I work at a startup that is doing some aerospace engineering work, and the engineers have two related but distinct asks for our network that I am not sure how to provide.
-
Remote access to workstation. Some engineers use desktop computers to do their work, and they would like a way to access them remotely to do design work and simulations from home while having all the actual computing happening at work. How do I implement this for them? Is there an application or service that is "plug and play" for this type of thing?
-
VPN system. Other engineers use mobile workstations that they take all over with them. We have a license server for our CAD and simulation software licenses set up on our LAN, but if the engineers with mobile workstations are out of the office, they cannot currently access the license server and so cannot use our software suites. I assume a VPN is the way to go to solve this, as they would be able to get into our LAN and ping the license server to use our software from anywhere with an internet connection. How do I set up a VPN to do this? Do I need special hardware, or can it be done with software?
For additional background, I am not a network engineer. I have become my startup's IT guy by default because I can figure things out, but I have no formal background or training in IT or networking. I did set up my company's network thus far, which includes Four DSL WAN connections (don't ask…), a load balancing router to chain them together, a 24-port Managed PoE switch, 3 VOIP phones, and about a dozen workstations.
Hardware:
4 – CenturyLink Zyxel C1100Z DSL modems
1 – TP-Link TL-R470T+ load balancing router that also handles our DHCP for our LAN
1 – Netgear JGS524PE-100NAS 24-port switch.
The switch is connected to everything else, which includes our endpoints, a Linksys WRT3200 wireless router configured as a WAP, and a MiniX Neo running Windows 10 Pro serving as our license server.
Best Answer
You need a VPN also for item 1, since for remote access (RDP/VNC) you need to access the internal network anyway.
You need to look into your router's documentation and see if it supports any VPN server features. If it does, then you configure the VPN there and install corresponding software to the workstations that need it.
If it does not have VPN support, then you need to have a computer which runs for example OpenVPN server, and you port forward connections from the router to the OpenVPN server.
Then you need also to make sure that you either have a static IP address or dynamic DNS solution installed, so that you have a static endpoint where your VPN clients are connecting to.
Remote desktop features are built-in in MacOS and Windows, you just need to search how to enable them. The harder part is the VPN.
Another note in general. You or the company needs the be aware of the point when the systems need to be set up by best operating practices instead of "figuring out how to do things". At some point, this method is simply not enough and could pose a significant risks to operation.