It's me again!  Does/has anyone used/setup an SSL VPN?  More and more our sales guys are running into blocked ports when staying at hotels overseas.  I'm trying to figure out if I should switch the VPN type over to SSL or would setting Remote Apps back up be better?

Thoughts? Guides? Anyone want my job?

Personally, I've always preferred a remote desktop solution to a VPN. Both as and user and as an admin. Easier to use, doesn't play with my network stack, easy to get to on with a borrowed machine, clearer demarcation for users. I also use it for day to day browsing away from prying eyes, meaning I can easily choose whether I browse using my work connection or the hotel/customers connection. That would be a headache with a normal VPN.

Downsides would be that it's more annoying on a slow connection and not as "slick".

We use RDP, but they have to connect with the VPN first.  When I first got here they had RDP wide open, I caught a hacker on one of the servers sending spam with a bunch of scripts.  Since then I'm really paranoid about  letting any connections without a VPN tunnel.

I suppose Remote App would open that possibility back up too.   Or I could assign RDP to a peculiar port but wouldn't a port scan just make it possible to figure out which one I've used?

SSL VPN tunnels are a little more processor intensive than the traditional IPSEC tunnels
but in practice i've not noticed much difference from a user perspective apart from reduced 'my vpn isn't working' calls, you just need to be a bit more generous when speccing up the VPN server.

Opening RDP on a high port isn't a good idea, as you say all they need to do is run a portscan  (devil) and they've found it and your back to square one.

You might want to look at  using a 'portal' model where the user visits a SSL protected website  and then there's  a html5 or similar  'rdp session in a browser'
a couple of the products I've used are Sophos UTM (formerly astaro security gateway)and juniper netscreen SA series, 
the Sophos boxes are slightly cheaper than the SA but the SA is definitely better.

Or you could buy a server run up your favourite distro and fire up an openvpn server slightly more work but essentially free and secure (its openvpn inside the Sophos box anyway :-D ).

Sounds like you just need RDS Web Access etc, really.

Or you could look at our workspace product (shameless plug)

Pick up all all your hosted applications and host them on a webfront end securely.

That's what remote app does. I had it working at one point but was trying to make it only use a specific wan and broke it. I need to make time to look at it again.