Many times I have heard the discussion which remote solution is most secure. Is VPN more secure than a remote desktop solution? Depending on who you ask, you will get a different answer. A network administrator will most likely give you the answer that a VPN is the best solution. A desktop administrator will say to you that a remote desktop solution is better.
When you create a VPN tunnel your company, the traffic flow will be encrypted. This means that it will be very difficult to read your data when it is being sent across the Internet.
The same goes for a remote desktop solution. All the data that are being sent across the Internet is encrypted. If the data flow comes in the hands of hackers, they will not get anything out of it.
The data flow from a VPN solution and a remote desktop are equally secure. so it does not mean that VPN is more secure than a Remote Desktop.
Firewall rules and Policies
The next step we need to look at is the endpoints. When you open up a VPN tunnel from an endpoint, it will become a device on your internal network. This means that your endpoint can communicate with other hosts and machines on your network. Of course, you can limit this with firewall rules and you can also limit what kind of traffic you want to send through the VPN tunnel. For most VPN solutions, this is a big administrative task.
When it comes to remote desktop, you can set up policies on which features that are available for the user. You can control anything from access to local disks to local USB devices. It gives the administrator an easier way to control access to the local network.
Citrix VDI and ICA/HDX Policies
The most advanced remote desktop protocol is ICA/HDX from Citrix. The ICA/HDX protocol is up by virtual channels. Some of these channels are on the picture below.
The virtual channels can be enabled and disabled. They can also be enabled with certain settings. An example could be that you want to disable USB keys, but you want to allow a certain USB scanner. That can be done through the HDX protocol.
The question of whether VPN more secure than a remote desktop depends on the use case. If you want to create a solution for your end-users, I would recommend a remote desktop solution. You can give access to the company network and company data without any of the data leaves the datacenter. At the same time, you will get a system that is easy to control in terms of giving access from the endpoint to the company network. VPN is a great solution to create a site-to-site connection between two company networks, but I do not think it is ideal for users to connect to the company network through a VPN.