I use SplashTop SOS Unlimited to support all of our desktops ($45/month/user). Unfortunately, their system doesn’t allow me to also give individual users cheap $7/month licenses for their own access if their PC is already managed by my technician license (forcing me to give each user a more expensive technician license). As a result of their pricing model, Splashtop only makes sense for me but not for additional non-technician users to occasionally access a single workstation during vacations.
TeamViewer:
Too expensive for our use case.
LogMeIn:
Works out almost the same price as paying for two additional Splashtop SOS Unlimited licenses - so they’re out too.
Which brings me back to Remote Desktop over VPN…
Windows VPN:
Up until now, the two users in question were using the Windows built-in VPN client. We had a situation recently when both of their VPN connections broke after Windows Updates were installed on their laptops - so the built-in VPN client seems unreliable to me.
Is the built-in Windows VPN client known to be unreliable? I heard from the users that the previous IT guy had to troubleshoot it on a regular basis.
SoftEther VPN:
In the past, I’ve used SoftEther VPN, with incredible success for both Mac and PC users. It’s free and very easy to configure. Once it’s up and running, I can pretty much trust SoftEther VPN to work forever. When I used it in the past, it was for a non-profit organization with no budget, so a free, open-source solution was my only option.
In this situation, we could invest in a better paid solution if necessary. Does anyone here use SoftEther VPN in a commercial setting? Is there any reason you wouldn’t trust it?
RDP with IP allowlisting. If the router doesn’t have a nice firewall that does allowlisting, you can do it in the windows firewall. If the user’s IP address changes a lot, use OpenVPN community edition to make a private tunnel. If the user doesn’t have admin permission, add them to the “remote desktop users” group. This protects you from RDP 0-days, and brute force password attacks, and it’s all trust no one, and it’s all free! I’ve been using this method since win7 came out, and have over 100 customers using it. I’ve never used RDS Gateway because it has had at least one big security issue in the past, and most of my customers don’t have a windows server box on their lan anyway. (I’m a msp)
do you need a vpn? why wont rds gateway work? for $45/mo you could get everyone an amazon pcoip virt? pcoip software is probably way less than 45/mo too. what is the workload? parsec is also an option.
Is the built-in Windows VPN client known to be unreliable? I heard from the users that the previous IT guy had to troubleshoot it on a regular basis
Not really. My employer uses those for ca. 100 people, including in office. The only trouble I had with it was my own fault (it helps to have internet at home to remote into anything).
ScreenConnect Access. You pay per endpoint, not per user. You can enforce MFA, audit sessions, and allow users to only remote into assigned workstations.
SoftEther, passphrase and trusted signed certificates is a +1 from me.
You can also whitelist the IP within SoftEther.
Set the PC to only allow RDP from specific user(s)
I concur, for this particular use case I think that RDS would for sure be the way to go, with that said though the license pricing might actually be even more (it’s been awhile since I got any licensing for that)
