HOME OFFICE: Being able to remote access any windows machine in your company in under 1 hour

The ready-to-use and out-of-the-box solution (all opensouce components) ensures that your employees can access any existing (!) Windows devices (physical PCs, Windows Terminal Servers (RDSH), any VMs,…) located in the corporate network from their homes.

We have assembled a fully integrated solution including SSL terminated reverse proxy, which can be integrated into a corporate network including multi-factor authentication in a few minutes. There are no license fees for the software. The solution works exclusively with components from the opensource world.

Requirements for home office employees:

  • any HTML5-compatible web browser (every modern web browser is HTML5-capable)
  • TOTP-compatible multi-factor authentication app for fully integrated multi-factor authentication (e.g. Google Authenticator, Microsoft Authenticator, AndOTP,… on the mobile phone)

Requirement for the existing Windows devices to be accessed:

  • any Windows device that can be accessed via RDP within the corporate network.

Setup time: Less than 1 hour

Table of contents:

Introduction

No one wants to expose themselves unnecessarily to the risk of catching and carrying the Corona virus. That is why PC workers rightly demand the possibility to work from home!

But not every company has already created the technical prerequisites for this. It is not easy to pull this out of the ground at short notice. On the one hand, the necessary haste prohibits lengthy project planning. On the other hand, you should hold your money together right now and not spend it hastily – only to regret it later. That’s why we have designed a „first aid kit“ that does justice to both aspects. Especially small and medium-sized companies can be treated very quickly – without investing in additional software!

Together with our partners, we would like to help those who need a cheap solution for working from home as quickly as possible. And that without looking for our own advantage. But simply honest. We are happy to provide the idea for the solution design free of charge.

How does it work?

This example shows how to access an internal Windows machine and the existing ERP application of Prianto via a conventional web browser.

As you can easily see, under the hood is the well-known Apache Guacamole, a client-less remote desktop gateway solution, as open source software under the umbrella of the Apache Software Foundation.

The ready-made and immediately usable package contains among other things

  • a built-in and auto-enrollment for multi-factor authentication
  • integration into Active Directory, so that employees can use their known user name and password.
  • fully integrated SSL termination with valid certificate for secure access

What preparation is necessary?

  1. You need any PC, server or a small VM in the corporate network on which you can install Ubuntu Linux in no time.
  2. If you want to connect to the Active Directory for user authentication, we have to look up the appropriate connection parameters in the Active Directory.
  3. If you have a static IP address on your internet router in the company network and we can simply forward the HTTP and HTTPS port to the above mentioned PC, then we have to configure this in the router and set a suitable DNS entry.
  4. If you do not have a static IP address on your Internet router in the company network and we cannot simply forward the HTTP and HTTPS port to the above-mentioned PC, then we provide fully automated external access in the Microsoft Azure Cloud. This will cost about 10 EUR per month.
  5. Your Windows PCs or terminal servers that you want to access must be accessible internally via RDP inside the corporate network. (RDP is a feature that every Windows operating system comes with)

How can I implement this?

With the necessary technical expertise, this can be done in no time at all.
We have published the sources for the out-of-the-box solution on Github in line with the open source mentality.
https://github.com/andif888/workfromhome-with-docker/
https://github.com/andif888/workfromhome-with-inlets/

What remains to be done after implementation?

  • The Windows PCs or Terminal Servers must be registered in Apache Guacamole and simply assigned to the users.
  • The users have to be informed which URL they have to enter in the web browser to access the machines.
  • Users must be informed to download Google Authenticator or Microsoft Authentication or any other TOTP-compatible authentication app for multi-factor authentication to the mobile phone from the Apple Store or the Google Play Store.

How much does the solution cost?

There are no license fees for the software. The solution works exclusively with components from the open source world.

Of course we, or rather mainly our system house partners, help with the fast implementation. A complete implementation for 10-15 workstations is easily feasible within half a day. Without the preparatory work an IT-Pro can do it in under an hour. If you want to have a complete implementation (including the above mentioned preparations and implementation), then just calculate a complete daily rate and be on the safe side.

If we can contribute to your employees being able to continue working in their home office, not having to go into short-time work or having to be dismissed in the worst case, then this is a great success.

For whom is the solution suitable?

Classic: It depends 🙂
Basically, we designed the solution as an aid package for small and medium-sized companies that need a quick and clean solution to send their employees to their home office without having to do complicated organizational and logistical chin-ups or making major new investments.

This is about working from home on existing Windows PCs and terminal servers that are located in the company without having to turn the whole infrastructure upside down or create a completely new, cloud-based infrastructure and without the user having to get used to a completely new way of working in a short time.

The solution is not a replacement for sophisticated, highly professional Desktop as a Service solutions, such as those provided by some large software vendors, which are also part of the Prianto portfolio, and which are enhanced by a lot of valuable tools and can be adapted to the most diverse needs.

The bottleneck will possibly be the Internet connection at your company’s location. For normal office activities you can calculate 50 KB/s per user.
On a 10 Mbit line (Attention: the upload is the one who is crucial) you will easily get 20 users who do normal office work (Word, Excel, Outlook, invoicing, order entry, …).

How performant is the connection via HTML5

Amazing, but extremely good!

Is the solution running in the cloud?

No, the solution runs on a single machine (PC, server or VM) in your corporate network.
If you don’t have a public, static IP address in your company network, or no DynDNS feature in your internet router, we will simply start a small so-called web socket-based reverse tunnel in the Azure cloud, which is provisioned fully unattended via inlets, so that you have a secure, publicly accessible entry point.

For whom is the solution not suitable?

  • For users who work with multimedia-heavy applications (video editing)
  • for users who work with CAD applications
  • for several hundreds of users simultaneously
  • for companies that want to offer highly scalable and highly available remote desktops

Further Information

for futher information you can get in contact with Prianto’s EUCV-Team.
EUCV-Team:
Email: eucv@prianto.com
Nicole Fleischmann, Tel.: +49 89 4161482 38
Lisa-Marie Moretti, Tel: +49 89 4161482 92

To request a call back please fill in the form below:

Andreas Fleischmann
follow me