VMware Horizon Community
jhardman
Enthusiast
Enthusiast
‎06-17-2007 09:14 AM

Anyone with remote worker deployments? How does my plan look?

Hi All

Just wondering if anyone has already invented the wheel in this regard. I have seen several things on remote worker methods on the vendor/partner sites, but I haven't seen much here. Not to mention I have not seen any detailed methods for deployment.

Here is the situation I am looking at...

I need to place ~50 call center agents at their homes by the end of the year and another ~100 by 7/2008. They need to have as secure of an environment as possible. They need to be able to place and receive calls from various ACD systems. This needs to be as inexpensive as possible or off costs with other benefits reaped.

I will also be placing ~150 agents in the call center on a VDI platform this year and adding about another 100 agents in 2008 assuming all of this gets approved.

Remote worker[/b]

Dedicated broad band Internet connection. I do not want them using an existing connection that could be sniffed or overloaded with non-business related traffic.

Dedicated POTS line to place and receive calls from. This prevents eavesdropping on calls and helps us to track/control LD charges.

Web application based ACD system.

Wyse S10 connecting to a Leostream broker thru a Cisco ASA5500 SSLVPN.

The Wyse terminal would connect physically to a inexpensive SOHO firewall that is capable of MAC filtering, thereby only allowing the Wyse terminal to pass traffic thru it.

The SOHO firewall would provide NAT/Firewall/DHCP and connect directly to a cable modem that is locked down to only accept traffic from its MAC address.

This is not a perfect solution, as the web application based ACD has limitations that really hurt me here. But my only other option is to use a Wyse terminal with WinXPe and install our normal ACD application and a Cisco softphone on it. Using the XPe solution leaves me with security questions too, like being able to take screen shots, the ability to connect USB devices, and the potential to compromise the XPe OS. Not too mention the added expense here.

Once Wyse gets their act together on out of band VoIP, then I can install the ACD client and softphone on the VM. But from what I have been hearing this will not be available until sometime 2008.

So does anyone see any holes in my plan? Does anyone have a similar situation that you have deployed VDI for?

0 Kudos
3 Replies
GeeDub
Contributor
Contributor
‎06-19-2007 09:37 AM

Hi

The solution looks good and I can't see any major 'gotcha's'.

As you've stated, I'd avoid the XPe devices at all costs - especially if they are going to be out of your LAN. Patching them would be a pain.

I have a question about your access via Leostream: is it all seamless?

We have a similar set up as described but we use an Aventail SSL device. The user logs onto aventail. They then see a list of apps they have access to - one being Leostream. However, we haven't been able to get pass thru authentication working with Leo. So once they click on Leostream, they then have to log on again. Once loged onto Leo, they then get their desktop (which logs on automaticall without a problem).

Not a major issue, but it would be nice to get it all seamless...

g

0 Kudos
sgrinker
Hot Shot
Hot Shot
‎06-20-2007 06:38 AM

Just throwing this out there on the SSL comment. We are configuring the same through a Juniper device, and also have to authenticate a second time. However, Version 4.4.10 of the Leostream broker just added support for NTLM authentication, which should help out. I've spoken with their techs, and we will be working with them sometime soon to try and get this working. Hopefully this makes it easier for the passthrough to work. Has anyone worked with the new NTLM feature yet?

0 Kudos
davlloyd
Hot Shot
Hot Shot
‎06-24-2007 05:02 AM

Not a big fan myself as the NTLM capability can only be enabled on a single connection server pointing back to the PDCE (or PDC in olds world). The idea is there just not good for a critical component to be introduced with a singlepoint of failure. If they consolidated to a single connection object and allowed for multiple servers to be asigned to it for contingency it would be more suited. Alternatively they could use DNS service records to determine where the role currently laid (or WINS cough cough) it would be a more appealing option.

I am sure this will change in the future, Leostream are throwing a lot at the product just some of th features will need some maturing which will come.

0 Kudos