0

I am helping out a small business with setting up an IT scheme. With the current pandemic situation, laptops are becoming a more important part of the infrastructure for employees. In deciding how to deploy new systems, I have come up with two techniques:

  1. provide employees with high-performance laptops with VPN capability into the office to access files
  2. provide employees with low-performance laptops with VPN and remote desktop capability (and basically nothing else on the laptop), and provide high-performance desktop systems in the office for them to remote into.

I am leaning towards the second option, because I think I can make it cost about the same total as a high-performance laptop with the following advantages, among others:

  • better price/performance ratio
  • more security (if laptop is lost or stolen we can disable their VPN credentials)
  • upgradeability of the desktop
  • easier management (the desktops are in the office meaning we always have access to them and can make changes without tracking down the employees and making them bring us their laptop)

My main worry is whether cheap ($200-300), lower spec (Atom/Celeron) laptops can run remote desktop smoothly. I would tend to think yes, but I can't test this because I don't have something with specs in that realm on hand. Does anyone have any experience with remoting using low spec hardware?

My other concern is because this is not my field of expertise (in case you haven't yet noticed), I may be missing an important detail.

I'd appreciate any input on this, and I apologize in advance if I'm in the wrong place for this type of question.

Thanks in advance.

sviva
  • 3
  • 1
  • You've missing a main point: which tasks are assigned to these employees? What they need to do with their machines? What if somebody has a slow internet connection? Also, some might not need a powerful desktop at all, if all they need to do is to run some SaaS thing and all the complexity would be on servers. – Nikita Kipriyanov Feb 13 '21 at 17:27
  • Thanks for the comment. The employees need to do mainly word-processing types of tasks, sometimes working with specialized software for accounting or task-management. Otherwise it is mostly word-processing and viewing/editing PDFs. So not particularly heavy work, but it is important that it runs smoothly to prevent frustration and increase productivity. – sviva Feb 13 '21 at 17:44
  • How is option 2 more secure? If you select option 1 you can still disable their VPN and accomplish the same thing. How does option 2 prevent people from saving files to the laptop? How does the performance of the laptop relate to security in any tangible way? How does option 2 negate the need to manage the laptops? – joeqwerty Feb 13 '21 at 21:39
  • Thanks for the comment. You're right that option 2 doesn't necessarily "prevent" saving of files, but at least it establishes a policy where that isn't done by default, *hopefully* reducing the extent to which that is done. But I see your point. – sviva Feb 14 '21 at 00:34
  • Regarding performance, I would think that the network is the main bottleneck when sharing desktops remotely. The next factor should be the client's RAM, as it has to display two desktops. The centralized solution does give you better control, e.g. enabling you to back up users' files, but you could achieve that with the equivalent of Google Docs or Office 365. You should investigate the term VDI (virtual desktop infrastructure). – berndbausch Feb 14 '21 at 01:50

2 Answers2

2

Remote desktop over VPN for everything risks being a truly terrible experience. Input lag. Slightly more difficult to support multiple monitor setups. Video or audio calls over IP possibly being complete garbage. Internet downtime means no work done, due to no local files or web browser available.

Delete the desktops. Buy decent laptops, and spares. Share the same models of laptop for both in and out of the office use cases.

Get tools to manage and secure devices. Which should be done in either scenario, which makes your argument that remoting into desktops is more secure not very compelling.

Issue hardware tokens for multi factor auth. Disk encryption. Force password change on loss. Remote wipe. Remote support procedures to fix or replace machines. Possibly outsource fixing hardware, to a vendor that does on site repairs or fast ship of replacement.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34
  • Thank you John, I think your point about VOIP is important and something I didn't consider. – sviva Feb 14 '21 at 05:16
  • After further consideration, we will be taking John's advice on this. Thanks to everyone who commented and answered. – sviva Feb 14 '21 at 18:17
  • This isn't one-size-fits-all. Most workers at my company are using RDP from personal devices to in-office machines via RD Gateway, as do I. Works great for most things. You do need to do video/audio calls from your personal devices rather than over RDP of course. – mfinni Feb 16 '21 at 15:55
0

I understand that you main query is around thin clients.

True thin clients don't need very much RAM by their nature. Some thin client hardware includes as little as 512 MB, though others go up to 4 GB or even 8 GB. Regular PCs utilized as thin clients need enough RAM for their operating system to run easily. Minimal local storage is another hallmark of thin clients.

Rahul Hatzade
  • 16