Does QuickBooks Desktop Software work well over a VPN?

vpn on laptop

A small business owner called us up to discuss giving his team access to QuickBooks Desktop Software over a VPN. He was not able to switch to QuickBooks Online due to a lack of required features for his type of business. We explained that VPN for QuickBooks issues are common, and we don’t recommend that kind of quick and dirty setup. Instead, we recommend Remote Desktop Services for QuickBooks because it is reliable.

With a VPN for QuickBooks, the software is on the computer, the data is housed on a server, and the data processing, pushing and pulling happens over a VPN. It is prone to time outs and errors.

With a Remote Desktop Solution (RDS) for QuickBooks, the software and data file are on the same local network (LAN) and processing happens locally. Remote users view a remote desktop that has QuickBooks installed. This is a faster, reliable QuickBooks solution that is not prone to time outs and errors.

Diagrams below.

Diagram of Quickbooks over VPN and where problems occur

 

 

 

Quickbooks over Remote Desktop Services diagram

It’s easy to let the up-front cost be the deciding factor. The problem is, once the cost is sunk, and the VPN fails to perform as you hoped, and you have endless QuickBooks errors, chances are good that you won’t want to sink more money in to it, and you will likely just live with the endless frustration and business problems it causes.

The better choice is to front load the investment into the right long term, reliable solution for remote QuickBooks access.

We had some back and forth exchange with this business owner. We’re sharing that below. We hope it helps you see why we believe a VPN for QuickBooks is a bad idea.


The business owner’s position on using a VPN for QuickBooks:

A summary of his position was:

I am going to set up a Windows Server for QuickBooks and install QuickBooks on each person’s laptop, then have them connect from home, via VPN, to the QuickBooks data file hosted on the server.

I read that there can be issues with QuickBooks and a VPN, but I think it will be fine.

We don’t want an RDS solution for QuickBooks because the setup cost is higher.

To us, it seems like it’s adding a lot of cost to solve a potential problem that I am just not sure we will ever have, so I’d rather not spend the extra money for the more expensive setup.


Our explanation of why a VPN will cause ongoing QuickBooks access issues

It all boils down to where the data is stored and processed, and how that effects function (or causes errors). Here are some things to consider. It gets a little technical but the for the small business owner, everything you need to know is in the diagram and summary above. You will spend money. It will not perform as expected and you will be stuck with it unless you want to spend more money. Better to just spend the right amount of money, for the right solution, the first time.

Ok, now the more technical stuff below.


QuickBooks Switching From MultiUser to Single User

QuickBooks switching from to multiuser to single user can happen intentionally when closing month end, or more often on its own.

It can happen after a server reboot from Microsoft patching, which closes the multi-user daemon port. It must then be re-opened using the QuickBooks repair tool.

It can also happen when packets are dropped. Packets are bits of data being pushed and pulled across your network. Packets are dropped often on a VPN connection. QuickBooks is a live ‘flat-file’ database, and doesn’t handle dropped packets well. QuickBooks data files are usually large. They can be 40MG or larger. When trying to access a file this large over the public internet, via a VPN, it can time out, cause errors and stop the operation. When this happens, anybody else simultaneously connecting to the QuickBooks file will be kicked out. The file will be set to single user mode only and must be repaired. It can also cause QuickBooks database corruption.


QuickBooks Is Slow On VPN

When QuickBooks launches from a laptop the only thing the daemon does is direct fileshare traffic through its own ‘QB managed’ port. It still requires a file share and the client software still downloads/loads the QB datafile from fileshare into local memory. Thinking about multiple people trying to all load the same shared file at the same time over VPN – the constant reads and writes this entails. Lots of room for error.

Consider the added encryption that a VPN tunnel places on file share traffic. It increases latency – how long a packet takes to reach it’s destination and back again. On a LAN it’s under 1ms. On a VPN it can be 100ms or more. A 40MB QuickBooks file can be millions of packets. Your users will be unhappy. It increases processing overhead on both sides of the VPN tunnel (again…slooooooow for the user).

So when using Remote Desktop Services for QuickBooks, the traffic from the user’s laptop QuickBooks app, to the QuickBooks shared database is not routed or encrypted over a tunnel. It is local to the LAN (maybe even to the same physical machine over Hyper-V vlan switches). It is faster, more stable, and more secure.


QuickBooks Is More Secure via Remote Desktop Services Than A VPN

When using Remote Desktop Services, you can better ensure that company data remains on company owned and company managed laptops. How can you stop any data exfiltration if anyone with a laptop and a tunnel can download all the financials to their laptop, copy it to a USB device and then do whatever they want with it? We’re not suggesting your staff are not trustworthy, but we always operate our IT Security Services with Zero Trust Security principles in mind. This is best practice.

At least with RDS, if someone were to copy the QB database to their RDS session desktop and then upload it somewhere else, or email it out, there would be a log of that operation.

Better yet, you can implement cyber security policies to block access to sharing sites/services from the RDS server (that you may not want to block on their local laptops).

Hopefully this helps you understand why a Remote Desktop Server for QuickBooks is an ideal solution to:

  1. Run QuickBooks remotely with less errors
  2. Run QuickBooks more securely
  3. Allow you to apply best practices in IT security to your data, computers and users

If you’re thinking about a QuickBooks solution for remote work, we’ll tell you what we told this small business owner – we won’t setup a VPN for you, because we want you to be happy long term – even if that means not earning your business on this job.

Sounds controversial but we’d rather install nothing than install something that in our experience, will be buggy and frustrate you, and it will be money spent you can’t get back, and VPN issues we can’t improve. You’ll be unhappy. We will be unhappy too.

Let’s all be happy and setup the reliable solution for remote QuickBooks work.


TUCU is an IT Company specializing in cloud computing services and cloud security using Azure cloud services. Schedule a discovery call with us to go over your needs and options.

Posted in