As the work from home trend grows, many businesses require secure remote access for their employees, and it’s not always to simple cloud apps such as Outlook email.
Sure, it's easy to get access to cloud applications like Microsoft Office 365, G-Suite, Salesforce and other popular SaaS applications - users can simply type in the URL from almost anywhere, and with the right credentials they log in.
But many businesses still need to provide reliable and remote access to line of business apps such as ERPs, CRMs, finance, healthcare, accounting systems and more, which are not so easily accessible over the Internet in a secure manner!
There are many secure remote access options out there, and if you google that term, you will quickly discover it’s pretty easy to become lost in a sea of marketing from the different vendors.
So let's start out with an unbiased definition of the three most well known remote access technologies, and we'll follow it up with the key differences between them as well as the pro's and con's.
What is a VPN?
VPN (Virtual Private Network) is a technology that allows user devices to securely connect to a corporate network from remote locations with an Internet connection. This technology is usually restricted to laptops (PC or Mac) and provides access to network resources (shared folders, printers) remotely via a secured connection. Users will need to install an application or have a connection setup on their device.
What is RDS?
RDS (Remote Desktop Services) is the latest evolution of Microsoft’s remote access solution, which was formally referred to as terminal services or a terminal server. It works by allowing users to log in from almost any device via the Internet to a centralized server, presenting the same virtual desktop to all users. The server resources are split amongst all the users who are actively logged into the server. RDS generally works best with PCs.
What is VDI?
VDI (Virtual Desktop Infrastructure) also provides remote access to a virtual desktop, but in this case each user has their own dedicated Windows-based system which can be configured to their liking. In this scenario, there are separate virtual machines being hosted on a single (or multiple) server with dedicated resources for each machine, which can improve both security and performance.
What are the key differences between VPN, RDS and VDI?
- When using RDS, all users log into the same server interface. Although some settings are customizable, overall everyone will have the exact same user experience. As mentioned above, the resources are shared between all users logged into the system. Users will not experience the traditional Windows 10 or 7 interface that they may be used to - instead, they'll be presented with a Windows server flavor of the desktop. (Read more about Desktop as a Service here.)
- When using VDI, all users have their own dedicated station that they can customize, although the administrator can define policies to decide what can be modified and what is uniform between the different virtual systems. Users will get a more familiar Microsoft Windows 10 (or other) environment to connect to. As the resources are defined and completely dedicated to each machine, this means that each machine works independently of the others, which may be important to highly regulated or secured environments.
- When using a VPN, the application on the client device (e.g. PC or Mac) establishes a secure connection and creates a tunnel between the device and the corporate network. The end user’s device then behaves as if it was in the office. All applications and services offered can send data securely over the encrypted tunnel. The processing is done on the client machine, unlike RDS and VDI.
Pros and Cons of VPN vs RDS vs VDI
There are pros and cons to each of these setups, but here are the main things to consider when making your choice:
- Cost: A VPN is generally the lowest cost solution. Minimal hardware is required and users can usually keep their existing devices. A VDI system is usually the most expensive, as there is an extra layer of software required to host a VDI system, most commonly Citrix or VMware. RDS may fall somewhere in the middle.
- Maintenance: Using a VDI setup requires many different virtual machines to support the user base, so it can be more challenging to run patches and updates. An RDS setup generally has fewer machines to patch and maintain. VPN setups can leverage existing hardware, however maintaining off-site resources can be difficult as they need to connect to be visible.
- Performance: The user experience is generally quicker on a VDI solution than RDS because the resources are compartmentalized and adjustable to each user. This provides a faster experience when using the system. A VDI solution would typically be recommended for AutoCAD or similar graphic-dependent software, which requires more processing power. VPN connections rely on client hardware and connection speed, thus sending large amounts of data can be slow because of the encryption required.
- User Hardware: Because all the processing is being done on the server side, the end-user hardware is not as important with VDI or RDS. VDI solutions provide access clients for Mac and Windows, and in some cases iPhone and Android devices. Windows RDS has clients for Windows and Mac, however using a Windows-based PC will generally give the most consistent user experience. For VPNs, user hardware is more important as the processing is done on these devices.
- Security: VDI and RDS can be configured to restrict data from leaving the corporate network. VPN connections protect the data in transit, however data can still be moved to client devices and extra steps should be taken to protect against this.
Final Thoughts on Secure Remote Access
Every business has different requirements that will need to be taken into consideration. As an example, for a small number of users with limited needs, VPN or RDS is simpler and more cost effective.
But for a larger workforce with mobile needs or graphic processing needs, a VDI solution might be better suited to deliver the user performance required.
If you’re considering any of these solutions, make sure that you do an upfront IT analysis of your business needs first. Your best bet is to reach out to an experienced IT consultant who can guide you through the entire process, and assist with deployment, user training, and ongoing maintenance as required.
Book a slot on our solutions consultant Mike Rhea's calendar if you'd like to learn more about how we can help your business choose the right remote access solutions, or any other tech challenges you may be having!