We have been asked to start supporting users remotely without requiring a VPN. My first response would be that it is as simple as dropping a primary server in the DMZ and modifying closest server rules. Can it truly be so simple? This would be mainly for machines that are never actually on our WAN but it would be nice if laptop users could also be managed from home.

Any advice would be greatly appreciated.