a simple document
and have it ready for all of them as they are traveling and I dont think I
have gotten one call since this went into effect(about 2 months ago). I
tested it on my workstation first about 6 months ago after learning about it

from a friend of mine.

Also, Zac is also correct, you need an SSL certificate.

On Mon, 11 Apr 2011 09:38:46 -0400
Mark Wonsil <mark_wonsil@... <mailto:mark_wonsil%40yahoo.com> > wrote:
Nick wrote:

> I love a new feature of Windows 2008. Terminal Server
>Gateway. It hands off
> the RDP session to whatever computer you want. This way
>you only have to
> poke a single hole in your router, and for security, you
>can control which
> users have access to which computers a lil more easily.
>It has the same
> limitations as what Zac was just menioning, its just
>another way of doing
> things. Learned of the new feature about 6 months ago and
>IMO, it rocks. I
> used to just change the RDP listening port on every
>computer individually.

Nick, have you set up Epicor as a Terminal Server App or
are they
using a TS desktop? It would seem that the TS App would
give Tricia
and others the remote printing and cut down on some of
the overhead as
well as be more secure than a straight VPN - if I
correctly understand
how it works.

Mark W.





[Non-text portions of this message have been removed]
Thank you SO much to those who answered my previous question about remote
printing.



May I disturb you once more with another question?



When we originally set up the remote connection several years ago, Epicor
had us use a secondary server to connect via Terminal Services. This
secondary server runs Progress but has a link to Vantage.



We are running 6.1. Is it still "necessary" to log in this way or is it
"safe" to connect to the Vantage server directly? I know it is *possible*
as I've logged in remotely before - I'm just asking if it is *safe* to do it
for security purposes???



Thanks for all your help!!!



Tricia Simon, Controller

Riten Industries, Inc.

800-338-0027





[Non-text portions of this message have been removed]
If the computers that are logging in are personal computers, then no it is not safe or secure. Personal computers on a business network are to be avoided at all cost.

As for can it be done, yes. Most of my remote users have company computers with appropriate security measures installed on them that VPN. Once their connection is established they work as if they were in the office. Now this is contingent on having a fast enough internet connection to be able to handle the load. However any spikes in the internet bandwidth and they will start getting errors in the client. This will force them to restart the app.

"Zac" Jason Woodward
Network Administrator
Intermountain Electronics, Inc.
O: 877-544-2291
M: 435-820-6515
F: 435-637-9601
www.ie-corp.com

Creating customer confidence through extraordinary service and experienced industry experts.

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Tricia Simon
Sent: Monday, April 11, 2011 6:04 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Remote Printing/Terminal Services



Thank you SO much to those who answered my previous question about remote
printing.

May I disturb you once more with another question?

When we originally set up the remote connection several years ago, Epicor
had us use a secondary server to connect via Terminal Services. This
secondary server runs Progress but has a link to Vantage.

We are running 6.1. Is it still "necessary" to log in this way or is it
"safe" to connect to the Vantage server directly? I know it is *possible*
as I've logged in remotely before - I'm just asking if it is *safe* to do it
for security purposes???

Thanks for all your help!!!

Tricia Simon, Controller

Riten Industries, Inc.

800-338-0027

[Non-text portions of this message have been removed]



[Non-text portions of this message have been removed]
I love a new feature of Windows 2008. Terminal Server Gateway. It hands off
the RDP session to whatever computer you want. This way you only have to
poke a single hole in your router, and for security, you can control which
users have access to which computers a lil more easily. It has the same
limitations as what Zac was just menioning, its just another way of doing
things. Learned of the new feature about 6 months ago and IMO, it rocks. I
used to just change the RDP listening port on every computer individually.




On Mon, 11 Apr 2011 07:08:26 -0600
Zac Jason Woodward <zac@...> wrote:
If the computers that are logging in are personal
computers, then no it is not safe or secure. Personal
computers on a business network are to be avoided at all
cost.

As for can it be done, yes. Most of my remote users have
company computers with appropriate security measures
installed on them that VPN. Once their connection is
established they work as if they were in the office. Now
this is contingent on having a fast enough internet
connection to be able to handle the load. However any
spikes in the internet bandwidth and they will start
getting errors in the client. This will force them to
restart the app.

"Zac" Jason Woodward
Network Administrator
Intermountain Electronics, Inc.
O: 877-544-2291
M: 435-820-6515
F: 435-637-9601
www.ie-corp.com

Creating customer confidence through extraordinary
service and experienced industry experts.

