VPN vs. remote desktop
In any environment with remote desktops, there are usually physical machines on a company’s premises that are accessed remotely. In an environment that uses VPNs, the physical machines are in the hands of the users, but appear to the network as if they were on location.
In both cases the connection between the network and its users needs to be encrypted.
What is a remote desktop?
Remote Desktop, also often referred to as Screen Sharing, is software that allows you to connect to another computer and use it as if you were sitting right in front of it. This can also be implemented as a native feature of your operating system. Popular tools include Netviewer, LogMeIn, Teamviewer, Citrix or Apple Screen Sharing.
Remote Desktop applications are used for technical troubleshooting, but also for remote working.
All keystrokes and mouse movements have to be sent to the remote desktop, where computations are being done. The screen is than sent back as an image. Because of this, the experience can be slow and frustrating on an even moderately fast internet connection, and the system becomes useless without an internet connection.
Remote desktops are sometimes even used by large and well-structured companies and offices where all employees work on-site. As the network inside of a building can be incredibly fast, the performance disadvantage of a remote desktop might become negligible, and the benefits of a centrally administered system prevail.
The advantages of a remote desktop environment for troubleshooting include:
- The administrator can easily see everything that the user sees.
- The administrator can move the mouse, type on the keyboard, and perform any task from far away.
Remote desktop applications make it easier for the administrator to standardize workflows, maintain software, and keep systems secure in situations where employees all over the world are on machines that widely differ from each other.
Usually, the remote desktop stations are virtual machines located in a centralized server farm.
To administer a system of remote desktops well inside of a company can be challenging, as it provides a vector for anybody on the internet to directly access machines inside the company’s network and use them as if they were sitting in front of them. Good passwords, two-factor authentication, and even IP whitelisting are a must.
To handle VPN credentials is often easier, and the damage from simply being inside the company network (but not inside a company computer) is not as great.
Remote desktop vs. VPN
The decision of whether a computer network would be set up with Remote Desktops or a VPN should be made by the network administrator. A hybrid model is possible too. Usually in the case where users are expected to bring their own hardware and administer their own computers, a VPN is favored.
One example of this would be in a university. When users do not administer their own computers or where the employer wants to be in strong control over what employees can or cannot do on computers, a remote desktop environment often makes more sense.