Remote Desktop: Flexibility and Productivity
Picture this: it’s a Wednesday morning in the dead of winter, and the snow has piled up so high that you can barely see the top of your car. The plows are nowhere to be seen, and you can’t even get ten feet down the street without your car getting stuck — there is obviously no way you’re making it all the way to the office.
Thankfully you have your laptop with you, so you can still get your work done.
But there’s an issue: your laptop doesn’t have anywhere near the same level of computing power as your office computer. So trying to complete your usual tasks will be extremely difficult, if not impossible.
What do you do? You can turn on remote desktop access and connect to your work computer and operate on it as if you were right there at your desk.
What is a remote desktop?
A remote desktop is a software or operating system feature that allows a computer's desktop to be run remotely on one system while being displayed on a totally separate device. Whereas a VPN allows you to access a network, a remote desktop allows you to access a totally separate system/device. Setting up remote desktop access means you can access a particular device from anywhere in the world and use it as if you were right there in person.
Your laptop will become a window of sorts, letting you see what you are doing on your work computer. You will be able to access all of your usual work desktop programs and files, and have all the computing power you need to get the job done.
With a remote desktop, you don’t have to worry about bad weather keeping you away from the office — you and your employees can still get the work done from home or while traveling, and it will be just like you’re in the office with your usual computer and applications.
But how do you provide remote desktop access — and even more importantly, how do you secure your Windows remote access, and make sure you are in control of who is accessing the desktops?
Pros And Cons of Remote Desktop Access
Several benefits make remote desktops an excellent choice for businesses of all sizes:
Productivity — Remote desktop access allows employees all over the world to access desktop resources that they need, without having to be on premise. This will increase productivity, and help prevent common issues that might arise when people are working remotely — like not having enough computing power, or not having access to the files they need.
Savings — Having remote desktops means you can adopt a BYOD (Bring Your Own Device) policy for workers who are away from the office, which will allow you to save money that would typically have gone to providing additional laptops or cell phones.
Access — Remote desktops allow you to access your desktop data from anywhere in the world, which means you don’t have to be as dependent on flash drives. It’s still a good idea to back-up information — especially before heading out on a big work trip — but a remote desktop means that even if you forget your flash drive, you can still get the job done.
Remote desktop access is not overly secure because in most cases it is only protected by a password — so if an employee is working remotely on unsecured public Wifi, hackers could easily snoop on their browsing session and gain access to that password. Or if an employee is careless with their password and shares it with friends or coworkers, unauthorized users could easily access that user’s remote desktop and cause deeper issues.
In order to fully secure a remote desktop, a VPN is the best option. With a VPN like Access Server, you have secure access to the network, and then the VPN server has least a privilege access policy setup that would limit an employee to using a remote desktop to connect only to his or her computer's IP address. Employees wouldn’t be able to tap into their cubicle-mates desktop, and hackers won’t be able to get their hands on your sensitive business data.
Remote Desktop Connection Over a VPN
Example: A software company that develops educational learning software runs on computers using the Windows operating system. They sell to public libraries and schools, and online directly to customers.
The company is entrenched in Microsoft technologies. They use Windows Networking, Windows Domains, and Windows Active Directory to authenticate users and provide access to resources allowed in their Windows domains.
The company wants to extend the same environment to their employees regardless of whether they are working at the office, or somewhere else entirely.
The company chose to provide Microsoft remote desktop access to office workstations for their employees, and use Access Server to provide strong security and VPN access to the office network.
Access Server was installed in the office network, and authentication was set up using LDAP to Windows Active Directory. Use of the Active Directory meant that the employee could use the same credentials that they use to log in to their Windows remote access desktop to log in to the VPN.
Group access controls were set up in the Access Server corresponding to the Active Directory Groups so that the employees had access to the same services as they would if they were at the office.
The employees can now use their Windows login credential to authenticate the VPN connection to their office network. Once connected, they can access their office workstation desktop by connecting with the RDP client on their local machine, and access all the office network resources as if they were right there.
How To Use Remote Desktop Securely
You can use the Microsoft Remote Desktop app to connect to a remote PC or virtual apps and desktops. This app helps you be productive no matter where you are.
Then Access Server can be set to authenticate users against Windows Active Directory which will give you greater access control, and allow the user to use the same Windows credential to authenticate with VPN.
Step by step instructions with pictures can be found here: How to authenticate users with Active Directory
A remote desktop protocol can use port 3389 on either TCP or UDP. As seen in the above image, the user has been given explicit access to the remote desktop server running on the work computer at IP address 10.7.31.243
Using OpenVPN Access Server provides additional security in several different ways:
- Only devices with the correct client certificate can connect
- Google Authenticator can be used for Multi-factor authentication of user identity
- On a VPN connection, least-privilege access can be enforced by only allowing RDP access to specific workstations.
For convenience, Access Server can use LDAP to authenticate users with Windows Active Directory. This will allow the user to connect to the VPN by using their existing Windows credentials.