March 25, 2020

VPN and VDI: Quick solutions for connecting and securing remote workers

Due to changing work patterns from the response to COVID-19 globally, the demand on IT teams is fierce to quickly deliver suitable systems to keep businesses connected. The wide spread work from home movement has increased workloads, security concerns, mobile device needs and presented unique connectivity and collaboration challenges for IT staff. Most of the changes will be in front end systems and will include things like:

  • Moving applications to the cloud such as Office 365. 
  • Remote collaboration software such as Microsoft TeamsCisco Webex Teams.  
  • Mobilisation of the workforce, replacing desktop users with laptops or portable devices. 
  • Remote presentation, such as: 
    • VDI –  Vmware Horizon, Citrix Workspace, Nutanix Xi Frame 
    • Remote presentation for specialty users such as HP RGS
  • Extension of the work network into the home:  
    • Secure endpoint connection such as VPN and gateways 
    • Network extension firewalls, remote bridges, remote Access points  
    • SD-WAN, branch office solutions 

Data#3 has specialists covering all of these areas, and we can provide whatever level of support is required to get your workers back online.

The HPE Aruba team at Data#3 are assisting many customers with rapid deployments of remote working solutions.  These are three solutions that will support deployments at short notice. 

Remote VPN using the Aruba Virtual Intranet Access Client solution  

This is an easy to implement solution that can drop in on an existing network, regardless of the current vendor or other frameworks in place, allowing individual devices to access as if connected to the local network. 

The solution provides a VPN connection from a device to a dedicated VPN concentrator, the solution provides for secure access with firewalling and filtering for each user (after all COVID-19 is not the only virus we need to worry about).   

The Aruba Virtual Intranet Access Client (VIA Client) can be installed on just about any client platform, including:  

  • Windows (Vista+) 
  • MacOS (10.6+) 
  • IOS (4.2+) 
  • Android (4.0+)  
  • LINUX (multiple distributions ~6+ kernel)  

VIA has the flexibility to support multi-factor authentication, split tunnel mode, role-based access, and full state firewall on each session. VIA installation is quick and economical. This solution can be deployed for approximately $7,000 for the first year (based on up to 1000 users, including installation services and first 12 months support).    

The solution can scale to 10’s of thousands of users and add additional features such as central management, controller redundancy, and higher throughput.   

VIA is also well suited to environments where you want users to attach to their local branch office, business unit or campus, with a low-cost controller in each location. This allows for easy segregation of users.

Remote VPN using the Aruba Instant Access Point solution

For users that have multiple devices or have devices that are unable to accept a VPN client software, there is the option to use Instant Access Points (IAP) with the mobility controllersIAP uses a common architecture to the VIA solution and can share the same controller, but note that client access numbers are reduced when mixing IAP’s and VIA access. AIAP acts as the termination device and tunnels traffic between the remote location and the office.   

The preferred IAP is the 303H, as this gives maximum flexibility, having both wired and wireless ports available, as well as USB support for 4/5G.   

The home user plugs the IAP into the internet (their home router or a USB 4G device), and the office WIFI is available at home, or another remote location, without having to reconfigure client devices. This is great for users whom you need to give access to the network but don’t have configuration control of devices, or when many devices are required including wired devices such as printers, desktops, IoT devices.

This solution can also support more than one user, up to a small branch office, and can even be extended with multiple IAPs to cover a larger area. The cost is approximately $400 per IAP, with limited lifetime support.

VDI using the Nutanix Xi Frame solution  

One of the issues with remote workers is, in some cases, applications or data can’t leave the office for performance, security, legal or other reasons. I’d suggest turning to a VDI solution in this scenario for some workloads. Nutanix has a unique offering in that incorporates an HCI Infrastructure with presentation and brokerage to provide a VDI solution that scales from a small office to enterprise, and is secure and quick to deploy.   

Xi Frame sits on top of a Nutanix cluster and provides desktop and application access over HTML5 to client devices via their preferred browser, allowing users to access securely from a managed or unmanaged device.  The benefits of delivering in the Nutanix stack are: 

  • On-premises delivery 
  • Secure to any device  
  • Quick to get up and running  
  • Simple to attach to existing services  
  • Easy to manage  

The Nutanix solution will not do everything that VMware Horizon or Citrix Workspaces will do. You cannot stream desktops to bare metal, the client will not manage the end device, and it will not push native iOS apps. Although it will be up and running weeks before the other systems and will deliver reliable performance and security. 

Go to the Nutanix website for a 30 day test drive of Xi Frame  

Nutanix Xi frame is built on:  

  • HPE ProLiant servers – Customise CPU memory and storage to your requirements 
  • Nutanix AHV Hypervisor – Reducing the cost of enterprise-grade hypervisors 
  • Nutanix AOS Hyperconverged storage platform
  • Nutanix Prism Management & HPE OneView Management – unified hardware and software updates
  • Xi Frame VDI/DaaS platform  

The solution can be consumed as a standard IT service or delivered with HPE GreenLake as consumption-based offering. 

Data#3 has a range of solutions that will keep your people connected, secure and productive from anywhere. Reach out to me if you have questions or contact a Data#3 expert for a demonstration.