Re: Access to network drives for home and roaming users

Mike,
All the VPN does is to add a security layer to the remote access, so if you
don't want to use VPN, the question is, what security do you want to apply?
Then by the time you add the additional security, you may be thinking that
the VPN wasn't so bad.
Questions:
- Do you want the data in a DMZ, or do you want them to come straight
through the firewall to your LAN?
- If in a DMZ, how will they authenticate to it?
- How to interact with the data: HTTP, CIFS, FTP etc.?
Options you can consider:
1) An SSL VPN gives a simplified user access to internal resource. From a
user perspective, you could say they had direct access, as they only have to
authenticate once. In fact they are going through a VPN tunnel.
2) Allow RDP straight through. Impractical in any but very small
environments.
3) Use Terminal Services with remote access. For file access as distinct
from applications this is similar to the SSL VPN.
4) Anything with the content in a DMZ gets very complicated as to how you
are going to authenticate it with LAN users. You can use IIS with WebDAV and
SSL to give file and folder access, but you need some way to authenticate
the users. You don't want to go through to the DC on the LAN, so you have to
come up with a way of synchronizing usernames to a DMZ AD.
Hope that helps,
Anthony
http://www.airdesk.co.uk




"Mike D" wrote in message
news:6471DDBA-BA31-460B-98FF-1D5B40E15F8B@microsoft.com...
> Hello, I have a scenario I'd like to put out and see if anyone can help. I
> have a windows 2003 R2 network with an internal and perimeter network, the
> internal is fully windows 2003 and all users have access to mapped drives
> on
> the file server, we also have exchange 2007 server. In the perimeter
> network
> we have a frontend webserver hosting a public site and another box hosting
> the edge exchange 2007 server.
>
> I want to achieve simple remote access to user from home or roaming with
> laptops without the need for VPN's, Exchange is easy and has been setup
> for
> OWA or the outlook client over HTTP, the problem I have is access to the
> file
> system and specifically the network drives they have access to. I'd like
> to
> give them access to certain network drives or folders somehow without
> mapping
> them over a VPN. I've thought about ftp etc but I figure there must be
> plenty
> of need for this out there and other companies must have easily achieved
> it
> with it being pretty much a microsoft shop....... so I want to see how
> others
> do it :) can anyone assist or provide advice.
>
> Thanks
>
>

Re: Access to network drives for home and roaming users

Thanks for your reply, think option 1 is the go, I'd like to leave the data
in the internal lan and not mov it to the DMZ, can you give me some mroe info
on option 1?

"Anthony" wrote:

> Mike,
> All the VPN does is to add a security layer to the remote access, so if you
> don't want to use VPN, the question is, what security do you want to apply?
> Then by the time you add the additional security, you may be thinking that
> the VPN wasn't so bad.
> Questions:
> - Do you want the data in a DMZ, or do you want them to come straight
> through the firewall to your LAN?
> - If in a DMZ, how will they authenticate to it?
> - How to interact with the data: HTTP, CIFS, FTP etc.?
> Options you can consider:
> 1) An SSL VPN gives a simplified user access to internal resource. From a
> user perspective, you could say they had direct access, as they only have to
> authenticate once. In fact they are going through a VPN tunnel.
> 2) Allow RDP straight through. Impractical in any but very small
> environments.
> 3) Use Terminal Services with remote access. For file access as distinct
> from applications this is similar to the SSL VPN.
> 4) Anything with the content in a DMZ gets very complicated as to how you
> are going to authenticate it with LAN users. You can use IIS with WebDAV and
> SSL to give file and folder access, but you need some way to authenticate
> the users. You don't want to go through to the DC on the LAN, so you have to
> come up with a way of synchronizing usernames to a DMZ AD.
> Hope that helps,
> Anthony
> http://www.airdesk.co.uk
>
>
>
>
> "Mike D" wrote in message
> news:6471DDBA-BA31-460B-98FF-1D5B40E15F8B@microsoft.com...
> > Hello, I have a scenario I'd like to put out and see if anyone can help. I
> > have a windows 2003 R2 network with an internal and perimeter network, the
> > internal is fully windows 2003 and all users have access to mapped drives
> > on
> > the file server, we also have exchange 2007 server. In the perimeter
> > network
> > we have a frontend webserver hosting a public site and another box hosting
> > the edge exchange 2007 server.
> >
> > I want to achieve simple remote access to user from home or roaming with
> > laptops without the need for VPN's, Exchange is easy and has been setup
> > for
> > OWA or the outlook client over HTTP, the problem I have is access to the
> > file
> > system and specifically the network drives they have access to. I'd like
> > to
> > give them access to certain network drives or folders somehow without
> > mapping
> > them over a VPN. I've thought about ftp etc but I figure there must be
> > plenty
> > of need for this out there and other companies must have easily achieved
> > it
> > with it being pretty much a microsoft shop....... so I want to see how
> > others
> > do it :) can anyone assist or provide advice.
> >
> > Thanks
> >
> >
>
>
>

