I often maintain hard white list for remote services when VPN is not an option.
A cool option that does not have much implementation out there is using port knocking to open ports on demand. If the scheme is dynamic, it could be virtually impenetrable.
Another way to go is to have a web app on your network, behind some decent authentication scheme, that has a menu option to open a remote access session. This app then white lists your IP on your edge firewall for N time for service and presents a quick launcher link -or- send email with link etc. This would be a good option for an SMB with little tolerance for VPN.
A cool option that does not have much implementation out there is using port knocking to open ports on demand. If the scheme is dynamic, it could be virtually impenetrable.
Another way to go is to have a web app on your network, behind some decent authentication scheme, that has a menu option to open a remote access session. This app then white lists your IP on your edge firewall for N time for service and presents a quick launcher link -or- send email with link etc. This would be a good option for an SMB with little tolerance for VPN.