On Nov 3, 2010, at 10:15 AM, m.roth at 5-cent.us wrote: > Ross Walker wrote: > <snip> >> I would suggest only providing VPN access to administrators and for users >> providing a combination of SSL gateway to web-mail and some type of >> terminal service that either authenticates with a separate domain or is >> only accessible after successfully authenticating to the SSL gateway. > <snip> > Um, no. This might work for folks who *only* need access to their M$ > Exchange via Outlook and Office, but for other work, including *anything* > that isn't being done in their browser, they're SOL about working, say, > from home. Exchange isn't the only web mail game in town, and terminal services doesn't have to be M$ RDP, NoMachine NX makes a great X-Windows terminal server supported across many desktop OSes (and does certificate authentication too!). If you are using a content management system, you can also provide access to that through the gateway (and no I'm not necessarily talking Sharepoint here). I just think VPNs' time has come and gone. > It's even more secure it you just unplug it from the Internet.... Goes without saying ;-) -Ross