High Performance Remote Desktop Access for Mobile Users...
Transcript of High Performance Remote Desktop Access for Mobile Users...
Splashtop Inc. 1/14
High Performance Remote
Desktop Access for Mobile Users
Without the Pain and
Complexity of VPN/RDP
A Splashtop for Business Whitepaper
February 2013
Splashtop Inc. 2/14
Table of Contents
Table of Contents ................................................................................................................................. 2
1. Situation Analysis ......................................................................................................................... 3
2. Challenges extending VPN / RDP to mobile users ....................................................................... 4
3. Introducing Splashtop for Business .............................................................................................. 6
4. How Splashtop for Business Addresses Your Needs..................................................................... 8
4.1. High Level Overview ..................................................................................................... 8
4.1.1. Splashtop for Business App ..................................................................................... 8
4.1.2. Splashtop Center ..................................................................................................... 8
4.1.3. Splashtop Streamer for Business ............................................................................ 9
4.2. Helping to Meet HIPPA Compliance ............................................................................. 9
4.3. Typical DMZ set-up ....................................................................................................... 9
4.4. Splashtop Center Administration ............................................................................... 10
4.5. Implementation Overview — Four Simple Steps ....................................................... 12
4.6. Bandwidth Considerations ......................................................................................... 13
4.7. Additional Ways to Use Splashtop for Business ......................................................... 13
5. The New Approach to Remote Desktop Access ......................................................................... 14
5.1. Contact Information: Office Locations, Telephone Numbers ..................................... 14
Splashtop Inc. 3/14
1. Situation Analysis
Extending legacy VPN/RDP to mobile devices can be fraught with challenges. Lengthy, complex,
and error-prone configuration of mobile VPN and RDP clients can result in downtime and
additional management costs. Users are frustrated with remembering multiple logins. Remote
connections back to desktops are painfully slow. Splashtop for Business represents a unique
alternative to this traditional approach.
Splashtop is used by over 13 million users and is the market leading remote access solution. By
using Splashtop for Business, organizations can more efficiently and more cost effectively deliver
secure remote desktop services designed from the ground up to support today’s mobile users
while retaining the same level of security as a VPN.
This white paper provides server, desktop, network and security personnel with an architectural
overview and description of Splashtop for Business and how it compares to a traditional VPN/RDP
solution.
Splashtop Inc. 4/14
2. Challenges extending VPN / RDP to mobile users
Despite the explosion of mobile devices and the increasing trend of BYOD, most businesses still
rely on legacy solutions designed decades ago to connect mobile users back to desktops.
RDP is a Microsoft remote desktop protocol that allows users to connect to remote desktops. Using
RDP alone outside the firewall exposes traffic to security risks - and can make host computers
vulnerable to outside attack - so VPN is required. When connected using VPN, the corporate
network is exposed to users – allowing them to retrieve files, access documents, access the
internet or login to specific services hosted on the corporate network.
However, when this conventional VPN/RDP approach is extended to support tablets and
smartphones, the situation changes dramatically:
• Lengthy, complex, and error-prone configuration of mobile VPN and RDP clients can result in
user downtime when using line of business applications.
• Users are confused remembering multiple logins - VPN client, RDP app, desktop.
• There is significant slowness when accessing applications – users selecting menu options or
typing text do not see an instant response leading to frustration.
• Typically Internet access is also pushed through VPN. This increases the load on the VPN
appliance leading to a bad user experience and potentially impacting other network services.
• Lack of vendor documentation for VPN client and RDP app configuration - or conflicting
options - leave user forums as a source of answers. It’s hard to even know which vendor to
contact when it comes to getting answers.
• There is no ‘one-way’ to reliably configure VPN clients with RDP apps - resulting in time
consuming ‘trial-and-error’ set-up and on-going maintenance.
Figure 1: Conventional VPN/RDP Setup
Splashtop Inc. 5/14
• Mobile client connections may involve users authenticating through third-party cloud/SaaS
servers that exist outside of your organization’s network and so increase security risk.
• Mobile users may download a variety of RDP apps – each offering different configuration
options and user experiences as they behave differently – all of which IT has to support.
As can been seen, ensuring a fast and reliable RDP connection across a VPN can be a challenging,
lengthy and tortuous experience. Splashtop for Business addresses these challenges and more.
Splashtop Inc. 6/14
3. Introducing Splashtop for Business
Splashtop for Business eliminates the pain and complexity involved in extending existing VPN/RDP
technologies to mobile devices. Splashtop for Business delivers:
• A managed, on-premise service that is secure, easy to set-up and cost effective to operate.
• High performance, secure remote access to desktops and servers that reside inside the
company firewall.
• Integration with the existing Active Directory infrastructure
• Significantly reduced user frustration by delivering applications to their mobile devices with
the speed and ease of use as if they were in front of their desktops.
“Splashtop for Business satisfied our two top priorities — security and budget. It provides a
cost-effective and secure gateway to our desktops without the need to allocate additional server
resources or incur additional licensing cost.”
Velta Moisio - Director, Information Technology
Lake County Juvenile Court
The physical setup for Splashtop for Business is comparable to a basic VPN/RDP solution –remote
clients connect to a server on the network over a secure tunnel and authenticate based on access
policies applied to the connection.
However, despite being similar in terms of physical setup, the two systems differ significantly in
important key areas. The following table contrasts network configuration, desktop setup, mobile
device setup, operational/management and performance. It demonstrates how Splashtop for
Business eliminates many of the challenges of using VPN/RDP.
Figure 2: Splashtop for Business Setup
Splashtop Inc. 7/14
Table 1: Comparison of Splashtop for Business to Legacy VPN/RDP
Area Legacy VPN/RDP Splashtop for Business
Operational /
Management
Multiple points of administration and
configuration to support mobile users
Need to support multiple, inconsistent
mobile VPN and RDP clients/apps
Mobile activity must be synthesized
from multiple server logs
Unified administration console
Single mobile remote access
solution
Centralized logging with audit
trail
Network Setup and maintain multiple firewall
policies for each user device
Configure port forwarding on router
Configure VPN appliance for mobile
device access
Configure policies for VPN access
Single firewall policy/port - No
additional complex firewall
policy/port configuration is
required
Single point to define user and
device access policies
Desktop Configure each remote desktop for RDP
o May require Windows upgrade to
support RDP, or installation of
additional third-party software
Grant access rights for each user on each
remote desktop separately
Install Splashtop Streamer on
each remote desktop
Mobile Configure L2TP client for secure
connection (VPN)
Evaluate, install and configure RDP app
for remote desktop access
Train users how to use different gestures
and menus for each RDP app
Install Splashtop for Business App
onto mobile devices.
Single app architecture includes
Intuitive gestures for a excellent
user experience.
Performance
/ Use cases
Tunneling RDP within VPN is inefficient.
It increases the connection pay load and
so consumes more bandwidth.
Poor video streaming means it is unable
to support 3D/graphics intensive
applications without considerably more
bandwidth.
Splashtop streaming protocol
requires just 300kbps for general
office productivity
Additional use cases include:
o Working with graphic intensive
3D images / animation
o Viewing full screen video such
as product training
o Engineering/design simulation
o Viewing medical images
Splashtop Inc. 8/14
4. How Splashtop for Business Addresses Your Needs
4.1. High Level Overview
The Splashtop for Business solution is comprised of three components, each residing on different
systems within an enterprise network. Together, they provide a high performance and secure
remote desktop experience.
Figure 4: Splashtop for Business High Level Architecture
4.1.1. Splashtop for Business App
The Splashtop for Business App is a lightweight remote client that is installed on an employee’s
mobile device, such as an Apple iPad or iPhone, Google Android phone or tablet; Macs and
Windows PCs and laptops are also supported. Users connect to desktops using the same AD
credentials they use at their desk.
4.1.2. Splashtop Center
Splashtop Center is installed within the enterprise firewall (or DMZ) on a Windows-based system
and brokers connections between the user’s mobile device (running the Splashtop for Business
app) and enterprise desktops (running Splashtop Streamer for Business software). It also provides
an administrative console to manage users and devices. Seamless integration with existing Active
Directory (AD) domains helps IT administrators simplify the process of local user authentication
and ensures that only authorized users can establish remote sessions. Since all Splashtop traffic is
managed by Splashtop Center, only a single firewall policy is required, not per-user policies,
reducing the firewall management workload. Security policies are applied within Splashtop Center
as part of each user’s assigned policy.
Figure 3: Splashtop for Business High Level Architecture
Splashtop Inc. 9/14
4.1.3. Splashtop Streamer for Business
This agent software must be installed on the target desktop the user will access. IT administrators
can install the software either by visiting the user’s desktop, using existing management tools or
optionally allowing users to download the software from the Splashtop Center server themselves.
To enable users to access more than one desktop, IT administrators must install streamers onto
those other systems. The streamer software can automatically login using the users AD credentials.
4.2. Helping to Meet HIPPA Compliance
For organizations specifically concerned with Health Insurance Portability and Accountability Act of
1996 (HIPAA) compliance, please see the ‘Remote Desktop Access for the Mobile Workforce -
Security White Paper’. The Appendix of this document outlines how Splashtop for Business helps
to meet certain required and addressable security requirements for HIPAA.
4.3. Typical DMZ set-up
All communications within the Splashtop for Business solution – from the Splashtop for Business
App through Splashtop Center to Splashtop Streamer for Business and back again – are secured
over Splashtop’s patent-pending streaming technology using the IETF-standard Transport Layer
Security (TLS) protocol. Splashtop for Business also prevents eavesdropping on and modification or
replay of communications by restricting the cipher suite to 2048 bit ECDH-RSA with 256-bit
AES-CBC and SHA1 (see Figure 5: Splashtop Center Deployment in DMZ).
