RE: Securing TS
- From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 11 Nov 2005 13:44:00 -0500
Do you have the Tutorial on RDP over VPN yet?
Andrew :)
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Friday, November 11, 2005 9:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Securing TS
http://www.ISAserver.org
The problem is multiplexing, for want of a better term. You don't have a
RDP proxy with ISA, so you're going to need to publish all the terminal
servers and have an IP address for each one bound to the external
interface of the ISA firewall. So, VPN is a much better solution,
because you can handle 1000 connections to the ISA firewall through VPN
and then use RDP inside the tunnels. The rate limiter here is processor
(and to a lesser extent, memory) utilization, not bandwidth, compared to
RDP alone.
So, RDP over VPN (how's that for a new 'protocol') adds relatively
little to bandwidth overhead, is more secure, requires a single IP
address bound to the external interface, but requires much more
processor and some more memory, overhead.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, November 11, 2005 6:31 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Securing TS
>
> http://www.ISAserver.org
>
> Hi Thomas!
>
> I am not worried about the protocol Tom. The protocol makes the
> connection, which is good, but the internet still has to drive opening
> the database up, which is HUG. This company sells SHOEs, they also use
> EDI which places like Sears, The Bay, Wal-Mart, Costco, etc use on top
> of AccPac which also has their inventory etc... I think it might be
> better if they remote into TS and ran everything off the server, way
> they don't have to pull the database across the internet.
>
> Andrew
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Friday, November 11, 2005 1:57 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Securing TS
>
> http://www.ISAserver.org
>
> Hi Andrew,
>
> The VPN protocol overhead is nominal. The processor overhead is
> measureable.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> > Sent: Thursday, November 10, 2005 10:21 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Securing TS
> >
> > http://www.ISAserver.org
> >
> >
> > Any good tips on security TS on ISA 2004 Server?? Someone wants to
> > setup TS to access their accounting package from home, since VPN
> will knock
> > down their bandwidth (5Meg Down/800K UP) we decided that TS would be
> > their best bet.
> >
> > Andrew
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
> > as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> andrew@xxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
