Skip to main content

Remote Access

Console/Support Access

Primary tool: NinjaRemote (integrated with NinjaOne RMM)

  • Quick support for end users and technician console access
  • No permanent access required... on-demand connections
  • Audit trail maintained through NinjaOne

Site-to-Site VPN

Used for connecting multiple office locations that share AD, file servers, or other internal resources.

  • Built into the firewall... native site-to-site VPN between firewalls at each location
  • Forward Domain rules work across VPN tunnels... remote sites without a local DC can forward AD queries to DCs at the hub site
  • DHCP and DNS remain local to each site's firewall

Remote Workers

Cloudflare WARP (Zero Trust Network Access):

  • Each client gets their own Cloudflare tenant
  • Replaces traditional VPN for remote access
  • Device posture checks and identity verification
  • Split tunneling configured via Local Domain Fallback for AD domain resolution
  • No traditional VPN infrastructure required

Legacy/Fallback: ZeroTier

  • Used where Cloudflare WARP is not yet deployed
  • Zero Trust Network Access without traditional VPN
  • Lightweight agent on endpoint

Standards

  • Traditional VPN is being phased out in favor of ZTNA (Cloudflare WARP)
  • Split tunneling prohibited where traditional VPN is still in use
  • All remote access methods must maintain audit trails
  • Device posture checks enforced where supported
Back to top