Splashtop Inc. 1/14

High Performance Remote

Desktop Access for Mobile Users

Without the Pain and

Complexity of VPN/RDP

A Splashtop for Business Whitepaper

February 2013

Splashtop Inc. 2/14

Table of Contents

Table of Contents ................................................................................................................................. 2

1. Situation Analysis ......................................................................................................................... 3

2. Challenges extending VPN / RDP to mobile users ....................................................................... 4

3. Introducing Splashtop for Business .............................................................................................. 6

4. How Splashtop for Business Addresses Your Needs..................................................................... 8

4.1. High Level Overview ..................................................................................................... 8

4.1.1. Splashtop for Business App ..................................................................................... 8

4.1.2. Splashtop Center ..................................................................................................... 8

4.1.3. Splashtop Streamer for Business ............................................................................ 9

4.2. Helping to Meet HIPPA Compliance ............................................................................. 9

4.3. Typical DMZ set-up ....................................................................................................... 9

4.4. Splashtop Center Administration ............................................................................... 10

4.5. Implementation Overview — Four Simple Steps ....................................................... 12

4.6. Bandwidth Considerations ......................................................................................... 13

4.7. Additional Ways to Use Splashtop for Business ......................................................... 13

5. The New Approach to Remote Desktop Access ......................................................................... 14

5.1. Contact Information: Office Locations, Telephone Numbers ..................................... 14

Splashtop Inc. 3/14

1. Situation Analysis

Extending legacy VPN/RDP to mobile devices can be fraught with challenges. Lengthy, complex,

and error-prone configuration of mobile VPN and RDP clients can result in downtime and

additional management costs. Users are frustrated with remembering multiple logins. Remote

connections back to desktops are painfully slow. Splashtop for Business represents a unique

alternative to this traditional approach.

Splashtop is used by over 13 million users and is the market leading remote access solution. By

using Splashtop for Business, organizations can more efficiently and more cost effectively deliver

secure remote desktop services designed from the ground up to support today’s mobile users

while retaining the same level of security as a VPN.

This white paper provides server, desktop, network and security personnel with an architectural

overview and description of Splashtop for Business and how it compares to a traditional VPN/RDP

solution.

Splashtop Inc. 4/14

2. Challenges extending VPN / RDP to mobile users

Despite the explosion of mobile devices and the increasing trend of BYOD, most businesses still

rely on legacy solutions designed decades ago to connect mobile users back to desktops.

RDP is a Microsoft remote desktop protocol that allows users to connect to remote desktops. Using

RDP alone outside the firewall exposes traffic to security risks - and can make host computers

vulnerable to outside attack - so VPN is required. When connected using VPN, the corporate

network is exposed to users – allowing them to retrieve files, access documents, access the

internet or login to specific services hosted on the corporate network.

However, when this conventional VPN/RDP approach is extended to support tablets and

smartphones, the situation changes dramatically:

• Lengthy, complex, and error-prone configuration of mobile VPN and RDP clients can result in

user downtime when using line of business applications.

• Users are confused remembering multiple logins - VPN client, RDP app, desktop.

• There is significant slowness when accessing applications – users selecting menu options or

typing text do not see an instant response leading to frustration.

• Typically Internet access is also pushed through VPN. This increases the load on the VPN

appliance leading to a bad user experience and potentially impacting other network services.

• Lack of vendor documentation for VPN client and RDP app configuration - or conflicting

options - leave user forums as a source of answers. It’s hard to even know which vendor to

contact when it comes to getting answers.

• There is no ‘one-way’ to reliably configure VPN clients with RDP apps - resulting in time

consuming ‘trial-and-error’ set-up and on-going maintenance.

Figure 1: Conventional VPN/RDP Setup

Splashtop Inc. 5/14

• Mobile client connections may involve users authenticating through third-party cloud/SaaS

servers that exist outside of your organization’s network and so increase security risk.

• Mobile users may download a variety of RDP apps – each offering different configuration

options and user experiences as they behave differently – all of which IT has to support.

As can been seen, ensuring a fast and reliable RDP connection across a VPN can be a challenging,

lengthy and tortuous experience. Splashtop for Business addresses these challenges and more.

Splashtop Inc. 6/14

3. Introducing Splashtop for Business

Splashtop for Business eliminates the pain and complexity involved in extending existing VPN/RDP

technologies to mobile devices. Splashtop for Business delivers:

• A managed, on-premise service that is secure, easy to set-up and cost effective to operate.

• High performance, secure remote access to desktops and servers that reside inside the

company firewall.

• Integration with the existing Active Directory infrastructure

• Significantly reduced user frustration by delivering applications to their mobile devices with

the speed and ease of use as if they were in front of their desktops.

“Splashtop for Business satisfied our two top priorities — security and budget. It provides a

cost-effective and secure gateway to our desktops without the need to allocate additional server

resources or incur additional licensing cost.”

Velta Moisio - Director, Information Technology

Lake County Juvenile Court

The physical setup for Splashtop for Business is comparable to a basic VPN/RDP solution –remote

clients connect to a server on the network over a secure tunnel and authenticate based on access

policies applied to the connection.

However, despite being similar in terms of physical setup, the two systems differ significantly in

important key areas. The following table contrasts network configuration, desktop setup, mobile

device setup, operational/management and performance. It demonstrates how Splashtop for

Business eliminates many of the challenges of using VPN/RDP.

Figure 2: Splashtop for Business Setup

Splashtop Inc. 7/14

Table 1: Comparison of Splashtop for Business to Legacy VPN/RDP

Area Legacy VPN/RDP Splashtop for Business

Operational /

Management

Multiple points of administration and

configuration to support mobile users

Need to support multiple, inconsistent

mobile VPN and RDP clients/apps

Mobile activity must be synthesized

from multiple server logs

Unified administration console

Single mobile remote access

solution

Centralized logging with audit

trail

Network Setup and maintain multiple firewall

policies for each user device

Configure port forwarding on router

Configure VPN appliance for mobile

device access

Configure policies for VPN access

Single firewall policy/port - No

additional complex firewall

policy/port configuration is

required

Single point to define user and

device access policies

Desktop Configure each remote desktop for RDP

o May require Windows upgrade to

support RDP, or installation of

additional third-party software

Grant access rights for each user on each

remote desktop separately

Install Splashtop Streamer on

each remote desktop

Mobile Configure L2TP client for secure

connection (VPN)

Evaluate, install and configure RDP app

for remote desktop access

Train users how to use different gestures

and menus for each RDP app

Install Splashtop for Business App

onto mobile devices.

Single app architecture includes

Intuitive gestures for a excellent

user experience.

Performance

/ Use cases

Tunneling RDP within VPN is inefficient.

It increases the connection pay load and

so consumes more bandwidth.

Poor video streaming means it is unable

to support 3D/graphics intensive

applications without considerably more

bandwidth.

Splashtop streaming protocol

requires just 300kbps for general

office productivity

Additional use cases include:

o Working with graphic intensive

3D images / animation

o Viewing full screen video such

as product training

o Engineering/design simulation

o Viewing medical images

Splashtop Inc. 8/14

4. How Splashtop for Business Addresses Your Needs

4.1. High Level Overview

The Splashtop for Business solution is comprised of three components, each residing on different

systems within an enterprise network. Together, they provide a high performance and secure

remote desktop experience.

Figure 4: Splashtop for Business High Level Architecture

4.1.1. Splashtop for Business App

The Splashtop for Business App is a lightweight remote client that is installed on an employee’s

mobile device, such as an Apple iPad or iPhone, Google Android phone or tablet; Macs and

Windows PCs and laptops are also supported. Users connect to desktops using the same AD

credentials they use at their desk.

4.1.2. Splashtop Center

Splashtop Center is installed within the enterprise firewall (or DMZ) on a Windows-based system

and brokers connections between the user’s mobile device (running the Splashtop for Business

app) and enterprise desktops (running Splashtop Streamer for Business software). It also provides

an administrative console to manage users and devices. Seamless integration with existing Active

Directory (AD) domains helps IT administrators simplify the process of local user authentication

and ensures that only authorized users can establish remote sessions. Since all Splashtop traffic is

managed by Splashtop Center, only a single firewall policy is required, not per-user policies,

reducing the firewall management workload. Security policies are applied within Splashtop Center

as part of each user’s assigned policy.

Figure 3: Splashtop for Business High Level Architecture

Splashtop Inc. 9/14

4.1.3. Splashtop Streamer for Business

This agent software must be installed on the target desktop the user will access. IT administrators

can install the software either by visiting the user’s desktop, using existing management tools or

optionally allowing users to download the software from the Splashtop Center server themselves.

To enable users to access more than one desktop, IT administrators must install streamers onto

those other systems. The streamer software can automatically login using the users AD credentials.

4.2. Helping to Meet HIPPA Compliance

For organizations specifically concerned with Health Insurance Portability and Accountability Act of

1996 (HIPAA) compliance, please see the ‘Remote Desktop Access for the Mobile Workforce -

Security White Paper’. The Appendix of this document outlines how Splashtop for Business helps

to meet certain required and addressable security requirements for HIPAA.

4.3. Typical DMZ set-up

All communications within the Splashtop for Business solution – from the Splashtop for Business

App through Splashtop Center to Splashtop Streamer for Business and back again – are secured

over Splashtop’s patent-pending streaming technology using the IETF-standard Transport Layer

Security (TLS) protocol. Splashtop for Business also prevents eavesdropping on and modification or

replay of communications by restricting the cipher suite to 2048 bit ECDH-RSA with 256-bit

AES-CBC and SHA1 (see Figure 5: Splashtop Center Deployment in DMZ).

Figure 5: Splashtop Center Deployment in DMZ

Splashtop Inc. 10/14

4.4. Splashtop Center Administration

Splashtop Center provides a robust, unified administrative console that includes:

• Active Directory (AD) integration - Integrate with your existing AD for authentication

• Centralized policy-based control - Set user and device access policies,

activate/deactivate users and devices, MAC address filtering, create or import SSL

certificates, set maximum frame rate per user connection

• Reporting - View real-time connections and audit trails

• Grouping - Allow access to shared pool of physical or virtual desktops

With the installation of Splashtop Streamer on the Splashtop Center server, the console can be

accessed remotely by administrators from a Splashtop for Business app on a mobile device (or

Windows PC or Mac).

Active Directory (AD) integration eliminates redundant administration tasks and ensures

consistency of user identities. By authenticating against the domain in read-only mode, the risk of

modifying the existing AD infrastructure is reduced. Only approved devices and users that have

been specifically added by the administrator can access desktops. Administrators can also

allow/deny remote access by mobile devices individually using MAC addresses, lock or disable

access by a specific device, disable auto-logon (forcing users to enter passwords to connect), and

de-activate a mobile device entirely. Groups can be created to act as a shared resource pool for

users. Splashtop Center also displays the active status of connections, IP addresses, connection

time and duration as well as device type – logging this information in an audit trail.

Figure 6: Splashtop Center Console Users Tab

Splashtop Inc. 11/14

IT Security Controls

Figure 7: Splashtop Center Audit Trail

Splashtop Inc. 12/14

4.5. Implementation Overview — Four Simple Steps

IT setup

User Setup

Set-up Splashtop Center on a Windows server (for

initial proof of concept you can install this onto

your existing desktop).

Install Splashtop for Business app on

mobile devices (users download from

device's app store)

Create users and define access policies. Users can

be created by accessing Active Directory or by

creating local users.

Install Splashtop Streamer on each

computer to be accessed. Users log in

and connect to their desktop.

Figure 8: Users choose their desired desktop from the Splashtop for Business app

Splashtop Inc. 13/14

4.6. Bandwidth Considerations

Splashtop for Business is capable of providing a truly interactive experience to mobile users,

delivering 3D graphics and HD video without compromise using relatively modest bandwidth.

Splashtop Center policies can be defined to throttle the frame rate for specific users (from 1-60

frames per second), allowing administrators to reduce bandwidth for each connection if required.

Bandwidth required per session for general productivity usage bandwidth : 300 kbps

For optimal performance : 800 kbps

4.7. Additional Ways to Use Splashtop for Business

In addition to providing an alternative to VPN and RDP technologies, Splashtop for Business opens

the door to discover new ways to extend company resources to mobile devices:

“Tabletize” Office, Outlook, and Corporate Apps

Support existing MS Office, IE-only / legacy applications without rewriting or retraining users.

Extending VDI

Deliver virtual desktops to mobile devices more cost effectively and with greater performance.

Mobile Access to Interactive Whiteboards

Allow teachers to be freed from their computer to teach in all four corners of the classroom.

High-Performance / High Fidelity Remote Access to 3D/graphics

Deliver highly responsive 3D AutoCAD, animations, simulation, and medical images.

Pooling of Resources

Create a shared pool of physical or virtual desktops for users to access remotely.

Splashtop Inc. 14/14

5. The New Approach to Remote Desktop Access

Extending legacy VPN/RDP technologies to mobile devices can be fraught with challenges. Business

of all sizes can use Splashtop for Business to efficiently and more cost effectively delivers a secure

remote desktop solution uniquely designed to support the demands of today’s mobile workforce.

Its key features are:

Market Leading Performance — Patent-pending streaming technology and intelligent optimization

techniques deliver up to 30 frames per second with synchronized audio for superior performance

and highly responsive user interactivity

Simplicity — No complicated changes to your existing server hardware, networking, or storage

infrastructure; intuitive administrative console for efficient user management

Secure — On-premise service with end-to-end encryption that integrates with your existing Active

Directory infrastructure

Universal — A single app that supports a broad range of mobile devices and use cases

Cost Effective – Eliminates lengthy ‘trial and error’ setup and reduces ongoing maintenance costs

For further details and to start a free trial, please visit www.splashtop.com/business

Splashtop aspires to touch people’s lives by delivering the best-in-class remote desktop

experience – bridging tablets, phones, computers and TVs. Splashtop technology empowers

consumer and business users with high-performance, secure, interactive access to their favorite

applications, media content and files anytime, anywhere.

5.1. Contact Information: Office Locations, Telephone Numbers

Silicon Valley Headquarters Taipei Office Tokyo Office

1054 S. De Anza Blvd, Suite 200

San Jose, CA 95129

U.S.A

+1.408.861.1088

10th Floor, No. 222,

Fuxing South Road, Section 1,

Taipei, Taiwan, 10666

+886.2.2778.0706

Level 20 Marunouchi Trust Tower - Main

1-8-3 Marunouchi, Chiyoda-Ku

Tokyo 100-0005

Japan