cancel
Showing results for 
Search instead for 
Did you mean: 

Using Pulse client on a terminal server?

Highlighted
New Contributor

Using Pulse client on a terminal server?

Hello, I am new to the Pulse client, having only prior experience with Cisco, so I hope this isn't a dumb question.

We have a Windows terminal server setup (call it #1) that many users login to via RDP and use as their main "desktop". From there certain users also RDP into various other servers for specific functions as needed (call these #2, #3, #4). These other servers are only accessible from #1, not directly from anywhere else.

One of these secondary servers (#2) now has implemented a VPN requirement within the corporate network. Is it possible to install the Pulse VPN client on the terminal server (#1) so that the few users accessing this specific secondary server (#2) can get to it from #1? Or would having multiple users trying to establish a VPN connection from #1 to #2 interfere with users connecting to #3 and #4 (also from #1)?

As background, the users may be sitting in front of a variety of devices, from PCs, Macs, Wyse, iPads, etc. They RDP into #1 so they can have a consistent environment to work on. The server isn't able to support individual VMs for each user at this time, hence the terminal server model.
Tags (1)
2 REPLIES 2
Moderator

Re: Using Pulse client on a terminal server?

What type of VPN are you looking to do?
Only one user can have a session active at a time; this could cause problems with connections to #1.
How is the VPN being determined OR is it that there is/will be a segregated network for #2 that users will have to connect to a dedicated portal for access from #1?
If a dedicated portal is an option:
Is using the HTML5 bookmark an option?
Is using the Java RDP bookmark an option?
If a dedicated portal is not an option:
it _may_ be possible to setup a machine auth connection for #1 that users can login to the original IP and then access to all will still be available (but all users that login will have access over the tunnel)
New Contributor

Re: Using Pulse client on a terminal server?

Thanks for the reply. I'll try to answer in a way that makes sense given my modest understanding of VPNs.

The VPN was set up by another department, I believe in an effort to make access to their most sensitive system more secure. It’s an EDMS system with highly sensitive data on it, so it’s only accessible via our internal network already. But it’s a large network, so they are locking it down further I guess. This is what I’ve called #2.

Currently the solution is to install the pulse secure client on your desktop, so when you need to access this one system, you start the client, login, and form your tunnel to that server. When you’re done, you disconnect and go about your other business.

The thing is, one team of users that access #2 don’t have software installed on their local workstations… they operate in a terminal server environment, effectively running “thin”. They login to their local PC, or Wyse, or laptop from home, and connect to #1, which is a standard Windows terminal server with all their productivity apps on it. They connect via RDP, whether they are on site or remote. No VPN is used either way.

Once logged into #1, they use their apps and also connect to other systems on the network which aren’t accessible from the outside, like #2-4, for specialized work as needed. Until now this worked great. But with #2 now requiring VPN, the users asked us to install the pulse secure client on #1. But I don’t think that will work, because if one user runs it on #1 and establishes a tunnel to #2, isn’t that going to disrupt the network for all other users?

I don’t know anything about the HTML or Java bookmark options. Do those establish a connection to the server in a different way than the Pulse client?

If what the users have asked for (in their limited understanding) isn't possible, can you point me to some documentation or details explaining this? I haven't been able to find a definitive answer, and I don't want to waste time trying to make it work if it's a non-starter.