Securing RDP for a public web server

I'm a developer of a server-based web application. My client has organised a virtual server to be hosted with one of their ISPs. The server is running Windows Server 2008 R2. It's a completely standalone machine (i.e. no domain, no policies pushed down, etc) and I have total control over it. I should note that while I know a reasonable amount about Windows, I'm not a server admin myself and don't know a great deal about how to manage servers.

However, the ISP doesn't provide any sort of VPN or other security for accessing the machine. They've opened the ports I need publicly open, but the RDP ports are causing me some concern. I need to be able to RDP in from a few machines, and unfortunately some of these have dynamic IPs due to being mobile machines.

Although the application is minimal risk, I still really don't like having RDP open to the world as well - unfortunately, the options they've given me are:

• open RDP to the world so I can use Windows Firewall on the server to manage the IPs that are allowed to access the machine
• open RDP to specific IPs at their firewall level

I was wondering if there are any other solutions anyone can think of which will let me secure RDP but somehow open it to particular IPs as I need to, and that would work on a standalone machine like this?

A software VPN is another option. Unfortunately I haven't actually implemented one myself so you'd have to do a little research there. Maybe try OpenVPN?

I'd suggest you look at This "top 5" list.

logmein might suit your needs ... it works for me.

Perhaps you could implement your own VPN? OpenVPN is cross platform and could be run on that Windows machine; then you wouldn't need to leave RDP open to the world.