Re: Access to network drives for home and roaming users

Pretty well everyone sells SSL VPN these days, either appliance or software.
Its really easy to set up. You might have a look at this:
http://www.microsoft.com/presspass/events/rsa/docs/GartnerSS LVPN.pdf
Hope that helps,
Anthony
http://www.airdesk.co.uk



"Mike D" wrote in message
news:98373582-2034-4684-BD68-29893693306F@microsoft.com...
> Thanks for your reply, think option 1 is the go, I'd like to leave the
> data
> in the internal lan and not mov it to the DMZ, can you give me some mroe
> info
> on option 1?
>
> "Anthony" wrote:
>
>> Mike,
>> All the VPN does is to add a security layer to the remote access, so if
>> you
>> don't want to use VPN, the question is, what security do you want to
>> apply?
>> Then by the time you add the additional security, you may be thinking
>> that
>> the VPN wasn't so bad.
>> Questions:
>> - Do you want the data in a DMZ, or do you want them to come straight
>> through the firewall to your LAN?
>> - If in a DMZ, how will they authenticate to it?
>> - How to interact with the data: HTTP, CIFS, FTP etc.?
>> Options you can consider:
>> 1) An SSL VPN gives a simplified user access to internal resource. From a
>> user perspective, you could say they had direct access, as they only have
>> to
>> authenticate once. In fact they are going through a VPN tunnel.
>> 2) Allow RDP straight through. Impractical in any but very small
>> environments.
>> 3) Use Terminal Services with remote access. For file access as distinct
>> from applications this is similar to the SSL VPN.
>> 4) Anything with the content in a DMZ gets very complicated as to how you
>> are going to authenticate it with LAN users. You can use IIS with WebDAV
>> and
>> SSL to give file and folder access, but you need some way to authenticate
>> the users. You don't want to go through to the DC on the LAN, so you have
>> to
>> come up with a way of synchronizing usernames to a DMZ AD.
>> Hope that helps,
>> Anthony
>> http://www.airdesk.co.uk
>>
>>
>>
>>
>> "Mike D" wrote in message
>> news:6471DDBA-BA31-460B-98FF-1D5B40E15F8B@microsoft.com...
>> > Hello, I have a scenario I'd like to put out and see if anyone can
>> > help. I
>> > have a windows 2003 R2 network with an internal and perimeter network,
>> > the
>> > internal is fully windows 2003 and all users have access to mapped
>> > drives
>> > on
>> > the file server, we also have exchange 2007 server. In the perimeter
>> > network
>> > we have a frontend webserver hosting a public site and another box
>> > hosting
>> > the edge exchange 2007 server.
>> >
>> > I want to achieve simple remote access to user from home or roaming
>> > with
>> > laptops without the need for VPN's, Exchange is easy and has been setup
>> > for
>> > OWA or the outlook client over HTTP, the problem I have is access to
>> > the
>> > file
>> > system and specifically the network drives they have access to. I'd
>> > like
>> > to
>> > give them access to certain network drives or folders somehow without
>> > mapping
>> > them over a VPN. I've thought about ftp etc but I figure there must be
>> > plenty
>> > of need for this out there and other companies must have easily
>> > achieved
>> > it
>> > with it being pretty much a microsoft shop....... so I want to see how
>> > others
>> > do it :) can anyone assist or provide advice.
>> >
>> > Thanks
>> >
>> >
>>
>>
>>