Re: PCanywhere and ISA 2000

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: TSU (TSU_at_discussions.microsoft.com)
Date: 12/12/04 

Date: Sat, 11 Dec 2004 21:45:03 -0800

Hello Phillip,

Glad to see you here in this forum, too. You're a great long-standing
contributor to the main ISA newsgroup. Haven't kept up recently because I've
been pretty busy, but this thread caught my eye when it was mentioned in
Susan Bradley's blog.

Let me clarify a few things here...

- The RWW is only a special implementation of the Advanced TS client. A
special translation component on the Server performs PAT and NAT to support
multiple clients sharing a WAN interface connecting to multiple resources and
to make this happen the TSWeb client includes some special client-side code
but aside from these it's fundamentally no different than the usual TS
Advanced Client. I don't mean to deprecate how great RWW is, it <really> is
but it should not be represented as some kind of Web technology that's very
different than generic TS.

- The direction of this thread to dump PCA and implement TS instead should
be applauded... both from a security perspective and simplicity. A normal TS
can be recommended over RWW in some situations, for instance if you want to
eliminate some of the extra steps required to access the Server. With RWW,
besides the original URL and logging on you have to make at least 3
additional clicks. Server Publishing the resource directly can eliminate
those 3 clicks and the time moving between each display.

- Whether you implement a VPN or not has little to do with making the
connection more or less secure if done properly. A VPN typically will be only
128-bit encryption, and may or may not be vulnerable to whether the protocol
is weak or not. Only the additional deployment of EAP can ensure higher
security but is usually not seen. If 128-bit encryption using an algorithm
generally recognized to be acceptable fits your needs, by default TS is
configured this way, so any additional encryption like running within a VPN
is likely unneeded.

- A VPN can be a universal enabler for solutions that aren't solved easily
because the application requires port connections hard to define, and this
was what you seem to be suggesting which ordinarily is a satisfactory
solution if you are willing to expose yourself to the consequences of a
conventional VPN (see next point).

- Conventional VPNs should be avoided whenever and wherever possible.
Application Gateways should be used instead whenever possible, and a
presentation I created earlier this year is available for viewing at both
www.winsug.org and my website at www.su-networking.com (Architecting Support
for the Mobile Workforce) which describes the whys, options and what I
finally recommend in detail.

HTH and of course plenty of IMO,
Tony Su

"Phillip Windell" wrote:

> Ah! that explains it as far as me not knowing about it. I'm not an "SBS
> guy", I just try to stick mostly to questions regaurding topology and
> "general networking" that apply to multiple OS's in general.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
> "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
> news:uHrtkj$2EHA.2624@TK2MSFTNGP11.phx.gbl...
> > And it is SBS only.
> >
> > --
> > Regards,
> >
> > Marina
> > Microsoft SBS-MVP
> >
> > "Frank McCallister SBS MVP" <anonymous> schreef in bericht
> > news:%231p9di%232EHA.2624@TK2MSFTNGP11.phx.gbl...
> > > Here are some links
> > >
> > > http://blogs.msdn.com/tristank/archive/2004/10/14/242211.aspx
> > > http://support.microsoft.com/default.aspx?kbid=833983
> > >
> > >
> > > --
> > > Frank McCallister SBS MVP
> > > COMPUMAC
> > > "Phillip Windell" <@.> wrote in message
> > > news:%239L%231692EHA.3472@TK2MSFTNGP09.phx.gbl...
> > > > "Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in
> > > > message
> > > > news:%23ZYDD492EHA.3452@TK2MSFTNGP14.phx.gbl...
> > > >> Hi Phillip,
> > > >>
> > > >> Remote Web Workplace.
> > > >
> > > > I never heard of it. A "web" variation of the Remote Desktop idea?
> > > >
> > > > --
> > > >
> > > > Phillip Windell [MCP, MVP, CCNA]
> > > > www.wandtv.com
> > > >
> > > >
> > >
> > >
> >
> >
>
>
>

Relevant Pages

  • Re: SBS VPN setup?
    ... All I can say is my clients love RWW ... can't be used as a terminal server in application mode so you can't have ... to have my client go this route for now, and maybe another solution later, ... quite easy to setup and most of the time there is no need for VPN at all. ...
    (microsoft.public.windows.server.sbs)
  • Re: [Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted
    ... The Cisco PSIRT is aware of reports that claim the Cisco VPN Client ... > a deterministic encryption sheme and thus must be ...
    (Bugtraq)
  • Re: [Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted
    ... The Cisco PSIRT is aware of reports that claim the Cisco VPN Client ... > a deterministic encryption sheme and thus must be ...
    (Full-Disclosure)
  • RE: terminal server security vs vpn
    ... We went through this at our government agency and the remote desktop client is 128bit encrypted. ... We found it on Microsoft's website, terminal server seemed to be the most logical solution with the least administrative overhead. ... This makes VPN more "Web Like" and easier on the user, ... My question is, why to use double encryption, why use ...
    (Security-Basics)
  • RE: Maximum RWW Connections Allowed
    ... There is a limit if you use VPN but if you use RWW there is no limit other ... multiple people in the field and want to install SBS Server. ... the number of VPN connections using Microsoft VPN client in this ...
    (microsoft.public.windows.server.sbs)