From: vantage@yahoogroups.com
[mailto:vantage@yahoogroups.com] On Behalf Of Tricia Simon
Sent: Monday, April 11, 2011 6:04 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Remote Printing/Terminal Services



Thank you SO much to those who answered my previous
question about remote
printing.

May I disturb you once more with another question?

When we originally set up the remote connection several
years ago, Epicor
had us use a secondary server to connect via Terminal
Services. This
secondary server runs Progress but has a link to Vantage.

We are running 6.1. Is it still "necessary" to log in
this way or is it
"safe" to connect to the Vantage server directly? I know
it is *possible*
as I've logged in remotely before - I'm just asking if it
is *safe* to do it
for security purposes???

Thanks for all your help!!!

Tricia Simon, Controller

Riten Industries, Inc.

800-338-0027

[Non-text portions of this message have been removed]



[Non-text portions of this message have been removed]
What Nick is explaining is still, in essence, similar to Terminal Services. Instead of the user getting a terminal server for their connection they now can get their personal internal computers. I use this feature as well for when some of our technicians are deployed to the field. Opening programs such as AutoCad do not work very well remotely, but works great with RDP.

The only item you have to be aware of in advance is that this requires the server to have an SSL Cert from a recognized certificate authority such as Verisign or Entrust.

"Zac" Jason Woodward
Network Administrator
Intermountain Electronics, Inc.
O: 877-544-2291
M: 435-820-6515
F: 435-637-9601
www.ie-corp.com

Creating customer confidence through extraordinary service and experienced industry experts.

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Nick
Sent: Monday, April 11, 2011 7:17 AM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Remote Printing/Terminal Services



I love a new feature of Windows 2008. Terminal Server Gateway. It hands off
the RDP session to whatever computer you want. This way you only have to
poke a single hole in your router, and for security, you can control which
users have access to which computers a lil more easily. It has the same
limitations as what Zac was just menioning, its just another way of doing
things. Learned of the new feature about 6 months ago and IMO, it rocks. I
used to just change the RDP listening port on every computer individually.

On Mon, 11 Apr 2011 07:08:26 -0600
Zac Jason Woodward <zac@...<mailto:zac%40ie-corp.com>> wrote:
If the computers that are logging in are personal
computers, then no it is not safe or secure. Personal
computers on a business network are to be avoided at all
cost.

As for can it be done, yes. Most of my remote users have
company computers with appropriate security measures
installed on them that VPN. Once their connection is
established they work as if they were in the office. Now
this is contingent on having a fast enough internet
connection to be able to handle the load. However any
spikes in the internet bandwidth and they will start
getting errors in the client. This will force them to
restart the app.

"Zac" Jason Woodward
Network Administrator
Intermountain Electronics, Inc.
O: 877-544-2291
M: 435-820-6515
F: 435-637-9601
www.ie-corp.com

Creating customer confidence through extraordinary
service and experienced industry experts.

From: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>
[mailto:vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>] On Behalf Of Tricia Simon
Sent: Monday, April 11, 2011 6:04 AM
To: vantage@yahoogroups.com<mailto:vantage%40yahoogroups.com>
Subject: [Vantage] Remote Printing/Terminal Services

Thank you SO much to those who answered my previous
question about remote
printing.

May I disturb you once more with another question?

When we originally set up the remote connection several
years ago, Epicor
had us use a secondary server to connect via Terminal
Services. This
secondary server runs Progress but has a link to Vantage.

We are running 6.1. Is it still "necessary" to log in
this way or is it
"safe" to connect to the Vantage server directly? I know
it is *possible*
as I've logged in remotely before - I'm just asking if it
is *safe* to do it
for security purposes???

Thanks for all your help!!!

Tricia Simon, Controller

Riten Industries, Inc.

800-338-0027

[Non-text portions of this message have been removed]

[Non-text portions of this message have been removed]



[Non-text portions of this message have been removed]
Nick wrote:

> I love a new feature of Windows 2008. Terminal Server Gateway. It hands off
> the RDP session to whatever computer you want. This way you only have to
> poke a single hole in your router, and for security, you can control which
> users have access to which computers a lil more easily. It has the same
> limitations as what Zac was just menioning, its just another way of doing
> things. Learned of the new feature about 6 months ago and IMO, it rocks. I
> used to just change the RDP listening port on every computer individually.

