Remote Access Solution

[mrlucifer]

I need help implementing a remote access solution for different companies. Here it goes: I have 9 different window servers and they are all from 9 different companies. They want to administer these servers remotely. Well the internet connection at this site is set up to use NAT, so I have only one public ip address. What i want to do is setup some kind of host software on the 9 servers and have one other extra server to host the main control pc to connect to these hosts. Dang I hope i made since. So here is how i think it would work. If i were one of the companies and i wanted to connect to server "1" all i had to do is type the address and it would connect me to the main remote server and from there it would give me a choice from the 9 servers and there i would click on the server i needed and put in the password and I am in. Is this possible? Hopefully somebody can help me here.. Thanks...

[Highlander]

Thats easy....
Use Remote Admin from http://www.famatech.com/
Best Remote Admin I have ever seen....

Cost $35 per

Security is both IP and Password base
as well as 128 bit encription

Uses Port Forewarding on your router
for each Computer
Or use a single Master and Proxy to the internal box.
Works on 95/98/ME/XP/NT/W2K

Drawbacks, File Transfer is slow on a LAN
Good Points, Small footprint
and it is IDOT Proof!!!

Demo is available
and it is the best $ 35 I have ever spent...

[SoggyBottom]

Another option is GoToMyPC.

http://www.gotomypc.com/

All done through a browser, and you are not restricted to 1 specific source... The boxes can be administered through any machine connected to the net....

[slarty]

It should not really be a problem.

If you use any of the existing NT remote admin kit, for example
- Windows Terminal Server (win2k+)
- Radmin
- PcAnywhere

They should all work over a single TCP connection. Of course the 9 boxes would all listen on the same port number, however you could NAT them all into different ports on the firewall. Then you just have to get the admins to connect to a port number which is specific to them, and they get into the appropriate machine.

The only difficult is that you might need to set some non-standard options on the client to persuade it to use a different port number from the one it's expecting.

If you wanted to do anything other than remotely administer the boxes - for instance transfer files or do remote backups, I'd strongly recommend a VPN, as file sharing protocols don't usually use encryption (whereas I believe the three remote admin programs listed above do all have the capacity to do so).ver, IIRC, you may have to do some registry editing or something to persuade it to use a different port.

[Networker]

I think u should have an architecture composed by 2 main sub-systems:
1- Remote Admin server on site:
fellows on precedent post gave u some product that will do it for u (like PCanywhere)

2- Secured customer admin access:
Here the goal is to secure the networking flows between the admin customer and the Remote admin server on site.
IPsec VPN is the solution to protect against man in the middle attacks. There the IPSec crypto device is in front of the whole farm server using a single public IP address.

[FRiZz3R]

sure its possiblle but its hard to newbie

[mrlucifer]

thanks for all the info. I think i am going to use Radmin and just assign different ports through my firewall and to make sure that they have very strong passwords. What do you guys think?

[slarty]

Yep, using Radmin by NAT'ing different ports through the firewall should work fine and be secure. However if people want to transfer files, they will have to resort to some unencrypted mechanism (unless Radmin does that too?)

[Highlander]

Remote Admin sure does File Transfer and
it will also limit access via IP address as well

[cybermagellan]

Of course you could just remote admin the Domain Controller and set the others up as Sub servers on a tree....