Remote Access to Company Files and Office Desktop
- Internal company communications
- File Access
- Remote Access to Office Desktop
- Remote and Local cross-printing
Instant messaging is hardly affected by home vs on-premises operations: Skype, WhatsApp, etc work all the same.
Remote File AccessThe most popular path for File Access to Company Files is VPN - Virtual Private Network. One can think of it as an imaginary encrypted network cable pulled from your office to home through the Internet. There are great many VPN solutions our there. All major players provide their own VPN products: Microsoft, Cisco, Sonicwall. Thankfully there are also free Open Source solutions like OpenVPN discussed in our tech article library. We'll focus on Microsoft VPN solutions since it's embedded in every server OS and no hardware additions are required, which is what we want in pandemic circumstances.
In the old days, PPTP type of VPN was the flagman of Microsoft's technology. It's available in deprecated server OS: Microsoft Server 2003, 2008, 2008R2, SBS 2008, SBS 2010 as well as modern: Server 2012, 2016, 2019 and Windows Essentials versions. The advantage of PPTP is that it boasts high-performance and relative simplicity of deployment. All modern and obsolete client operating systems support PPTP: XP, Vista, Windows 7, 8, 10. The only drawback of PPTP is that it is not 100% secure and arguably an intruder could intercept traffic and decrypt it, worst-case scenario - possibility of a dictionary / brute force attack. Such a task wouldn't be trivial by any means, on top of it File Sharing traffic (SMB) is also encrypted and that adds another layer of data protection. Finally, your sys-admin can harden the lines of defense by implementing restrictive Firewall rules imposing very strong limitations for intrusion. Unless your business must comply with hi-end security standards - HIPAA, etc. - PPTP is the simplest, most affordable and fastest to deploy solution albeit its security risks. Mostly it revolves around the initial phase of establishing a PPTP connection: handshake and password authentication part. If one uses a strong password this wouldn't be a concern. (PPTP also relies on two channels which must be supported by your router: forwarding of network traffic on port 1723 and passing GRE 47 traffic, any modern router is capable of fulfilling this task)
Another type of Microsoft VPN is SSTP. It is also a high-performance VPN but it's considered to be 100% secure as it relies on the same SSL/TLS technology used for online banking (HTTPS) etc. The only complication of its deployment is that one needs (1) a valid (trusted) Secure Certificate linked to (2) an FQDN - Fully Qualified Domain Name bound in its turn to (3) the Public IP address of your office network. If your office isn't using a Static IP address a system administrator must set a Dynamic DNS resolution in addition to configuring router, acquiring SSL. In man-hours this job might require ~2 hours to set up a server and a client connection, perhaps there will be a delay due to the wait time of getting your SSL approved and issued by common certificate authorities (COMODO, Verisign, etc).
Now, that we established a VPN bridge of your choice between a remote location and the network of your business a user can open File Explorer, type in \\SERVER-NAME in the address bar, authenticate and gain access to server shares. Unless both sites are enjoying a gigabit connection to the Internet the performance of opening / saving file will be noticeably slower than that of an office network.
Remote Access to Office DesktopFirst, we should mention commercial solutions like LogMeIn, TeamViewer, GoToMeeting. All popular Remote Access products are quite expensive, if not to say - prohibitively expensive for most small/mid-size businesses. We'd focus on a more earthly approach of native embedded Microsoft solutions and Open Source which wouldn't require any software fees.
In the days of Small Business Servers 2008, 2010 (deprecated) Microsoft provided a great and simple (from a user perspective) way of Remote Desktop access: any authorized user could log to a website portal run on SBS, select his/her workstation and connect to it via native Remote Desktop client. Windows Standard and Essentials editions of 2012 and 2016 also provide the same functionality in a very similar way, provided that your network administrator completed the Setup Wizard on the server and workstation. Sadly, in their infinite wisdom (greed?) Microsoft amputated this feature in any flavor of Windows Server 2019. Frankly speaking, 2019 edition is inferior to 2016 in all aspects, and what's worse - both rely on the same engine under the hood.
Now, what could you do if the by-the-book scenario describe above is not available? Well, luckily any Windows Pro edition (or even Home with some modifications ) comes with Remote Desktop RDP which can be easily enabled in Windows settings console. But how do you access it from outside?
- VPN, if it's established a remote user can point his/her RDP client to the IP address of an office workstation or its local domain name.
- Port Forwarding. This scenario could work with, perhaps, a dozen workstations but probably not fifty since the setup would be tedious. In essence, a network support engineer would need to establish the following:
- Static Public IP on the router or Dynamic IP with Dynamic DNS link
- Port-forwarding for EACH workstation, given that the IP of a workstation is either set with DHCP reservation or statically.
- A client would "dial" the public IT address on a pre-defined non-standard port via his/her RDP client, for example Office.FQDN.com:50001. A router would forward such traffic to a pre-designated internal IP of a desired workstation, for instance 10.0.0.51:3389 (where 3389 is the standard RDP port)
VNC solution is similar to enabling RDP on individual workstations, but here you'd need to deploy a VNC host on each machine and establish port-forwarding on your router. As with a-la-carte RDP this solution is tedious to deploy and cumbersome to maintain. What's worse is that VNC traffic is not encrypted until 2021's version 3 and at present a VPN tunnel is a must-have or SSH tunneling.
Remote and Local cross-printing
Let's consider a couple of core printing needs:
1) Remote worker needs to print remotely at the office
If we have established a VPN bridge a remote user should be able to add a network / shared printer. The simplest route is to note its IP address and run a window wizard guiding it to search for a printer at that address. There are also 3rd party solution like this one: Anydesk Printing
2) Remote worker connected to an office computer remotely needs to print locally at home.
This greatly depends on your type of Remote Desktop access. Native Microsoft RDP provides this functionality among its basic features: access to local printers from remote desktop, copy/paste for files and clipboard. Commercial products certainly support this functionality as well. The only caveat is driver support, for example: a home computer can be a 32-bit computer, for example Windows 8 while remote office computer is Windows 10 64-bit edition which would require a different driver for the same printer. Thus there might be technical issues requiring extra tech-support.
Allora's IT solutions for remote access
Our company relies on three methods of providing remote access:
1) SolarWinds RMM - cloud-based Remote Monitoring and Managing engine.
Here we'll focus just on Remote Access features of SolarWinds (if you'd like to learn more about and potentially on-board the system click the link above).
Any computer, be it a Mac or Windows, can be accessed via either TakeControl - powerful native SolarWinds solution for remote access, or TeamViewer for an additional cost (extra $1/month/computer). Both are robust solutions. TakeControl provides Desktop Sharing, File Transfer engine, Clipboard, Session recording, Local Printer Support to name a few. Basically, it covers all the needs that we discussed above (except company communications). Not only Allora's engineers can access any server / workstation in order to provide remote tech support for customers but also our clients can choose to get registered within this system and access any of their office computers from the comfort of their homes or on the road.
2) ConnectWise Control - "Remote Support That Just Works"
This is a system administration tool predominantly, it is hosted in our data center (unlike SolarWinds which is a 3rd party provider). We use it to establish a temporary remote support session for a computer without a SolarWinds agent. Both Mac and Windows are supported. All prime features are present.
3) Microsoft's Remote Desktop - most basic solution embedded in all servers and workstations
Unlike (1) and (2) Microsoft deliberately restricted RDP's feature set: no support for dual monitors, no session recording, etc.
If you have questions or need assistance in establishing one of the solutions for your business mentioned above, please don't hesitate to Contact Us.