back to article Surge in home working highlights Microsoft licensing issue: If you are not on subscription, working remotely is a premium feature

Working from home and want to access your PC at work? The best solution may cost thousands in additional Microsoft licensing costs. In the scramble to migrate employees to home working, there are issues for businesses who normally have staff in an office working on desktop PCs, or accessing network file shares and intranet …

  1. ken jay

    actually my home computers are far more secure than any corporate

    1. big_D Silver badge

      Same here, but due to corporate policy and GDPR, no private devices can be connected to the corporate network (even via VPN) and you cannot even use a private device (PC or smartphone, for example) to access E-Mail via Webmail or OWA.

      Home working is only possible with company devices. No company device, no homeworking.

      1. Anonymous Coward
        Anonymous Coward

        Home working only possible with company devices? Beg to differ...

        Spent some considerable time working for a particular US bank with operations here in London. Due to some changing requirements (and they fact they couldn't hold on to certain key members of staff in the US) I was asked to cover hours from 10am to 7pm.

        I agreed to it on the basis that I could do so remotely, my manager agreed and approved it in a heartbeat.

        For 7 months, I connected (using a Citrix Receiver based solution) from my own Windows laptop to my office machine. Multiple levels of security including a one time code for each Citrix login via my mobe(none of this RSA Token nonsense) and the performance was exemplary. The only day I had an issue was when BT had a fire impacting a duct somewhere in their core network.

        Oh and all of this without *any* equipment from the relevant company setting foot in my house.

        It can be done without company gear at home *but* you need the right systems setup and in place to do so.

    2. Antron Argaiv Silver badge

      I brought my work laptop home

      1. Aristotles slow and dimwitted horse Silver badge

        Me too. I've been WFH since early March without issue. The only thing I miss is the office banter.

        1. Captain Scarlet Silver badge

          I miss the fact I had two desks to leave my mess on, it doesn't fit on one desk :(

      2. baud Bronze badge

        I brought home my PC (not a laptop, a small tower) + screen + cables, (with autorisation from the boss). Then I can use a VPN to connect to the company network. Yeah, it was some kit to move around, but once set up, it's way better than what was proposed to those without a company-provided laptop: on your personal machine, install vmware player, use this Win10 image and connect to the VPN from the virtual machine; once on the VPN, you can connect remotely to your PC (since security doesn't want any connection to the VPN from personal machines)

      3. Danny 14 Silver badge

        This. Our staff have work laptops docked. These have vpn and dial in before login. Always worked well.

    3. The Man Who Fell To Earth Silver badge
      Boffin

      same

      I'll put my personal machine's security over the company's any day. The company set Windows policy settings always have us months behind on patches, among other things.

      Having said that, we've been having our corporate stuff screwed up by Oracle & SharePoint for years, with us all issued laptops with docks, that 99% of work can be done off site without a VPN, and the other 1% of work can be done through the VPN. The bigger issue was the company being too cheap to issue second docks for home setups, but $40 on eBay & an old monitor fixed that problem years ago.

      Biggest WFH issue, which won't go away when WFH ends, is the boss just discovered the instant video chat in Teams.

      1. Jou (Mxyzptlk) Bronze badge

        Re: same

        > the boss just discovered the instant video chat in Teams

        which does not work well with Citrix. And that is an understatement. There are marketing dudes says "will work well" no it does not. Good luck telling that your boss: "You want Teams? Kiss Citrix good bye!"

        1. Anonymous Coward
          Anonymous Coward

          Re: same

          We are primarily a Remote Desktop environment, even for people in the office, so moving to home working has been (relatively!) painless, so far at least. No, the likes of Teams won't work fully in RDS very well - no group video call meetings for a start (thankfully!) - but it works OK in a browser for text messaging, and the staff have be prepped to run audio/video calls and meetings from their phones, home computers (eep!) or iPads.

          So far, aside from assisting some non-techie people to get connected, the world hasn't ended. Yet.

          A/C

        2. Zombine

          Re: same

          But Teams is web based. If you're using Teams as a remote app, or through a terminal session, you missed a very important webinar in around 2013. Unless of course your IT department has made all your Office 365 stuff only available on prem, in which case in the next 5 years someone is going to ask a very awkward question regarding remote access and licensing costs.

        3. hoola Bronze badge

          Re: same

          If you want Teams, then kiss everything except a direct connection to the Internet goodbye. I just find it unbelievable that such an abomination is being forced on everyone. The concept is not bad, it is just such a rubbish implementation. Of course from Microsoft's perspective this is all good because it forces yet more corporate data into O365 and their cloud.

          What could possibly go wrong.

      2. Eecahmap

        Re: same

        The camera shutter or a piece of tape helps with that.

    4. kmedcalf

      I don't (didn't before I retired) permit (they call it high security because they believe every option that can be set should be locked down so that it cannot be set by the user, but in 90% of cases they choose the lowest security setting and do not permit the use of greater security) low security company laptop to connect directly to my network at home. There is a separate isolated VLAN for those devices in order to prevent them (or the company network) from contaminating my personal/home network.

    5. Deadly_NZ

      Yes same here

      Anyway with people being forced to stay home and work if possible it would almost be price gouging by Mi$$yshaft It's not like its our idea to stay home and work. Now the schools are closed so now thats going to make more people expected to work from home Mi$$yshaft are just going to have to wear it.

  2. Pascal Monett Silver badge

    "the variety of websites visited and software installed"

    And porn. Never forget the porn. It's not just the lowest rungs of the ladder either - CxOs and manglement are quite capable of having an interesting browsing history as well.

    That said, my sister's oldest used to be an expert in getting his mother's laptop into such a state that I had to go and purge the system. Curiously, when I pushed for him to have his own laptop, that stopped. What a coincidence, eh ?

  3. Jou (Mxyzptlk) Bronze badge

    The most simple way is not mentioned here?

    What is going on with TheReg?

    Most simple solution: Activate RDP on the client computer (which must be running) for that user. Give user a cooperate Laptop, tell him to connect the VPN and then RDP to HIS machine right in the office. He gets exactly his desktop, all applications including some special ones (usually finance) which wouldn't work directly over the VPN anyway. While we install outlook and a few other things directly on the machine as well, the RDP-to-his-computer way saves a lot of hassle and the users can work right on. Not special or extra licence cost. Even smartcard-auth works for i.e. finance.

    You could even use some very ceap linux machines on the home end for the vpn+RDP stuff.

    And yes, I am making such a setup right now, here at a customer site, before the mayor issues a lockdown due to some idiots not behaving and still party in big groups.

    1. Anonymous Coward
      Anonymous Coward

      Re: The most simple way is not mentioned here?

      We were out of compliance, when we tried that.

      1. Jou (Mxyzptlk) Bronze badge

        Re: The most simple way is not mentioned here?

        That must be a strange compliance. Any details, or is it against your compliance to give those? You can configure such remote laptops ot be able to ONLY use VPN, no other internet, everything else locked down / dumbed down. But if your company has such a compliance it is big enough to afford other setups easily, like mentioned in the article.

        1. Anonymous Coward
          Anonymous Coward

          Re: The most simple way is not mentioned here?

          You need an RDP-CAL for each PC being attached to, I believe.

          It was before I started, but MS said that RDPing into the PCs wasn't covered by the standard licensing - we used it, for example, for remote support on some PCs.

          Also, you can't RDP into it from a non-Microsoft device without a separate CAL for each device (E.g. thin clients, smartphones etc.).

          1. Anonymous Coward
            Anonymous Coward

            Re: What about auto-updates?

            You're confusing RDS (a windows server feature) with the one in Windows Pro (let's call it RDC). RDS allows multiple server hosted sessions.

            Two users can login simultaneously on the given machine and have sessions going in parallel.

            Windows Pro and above have remote desktop RDC that is equivalent to logging in on the machine. If someone else logs in you are kicked out (whether physically or remotely). You paid for the license here when you bought windows.

            The latter feature does not require additional licensing. I'd be surprised there are compliance issues there, it is no different from physical use - it cannot support multiple sessions say across users, you cannot cheat any differently from physical PC. This is unlike RDS - you can cheat here with just one application licence but multiple users simultaneuosly using it.

            RDS on Windows Server, is the one needing licences from Microsoft. Otherwise you'd just buy 1 copy of windows server and have the entire org login thin-client style, instead of buying "full client" Windows for each user/PC.

            The reason the subscription includes it is probably the very reason the affected companies don't buy it - it is per user not device, so the difference becomes irrelevant.

            So Jou (Mxyzptlk) WoW should not need additional licensing (you just need licenced win prio or greater) and should not pose compliance problems for other SW.

          2. Jou (Mxyzptlk) Bronze badge

            Re: The most simple way is not mentioned here?

            > You need an RDP-CAL for each PC being attached to, I believe.

            Well, no. Double no.

            You take one Windows pro machine (even Windows XP pro can do it), and it allows ONE RDP connection. One alone, and not more. Requires nothing special, and NO license at all.

            You take one Windows Server, and you can use it for two concurrent RDP sessions. Designed for Administration, and not for users though. If you use it for the latter you are probably doing something illegal, even though it works.

            The next level is what you talk about, a full Windows Terminal Server, which require your mentioned RDP CAL.

            And one step beyond that is Citrix.

            I have fond memories of Windows NT 4.0 Terminal Server Edition...

            1. Roland6 Silver badge

              Re: The most simple way is not mentioned here?

              >The next level is what you talk about, a full Windows Terminal Server, which require your mentioned RDP CAL.

              Which (if memory is right) is concurrent user-session based not actual machine, named individual or location based. Hence if you have a correctly licenced RD or TS (without without gateway systems) for normal office use, it is correctly licenced for remote access by those same users.

              So the licence issues only really appear when under normal circumstances an organisation with a large user population but low level of concurrent RD/TS users changes to one with a large level of concurrent RD/TS users.

              About the only licence issue an organisation may encounter is if they decide to use a Windows server as the VPN host, but who in their right minds would do that when dedicated VPN appliances are readily available and can be up and running in minutes compared to building a Windows VPN server.

              1. Jou (Mxyzptlk) Bronze badge

                Re: The most simple way is not mentioned here?

                > >The next level is what you talk about, a full Windows Terminal Server, which require your mentioned RDP CAL.

                > Which (if memory is right) is concurrent user-session based not actual machine

                You can choose! Most of the time User-RDP-CAL ist cheaper and easier to handle, but there are situations where Device-RDP-CAL is the right choice.

                If you have more users than machines take Device-RDP-CAL. Happens often with shared workplaces where half of the day one user works, the other half another, and on weekend again another and so on. Or an education facility with 20 clients for 100 students.

        2. Anonymous Coward
          Anonymous Coward

          Re: The most simple way is not mentioned here?

          Some software (e.g. CST Microwave Studio) has licensing that insists the user is on the designated premises, and remote working of any kind is in violation of the license.

          1. John Brown (no body) Silver badge

            Re: The most simple way is not mentioned here?

            I do wonder which, if any, of some of these onerous licensing terms are actually legal. It could get interesting if some of the licencors start sending out invoices and the licencees kick up a stink over "unfair" licence terms. After all, if the licencor wanted to restrict things unless you pay more, surely the software should not let you it without the licence. It's almost as if they are setting traps for the unwary to fall into and create extra revenue.

            1. phuzz Silver badge

              Re: The most simple way is not mentioned here?

              It's almost as if they are setting traps for the unwary to fall into and create extra revenue.

              Oracle licensing in a nutshell.

          2. kmedcalf

            Re: The most simple way is not mentioned here?

            So don't use that software and tell the company that is trying to sell it to you why you will not use it. If they go bankrupt as a result that is a good thing.

            Alternatively, you can just ignore them and when sued make the legal argument that using "remote desktop" to a locally installed instance is *not* remote access. It is "local access" using really long monitor and keyboard cables (which is all it is, in reality) and that the usage is occurring entirely "on premises".

            Of course, perhaps your organization has crappy or stupid lawyers, so they won't think of this argument.

    2. Tim Anderson (Written by Reg staff)

      Re: The most simple way is not mentioned here?

      This is a good solution if you have a corporate laptop to give out. There's an issue if you have lots of staff usually on desktop PCs suddenly working from home, and haven't got kit to hand out, as VPN from home PC is not so good. From Android, iOS or Chromebook probably fine. But there are lots of ways to do this and this isn't meant to be telling anyone how to do it, more to highlight potential licensing snags.

      1. Sgt_Oddball Silver badge
        Meh

        Re: The most simple way is not mentioned here?

        My work moved over to laptops years ago for the flexibility and also as turns out long term return on investment - A slightly above base model lenovo can be had for not much more than a base unit, montior and keyboard/mouse and when going through refreshes usually still worth about 2-3 times that of a desktop (which is why they end up not getting refreshed too often since theres' next to nothing to recoop when cleaning them and selling them off again).

        I just wish they've offer the machines to staffers first, since some of the machines get very little use as said staffer might have a dev machine that gets far more abuse (like me for example).

        1. kmedcalf

          Re: The most simple way is not mentioned here?

          The particular part of the company where I worked (before I retired) always had a significant part of the employee's using laptops -- it was part of the business contingency planning. This was at the time when a laptop with 1/10th the capability of a desktop PC cost 100 times as much as a desktop PC.

          After the SARS-nCoV-1 company-wide business contingency planning provided that all employee's would have laptops and tested and functional remote access except for very specific exemptions.

          This policy affected at least 10K employees and contractors in Canada.

      2. Anonymous Coward
        Anonymous Coward

        Re: The most simple way is not mentioned here?

        Except attaching with Android, iOS or ChromeOS (or anything non-MS) isn't covered in the Windows Pro license. You need an extra CAL for that.

      3. MiguelC Silver badge
        Pint

        Re: The most simple way is not mentioned here?

        And don't forget the stress it burdens the corporate network with.

        My company took everything it could out of the VPN and into cloudy infrastructure (O365 including Teams, Zoom, Confluence, fileserver contents being migrated to OneDrive, etc.) But then, they had to cope with a sudden 10000% increase in the number of people working from home.

        They're real aces making all this work! A well deserved pint they should have, in the safety of their homes.

      4. John Brown (no body) Silver badge

        Re: The most simple way is not mentioned here?

        "This is a good solution if you have a corporate laptop to give out. "

        Anyone trying to buy laptops from the channel will be disappointed unless and until the supply chains start working again.

    3. Anonymous Coward
      Anonymous Coward

      Re: The most simple way is not mentioned here?

      The MDM product that I'm a sales engineer for has it built in (using VNC because, well, why wouldn't you), so not only do you get remote desktop, you get MDM on top :-)

      Anon because I don't want to come across as trying to sell it :-) Just pointing out...

    4. ArrZarr Silver badge
      Joke

      Re: The most simple way is not mentioned here?

      I'm glad that the voice of wisdom is here. Clearly the govt. should have hired you as an advisor to tell them how to fix everything IT.

    5. Anonymous Coward
      Anonymous Coward

      Re: The most simple way is not mentioned here?

      > You could even use some very [cheap] linux machines on the home end for the vpn+RDP stuff.

      That won't work.

      Linux does not have the support for most corporate VPNs (e.g. Cisco) and Linux cannot support the latest RDP version, which means that any connection will take more bandwidth than it should. Or you have to use VNC which is worse and fundamentally insecure.

      Next you have to in add all the training required for IT support and the end users, plus dealing with the myriad of problems with desktop Linux and the headache of keeping a completely different OS stack properly updated.

      1. DougMac

        Re: The most simple way is not mentioned here?

        Linux seems to have a lot more support than you think. Linux anyconnect download is here

        https://software.cisco.com/download/home/286281283/type/282364313/release/4.8.03036

        If you have something not-cisco, and don't have to do proprietary Cisco wrapped up SSLVPN that anyconnect is, Linux has a plethera of options for IPSec VPNs. IPSec is IPsec. While there are many options, there are also many solutions.

        There are many RDP clients that work well on linux. I don't think anybody would tend to think VNC is the only option. My main day-to-day RDP option is built ontop of FreeRDP that works better than the Microsoft RDP client on windows.

      2. DougMac

        Re: The most simple way is not mentioned here?

        Linux seems to have a lot more support than you think. Linux anyconnect download is here

        https://software.cisco.com/download/home/286281283/type/282364313/release/4.8.03036

        If you have something not-cisco, and don't have to do proprietary Cisco wrapped up SSLVPN that anyconnect is, Linux has a plethera of options for IPSec VPNs. IPSec is IPsec. While there are many options, there are also many solutions.

        There are many RDP clients that work well on linux. I don't think anybody would tend to think VNC is the only option. My main day-to-day RDP option is built ontop of FreeRDP that works better than the Microsoft RDP client on windows.

        Of course that still doesn't account for the RDP client license that Microsoft will make you get because you aren't using their desktop OS that conveniently bundles said license with it. Also a Microsoft auditor will come in and inform you that if there is any chance of non-windows desktops ever connecting, that you'll need to buy RDP client licenses for everybody "just-in-case".

      3. gerdesj Silver badge
        Gimp

        Re: The most simple way is not mentioned here?

        "Linux does not have the support for most corporate VPNs (e.g. Cisco)" - have a look at the feature list for NetworkManager

        "and Linux cannot support the latest RDP version," - well what the blazes am I using to all those 2019 servers then? Have a look at the feature list for xfreerdp.

        My wife uses a Linux laptop at home. She calls it the internet, which might imply her level of technical expertise.

        Please try to keep up AC

        1. Jakester

          Re: The most simple way is not mentioned here?

          Dell provides a good VPN client solution for its Sonicwall firewalls.

      4. katrinab Silver badge
        Linux

        Re: The most simple way is not mentioned here?

        We use pfsense/open vpn, which works perfectly in FreeBSD, it is after all a FreeBSD derivative, and presumably linux.

      5. Jou (Mxyzptlk) Bronze badge

        Re: The most simple way is not mentioned here?

        > Linux does not have the support for most corporate VPNs

        YOUR Linux maybe... It is the other way around: There is no cooperate VPN it cannot connect to. The price is: Knowing how.

        Linux can connect Cisco, IPSec to various other routers, or openvpn which is used in i.e. Sophos, or PTPP/L2TP connecting an microsoft VPN/RAS server etc etc etc. Been there, done all that about ten years ago at least. Nowadays it is even easier!

      6. phuzz Silver badge

        Re: The most simple way is not mentioned here?

        1) PaloAlto's "Global Protect" VPN has a linux client that works just fine. (I like it better than the Windows one tbh)

        2) I'm not sure if any linux RDP clients support every last feature of the latest RDP protocol (v 10.0), (and frankly they all seem to do a bad job of listing exactly what features they do support), but at the end of the day, even the earliest versions of RDP are a massive step forward from VNC in terms of bandwidth and general usability.

        RDP is backwards compatible though, so you can connect to almost any version of Windows RDP with any client that supports the basic protocol.

        (There's also open source servers too. Virtualbox uses it to allow access to VMs).

    6. baud Bronze badge

      Re: The most simple way is not mentioned here?

      We would have done that at work if we had enough laptop to go around, but it wasn't the case;

    7. Hoe

      Re: The most simple way is not mentioned here?

      But then they are connecting a Home Machine to an Office VPN, if their Home PC has a nasty worm on it the whole office network can be compromised, this will not pass proper security standards in 2020. :(

      1. Nick Ryan Silver badge

        Re: The most simple way is not mentioned here?

        It's quite possible to isolate incoming VPN connections and to permit only specific services through. Such as, for example, RDP and nothing else...

    8. IGotOut

      Re: The most simple way is not mentioned here?

      Am I missing some in your argument?

      If you have a corporate laptop, why bother with RDP to the desktop?

      Surely you have everything you need on the file servers?

      1. The Oncoming Scorn Silver badge
        Holmes

        Re: The most simple way is not mentioned here?

        People lose laptops & data, one place I worked provided loaner units for employees to RDP into their work machine if they had to WFH.

        Everything was setup, they were comfortable with the setup of their machine etc, no files or data left the premises.

      2. katrinab Silver badge

        Re: The most simple way is not mentioned here?

        We connect by rdp to the server for everything except for three people that have banking software that uploads bacs submissions.

      3. Jou (Mxyzptlk) Bronze badge

        Re: The most simple way is not mentioned here?

        > If you have a corporate laptop, why bother with RDP to the desktop?

        File sizes, and therefore speed. Have you ever opened an 10MB+ file in Office, Autodesk, Indesign, Photoshop (name yours) or just an Access DB (latter just as an example) over VPN? It takes aeons to open, and you end up with corrupt files way too often. Or take more complex constructions like ADDSION software or SAGE... Woah...

        If you have to do a quick and secure solution, do it my way. If you have enough time to design for this, like pumping up the office internet connection, you can choose other ways.

        And if you know BT, they are just like the German Telekom on that behalf: May take 6+ Month to get a bigger line.

      4. Farcycle

        Re: The most simple way is not mentioned here?

        Everything you need on the fileservers? - sure if you're just editing documents, how about the myriad of servers, networks and applications that many of us need to access daily that are blocked (quite rightly) over VPN access?

        If I use my company laptop from home I'm severely limited, RDP to that laptop sat on the company network from my home machine over VPN, which is definitely as secure as my work machine, and all functionality is available to me.

    9. bombastic bob Silver badge
      Devil

      Re: The most simple way is not mentioned here?

      RDP is interesting, if it's supported [it's likely a smaller business has HOME versions of windows, which don't allow remote-in].

      There is a VERY SIMPLE solution, however:

      a) VPN login to corporate network

      b) VNC server running on the desktop [you'll need to log in first and leave it logged in, turn off those annoying lock screens, etc.]

      BUT... if you run Linux or another POSIX operating system chances are you have OTHER things available, too, like ssh, "remote desktop" via the DISPLAY environment variable, and so on.

      VNC is probably the easiest (so long as you don't lose the login on the desktop)

      and when it comes to outright performance, remote X11 desktops are probably as good as (or maybe even better) than RDP...

      [I do not know if there's an open source RDP server out there for windows, but there MIGHT be one for POSIX systems...)

      It's also possible, on a POSIX system, to use something like 'Tiger VNC' to operate on its very own desktop. I do this a LOT to test X11 applicaitons. Run vncviewer on the main desktop, run the test applications on the tigervnc's X server with a different desktop (usually loalhost:1). There's really no reason you cannot have that secondary desktop running on a network-visible IP address, and then you just need to be able to VPN into the corporate network to access it.

      1. Jou (Mxyzptlk) Bronze badge

        Re: The most simple way is not mentioned here?

        > b) VNC server running on the desktop [you'll need to log in first and leave it logged in, turn off those annoying lock screens, etc.]

        Run it as a service. All those VNCs offer it, and work fine even if UAC is set to the highest level - which is the only correct level.

        But I prefer RDP when possible. Login is AD-Controlled (Single Sign On), and you can select which user can connect. Requires more work to do the same with VNC.

      2. phuzz Silver badge

        Re: The most simple way is not mentioned here?

        likely a smaller business has HOME versions of windows

        They're already breaking their license by doing that then. The Home version is specifically for non-commercial use. (Not that most small businesses care).

        Disabling RDP is one of the ways Microsoft differentiates Home vs Pro, to encourage you to buy the Pro version.

        1. Strahd Ivarius

          Re: The most simple way is not mentioned here?

          The distinction between Home, Pro, Enterprise, Education refers to features, not use.

          It is perfectly authorized to use a Home version for business use.

          1. jsa

            Re: The most simple way is not mentioned here?

            Yes, I believe it’s only Office where that’s a concern (I recall the Home & Student edition would even have a non-commercial use warning in the title bar at all times, to stop you forgetting)

    10. pstones578

      Re: The most simple way is not mentioned here?

      This will work but it is a clunky solution. In 2020 companies need to be better than this. I was doing this sort of thing over a decade ago.

    11. Anonymous Coward
      Anonymous Coward

      Re: The most simple way is not mentioned here?

      Not bad. Except if someone introduces a worm to the network that exploits an as yet undiscovered RDP bug or a variant of an existing one and your IT guys are on lockdown...you're fucked.

      I've put critical web based services behind a reverse proxy, (gitlab, SVN, etc) file sharing is now proxied through a Linux box (mounted SMB group shares symlinked inside SAMBA shared folders for each group) and that box is only accessible via VPN.

      Remote access to workstations is possible, but only on request if absolutely necessary.

      Email and conferencing is Office365/Teams as it has been for a while.

      Most importantly I have 3 encrypted off-site backups and a warm empty file server in the cloud if I need it, everything ready to go...just no data there until I restore it.

      Web services are already replicated to a warm set of DC servers for failover.

      All good. Everyone working just fine. Most issued with company laptops (at most 1 year old).

      Don't forget security and backups guys, you might not be able to get onsite if the shit hits the fan.

    12. Nitromoors

      Re: The most simple way is not mentioned here?

      That is a very poor solution. It requires the customer desktop to be up and running. not hung, rebooted or shutdown by accident. It's just about OK for a one of or a fudge for some small scale software issue such as a product that still need XP, but as a corporate business continuity strategy it should be a sacking offence.

  4. a_yank_lurker Silver badge

    Issue

    The issue is many organizations are not set up to have a large portion of their staff work remotely. Those that already were issued laptops with the appropriate software preinstalled so using a personal computer was not required (or often not allowed). I am not sure how using a home computer would affect the licensing, it is a rather messy issue. But if Slurp, et. al. wants to really anger potential ex-customers hammer companies over licensing during this time. It is not as if the customers are trying to violate their licenses. Also, I am not sure that many courts worldwide would look kindly on what many would view as a shakedown attempt to profit on the misery of others; not exactly a winning strategy. But Silly Valley is notorious for their collective tone-deafness.

    1. Doctor Syntax Silver badge

      Re: Issue

      "The issue is many organizations are not set up to have a large portion of their staff work remotely."

      So this will be an interesting learning experience for them.

      1. hoola Bronze badge

        Re: Issue

        If you have 20,000 employees then setting them all up to remote work is not a small or cheap task.

        Far too many on the Register comment as if 10 seats and a server with everyone an IT Expert are the norm.

        Anything is possible at a small scale when a very limited number of people are in control.

  5. Dan 55 Silver badge

    On the cheap

    TeamViewer on a non-commercial licence (cut off after 3 hours). That is the solution for my better half's remote access to her company computer.

    TV must have noticed a surge in non-commercial remote connections during office hours, I wonder when the push to get money out of that will happen.

    If that happens the company will probably tell her to switch to Webex or something. And her company is not short of a bob or two.

    1. cb7

      Re: On the cheap

      Google Chrome Remote Desktop also works a treat if you have the option

    2. damiandixon

      Re: On the cheap

      NoMachine... If you install was free last time I installed. Commercial is reasonable.

    3. John Brown (no body) Silver badge

      Re: On the cheap

      "And her company is not short of a bob or two."

      And yet they are cheaping out with the non-commercial, free, TeamViewer? Or is that WHY they are not short of a bob or two in the first place?

      1. Dan 55 Silver badge

        Re: On the cheap

        The company refused to pay for anything new (I guess that answers your question) so people started installing TeamViewer themselves to be able to work from home. I've done a deal with the devil and installed Chrome Remote Desktop as suggested above as a backup in case TeamViewer stops working.

        I also looked at M360 Remote Assistant but Mac-Windows isn't possible.

        Thanks for the suggestions all.

    4. Pen-y-gors Silver badge

      Re: On the cheap

      Teamviewer is quite neat, but has crazy licensing rules. They offer the free, non-commercial version - fine. But there is no option for 'light commercial' use. If you want commercial then it starts at £31.90/month! Crazy.

      1. Jou (Mxyzptlk) Bronze badge

        Re: On the cheap

        Try Anydesk. Which I use for my home administration of remote sites since Teamviewer pricing sucks.

  6. GlenP Silver badge

    Good Job...

    Good job I made sure we have enough CALs in place in advance then!

    Not having enough hardware is a more serous issue. We've just about managed to scrape together enough kit for our desktop users if/when it's needed (not everyone is working from home yet) but we've been caught out by headsets for VOIP and online meetings. Managed to get a few 3.5mm plug ones from Amazon (assuming they're not hijacked on the way) but no USB ones to be found.

  7. steamnut

    Licensing fever...

    I bet that our favourite database supplier will be keeping a close eye on accidental licence abuse. After all, they really need lots more users to "volunteer" to sign up to their cloudy systems.

    1. Anonymous Coward
      Anonymous Coward

      Re: Licensing fever...

      And this is why complex software licensing really is the work of the devil (one of his finest, it has to be said).

      Add on the hassles of horrible fiddly and unreliable licence servers, and all the registration and activation crapola that accompanies home use licences that make end users give up the will to live, and all these companies which make things far more complicated than it really should be just to buy and use their product are sitting there wondering why FOSS alternatives are often slowly eating their lunch...

  8. Teiwaz Silver badge

    Reminds me...

    Of that Monty Python sketchlet.

    "It's a living..."

  9. Cynic_999 Silver badge

    Microsoft doesn't make he only remote access software

    Apart from TeamViewer, there are several other applications providing remote access. I use VNC. This does not provide file transfers, which is arguably safer because any virus on the machine at one end cannot be unknowingly transferred to the other. When necessary, transferring a file can be done in several ways - email, uploading to a filesharing site, ftp etc. Works fine between Linux & Windows machines.

    1. Briantist69

      Re: Microsoft doesn't make he only remote access software

      - free MS RDC on Google play is really great on everything including Chromebook devices.

      - free MS RDC in Apple store works really well.

      The free Windows version - - does everything really well (as you might expect after 17 years of upgrade) including cut/paste of files to the desktop.

  10. Doctor Syntax Silver badge

    They'd better be careful with those audits. I feel sure that those businesses that survive will be looking very carefully at how they do business in the future. Becoming seen as part of the problem and not the solution will be a good way to lose business.

    1. Nick Ryan Silver badge

      ...and yet Oracle still exist? :p

  11. LeahroyNake Silver badge

    Other options

    We currently only use RDP for accounts / Sage, it's not supported by Sage but it works fine.

    Email is all OWA as we have on premise exchange so no issues there.

    Just bought some extra Screen Connect licenses and giving select users access to their office pc, not sure how that stands with MS licensing but they can take a log walk off a short pier.

    Our problem is that most of our customers are not sending us the usual level of work as it's split between retail / leisure and office machine support.

    Fingers crossed we get paid at the end of this month :/

    1. MatthewSt

      Re: Other options

      Sage have relaxed their licensing rules for the pandemic, and said that if you need to install it on additional machines (to work from home) then you can. They may ask you to remove it later though

  12. AJ MacLeod

    Open source never looked better

    My customers who are on 95% open source setups (Linux on servers, thin clients on desks - other than the odd machine for one specific application) are in a very much better situation today than those who have stuck with a 100% MS setup...

    1. Danny 14 Silver badge

      Re: Open source never looked better

      Why? We use laptops, they have w10 and vpn to rras on server 2016. Its a doddle.

    2. bombastic bob Silver badge
      Thumb Up

      Re: Open source never looked better

      My customers who are on 95% open source setups [snip] are in a very much better situation today than those who have stuck with a 100% MS setup

      awesome!

    3. Jou (Mxyzptlk) Bronze badge

      Re: Open source never looked better

      Well, it is not the OS, even if you try to push your religious view on us to make us believe so. It is how you set it up. You can mess up Linux as well as Windows.

      1. AJ MacLeod

        Re: Open source never looked better

        Yeah, but we didn't. And it's not a religious view - it's a rational conclusion based on over two decades of experience managing both alternatives...

  13. Anonymous Coward
    Anonymous Coward

    Working from home guide

    Work laptop, home pc, kvm switch and two monitors.

    That means work on one monitor and play videos and music on the other one. Got an incoming call from the office?Hit the kvm, space bar to pause and hit it again to get back to the work laptop. Want to play games to let off a bit of stream, emulator and a joypad. Want to do a bit of browsing add a second mouse. A damn near perfect setup in my opinion. It worked for me for nearly 13 years.

    As for these issues couldn't you use something like TightVNC to get round licensing?

    1. Jou (Mxyzptlk) Bronze badge

      Re: Working from home guide

      I have to kick in here: TightVNC is unencrypted. Even through a VPN it is a no-go since you cannot trust your LAN either with some creative coworkers capturing the unencrypted VNC traffic. TigerVNC is a spinoff with encryption implemented and free as well.

    2. bombastic bob Silver badge
      Linux

      Re: Working from home guide

      tightVNC lacks proper support, last I checked.

      Tiger VNC was forked from it. [that's what I've been using]

  14. Shadow Systems Silver badge

    Appropriate it's about virii...

    If I've got to choose between the Corona virus & a Windows VD, I'll pick the Corona as it only might kill me rather than give me a MS STD...

    I'll get my coat, it's got the bottles of Corona in one pocket & the limes in the other.

    *Cough*

    It's IT related I swear! We're talking about beer aren't we?

    *Pure, Sweet, & Innocent Grin(TM)*

    1. bombastic bob Silver badge
      Pint

      Re: Appropriate it's about virii...

      here, have another

  15. ecofeco Silver badge

    Home PC accessing the corporate network? Hell no!

    I haven't worked anywhere in the last 5 years that allowed a home PC to access the corporate network. Not even for the executives.

    1. Anonymous Coward
      Anonymous Coward

      Re: Home PC accessing the corporate network? Hell no!

      It’s not blocked, for us, but it definitely isn’t allowed. Oddly, a Linux VM can connect, using openconnect, and I’m not sure if corp could tell whether that VM is resident on the corporate laptop or some other device.

    2. Roland6 Silver badge

      Re: Home PC accessing the corporate network? Hell no!

      Bet they allow OWA...

      If you're prepared to take the licencing hit, WS2012 and later supports the Remote Desktop web client...

      1. Jou (Mxyzptlk) Bronze badge

        Re: Home PC accessing the corporate network? Hell no!

        It's not the licensing for me. I'd not put an RDP-Gateway on the Internet without additional stuff before that. Either require VPN, or set up a reverse proxy which does Auth before connecting to the RDP-Gateway. I'd choose a method where an internet café connection is not possible.

        1. bombastic bob Silver badge
          Devil

          Re: Home PC accessing the corporate network? Hell no!

          open listening ports for RDP or VNC are a _BAD_ idea, encrypted or otherwise.

          best to use an end-end enrypted VPN, and all access to the corporate network (including remote desktops) is through THAT alone. With some creative firewalling, you could prevent normal network access via the VPN, and only allow the remote desktop-ing.

          1. Nick Ryan Silver badge

            Re: Home PC accessing the corporate network? Hell no!

            Requiring a VPN connection instead of (prior to RDP) really isn't fixing anything much security-wise, it's just moving the point of attack slightly. Rather than attack an RDP connection malware attacks a VPN connection instead. VPN servers are probably updated even less often than RDP servers.

            1. Roland6 Silver badge

              Re: Home PC accessing the corporate network? Hell no!

              >it's just moving the point of attack slightly.

              But it is a useful move for Internet facing services.

              It also changes the attack. With a MS RDS Server directly visible on the Internet, you are enabling the full range of RDP/RDS exploits to be tried directly against a live server. The addition of a VPN gateway, means an attacker has to mount a (successful) VPN attack before they gain access to the RDS server.

          2. robidy Bronze badge

            Re: Home PC accessing the corporate network? Hell no!

            Have an upvote...it's a bit obvious.

  16. Long John Silver
    Pirate

    Oust dogs from mangers

    Setting aside the fact that response by the UK government, and some elsewhere, to the viral outbreak has been directed by ill-placed emotion (largely fuelled by MSM), panic (again MSM), and unsound advice (mathematical modellers usurping consolidated experience among public health practitioners and 'hands-on' infectious disease academics), this manufactured 'crisis' must not be permitted to allow consideration of so-called 'intellectual property' (IP) rights get in the way of sensible behaviour.

    Governments, those not entirely in thrall to rentier interests, either posses or can concoct legislation enabling suspension (even negation) of IP rights when well-being of the general public merits it. In this instance, governments could prevent IP 'owners' from seeking damages/payment for infringing activities within their legal jurisdictions during the emergency.

    Not just Microsoft should thus be dealt with but also a host of others. Patents relating to drugs and health technologies must not stand in the way of preventative measures and remedies. It should be permitted to ignore the egregious copyright attached to academic literature. Also, with large segments of populations confined to their homes it would be prudent to keep them entertained and one helpful measure would be an officially sanctioned blind-eye to copyright infringement relating to film, audio, and TV shows.

    Incorrigibly avaricious among IP rentiers would squeal like stuck pigs (porcine analogy being appropriate). The more sensible, both through genuine concern over public well-being and preservation of brand image, would not require prompting by governments.

    For instance, in the UK, Premier League matches are immensely popular; fans are charged exorbitant sums either through direct subscription or indirectly via what is in effect a surcharge on the price of beer and on products from 'sponsors' of the League. There are increasing efforts to stamp out unofficial live streaming of matches but success is limited.

    Consider the following scenario. The Premier League along with other producers of popular televised sporting products could announce free access to live streams, some perhaps going through unofficial sources like Kodi add-ons, for the duration of the crisis. Matches, tournaments, and athletics competitions, could take place in stadia devoid of live audiences. Similar considerations apply to other manifestations of mass entertainment. A potentially restless population, particularly younger folk and school children (a low risk group foolishly being denied education), could be dissuaded from mischief arising from boredom.

    Tears need not be shed for any rentiers (whether of patents or copyright). They would be 'doing their bit', possibly under duress. IP dependent industries accumulate considerable bulk of (porcine) fat; this acquired through monopoly protected price-gouging all along a chain of middlemen from producer to end recipient. Indeed, dissemination of digitally encoded entertainment, and information in general, no longer requires the plethora of intermediaries accumulated during the analogue era. Meanwhile, during the wailing and gnashing of teeth by purveyors of trivial 'content' there are previously solid companies, large and small, facing ruin and many (those without backbench MPs and government minsters in their pockets) unlikely to be bailed-out. Similarly, the pharmaceutical industry whilst promulgating lies about its price gouging being necessary for supporting R&D (basic research mostly takes place elsewhere and generally using public or charitable funding whereas development - testing of medicinal products - is given a hidden subsidy through access to NHS facilities) would benefit from shake-up arising from the current 'crisis'.

    We have a government that barely concealed its neo-liberal agenda. Present circumstances, particularly potential economic collapse triggered by inept handling of the epidemic, have forced grudging admission of existence of 'society', this disavowed by the late Mrs Thatcher, and recognition of communal inter-dependence. Remarkably, the USA, adopted home of the late Ayn Rand, may be following suit

    1. amanfromMars 1 Silver badge

      Re: Oust dogs from mangers

      Governments, those not entirely in thrall to rentier interests, either posses or can concoct legislation enabling suspension (even negation) of IP rights when well-being of the general public merits it. In this instance, governments could prevent IP 'owners' from seeking damages/payment for infringing activities within their legal jurisdictions during the emergency. ...... Long John Silver

      That's an interesting concept which might not fully pass ACID and Penetrations Tests, LJS, although one is always free to go down that other route/root which has damages sought and generous grateful payments made to have IP 'owners' temporarily suspend and publicly curtail impinging activities within their legal jurisdictions during an emergency or not.

      Also, with large segments of populations confined to their homes it would be prudent to keep them entertained

      As opposed to having them thinking on and of things themselves and about how everything has arrived at such a sorry state of affairs in such a very short time, LJS? How very wise. One wouldn't really want revolting natives, would one, armed with undeniable nuggets of actionable truth?

  17. Version 1.0 Silver badge
    FAIL

    I would expect a surge too

    I'm seeing a little uptick in "Urgent New PO.docx.exe" files caught at the mail server this morning. I expect that we're going to see home PCs hacked and the corporate data and money leaking in the next month.

  18. whitepines Silver badge
    Happy

    Meanwhile, our corporate xrdp servers behind a certain popular open VPN server package continue to chug along as if nothing happened.

    One of the reasons for removing Windows from our network was this exact problem. The EULA for Windows changed with Windows 10, to the point of being worse than useless (i.e. a sueball attractor) if CALs aren't purchased. And when you look at CALs, you need Windows Server, not Windows Professional or whatever it is called these days. Bottom line is that it was cheaper and safer to migrate to Linux and use Wine for those handful of legacy Windows-only apps that prior to 10 were running on native Windows on a small number of firewalled boxen. Since the corporate systems were already mostly Linux and BSD-based (including desktop), it was a bit of a no-brainer with that EULA change.

  19. nxnwest

    Premium indeed

    In our shop, management hogs all the VPN RDC licenses when OWA, and Teams would do. "Their impotent!" Meanwhile the line workers/admin assistants are denied them, sent home and futily use VMWare and not allowed to use RDC even from those sessions. Those are the ones that actually need to access the DBs, do the record maintenance/updates and keep the whole operation running. It was a battle to get them the dual displays first as they have the actual need for screen real estate. Exec's have only one schedule to maintain, their assistants? All of them.

  20. rwill2

    Just RDP int your work computer!

    Open the RDP port on a desktop or laptop at Work, main issue if someone turns it off - Lol!

    Anyway companies who don't have VPN in place are probably not worth working for!

    1. Danny 14 Silver badge

      Re: Just RDP int your work computer!

      Depends, you could be working in the cloud via teams, sharepoint and onedrive. Our sister school is almost entirely cloud based. MIS, LMS and VLE all cloud based with o365 and even google classrooms.

  21. Jaap Aap

    Ugh, microsoft and their CALs. Why don't they make their product just twice as expensive and dump all their retarded limitations? It's not that microsoft themselves know what is legal and what is not. All those people working in making sense of the microsoft license agreements can then be repurposed as telephone sanitisers.

  22. YetAnotherJoeBlow

    For a minute...

    For a minute there, I thought aManfromMars changed his nick to Long John Silver.

    1. Donn Bly

      Re: For a minute...

      I just thought that someone forgot to switch over to their sock puppet account....

  23. amanfromMars 1 Silver badge

    And..... it's gone. Thanks very much for your participation and subscriptions

    Bear in mind the fact, ..... which is practically useless whenever spun as a fiction with particular and peculiar regard to any and all metadata base servers, whether in-house private or corporate or ethereal cloud and externally virtually hosted and anonymous second and third party protected, ..... once information and intelligence is inputted not a system which outputs further processed materiel, it is no longer recognised as solely yours to exclusively command and control.

    Be so aware, beware and take care, IT's a ravenous ravaging jungle out there, dying of hunger for your thoughts to exploit and bear fruit for the tables and enjoyment of others in much the same way as is presented in the following short, suitable for all video clip [1:45] ..... South Park

    If you can tell us where that is all wrong, we will certainly reconsider and reconfigure the argument and outcome with such newly processed output inputted, for such is bound to make a not inconsiderable difference overall.

    In some as can be many cases, they be Great Game Changers and Prime Agents of CHAOS* and Grand Revisions.

    * Clouds Hosting Advanced Operating Systems

  24. damiandixon

    NoMachine is a decent option

    It's fast... Works on Windows and Linux.

    OpenGL/DirectX work.

    Low bandwidth. Hardware compression supported.

    Your desktop is as if you logged in, unlike RD.

    However if you do RD in on Windows hardware acceleration of 3D gets disabled and you have to physically login.

    IMHO it's a decent option to access a work machine remotely especially if you use apps that use OpenGL/DirectX/Vulcan...

    1. AJ MacLeod

      Re: NoMachine is a decent option

      I like NoMachine too, but it's a bit expensive IMHO... it's a pity the various open source NX servers and clients have more or less died a death, they worked really well for quite a long time.

  25. Comfy

    Been a hell of a week for us....were a bit of a mix with a couple of providers for vpn services. Laptop users are easy but other have taken their desktop machines (with the vpn client on there) management reports 85% productivity as of yesterday so me and the lads are pretty chuffed with our efforts plus all the old laptop hardware that was scheduled for recycling has been reimaged and brought back into service...

  26. Twanky Bronze badge
    FAIL

    Bah!

    It's too late to be doing your BCP scenarios now.

  27. BGatez Bronze badge

    Solution is not getting roped into using a POS like Office

  28. Anonymous Coward
    Anonymous Coward

    Company remote working should never be a luxury for biz bods, it's for everyone

    2 years ago we moved over to using Office365 completely, so all apps can be on desktop hooked to the MS stores offsite or you can use the browser based apps if you don't need anything too fancy in the Office features, suitable for more IT bods knocking up docs and keeping up on email. The load is then shifted to browers and storage is remote on OneDrives, the load is taken off desktop apps. We still maintain backups of all our docs through the company on prem kit and that's sent off to a completely different storage vendor to comply with regs.

    Everyone is offered a laptop to replace their desktop if they wish, they can then keep the laptop with them at all times if they want, bring it back and forth to the office so long as they have laptop locks in use and someone checks the office floors once a day to make sure the laptops are physically locked down when in the offcie overnight.

    4 weeks ago the company management started having talks twice a day about how to handle COVID19 as it was ramping in China, they started sending certain depts home about 2 weeks ago so they could check home working was working as expected. When the command was given to clear out all the offices 10 days ago, the first command was clear your desk and the second was to take your laptop home, that covered around 70% of the workers. We have dual gateways in at least 6 sites worldwide, so there's plenty of VPN and Citrix gateways into the company and with O365 access via browsers getting over 1,000 people working from home inside 48 hours wasn't a walk in the park but considering what's been achieved, it's incredible.

    People like to mock management but ours have been just superb, all the usual squabbles have been pushed aside for the time being and this situation has just been dealt with quickly and efficiently. We in the middle of lots of projects, due to the COVID19 planning we haven't had to stop many the major projects.

  29. chololennon

    Apache Guacamole

    Why not using Apache Guacamole instead of a RDP gateway? It will save you a lot of money.

  30. Anonymous Coward
    Anonymous Coward

    There seems to be a whole lot of FUD going on.....

    I've dome quite a lot of remote working over the years. I am a developer which means I need specialist tools and the like as well as standard word processing and mail software but its never been a problem until recently. Now, apparently with the advent of Microsoft's Office365, everything's got to be licensed up, locked down and generally got at in order to transfer a couple of emails and maybe the odd file.

    I have used a lot of the modern collaborative tools such as Teams (as well as the 365 suite) and I fear that this kind of software is designed primarily to enhance vendor revenues than provide enhancements to daily workflow. Its duplicating capabilities that were available 10-20 years ago but weren't too common because you needed to be a multinational company to take advantage of it (and then only peripherally). I suppose Management likes it because it gives the illusion of control, the idea that they can issue orders 24/7/365 and expect prompt responses from their subordinates. It gives the illusion of work while not necessarily getting anything done. Real work requires focus and you don't get focus from being pinged every few minutes.

  31. karlkarl Silver badge

    Until wayland screws up Linux

    I can still suggest moving to Linux for the remote work at least until Wayland comes along and ruins everything.

    Remember without X11 you don't have:

    - ssh/x11 forwarding

    - XDMCP

    - multiple VNC sessions (because that uses XDMCP -> localhost)

    So it will basically be like VNC on Windows, slow screen scraping with a single user at a time :/

    1. SecretSonOfHG

      Re: Until wayland screws up Linux

      Agreed, I had to give up on using Kubuntu over RDP after an afternoon of trying. Ended up using Windows instead of Linux as my RDP server....

  32. Charles Smith

    Velvet Glove negotiation

    Phone your Microsoft account manager and point out that if they can't smell the coffee it could be one of two things:

    1. They are about to come down with a Covid-19 infection, as the lack of taste or loss of sense of smell are early signs;

    or

    2. They really can't smell the coffee! Micro$oft should not be taking advantage of the Pandemic, but rather saying that for the duration there will be no licence constraints.

    The good old steel fist in a soft glove discussion, will often work wonders. If it doesn't there are alternatives to Micro$oft products. After the storm there'll be a lot of competition for a reduced customer base. By the way use Google Meet to talk to this person.

  33. autisticatheist
    Facepalm

    Desktop?

    Do any companies still actually buy desktop computers?

  34. vaporland
    Coffee/keyboard

    have IT build a VM

    copy that onto a thumb drive.

    boot that up at home.

    then VPN from there into the office.

    then RDP to your desktop.

    that'll be $500 for the suggestion.

  35. hoola Bronze badge

    It is all about Usablility

    All the posts here talking about Linux, VPN connections and RDP clients are missing one critical point......

    These all have to be setup be users who are being dropped into this situation. They may have minimal IT expertise and just need to work. However you connect you be consuming some sort of CAL if RDP is involved. If you are using something else like VDI then there are new CALs for that and the costs of the VDI solution. If those users just need to access web-apps then you may be able to do something but as soon as you need corporate functionality other than email and office then it is a whole new world. I have never been a fan of the way Microsoft gouges RDP licenses but you pretty much have no other option.

    A VPN on an personal device that connects to a corporate network has now added that device inside your network. It is just not possible in the current situation to do end point checking of the plethora of home devices so it is a trade-off of risk against working. VPNs work well for corporate devices that are taken off site because you can still trust the device. Anything else is just a disaster waiting to happen unless you can make everything web-based and only allow that through. Unfortunately that is just not the case.

    1. AJ MacLeod

      Re: It is all about Usablility

      Folk using NX don't require a VPN connection and if necessary can have a thin client to take home - all it needs is any old Ethernet connection plugged in and it works exactly as if it were on their desk at work.

      This is not fantasy, I have customers who have been working this way for years... it's a myth that you absolutely require Windows on the desktop to run even a medium sized business.

      1. Jou (Mxyzptlk) Bronze badge

        Re: It is all about Usablility

        > Folk using NX don't require a VPN connection

        You leave out an important point:

        The actual implementation is at least ssh / stunnel, or a well secured https. Nicely implemented with certificates, I hope, else you will have to rely on users with passwords. All these technics are there to get the same security as a VPN - which uses the same technics inside to transfer encrypted data.

        It is a point of view whether you let your remote application access to the encryption (which RDP does too, including the certificate fun if you want) or you encapsulate everything.

        And you talk like there has never been a security hole in *NX, especially application layer encryption security.

        1. AJ MacLeod

          Re: It is all about Usablility

          NX Client via SSH is not even nearly the same risk as a whole PC connected by VPN. You would need very specialised (and effectively worthless) malware (essentially a trojan copy of NXClient) running on the client machine in order to make any kind of use at all of the secured connection.

          However, you are the one that's missed the main point of the article, which is about the licensing pitfalls and uncertainty involved with (in particular) Microsoft software and remote working. Open source software simply does not have these issues at all; use it on one desktop in your bedroom or ten thousand company laptops distributed across the world, nobody minds, nobody will come snooping about demanding an audit.

  36. Gadbous

    I just retired, solved all the issues.....

  37. FlamingDeath

    The flushable loo has been thing since sometime around the 1700’s, I would not describe this wonderful invention as ubiquitous in the world.... yes people do still shit into a pit

    The same can be said for a lot of things, their usefulness but lack of ubiquity.

    Whats the hold up?

    I think parallels can be draw here

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020