WMS - How will you connect

Owned by Alan Gilchrist
Last updated: Sept 18, 2024
4 min read

Connection to the WMS is generally carried out using a remote desktop connection from your computer to the server.

The server then runs the applications required for Vision Suite.

What will you find on this page

Remote Desktop

What is Remote Desktop

This is an application built into all windows computers and can be found in the Windows folder or simply search for Remote Desktop connection.

This provides you with a window on the server, you are only really watching the images of the server you are working on, nothing other than that passes to your machine.

It will allow you to also use your locally attached printers as available printers during your session with the remote desktop.

 

What do you need to connect

Just the application which is already installed, if you are using other operating systems there are equivalent applications which you can install to use Remote Desktop (RDP)

 

image-20240918-053223.png

 

Is this secure

There are many ways to secure this, however the best method is for us to lock down connections to your remote desktop to only be coming from your network, this means you need to have a fixed IP address at your end of the line.

If you use load balancing or a backup line then you need to provide all the potential addresses you may leave your network from.

If we are unable to secure the connection using this method then we can leave it open and implement 2FA security.

There are other methods that we utilise for the security including third party security applications.

Password Policy

Even prior to the production of the latest NIST policy we had already implemented a more sensible policy on password resets, and with the latest NIST guidelines we are both in alignment, the outline guidelines are below :

Previous NIST guidelines advocated a conventional approach to password security based on policies such as strict complexity rules, regular password resets and restricted password reuse. NIST’s new standards take a radically different approach. For example, password changes are not required unless there is evidence of a compromise, and strict complexity rules have been replaced by construction flexibility, expanded character types, greater length and the prohibition of “bad” (i.e., insecure) passwords. NIST’s new guidelines have the potential to make password-based authentication less frustrating for users and more effective at guarding access to IT resources, but there are tradeoffs.

The password requirement basics under the updated NIST SP 800-63-3 guidelines are:

  • Length—8-64 characters are recommended.

  • Character types—Nonstandard characters, such as emoticons, are allowed when possible.

  • Construction—Long passphrases are encouraged. They must not match entries in the prohibited password dictionary.

  • Reset—Required only if the password is compromised or forgotten.

  • Multifactor—Encouraged in all but the least sensitive applications.

 

Passwords will be issued in accordance with the above policy, whilst we can enforce this on the Microsoft server for remote desktop we do not enforce the complexities policy within the application as you have to be already logged on to the RDP server in the first place.

 

Alternatives to Remote Desktop

Does it have to be RDP

No it doesn’t but there could be additional costs for an alternative. We have customer using Citrix, Ericom and Parallels to keep the server secure.

 

Do you allow a VPN into the server

Normally we do not allow this, we will however provide this if there are no other alternatives, what we then ask for is a dedicated line and a router that we will provide and manage for the connection.

It is not an option we would normally ever suggest or use.

A dedicated line and VPN solution is the most costly method of connecting the two networks.

 

Remotely Accessing

Due to the security settings we lock the server access down to specific incoming IP addresses this provides a relatively robust security mechanism however some customers would like to have remote access from external locations outside their main network when we add this ability then we have to increase security for those users.

Any removal of the IP lock is always a security risk, any customer requesting remote access where the lock is reduced to allow for remote access must come from a DIRECTOR level of your company as they have to be aware that there could be consequences for such action there is a reduced level of protection when this IP lock is removed.

Remote Access options available.

We would utilise the passley authenticator, there is a charge per user for this additional 2FA security. If there is any chance you can simply add a second locked IP address you should choose this option before considering the passly authentication method.

We will never open the Remote desktop up for external access without any security.

How to set the Passly Authentication up

When working away from the office, we have set up the following guide when using Passly Authenticator.

To Login to Remote Desktop from Outside of the main office locations, you will require 2FA (2 Factor Authentication) enabled on your account. This is an additional layer of security over and above your username and password. The following guide details how to enrol your Vision Logon for 2FA using the Passly Authenticator. The images and steps show the process on an Apple iPhone – however the steps on Android based devices are the same.

Step 1 – Download Passly Authenticator App

Open the App Store on your phone and search for Passly Authenticator. The publisher will be listed as “Kaseya International Limited”, download the application to your device.

Step 2 – Enrolment

Your Vision Remote Desktop login will need to be enabled for 2FA, for this to happen please log a ticket with the Vision Support Team via Phone, Email or the Portal. You will receive a welcome email with the subject “Passly – New Account”

 

 

Step 3 – Activation

From your PC, click the Activate Passly Account, this will open a web page. You will need to:

  1. Click “Lets Get Started”

  2. Click “Nice lets get a move on”

  3. Select the type of device your Passly application is running on, this should be Apple or android.

Open your Passly Authenticator Application on your device and click the Blue/White + Sign in the bottom right hand corner of the application.

Your camera will activate, use the camera to scan the 3D Barcode displayed on the screen.

You will receive a Push Notification to your device – click the green ‘Allow’ button.

The web page will say “Success” – you can now close the Web Page Setup is complete.

The following guide details steps required to connect to Vision from outside the office

 

Open Microsoft Remote Desktop from your PC, under computer enter xxx.ontech.cloud – your username will be company initials\username

Replace username with your account username sent to you in email when your account was setup.

Click Advanced and then Settings under “Connect from Anywhere” and enter xxx.ontech.cloud under

 

Click Ok, then Connect. You may be prompted to enter your username and password once more.

2FA Authentication If your username and password are accepted, you will be taken to the Vision Server and a 2FA authentication request will be pushed to your mobile.

Click the green tick, and this will complete your login to the server

 

 

 

 

 

Copyright Ontech Solutions 2017-2024. All rights reserved, no part may be replicated or distributed without the express permission of the owner.