General Consultant Discussion

Have you set up any innovative way of managing your VPN connections that customers require us to use in order to access their systems?
I cringe every time I have to install yet another VPN  --- hoping that it's not going to conflict with something on my main computer desktop.

I've always assumed if the customer says I need to use "jimmy job bob VPN" that I can't substitute out another but maybe I'm incorrect?
It's a little comical because every customer ( every ) uses some different VPN software which is a bit of a pain to load and maintain.

In the past, I'd convinced many to install GoToAssist unattended. However, I find that most IT people don't want to leave a full-time remote connection to their server when they cannot also easily manage that security-wise. So I've stopped asking for unattended GoToAssist. I also am a bit gunshy of being the source of a remote breach via GTA ( although I do use 2FA it still may not be foolproof and I don't want the liability ).

How do you manage this or do you mostly mutter under your breath with each new VPN much as I do?

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

VPN's are difficult enough, but now we have a dozen or with second authentication factor (2AF), a nightmare for multi-consulting group like ours since they want the user tied to a named person and mobile number, or email.  We use SharePoint, and keep a folder for Connection Documents; that way our entire team has access. I also use a network virtual server and install the VPN there.  I RDP to that server, then connect to clients.  Minimizes problems on my PC.

------------------------------
Madeline Stefanou
RKL eSolutions, LLC
------------------------------

I sometimes setup a new Virtual Machine and install the VPN there similar to Madeline this keeps my main machine cleaner.

------------------------------
Bruce Kern
SWK Technologies Inc.
------------------------------

Follow-up: 

Great ideas - especially the one about a virtual machine since it seems like only a matter of time before a poorly behaving VPN client may cause conflicts with something else. 

a. Is it feasible to create a virtual environment for each customer? I'm not 100% sure if that requires a separate license for each image which has Windows?
b. Has anyone set this up using AWS to host their server specifically for the purpose of VPN out to customer sites?

The way I do this now: 

1. Create a Google Drive that syncs to my desktop
2. Label this VPN and RDP
3. Create a separate folder for each customer
4. Inside this folder I save their VPN, txt info on how to configure, sometimes additional folders for on-the-fly saved downloads
5. I use Lastpass for saving the login info ( VPN and if different the Windows login )

This works pretty well. The biggest issue is that when you switch computers you need to setup the VPN all over again. I somewhat mitigate this by saving a copy of the particular VPN client ( or a link to it in an TXT document ) in that customer's folder.

For my workflow this may be enough but I'm curious whether anyone has created a better method that guards against having to reinstall the VPN to each workstation you want to login to the customer from. I could see a virtual server being used here and have it do nothing but hold the login info. I'd probably require 2FA and perhaps encryption on that server as well as a separate Lastpass for the actual credentials of each customer.

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

I use multiple VMs as well.  I use VirtualBox, and I put the VPN client and customers that use that VPN in the description field in VirtualBox so I can easily scan through the VM list in VirtualBox to see which VM I need to launch.

------------------------------
Phil McIntosh
President
Friendly Systems, Inc.
Asheville NC
678.273.4010 ext 5
------------------------------

Original Message:
Sent: 02-24-2021 10:00
From: Wayne Schulz
Subject: Managing the myriad of VPN clients that customers force upon us`

Follow-up:

Great ideas - especially the one about a virtual machine since it seems like only a matter of time before a poorly behaving VPN client may cause conflicts with something else.

a. Is it feasible to create a virtual environment for each customer? I'm not 100% sure if that requires a separate license for each image which has Windows?
b. Has anyone set this up using AWS to host their server specifically for the purpose of VPN out to customer sites?

The way I do this now:

1. Create a Google Drive that syncs to my desktop
2. Label this VPN and RDP
3. Create a separate folder for each customer
4. Inside this folder I save their VPN, txt info on how to configure, sometimes additional folders for on-the-fly saved downloads
5. I use Lastpass for saving the login info ( VPN and if different the Windows login )

This works pretty well. The biggest issue is that when you switch computers you need to setup the VPN all over again. I somewhat mitigate this by saving a copy of the particular VPN client ( or a link to it in an TXT document ) in that customer's folder.

For my workflow this may be enough but I'm curious whether anyone has created a better method that guards against having to reinstall the VPN to each workstation you want to login to the customer from. I could see a virtual server being used here and have it do nothing but hold the login info. I'd probably require 2FA and perhaps encryption on that server as well as a separate Lastpass for the actual credentials of each customer.

------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------