I'm looking for some advice on setting up a shared support environment for my small consulting business, which provides ERP support. We have different customers requiring various VPN clients (like Sophos, Forti, Cisco, OpenVPN, etc.) because their ERP solutions are typically hosted on-site. Currently, we have five shared physical PCs, each with a different VPN client installed, but we run into issues with conflicts on the same operating system. We're considering moving to a setup with a Proxmox host and multiple Windows VMs, each dedicated to a specific VPN, accessed through Guacamole for RDP.
However, I'm unsure whether to stick with individual Windows 11 VMs or switch to a Windows Server with Remote Desktop Services (RDS). If RDS is the way to go, should I have multiple session hosts? Also, is there a cleaner method to isolate VPN clients without needing numerous Windows instances? Additionally, what are the licensing implications for this type of setup? Thank you!
3 Answers
I’m with you on the individual VM setup, that's pretty much the industry standard for mixed VPN clients. The conflicts with routing and drivers can really complicate things if you don’t isolate them properly. Make sure whatever solution you choose allows easy management too, since your users are likely to change.
If you're worried about licensing, keep an eye on how each approach fits your compliance needs—VDI or plain Windows Server could work, just learn what the licensing implications are for shared access versus individual user sessions.
It sounds like you’ve already got a solid plan! Mixing multiple VPN clients on one OS can definitely lead to messy conflicts. Having each VPN in its own VM is a common solution and usually works well, especially since you’re dealing with different vendors.
I wouldn't recommend going the RDS route in this case either; having multiple users on one OS while using VPNs can create unpredictable issues with routing. Stick with your approach: one VM per VPN is simple and manageable, especially at your scale. Just be sure to maintain templates and snapshots for quick recoveries when a client goes wonky. Licensing can be tricky, though; technically, VDI or VDA is the right way to go, unless you want to opt for Windows Server with RDS. Overall, your design is looking good—keep it straightforward and you'll avoid a lot of headaches.
Just to confirm, it seems like you’re indeed remoting into an on-site server at the customer’s location? If that's the case, have you thought about using a remote access solution like Bomgar instead of relying solely on VPNs? It allows for unattended access and is secure, while potentially simplifying your setup.
Though tools like TeamViewer are also great, they may not be permitted in all environments, which can be a drawback.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures