Virtualize single Windows application behind work VPN? Or use a double VPN strategy?

[destrekor]

I want to run a single application (Shoretel communicator), and I guess Internet Explorer to launch a web-based VPN service, inside a VM. I'd like to have something that uses the most minimal amount of resources so it isn't bothersome to run all day long.

I'm suspecting my best answer is VirtualBox with Seamless mode, using a Windows 7 installation.

The only reason I want to do this in a virtualized fashion is because I need to be on the VPN to connect to Shoretel, but I do not care to have all of my traffic filter through my employer's VPN. Not in the slightest.


OR would it be better to simply run my PIA connect (Private Internet Access) the whole time I am connected to my work VPN? That would only have a usually minimal hit on network traffic, and not touch system resources in the slightest.

In the end, all I want to do is run Shoretel all day but be able to browse privately.

And for reference, work uses Check Point Mobile Access (VPN) which launches from IE using Java, which triggers a SSL VPN service to launch.
I assume, but suspect I may be incorrect, that all traffic would then travel through that VPN to the company network. Does Check Point's Mobile Access work differently? I just want to ensure any NSFW browsing doesn't get logged on the work network.

 

[John Connor]

I'm thinking even with a VPN in a VM the traffic will still go through your work's VPN since that's what in your host and your guest gets its Internet from your host. Although, the traffic from the VPN in the VM should be encrypted passing trough your work's VPN.

 

[destrekor]

I'm thinking even with a VPN in a VM the traffic will still go through your work's VPN since that's what in your host and your guest gets its Internet from your host. Although, the traffic from the VPN in the VM should be encrypted passing trough your work's VPN.

What I would be planning for a VM is different from what you said.

I want to run the company's VPN within the VM guest. On the host, there would be no VPN software running.


As I think about the "double VPN" concept more, when used without a VM guest, it shouldn't work in the way I had initially thought. All traffic would be basically traversing both VPNs, even if PIA is the "main" system connection, it would just hit PIA's tunnel endpoint first, and then the tunnel-within-the-tunnel would then continue to work's endpoint, negating any benefits.

However, if the SSL Network Extender tunnel is used on the guest VM but there is no other VPN on the guest or host, then only the guest's network traffic would be encrypted and travel through that tunnel, while all host traffic goes wherever it should, with only the guest's tunnel reaching out to the tunnel endpoint.

So I guess I am back to: is something like VMware Workstation Player's seamless mode and a full guest OS installation my best bet for this? I'd launch the SSL Network Extender and Shoretel Communicator in the VM, and run everything else I want to do for personal work on my desktop.

 

[John Connor]

Why not VMware Player?

 

[destrekor]

Why not VMware Player?

That's what I am looking at - it has been renamed Workstation Player.

 

[Mushkins]

Why not just connect to the VPN when you need to run Shoretel communicator, and disconnect when you're done?

I can't fathom a reason you need to be actively connected to your phone system configuration tool 24/7 from home If it's your job to manage phone systems I would hope your employer would give you a dedicated laptop to do so instead of expecting you to use your own personal equipment.

 

[destrekor]

Why not just connect to the VPN when you need to run Shoretel communicator, and disconnect when you're done?

I can't fathom a reason you need to be actively connected to your phone system configuration tool 24/7 from home If it's your job to manage phone systems I would hope your employer would give you a dedicated laptop to do so instead of expecting you to use your own personal equipment.

I'm not managing the phone systems, but I do need to have access to the client all day.

I do have a dedicated laptop, but... that's one one small screen. My home desktop has three monitors. That's multi-tasking glory. So I want to do my work from my desktop, but as I need to be connected to the VPN to connect to the Shoretel client all day, I don't want all my traffic going through work's VPN.

See my conundrum? I think I've got it figured out, I just was hoping for a simpler approach than having to run a full-bloated Windows VM session all day long. But as it will just run the Shoretel client, IE, and a Java applet, it should be fine with VMware Player providing a good approach to seamless integration.


I'll do stuff from my laptop for sure, already have, but damn, being able to sit comfortably at my desk, with a full keyboard and mouse, and three monitors... sure will make it very nice when needing to remote into users.