How to deploy vSpace Pro for WAN access?

How to deploy vSpace Pro for WAN access?

Considerations

In the past, our networking products have mostly been mentioned as 'LAN only' devices, only, for practical purposes.  However, products like the RX Series for vSpace are better equipped than their predecessors and their networking capabilities may facilitate a WAN deployment.

It is important to note first that success in a WAN roll-out will depend on careful planning and implementation.
Just as you would do a careful scaling of server resources and know what a user workload is, in relation to allotted installed hardware before deploying a Session Host server, the same applies to planning your network infrastructure and logic. These two, along with your IT expertise will determine if a WAN deployment is feasible in your current deployment plan. 
  
In basic terms, there are three elements that will be at play when planning a 'beyond local LAN', be it a WAN or cross subnet deployment:

Safe transmission of packets, from point to point across the WAN. (TCP and UDP alike) This may imply specialized switches to protect and propel the packet without loss. Here is a full list of what vSpace allowances require.
Have minimal or near zero packet latency. Specialized infrastructure hardware may be needed to be in place in order to offer quite fast transmission of data.
Bandwidth allowance. In order to allow the amount of foreseen traffic created by active sessions and their workload. 

Ways to deploy WAN access

1. VPN access




VPN allows individuals to establish secure connections with a remote computer network. They can access the protected resources on that network as if they connect directly to the network’s servers. Customers who deploy vSpace Pro software can access their user sessions remotely via NComputing thin clients that support VPN.

Supported access devices:
  1. RX300 (firmware version 3.8.1 and higher) - integrated VPN support, including OpenVPN, OpenConnect and PPTP
  2. LEAF OS (firmware version 2.1.2 and higher) - integrated VPN support, including OpenVPN, OpenConnect and PPTP
  3. vSpace Pro Client for Windows (2.5.5 and higher) - requires 3rd party VPN client install on the local Window PC/laptop
Virtualization platforms:
  1. vSpace Pro Enterprise Edition (12.7 or later)
Implementation considerations:
  1. VPN adds additional layers of protection:
  2. There is only one open port which is username and password protected.
  3. All traffic to and from private network is encrypted.
  4. Internal resources are password protected.
  5. Allows access to all deployed vSpace Pro servers and internal resources.
  6. Moderately simple configuration. User information is required, but no need for internal resource information.
  7. Older NComputing access device families (L-series, M300, MX series) do not support VPN.
  8. Must have sufficient VPN seat licenses.
  9. Traffic to and from the internal network may be slightly slower due to the encryption process.
    There are some useful KB articles that describe VPN setup in more details:

2. Router Port forwarding





Customers who deploy vSpace Pro software can access their user sessions remotely via the router port forwarding method (port 27605).
Port forwarding maps the port on your router’s IP address (your public IP) to the port and IP address of the vSpace Pro server you
want to access. The port forwarding rule intercepts the data traffic heading to your company’s router public IP address and redirects it
to the internal vSpace Pro server IP address. This allows NComputing thin clients in a public network to connect to the vSpace Pro server
in the private network. Typically your ISP uses Network Address Translation (NAT) to provide Internet connectivity through your router. Configuration changes to your router are usually required to enable the Port Forwarding option.

Supported access devices:
  1. RX300L250/300/350, M300, MX100 thin clients
  2. LEAF OS software
  3. vSpace Pro Client for Windows & Chromebook
Virtualization platforms:
  1. vSpace Pro Enterprise Edition (12.7 or later)
Implementation considerations:
  1. Easy to configure.
  2. Forwards the user to the private network without requiring a password.
  3. Works with Dynamic DNS.
  4. Supports all NComputing clients compatible with vSpace Pro.
  5. Safety depends on how good the router’s firewall is. Must require a strong password set for your users’ accounts.
  6. Not all traffic is encrypted.
  7. User session performance may be impacted by latency.
  8. Access to multiple vSpace Pro servers requires multiple port forwarding rules.

Additional help


KB-837 
REV 08.23