1

Hi Guys,

Coming to the community to see if anyone was ever in a similar situation or has any good ideas for what is happening in my current situation.

Right now we are having discussions about allowing employees to install our VPN client on their personal home machines so that they can VPN in and then RDP to their desktops here in the office. I am completely against it because if these users don’t run anti-virus on their laptops we run a huge risk of our company getting infected.

That being said I have been throwing around the idea of getting users all company issued/managed laptops or potentially look into VDI ($$$$).

What is everyone’s take on this and any suggestions on this odd situation i have in my hands.

3 Spice ups
2

Do not let users install VPN on personal Machines! You are totally correct in your fears. VDI or Managed laptops is the best you can do here for your company.

3 Spice ups
3

I know on some VPN solutions you can enforce a device policy and list the acceptable antivirus programs, require realtime protection, set number of days since the last signature update and file scan . I know on Sonicwall VPN appliances will do this. https://www.sonicwall.com/en-us/products/remote-access/remote-access-appliances

2 Spice ups
4

If they need access externally give them the proper equipment, ie company laptop and drop the PC

2 Spice ups
5

Ultimately you will need to yield to corporate policy. The question is why are they doing work from home when off duty? If they are not off duty VDI or laptop would be the better way to go. You have no control over software that is installed on their personal machine or what data could be stored there.

1 Spice up
6

Many users work from home off hours just to check up on emails and other tasks. This also relates for when their is a snow day and users must work from home.

7

Why not just install the remote desktop gateway on a windows server, they can rdp into their machines through that. You will need to get a certificate though and teach them how to configure the client on their home machines.

8

This is a good solution. We have a few remote people who need to access applications that won’t work over a VPN so they need to access an internal desktop. Works great. That’s the only exception we’ll allow for a personal device to remotely connect.

For the people that use VPN, it is installed on company equipment or not at all.

9

Why don’t you VPN in to a safe environment without corp network access - then RDP (plus via a gateway?) from there? seems a bit OTT - but we do similar with guest wifi - it’s off our network, isolate the guests so they can’t talk to each other but still enable a path through to select corporate devices.

10

Hi Kyle, after reading your comments, I agree that using VPN does run the risk of exposing your company to malicious attacks and data leakage. I also wanted to mention that you could consider solutions that can help you manage the remote PC connection or even shared desktop by Microsoft RDS or pure virtual desktop hosted on hypervisor(VDI). In terms of the cost, VDI is becoming less expensive than it used to be in the past. If you are interested in something like this, on the @Parallels side of things we do offer our Parallels RAS solution which could be worth checking out.

The solution provides pervasive security by multi-factor identification, secure protocols such as SSL and FIPS140-2 and granular client policies. Plus, there are options to convert any Windows machine into a thin client by using desktop replacement and the ability to connect from iOS/Android mobile devices, Chromebook, etc.

Now, if you would like to learn more or get a hands on feel with our 30 day fully featured trial, info on that can be found here ! Please don’t hesitate to reach out if you have any questions, I’m always around and happy to help whenever I can :slight_smile: