Thank you for using our services. We are a non-profit group that run this service to share documents. We need your help to maintenance and improve this website.
To keep our site running, we need your help to cover our server cost [about $500/m], a small donation will help us a lot.
Please help us to share our service with your friends.
High Performance Remote Desktop Access for Mobile Users Without the Pain and Complexity of VPN/RDP March 2015 Splashtop Inc. 1/14 Table of Contents Table of Contents .................................................................................................................................2 1. Situation Analysis .........................................................................................................................3 1. Challenges extending VPN / RDP to mobile users .......................................................................4 2. Introducing Splashtop Enterprise.................................................................................................6 3. How Splashtop Enterprise Addresses Your Needs .......................................................................8 3.1. High Level Overview .....................................................................................................8 3.2. 3.3. 3.4. 3.5. 3.6. 3.7. 4. 3.1.1. Splashtop Enterprise App .......................................................................................8 3.1.2. Splashtop Center .....................................................................................................8 3.1.3. Splashtop Streamer.................................................................................................9 Helping to Meet HIPPA Compliance .............................................................................9 Typical DMZ set-up .......................................................................................................9 Splashtop Center Administration ...............................................................................10 Implementation Overview — Four Simple Steps .......................................................12 Bandwidth Considerations .........................................................................................13 Additional Ways to Use Splashtop Enterprise ............................................................13 The New Approach to Remote Desktop Access .........................................................................14 4.1. Contact Information: Office Locations, Telephone Numbers.....................................14 Splashtop Inc. 2/14 1. Situation Analysis Extending legacy VPN/RDP to mobile devices can be fraught with challenges. Lengthy, complex, and error-prone configuration of mobile VPN and RDP clients can result in downtime and additional management costs. Users are frustrated with remembering multiple logins. Remote connections back to desktops are painfully slow. Splashtop Enterprise represents a unique alternative to this traditional approach. Splashtop is used by over 18 million users and is the market leading remote access solution. By using Splashtop Enterprise, organizations can more efficiently and more cost effectively deliver secure remote desktop services designed from the ground up to support today’s mobile users while retaining the same level of security as a VPN. This white paper provides server, desktop, network and security personnel with an architectural overview and description of Splashtop Enterprise and how it compares to a traditional VPN/RDP solution. Splashtop Inc. 3/14 1. Challenges extending VPN / RDP to mobile users Despite the explosion of mobile devices and the increasing trend of BYOD, most businesses still rely on legacy solutions designed decades ago to connect mobile users back to desktops. Figure 1: Conventional VPN/RDP Setup RDP is a Microsoft remote desktop protocol that allows users to connect to remote desktops. Using RDP alone outside the firewall exposes traffic to security risks - and can make host computers vulnerable to outside attack - so VPN is required. When connected using VPN, the corporate network is exposed to users – allowing them to retrieve files, access documents, access the internet or login to specific services hosted on the corporate network. However, when this conventional VPN/RDP approach is extended to support tablets and smartphones, the situation changes dramatically: • • • • • • Lengthy, complex, and error-prone configuration of mobile VPN and RDP clients can result in user downtime when using line of business applications. Users are confused remembering multiple logins - VPN client, RDP app, desktop. There is significant slowness when accessing applications – users selecting menu options or typing text do not see an instant response leading to frustration. Typically Internet access is also pushed through VPN. This increases the load on the VPN appliance leading to a bad user experience and potentially impacting other network services. Lack of vendor documentation for VPN client and RDP app configuration - or conflicting options - leave user forums as a source of answers. It’s hard to even know which vendor to contact when it comes to getting answers. There is no ‘one-way’ to reliably configure VPN clients with RDP apps - resulting in time consuming ‘trial-and-error’ set-up and on-going maintenance. Splashtop Inc. 4/14 • Mobile client connections may involve users authenticating through third-party cloud/SaaS • servers that exist outside of your organization’s network and so increase security risk. Mobile users may download a variety of RDP apps – each offering different configuration options and user experiences as they behave differently – all of which IT has to support. As can been seen, ensuring a fast and reliable RDP connection across a VPN can be a challenging, lengthy and tortuous experience. Splashtop Enterprise addresses these challenges and more. Splashtop Inc. 5/14 2. Introducing Splashtop Enterprise Splashtop Enterprise eliminates the pain and complexity involved in extending existing VPN/RDP technologies to mobile devices. Splashtop Enterprise delivers: • • A managed, on-premise service that is secure, easy to set-up and cost effective to operate. High performance, secure remote access to desktops and servers that reside inside the company firewall. • • Integration with the existing Active Directory infrastructure Significantly reduced user frustration by delivering applications to their mobile devices with the speed and ease of use as if they were in front of their desktops. “Splashtop satisfied our two top priorities — security and budget. It provides a cost-effective and secure gateway to our desktops without the need to allocate additional server resources or incur additional licensing cost.” Velta Moisio - Director, Information Technology Lake County Juvenile Court The physical setup for Splashtop Enterprise is comparable to a basic VPN/RDP solution –remote clients connect to a server on the network over a secure tunnel and authenticate based on access policies applied to the connection. Figure 2: Splashtop Enterprise Setup However, despite being similar in terms of physical setup, the two systems differ significantly in important key areas. The following table contrasts network configuration, desktop setup, mobile device setup, operational/management and performance. It demonstrates how Splashtop Enterprise eliminates many of the challenges of using VPN/RDP. Splashtop Inc. 6/14 Table 1: Comparison of Splashtop Enterprise to Legacy VPN/RDP Area Legacy VPN/RDP Splashtop Enterprise Operational / Multiple points of administration and Unified administration console Management configuration to support mobile users Single mobile remote access Need to support multiple, inconsistent mobile VPN and RDP clients/apps solution Mobile activity must be synthesized Centralized logging with audit trail from multiple server logs Network Setup and maintain multiple firewall policies for each user device policy/port configuration is Configure VPN appliance for mobile required Configure policies for VPN access Configure each remote desktop for RDP No additional complex firewall Configure port forwarding on router device access Desktop Single firewall policy/port - Single point to define user and device access policies o May require Windows upgrade to Install Splashtop Streamer on each remote desktop support RDP, or installation of additional third-party software Grant access rights for each user on each remote desktop separately Mobile Configure L2TP client for secure connection [VPN] Evaluate, install and configure RDP app Install Splashtop Enterprise App onto mobile devices. for remote desktop access Single app architecture includes Intuitive gestures for an excellent Train users how to use different gestures user experience. and menus for each RDP app Performance / Use cases Tunneling RDP within VPN is inefficient. Splashtop streaming protocol It increases the connection pay load and requires just 300kbps for general so consumes more bandwidth. office productivity Poor video streaming means it is unable to support 3D/graphics intensive Additional use cases include: o applications without considerably more bandwidth. Working with graphic intensive 3D images / animation o Viewing full screen video such as product training Splashtop Inc. o Engineering/design simulation o Viewing medical images 7/14 3. How Splashtop Enterprise Addresses Your Needs 3.1. High Level Overview The Splashtop Enterprise solution is comprised of three components, each residing on different systems within an enterprise network. Together, they provide a high performance and secure remote desktop experience. Figure 3: High Level Architecture 3.1.1. Splashtop Enterprise App The Splashtop Enterprise App is a lightweight remote client that is installed on an employee’s mobile device, such as an Apple iPad or iPhone, Google Android phone or tablet; Macs and Windows PCs and laptops are also supported. Users connect to desktops using the same AD credentials they use at their desk. 3.1.2. Splashtop Center Splashtop Center is installed within the enterprise firewall [or DMZ] on a Windows-based system and brokers connections between the user’s mobile device [running the Splashtop Enterprise app] and enterprise desktops [running Splashtop Streamer software]. It also provides an administrative console to manage users and devices. Seamless integration with existing Active Directory [AD] domains helps IT administrators simplify the process of local user authentication and ensures that only authorized users can establish remote sessions. Since all Splashtop traffic is managed by Splashtop Center, only a single firewall policy is required, not per-user policies, reducing the firewall management workload. Security policies are applied within Splashtop Center as part of each user’s assigned policy. Splashtop Inc. 8/14 3.1.3. Splashtop Streamer This agent software must be installed on the target desktop the user will access. IT administrators can install the software either by visiting the user’s desktop, using existing management tools or optionally allowing users to download the software from the Splashtop Center server themselves. To enable users to access more than one desktop, IT administrators must install streamers onto those other systems. The streamer software can automatically login using the users AD credentials. 3.2. Helping to Meet HIPPA Compliance For organizations specifically concerned with Health Insurance Portability and Accountability Act of 1996 [HIPAA] compliance, please see the whitepaper ‘How Splashtop Helps Support HIPAA Compliance’. 3.3. Typical DMZ set-up All communications within the Splashtop Enterprise solution – from the mobile app through Splashtop Center to Splashtop Streamer and back again – are secured over Splashtop’s patent-pending streaming technology using the IETF-standard Transport Layer Security [TLS] protocol. Splashtop Enterprise also prevents eavesdropping on and modification or replay of communications by restricting the cipher suite to 2048 bit ECDH-RSA with 256-bit AES-CBC and SHA1 [see Figure 5: Splashtop Center Deployment in DMZ]. Figure 4: Splashtop Center Deployment in DMZ Splashtop Inc. 9/14 3.4. Splashtop Center Administration Splashtop Center provides a robust, unified administrative console that includes: • • • • Active Directory [AD] integration – Support existing AD for authentication Centralized policy-based control - Set user and device access policies, activate/deactivate users and devices, MAC address filtering, create or import SSL certificates, set maximum frame rate per user connection, set idle timeout Reporting - View real-time connections and audit trails Grouping - Allow access to shared pool of physical or virtual desktops With the installation of Splashtop Streamer on the Splashtop Center server, the console can be accessed remotely by administrators from a Splashtop Enterprise app on a mobile device [or Windows PC or Mac]. Figure 5: Splashtop Center Console Users Tab Active Directory [AD] integration eliminates redundant administration tasks and ensures consistency of user identities. By authenticating against the domain in read-only mode, the risk of modifying the existing AD infrastructure is reduced. Only approved devices and users that have been specifically added by the administrator can access desktops. Administrators can also allow/deny remote access by mobile devices individually using MAC addresses, lock or disable access by a specific device, disable auto-logon [forcing users to enter passwords to connect], and de-activate a mobile device entirely. Groups can be created to act as a shared resource pool for users. Splashtop Center also displays the active status of connections, IP addresses, and connection time and duration as well as device type – logging this information in an audit trail. Splashtop Inc. 10/14 IT Security Controls Figure 6: Splashtop Center Audit Trail Splashtop Inc. 11/14 3.5. Implementation Overview — Four Simple Steps IT setup User Setup Set-up Splashtop Center on a Windows server [for initial proof of concept you can install this onto your existing desktop]. Install Splashtop Enterprise app on mobile devices [users download from device's app store] Create users and define access policies. Users can be created by accessing Active Directory or by creating local users. Install Splashtop Streamer on each computer to be accessed. Users log in and connect to their desktop. Figure 7: Users choose their desired desktop from the Splashtop Enterprise app Splashtop Inc. 12/14 3.6. Bandwidth Considerations Splashtop Enterprise is capable of providing a truly interactive experience to mobile users, delivering 3D graphics and HD video without compromise using relatively modest bandwidth. Splashtop Center policies can be defined to throttle the frame rate for specific users [from 1-60 frames per second], allowing administrators to reduce bandwidth for each connection if required. Bandwidth required per session for general productivity usage bandwidth : 300 kbps For optimal performance : 800 kbps 3.7. Additional Ways to Use Splashtop Enterprise In addition to providing an alternative to VPN and RDP technologies, Splashtop Enterprise opens the door to discover new ways to extend company resources to mobile devices: “Tabletize” Office, Outlook, and Corporate Apps Support existing MS Office, IE-only, .NET or JAVA applications without rewriting or retraining users. Extending VDI Deliver virtual desktops to mobile devices more cost effectively and with greater performance. Turn Mobile Device into an Interactive Whiteboard Allow teachers, presenters or instructors to be freed from their computer to teach in all four corners of the classroom. High-Performance / High Fidelity Remote Access to 3D/graphics Deliver highly responsive 3D AutoCAD, animations, simulation, and medical images. Pooling of Resources Create a shared pool of physical or virtual desktops for users to access remotely. Splashtop Inc. 13/14 4. The New Approach to Remote Desktop Access Extending legacy VPN/RDP technologies to mobile devices can be fraught with challenges. Business of all sizes can use Splashtop Enterprise to efficiently and more cost effectively delivers a secure remote desktop solution uniquely designed to support the demands of today’s mobile workforce. Its key features are: Market Leading Performance — Patent-pending streaming technology and intelligent optimization techniques deliver up to 30 frames per second with synchronized audio for superior performance and highly responsive user interactivity Simplicity — No complicated changes to your existing server hardware, networking, or storage infrastructure; intuitive administrative console for efficient user management Secure — On-premise service with end-to-end encryption that integrates with your existing Active Directory [AD] infrastructure Universal — A single app that supports a broad range of mobile devices and use cases Cost Effective – Eliminates lengthy ‘trial and error’ setup and reduces ongoing maintenance costs MDM/MAM integration - Deep integration with MDM / MAM partners adds additional on-device security and control. For further details and to start a free trial, please visit www.splashtop.com/enterprise Splashtop aspires to touch people’s lives by delivering the best-in-class remote desktop experience – bridging tablets, phones, computers and TVs. Splashtop technology empowers consumer and business users with high-performance, secure, interactive access to their favorite applications, media content and files anytime, anywhere. 4.1. Contact Information: Office Locations, Telephone Numbers Silicon Valley Headquarters Taipei Office Tokyo Office 1054 S. De Anza Blvd, Suite 200 5F., No.152, Sec. 1, Zhongxiao E. Level 20 Marunouchi Trust Tower - Main San Jose, CA 95129 Rd., Zhongzheng Dist., 1-8-3 Marunouchi, Chiyoda-Ku U.S.A Taipei City 100, Taiwan, 10049 Tokyo 100-0005 +1.408.861.1088 +886.2.2351.3030 Japan Splashtop Inc. 14/14