Due to the COVID-19 pandemic, governments around the world are ordering their citizens to stay at home. This order forced a lot of businesses to move their operations remotely, where possible. Some businesses had to make a quick decision in their remote access strategy. However, choosing the right remote access solution requires a thorough understanding of goals, requirements, etc.
Companies that have excellent business continuity and disaster recovery (BC/DR or BCDR) plan fared better than most. Some scrambled to come up with ways to serve their customers remotely while providing workers the ability to work from home, which is also known as telecommuting.
Today, we’re going to discuss some options to enable your workforce to work remotely and securely from just about anywhere.
Different types of remote access technologies
The technology to enable employees to work remotely has been around since the 90s. There are several strategies that companies employ to accomplish it. For example, numerous business applications are accessible via the Internet, such as e-mail, file sharing, accounting systems, etc. However, some applications require secure and reliable remote access solutions.
With so many remote access technologies out there, which one is the best for your business? Some of the solutions are easy to implement, but just because you can, doesn’t mean that you should without understanding some of the implications.
Virtual Network Computing (VNC) and Remote Desktop Protocol (RDP)
The fundamental goal of both of these technologies is the same. They both allow users to access a desktop or set of computers from a remote location. However, there are drawbacks to these solutions.
Scalability. They are not scalable. Since it’s peer-to-peer remote access, administrators will need to enable the feature or install the software. Additionally, users cannot share the same computer. Concurrent connections are not allowed.
Security. They are not secure. By default, VNC does not encrypt the whole traffic. RDP, however, supports encryption by default, but there were many discovered vulnerabilities such as CVE-2019-0708, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226. Exposing it online may have adverse effects if vulnerabilities (discovered or undiscovered) exist.
Additionally, by default, it uses single-factor authentication (SFA), which is vulnerable to credential stuffing. To address this type of vulnerability, it is highly recommended to implement some form of multi-factor authentication (MFA).
Compatibility. With VNC, the application is available with a variety of operating systems. Some OS have it built-in. The RDP service itself is only available on Windows, but the client is available in iOS, macOS, Linux, etc.
Cost. Both VNC and RDP come as free solutions. VNC however, can be purchased with additional features.
Remote Desktop Services (RDS)
Microsoft’s RDS is the latest evolution of Terminal Services as a remote access solution. The main difference between RDP and RDS is that resources can be shared. Meaning, users can access the same full desktop or applications concurrently.
Scalability. It is scalable. As the number of users grows, administrators can scale horizontally or vertically to accommodate the growth. Cloud computing is also an option that can provide better elasticity.
Security. Same as RDP, the traffic is encrypted. Since RDS uses RDP, it’s not immune to security vulnerabilities. However, there is a secure implementation that mitigates these RDP vulnerabilities, so they are not Internet-facing.
Administrators can configure RDS to deny file transfers between the client’s device and virtual desktop, which helps to prevent data leak. Same as RDP, it is capable of integrating MFA solutions, which is highly recommended.
Compatibility. The compatibility is the same as the RDP section. The feature itself is only available on Windows, but the client software is available on Linux, macOS, and mobile devices.
Cost. The cost will depend on the implementation. It will require Windows Server licenses and appropriately sized servers. Companies can opt to shift from CapEx (capital expenditures) to OpEx (operating expenses) by leveraging cloud computing.
Virtual Private Network (VPN)
This old but reliable technology has been the most popular remote access solution for many companies. It allows devices to connect securely to the company’s network from anywhere with an Internet connection.
Scalability. It is scalable. Unlike RDP or VNC, the only device that administrators need to buy or configure is the VPN appliance(s). Depending on the hardware, licenses, etc., the device(s) can support from one to thousands of users concurrently.
Security. A lot of VPN implementations out there are encrypted, so it’s safe from eavesdropping. It is also capable of integrating MFA for securing accounts. It is highly recommended to implement MFA.
Compatibility. A lot of the modern operating systems out there incorporate the VPN client. If the feature is not already built-in, there are clients that administrators or users can install on macOS, Windows, Linux computers, or mobile devices.
Cost. The cost will depend on the existing hardware and licenses. It can range from free to thousands of dollars but might be the most cost-effective solution depending on the size of your organization or desired result.
Virtual Desktop Infrastructure (VDI)
VDI provides remote access to a virtual desktop environment hosted on a remote server. Unlike RDS, each user has their own separate virtual desktop instance. Each virtual desktop instance has its own dedicated OS, RAM, disk, etc. that is running on the same server.
Scalability. Same as RDS, it is scalable. Companies can scale their infrastructure horizontally and vertically. Alternatively, companies can leverage cloud solutions for their VDI deployment.
Security. The traffic between the client to the virtual desktops are encrypted. Same as RDS, administrators can configure the VDI to deny file transfer between the client’s device and virtual desktop. It is highly recommended to implement MFA as well.
Compatibility. The VDI clients are available on Windows, Linux, macOS, and mobile devices. The majority of companies use Windows as virtual desktops. However, Linux is an option as well.
Cost. The cost will depend on a lot of things. Generally, this solution is costly because it requires a VDI software license and desktop OS licenses in addition to the necessary hardware requirements for the server or cloud compute instance(s).
There are many remote access solutions out there like TeamViewer and LogMeIn to name a few. If there are a low number of computers that need remote access, then these software solutions may be the right one for you.
However, these remote access solutions may cost more per user than implementing a VPN tunnel. While RDP and VNC can be attractive options from a cost perspective, it is not a recommended solution without another layer to protect it.
Usually, the most cost-effective and secure solution is to buy a VPN appliance. Most companies already have a VPN-capable device, so only minimal configuration is needed and possibly license acquisition.
Choosing the right remote access solution will vary from one company to another. The key to determining the proper remote access technology is by gathering the requirements, goals, and business and technical constraints.
If you are considering a remote access solution, make sure to discuss it with a qualified and experienced resource to determine a good fit for your company. The right individual or company will guide and assist you through the entire process of picking and deploying what’s right for you.
Need a remote access solution?
Let us answer more questions by contacting us. We’re here to listen and provide the right remote access solution for you.
NetworkJutsu provides networking and network security consulting services for startups, a more established small and medium-sized business (SMB), or large business throughout the San Francisco Bay Area.