Hello everyone,
I currently work at a small company however we require a VPN so that the workers can work from home since one of the programs that we use needs access to our company SQL server.
All computers on site are running either win10 PRO or win11 PRO. To be able to use Active Directory and create a VPN do these computers need to be running windows enterprise or can that be done with Win 10/11 PRO?
Thank you!
Setting up a domain is wildly different than setting up VPN access. They’re not even close to the same thing.
You can do both with 10/11 pro. The next question is do you have a firewall that is capable of VPN and does it have the specs/performance to handle x number of VPN sessions on top of what it’s already doing.
Ummm your plan might have some security problems
I know this is not what you asked, but generally speaking ODBC/JDBC/SQLNet type connections over a VPN are trash. You would be better server to set up a RDS gateway and one (or more) RDS workers with the software you need and people use RDP to do what they need. That way your data isn’t crossing the internet. Most SQL DBA don’t even force encyption - yes the tunnel will but best you have SQL traffic stay in the server room.
To be able to use Active Directory and create a VPN do these computers need to be running windows enterprise
Windows Pro computers can join Active Directory. Home cannot.
Couple questions.
Are you currently running Active Directory or is this something you’re thinking you need to setup to use a VPN?
Second, how many people would be needing to use the VPN at a time (concurrently)?
This is a hard question to answer without more knowledge of your existing infrastructure.
you can do it on any version (pro or ent for adjoin) if you use 3rd party clients and not rely on windows feature. You’ll want a platform that can create ssl vpn, if you’re tight on budget, you can get ovpn server setup, stick it behind firewalls and distribute client apps.
You can configure VPN on PRO versions, but Direct Access is only available on Enterprise.
Sounds like not many people, Azure AD (entra)? What is the firewall? The easiest option is to add VPN to that.
If they already have a laptop, and a desktop at work, then it might be better to setup remote access from their laptop to their desktop. Splashtop, TeamViewer, bomgar, and a host of other software can do this for you without need for VPN or Active Directory, the database connection will usually work a lot better this way instead of running it over VPN as well.
Yes, have done it with Softether VPN. Very easy to configure and lock down too assuming you have a spare machine to act as a VPN server.
As others have said, you might be a bit out of your depth here.
Don’t take that the wrong way, it’s great that you want to learn, but a live business network is not the way to learn some of the basics without proper support. Too much risk of creating significant (potentially business killing) consequences, and you’ll be the one to liable when things go wrong. That isn’t an exaggeration.
We can all give generalised information here, sure, but every network is unique and we know jack about yours.
That said, I don’t think you need AD. What I would be doing is a basic firewall with good VPN functionality built in. Downside of that, is that they’re usually not very beginner friendly when it comes to configuration. Upside, you can lock the VPN down to only provide the appropriate internal access.
Try to find a consultant who’s willing to deploy the solution, then train you on maintaining it if that’s what you want to achieve!
Yeah this was my first thought. Never allow unmanaged devices to connect to your server
Thank you!
Btw when using AD users to log in to Windows do those users use local storage or server storage?
Hello,
We currently do not have Active directory and is something i think i need to be able to set a secure VPN since they will be accessing the company server.
The company has 12 people and there will never be more than 5 connected at the same time.
Thank you!
I’m actually considering the price/benefit, we are only 12 so don’t think it’s worth what we will have to pay to have a VPN plus AD and maybe a SSL VPN would bring us more benefits.
The main issue here is that we don’t have AD installed and configured and all computers are running with local users.
All workers who need to work from home use one drive so all their documents are cloud-saved and synced between their desktop here at the office and their laptop.
The only issue is that one of the programs we use requires access to the company server and they also need access to the on-site printers.
Thank you! I’ll take a look into that one
If you cannot answer this, you need to bring in an expert before trying to implement Active Directory.