Architecting Resilient TS Plus Environments for Remote Workforces

Overview Delivering remote applications seamlessly requires more than just opening an RDP port. In a modern Managed Service Provider (MSP) landscape, exposing internal servers directly to the internet is a critical security failure. This guide breaks down the architecture required to build a highly available, secure TS Plus environment that guarantees uptime while strictly controlling access via a centralized gateway and external MFA. The Architecture A resilient TS Plus deployment separates the access layer from the execution layer. This ensures that a spike in user traffic or a targeted attack on the gateway does not crash the underlying application servers. ...

May 3, 2026 · 2 min · Alfred van Ster

Networking: Cisco Meraki Automated Configuration Backup

The Workflow The Implementation Meraki dashboards are convenient, but if an admin accidentally modifies a critical firewall rule, rolling back is a nightmare. This Python script uses the Meraki Dashboard API to serialize your network configurations into a secure JSON format. 1. The Workflow The script performs the following steps: Authentication: Initializes the Meraki SDK using a read-only API key. Iteration: Loops through the Organization to find all active Networks. Extraction: Pulls VLAN subnets, SSID configurations, and MX L3 Firewall rules. Serialization: Dumps the state into a structured JSON file. 2. The Implementation import meraki import json from datetime import datetime API_KEY = 'YOUR_MERAKI_API_KEY' ORG_ID = 'YOUR_ORG_ID' dashboard = meraki.DashboardAPI(API_KEY, suppress_logging=True) def backup_network_config(): networks = dashboard.organizations.getOrganizationNetworks(ORG_ID) backup_data = {} for net in networks: net_id = net['id'] net_name = net['name'] backup_data[net_name] = {'vlans': dashboard.appliance.getNetworkApplianceVlans(net_id)} filename = f"meraki_backup_{datetime.now().strftime('%Y%m%d')}.json" with open(filename, 'w') as f: json.dump(backup_data, f, indent=4)

May 3, 2026 · 1 min · Alfred van Ster

NAT Demystified: The Engine of Modern MSP Networking

The Scenario A client reports that their new VoIP system has “one-way audio,” or perhaps a remote worker is unable to establish a stable VPN tunnel. In the MSP world, these tickets often land on the escalation desk when standard troubleshooting fails. The culprit is frequently a misunderstanding of how Network Address Translation (NAT) is handling traffic between the private LAN and the public internet. The Technical Deep-Dive NAT was designed as a temporary solution to IPv4 address exhaustion, but it has become a permanent pillar of networking. It allows thousands of internal devices with private IPs to communicate with the world using a single Public IP address. ...

January 15, 2026 · 2 min · Alfred van Ster

The VPN 'Ping Paradox': Solving IP Subnet Collisions

The Scenario A remote user connects to the VPN and the client status shows “Connected.” Curiously, while the user can successfully ping an internal file server at 192.168.1.50, they are unable to map network drives, DNS resolution fails, and internal web applications refuse to load. In an MSP environment, this “Ping Paradox” often leads Tier 1 technicians to believe the tunnel is healthy. However, as an escalation engineer, I recognize these as the classic symptoms of an IP Subnet Collision. ...

January 15, 2026 · 2 min · Alfred van Ster