Due to forced vacations, even large companies with a developed IT infrastructure find it difficult to organize remote work for their staff, and small businesses simply do not have enough resources to deploy the necessary services. Another problem is related to information security: it is risky to open access to the internal network from employees' home computers without the use of specialized enterprise-class products. Renting virtual servers does not require capital expenditures and allows you to make temporary solutions outside the protected perimeter. In a short article, we will consider several typical scenarios for using VDS in self-isolation. It is immediately worth noting that the article introductory and is focused more on those who only delve into the topic.
1. Should I use VDS to set up a VPN?
A virtual private network is required for employees to securely access internal corporate resources via the Internet. The VPN server can be set up on a router or inside a secure perimeter, but in conditions of self-isolation, the number of simultaneously connected remote users will increase, which means you need a productive router or a dedicated computer. It is not safe to use existing ones (for example, a mail server or a web server). Many companies already have a VPN, but if it doesn't exist yet, or if the router's arbitrariness isn't enough to handle all remote connections, ordering an external virtual server will save you money and simplify setup.
2. How to organize VPN service on VDS?
First you need to order VDS. Small companies do not need powerful configurations to create their own VPN - an entry-level server on GNU / Linux is enough. If computing resources are not enough, they can always be increased. It remains to choose the protocol and software for organizing client connections to the VPN server. There are many options, we recommend staying with Ubuntu Linux and This open, cross-platform VPN server and client is easy to set up, supports a variety of protocols, and provides strong encryption. After configuring the server, the most interesting thing remains: client accounts and setting up remote connections from employees' home computers. To provide employees with access to the office LAN, you will have to connect the server to the local network router through an encrypted tunnel, and here SoftEther will help us again.
3. Why do you need your own video conferencing service (VCS)?
E-mail and instant messengers are not enough to replace daily communication in the office on work issues or for distance learning. With the transition to remote work, small businesses and educational institutions have begun to actively develop public services for organizing teleconferencing in audio and video format. Recent With Zoom, the perniciousness of this idea was revealed: it turned out that even the leaders of the market do not care enough about privacy.
It is possible to create your own conferencing service, but it is not always advisable to deploy it in the office. This will require a productive computer and, most importantly, a high-bandwidth Internet connection. Without experience, the company's specialists can incorrectly calculate the resource requirements and order a configuration that is too weak or too powerful and expensive, and it is not always possible to expand the channel on the premises rented in the business center. In addition, launching an Internet-accessible video conferencing service inside a secure perimeter is not the best idea in terms of information security.
A virtual server is ideal for solving the problem: it requires only a monthly subscription, while the computing power can be increased or decreased as you like. In addition, it is easy to deploy a secure messenger with the possibility of group chats, a helpdesk, a document repository, a source code repository and any other related temporary service for teamwork and home learning on VDS. A virtual server does not have to be connected to an office network if the applications running on it do not require it: the necessary data can simply be copied.
4. How to organize teamwork and learning at home?
First of all, you need to choose a software video conferencing solution. Small businesses should focus on freeware and shareware products, such as β this open platform allows you to conduct video conferences, webinars, broadcasts and presentations, as well as organize distance learning. Its functionality is similar to that of commercial systems:
- video and sound transmission;
- common boards and common screens;
- public and private chats;
- mail client for correspondence and mailings;
- built-in calendar for planning events;
- polls and voting;
- exchange of documents and files;
- web event recording;
- unlimited number of virtual rooms;
- mobile client for Android.
It is worth noting the high level of security of OpenMeetings, as well as the possibility of customization and integration of the platform with popular CMS, training systems and office IP-telephony. The disadvantage of the solution is a consequence of its advantages: it is quite difficult to configure open source software. Another open source product with similar functionality is . Small teams can choose shareware versions of commercial video conferencing servers, such as, for example, domestic or . The latter is also suitable for large organizations: due to the self-isolation regime, the developer free to use the version for 1000 users for three months.
At the next stage, you need to study the documentation, calculate the need for resources and order VDS. Typically, a video conferencing server deployment requires GNU/Linux or Windows mid-tier configurations with sufficient RAM and storage. Of course, everything depends on the tasks being solved, but VDS allows you to experiment: it is never too late to add resources or abandon unnecessary ones. Finally, the most interesting thing remains: set up the video conferencing server and related software, create user accounts and, if necessary, install client programs.
5. How to replace insecure home computers?
Even if the company has a virtual private network, it will not solve all the problems with secure remote work. Under normal circumstances, not many people connect to a VPN with limited access to internal resources. When the whole office is working from home, it's a completely different sport. Personal computers of employees can be infected with malware, they are used by households, and the configuration of machines often does not meet corporate requirements.
Itβs expensive to give out laptops to everyone, newfangled cloud solutions for desktop virtualization are also not cheap, but there is a way out - Remote Desktop Services (RDS) on Windows. Deploying them in a virtual machine is a great idea. All employees will work with a standard set of applications and it will become much easier to control access to LAN services from a single node. You can even rent a virtual server along with antivirus software to save on license purchases. Let's say that in any configuration on Windows, anti-virus protection from the Kaspersky Lab is available.
6. How to set up RDS on a virtual server?
First you need to order VDS, focusing on the need for computing resources. In each case, it is individual, but organizing RDS requires a powerful configuration: at least four computing cores, one gigabyte of memory for each of the users working simultaneously and about 4 GB for the system, as well as a fairly large amount of storage. The channel bandwidth should be calculated based on the need for 250 Kbps per user.
As standard, Windows Server allows you to create no more than two RDP sessions at the same time and only for administering a computer. To set up full-fledged Remote Desktop Services, you will need to add server roles and features, activate a license server or use an external one, and install Client Access Licenses (CALs), which are purchased separately. Renting a powerful VDS and terminal licenses for Windows Server will cost a lot, but it is more profitable than buying an βironβ server, which will be needed for a relatively short time and for which you still have to purchase an RDS CAL. In addition, there is an option not to pay for licenses legally: within 120 days, RDS can be used in trial mode.
Starting with Windows Server 2012, to use RDS, it is desirable to enter the machine into an Active Directory (AD) domain. Although this can be dispensed with in many cases, it is not difficult to connect a separate virtual server with a real IP to a domain deployed on an office LAN via VPN. In addition, users will still need access from virtual desktops to internal corporate resources. To make your life easier, you should contact the provider, who himself will raise the services on the client's virtual machine. In particular, if you purchase RDS CALs from RuVDS, our technical support will install them on your own license server and configure Remote Desktop Services on the client's virtual machine.
The use of RDS will relieve IT professionals from the headache of bringing the software configuration of employees' home computers to a common corporate denominator and will greatly simplify remote administration of user workstations.
And how did your company implement interesting ideas for using VDS during general self-isolation?
Source: habr.com