Nick, have you set up Epicor as a Terminal Server App or are they
using a TS desktop? It would seem that the TS App would give Tricia
and others the remote printing and cut down on some of the overhead as
well as be more secure than a straight VPN - if I correctly understand
how it works.

Mark W.
Regardless of whether Epicor is setup as a TS App or RDP the users home printer drivers will still need to be installed. The TS App itself still runs on the terminal server, it just presents itself as if it was a local app to the user.

The only way to get around installing additional drivers is to have epicor installed on the home computer/laptop and have it VPN in.

"Zac" Jason Woodward
Network Administrator
Intermountain Electronics, Inc.
O: 877-544-2291
M: 435-820-6515
F: 435-637-9601
www.ie-corp.com

Creating customer confidence through extraordinary service and experienced industry experts.

From: vantage@yahoogroups.com [mailto:vantage@yahoogroups.com] On Behalf Of Mark Wonsil
Sent: Monday, April 11, 2011 7:39 AM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Remote Printing/Terminal Services



Nick wrote:

> I love a new feature of Windows 2008. Terminal Server Gateway. It hands off
> the RDP session to whatever computer you want. This way you only have to
> poke a single hole in your router, and for security, you can control which
> users have access to which computers a lil more easily. It has the same
> limitations as what Zac was just menioning, its just another way of doing
> things. Learned of the new feature about 6 months ago and IMO, it rocks. I
> used to just change the RDP listening port on every computer individually.

Nick, have you set up Epicor as a Terminal Server App or are they
using a TS desktop? It would seem that the TS App would give Tricia
and others the remote printing and cut down on some of the overhead as
well as be more secure than a straight VPN - if I correctly understand
how it works.

Mark W.



[Non-text portions of this message have been removed]
Mark,

We currently have just a terminal server. So i guess that answers your first
question. Zac is correct that no matter how you set it up, if you are coming
in over a TS session, the drivers need to be installed on the host machine
prior to the connection. And Zac is also correct in that remote printing is
a pain in the butt. It has gotten much easier with server 2008 vs server
2000...but it still isnt the greatest. Also, MFP's are pretty much not
supported.

Tricia has basically 3 options.

1. Straight VPN. Setup VPN's for all remote clients. I do not reccomend this
option since I have no clue what AV software is on the clients and have no
idea what the security is like on them. This is a bad option. But setting up
a printer is much easier since it makes it look like the computer is
connected to the company LAN just like normal. This can be confusing for
people who dont know much about computers because they dont understand that
they need to be on the VPN first.

2. TS over VPN. Kinda what she is doing now. But I would never have a user
anywhere connect directly to my servers. Have a workstation in front or a
designated terminal server server. I dont want to clutter up my servers with
other user profiles and such. More overhead though since you need to
maintain the VPN session first and then an TS session. Same rules apply with
adding printers over a TS session. Gotta add them to the host first. This
is VERY confusing to the end users. We had this for people who were
traveling. I got calls EVERY TIME!

3. TS Gateway. If i am at home, i can connect directly to my work
computer(as long as its turned on) and work from it. This is advantageous
for my situation because I have access to all of my docs, my hard drive and
my personal items. You still need to add the printers with the same rules as
the TS over VPN, however, you only need to add 1 printer vs if you had a TS
server, you would have to add many printers for all of the remote users.
From experience, this is easy for end users. I wrote up a simple document
and have it ready for all of them as they are traveling and I dont think I
have gotten one call since this went into effect(about 2 months ago). I
tested it on my workstation first about 6 months ago after learning about it
from a friend of mine.

Also, Zac is also correct, you need an SSL certificate.






On Mon, 11 Apr 2011 09:38:46 -0400
Mark Wonsil <mark_wonsil@...> wrote:
Nick wrote:

> I love a new feature of Windows 2008. Terminal Server
>Gateway. It hands off
> the RDP session to whatever computer you want. This way
>you only have to
> poke a single hole in your router, and for security, you
>can control which
> users have access to which computers a lil more easily.
>It has the same
> limitations as what Zac was just menioning, its just
>another way of doing
> things. Learned of the new feature about 6 months ago and
>IMO, it rocks. I
> used to just change the RDP listening port on every
>computer individually.

Nick, have you set up Epicor as a Terminal Server App or
are they
using a TS desktop? It would seem that the TS App would
give Tricia
and others the remote printing and cut down on some of
the overhead as
well as be more secure than a straight VPN - if I
correctly understand
how it works.

Mark W.