Figure 5: Splashtop Center Deployment in DMZ
Splashtop Inc. 10/14
4.4. Splashtop Center Administration
Splashtop Center provides a robust, unified administrative console that includes:
• Active Directory (AD) integration - Integrate with your existing AD for authentication
• Centralized policy-based control - Set user and device access policies,
activate/deactivate users and devices, MAC address filtering, create or import SSL
certificates, set maximum frame rate per user connection
• Reporting - View real-time connections and audit trails
• Grouping - Allow access to shared pool of physical or virtual desktops
With the installation of Splashtop Streamer on the Splashtop Center server, the console can be
accessed remotely by administrators from a Splashtop for Business app on a mobile device (or
Windows PC or Mac).
Active Directory (AD) integration eliminates redundant administration tasks and ensures
consistency of user identities. By authenticating against the domain in read-only mode, the risk of
modifying the existing AD infrastructure is reduced. Only approved devices and users that have
been specifically added by the administrator can access desktops. Administrators can also
allow/deny remote access by mobile devices individually using MAC addresses, lock or disable
access by a specific device, disable auto-logon (forcing users to enter passwords to connect), and
de-activate a mobile device entirely. Groups can be created to act as a shared resource pool for
users. Splashtop Center also displays the active status of connections, IP addresses, connection
time and duration as well as device type – logging this information in an audit trail.
Figure 6: Splashtop Center Console Users Tab
Splashtop Inc. 11/14
IT Security Controls
Figure 7: Splashtop Center Audit Trail
Splashtop Inc. 12/14
4.5. Implementation Overview — Four Simple Steps
IT setup
User Setup
Set-up Splashtop Center on a Windows server (for
initial proof of concept you can install this onto
your existing desktop).
Install Splashtop for Business app on
mobile devices (users download from
device's app store)
Create users and define access policies. Users can
be created by accessing Active Directory or by
creating local users.
Install Splashtop Streamer on each
computer to be accessed. Users log in
and connect to their desktop.
Figure 8: Users choose their desired desktop from the Splashtop for Business app
Splashtop Inc. 13/14
4.6. Bandwidth Considerations
Splashtop for Business is capable of providing a truly interactive experience to mobile users,
delivering 3D graphics and HD video without compromise using relatively modest bandwidth.
Splashtop Center policies can be defined to throttle the frame rate for specific users (from 1-60
frames per second), allowing administrators to reduce bandwidth for each connection if required.
Bandwidth required per session for general productivity usage bandwidth : 300 kbps
For optimal performance : 800 kbps
4.7. Additional Ways to Use Splashtop for Business
In addition to providing an alternative to VPN and RDP technologies, Splashtop for Business opens
the door to discover new ways to extend company resources to mobile devices:
“Tabletize” Office, Outlook, and Corporate Apps
Support existing MS Office, IE-only / legacy applications without rewriting or retraining users.
Extending VDI
Deliver virtual desktops to mobile devices more cost effectively and with greater performance.
Mobile Access to Interactive Whiteboards
Allow teachers to be freed from their computer to teach in all four corners of the classroom.
High-Performance / High Fidelity Remote Access to 3D/graphics
Deliver highly responsive 3D AutoCAD, animations, simulation, and medical images.
Pooling of Resources
Create a shared pool of physical or virtual desktops for users to access remotely.
Splashtop Inc. 14/14
5. The New Approach to Remote Desktop Access
Extending legacy VPN/RDP technologies to mobile devices can be fraught with challenges. Business
of all sizes can use Splashtop for Business to efficiently and more cost effectively delivers a secure
remote desktop solution uniquely designed to support the demands of today’s mobile workforce.
Its key features are:
Market Leading Performance — Patent-pending streaming technology and intelligent optimization
techniques deliver up to 30 frames per second with synchronized audio for superior performance
and highly responsive user interactivity
Simplicity — No complicated changes to your existing server hardware, networking, or storage
infrastructure; intuitive administrative console for efficient user management
Secure — On-premise service with end-to-end encryption that integrates with your existing Active
Directory infrastructure
Universal — A single app that supports a broad range of mobile devices and use cases
Cost Effective – Eliminates lengthy ‘trial and error’ setup and reduces ongoing maintenance costs
For further details and to start a free trial, please visit www.splashtop.com/business
Splashtop aspires to touch people’s lives by delivering the best-in-class remote desktop
experience – bridging tablets, phones, computers and TVs. Splashtop technology empowers
consumer and business users with high-performance, secure, interactive access to their favorite
applications, media content and files anytime, anywhere.
5.1. Contact Information: Office Locations, Telephone Numbers
Silicon Valley Headquarters Taipei Office Tokyo Office
1054 S. De Anza Blvd, Suite 200
San Jose, CA 95129
U.S.A
+1.408.861.1088
10th Floor, No. 222,
Fuxing South Road, Section 1,
Taipei, Taiwan, 10666
+886.2.2778.0706
Level 20 Marunouchi Trust Tower - Main
1-8-3 Marunouchi, Chiyoda-Ku
Tokyo 100-0005
Japan