WebDAV over HTTPS works quite well. You basically install IIS on your file server, then create virtual paths pointing to the folder(s) containing your user directories. Enable SSL, enable basic authentication, enable Write access in IIS, and you're done. You may need to set WebDAV to "Allow" in Web Service Extensions if it's not already. On Macs, do a Command-K from the finder (connect to server) and use https://servername/students/username or whatever as the URL. It's pretty secure, provided you keep your IIS server patched and secured. For added security we front all of our web servers with an ISA Server that "proxies" connections and strips out or blocks HTTPS requests containing known exploits.
We use a Cisco concentrator to serve files over HTTPS displayed using CIFS through a web browser. This is available to all network home folders and group shares and is cross-platform. The link for accessing the system is on our intranet, but there is a separate subdomain for it for direct access. The authentication is from Active Directory. All of our file sharing is SMB from a MS Windows server, but most clients are Macs.
On Windows networks, there is a vpn connection that you can set up in Network Places. On the servers you can also implement "web folders" which allows easy access to server files from home.
Assuming that the macs can connect to the windows server when they are on the school LAN (which you have many ways of accomplishing). All you need is the VPN. Depending on what you are using as your VPN server it could be easy or very complex. For example, I used the sonicwall VPN and they did not produce a mac client, but because most VPNs are based on open standards like IPSEC, there were many free and commercial clients that were able to do it with minimal tweaking. I am told that you can now use the built in mac VPN configuration facilities to attach to a sonicwall as well. The following site has some helpful hints: http://www.macwindows.com/VPN.html#4 In addition to the built in VPN facilities on the mac, I have used VPN Tracker (Easy but pricy) and OpenVPN (Openvpn.net [free but complicated setup]) without difficulty. Most mac VPN software is simply a pretty interface to the Open Source racoon IPSEC implementation. I am not sure where Parallels gets you in this equation with the VPN unless you must use a windows VPN client; or you are trying to run the Windows Citrix client on the mac; or you are trying to avoid turning on mac support on the windows server; all of which have other potential solutions (including the Citrix client for Mac [now that they have an intel version]). When all else fails, secure FTP is a nice option. Just make an alias to the server on the desk top and have them double click to start the connection. It will look just like any other server and they won't even know they are using ftp.