Remote Access
Remote access for Theatre Manager usually means situations for remote box office or work at home. There are a number of tools that can be used, such as Remote Desktop Connection (RDP), LogMeIn, Go To My PC, and more.
 |
In all cases of remote access for box office, you should implement either a VPN tunnel and/or SSH access - where the communication and session has strong encryption or is a private connection per PCI DSS 4.1. |
There may be additional setup consideration as described in the following sections based on the software you use. Your IT person should ensure that whichever software is used, that it employs VPN or SSH.
|
PCI compliance requires that remote access have a user ID and password, and an additional authentication factor that includes, but is not limited to, items such as a smart card, token, PIN, biometrics, VPN, etc. |
|
For people with remote access, you must establish passwords according to PCI DSS requirements 8.1, 8.2, 8.4 and any requirements of all sections of 8.5. In other words, the requirements for remote access passwords and authentication are exactly the same as for access to your office LAN. |
Common remote access mechanisms that we use
While there are many vendors of remote access software, the ones that we see used most often are:
- Using a VPN and local copy of TM for full and secure network access - best used when internet connections are fast
- Using Microsoft Remote Access (RDP) and Terminal Server for full managed access to TM - best used when internet is marginal/poor or you need to control internal network access
- Using a remote access tool like TeamViewer, LogMeIn, or similar to simply access your own machine from a remote location. Best when no remote ticket printing is required.
Using a VPN
The best way to access your own network from a remote location is to set up a VPN between your work location and the office router.
 |
Your office router must be able to support VPN connections. It is generally a feature of a more expensive router, and some low cost routers may have the capability. Check with your IT support if this is an option for you. |
Your routers and using TM over a VPN service
If your venue's routers support a VPN service to your network:
Initial, first time only setup steps
Ask to have the VPN Client software set up on your home computer.- Find the IP address of your database server It is on the lower part of the login screen while using TM in the office. In the example to the right, the address is circled in red (the sample shows 127.0.0.1)
- Download and run the latest 64 bit version of Theatre Manager for:
- Macintosh (for Sierra or later) or
- Windows (64 bit V7.0 or later) NOTE: VPN connections DO NOT WORK on Windows Home edition.
Each Time you Connect to the Office
- Establish your VPN connection from your laptop to your office first
- Start Theatre Manager and wait for the login screen. Note: the first time you will be asked to find the database. Use the IP address located as outlined in the Initial Setup steps above.
|
If you are using IP based ticket printers at your remote location, you will need to set up a ticket printer device that has an IP address on the remote network. |
|
If you are in a different local time zones from your office, you will need to provide the LocalTimeZone parameter in the Theatre Manager preferences file. This is only needed if your time zone does not match the time zone setting in the company preferences->Report/Misc tab |
Microsoft Remote Access
|
If you are using remote access, you need to set up a terminal server to use high-security access for Remote Desktop and it should be set to disconnect or lock the terminal after a period of inactivity. (PCI requirement 12.3) |
|
This typically needs a copy of Windows STANDARD Server version or better (not the windows OFFICE server version). If you bought a standard server under the Techsoup donated software program, you will likely have two CAL licences for the terminal server and may need to add some additional licences. |
Windows 2012/2016/2019/2022 Terminal Server
Terminal Server is a great way to allow access from any location to your office. It has the benefits of:
- allowing restricted access to your internal LAN by only allowing access to specific services or programs for a user.
- working in conditions where internet connection bandwidth is poor since it is a screen-scraper technology and optimizes only transmission of screen changes
- allows report printing to ticket printers on LPT ports
When connecting from any workstation to the current versions of Terminal Server, the server defaults to high encryption. It is good practice to verify that the setting has not been lowered.
| Step | Purpose | Installation instructions or link |
| 1. | Verify Terminal Server settings | The following links detail the security settings in Windows Server 2003. Server 2003 defaults to High encryption, but it is a good practice to make sure it hasn't been lowered accidentally.
support.microsoft.com/kb/814590 Terminal Server 2008/2012/2016/2019 and 2022 should default to high encryption. |
| 2. | Verify RDP settings | RDP should be set to always prompt for a password. |
TeamViewer Remote Support
|
Artsman uses TeamViewer for remote support. This is designed to only run if the user launches the application, contacts Artsman and permits the support team to have access to their machine for the purpose of diagnosing a problem on a one time basis.
Remote access is to be
|