cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1109
Views
0
Helpful
15
Replies

RDP via Thunderbolt

mattfausak
Level 1
Level 1

Can you add a Windows RDP connection via the Thunderbolt Portal since there is already a secure cnnection. At this time I use a VNC type program that the customer must initiate to allow remote access to their computer. I would deploy a Thunderbolt at every site I have if this was an option.

15 Replies 15

Common request and one that we are evaluating at this point.

Thanks,


Marcos

dcorley
Level 1
Level 1

Matt,

How do your remotely "logon" now to view/control computers? Do you build a VPN directly to the router/firewall device? Or do you logon to MSFT's RDP server, and that cloud server maintains continuous VNC/RDP tunnels to site PCs whose RDP/VNC client is enabled?

I gather that the UI you want to have is something like ... "go to toplology view", "double click on computer icon", dialog box pops. Tab displayed for "remote desktop access", you insert username/pwd, system pops browser child that redirects to the RDP/VNC server, you select the computer you want to view and perform the browser-displayed UI actions to view/control the computer. All of the signaling is tunneled through TB appliance secure connection to TB server. Is this what youre looking for? If not, pls describe so Marcos can gather preferred UI details.

BTW, Citrix GoToMeeting, Cisco-WebEx PCNow, Yoics use VNC. Because RDP is proprietary, it may not be straightforward to get this from MSFT. We'll check. My assumption is that you'd prefer to use RDP because its built in (free) to most MS OSs. Correct? If not, what's your motivation for using RDP versus other VNC-based services?

Thx,

Dave

We VPN to a customer LAN then RDP to the desktop.  We use UltraVNC SC (Single Click) to gain remote control for users when they need local desktop assistence.  It's quite functional, quick, and totally free.  I'd be happy a VNC connection to the desktop if you can't do VNC, but I believe RDP is a published protocol.  There are several 3rd party RDP clients out there, including at least a couple for Linux that you might be able to borrow from.  I wonder if just creating a tunnel between the VAR and the TBA would just allow you to call mstsc.exe and connet that way?

We use Advantig DualDesk. The client runs a small program that will initiate the connection with my workstation.

You are correct RDP is free, the main concern is that it would work without the customer doing anything.

There are people that use VNC and have it running on all the workstations before there is a problem. I prefer to only have access when the client knows I am doing something.

Absolutely, the customer shouldn't have to do anything.

Looks like Advantig DualDesk is built on VNC, but I could be wrong. We use UltraVNC SC (free) to accomplish the same result, but if I could remote control a system using RDP or VNC without have the user be involved that would really put the icing on the TBA cake.

dcorley
Level 1
Level 1

wikipedia on remote desktop protocol comparisons lists RDP and VNC and proprietary-based remote desktop services...

http://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software

About half are RDP-based. Other half are VNC. Many are hybrids/proprietary. Common thread (and pain) among many of these is a) cost of client licenses, b) cost of deploying a server in the sky to maintain persistent VNC/RDP connection with client, c) opportunity cost of building temporary or permanent VPN connection to the router/FW, and/or d) cost of service.

Seems to me that, in the spirit of "freemium" service, if partners/customers were offerred a aseline "free" service where we (Cisco) hosted a login server that maintains persistent connection with generic RDP proxy or VNC proxy, where these proxies were hosted on the TB appliance. Partners could install, configure, enable VNC or RDP clients  and make them "visible" to the login server's UI. So, once the partner logged onto the cloud login server, they have a page that shows RDP or VNC-enabled computers. Partner doubleclicks on an icon representing a computer and the functions available through that VNC or RDP client are made available to the partner. This would be the "free" service. "Premium" service which partner may include as a value-added service would be separate purchase of enhanced VNC/RDP packages as described in the wikipedia article.

Appealig thing about RDP is that the MSFT RDP client has been ported to linux and other OS's.Unappealing is that MSFT's RDP implementation is proprietary. More difficult to build a RDP proxy if MSFT is unable or unwilling to provide RDP proxy software to us.

Comments?

Dave

Why do you need a proxy at all?  The TBA already has a secure tunnel (SSL right?) to the Portal, just send 3389 traffic over the tunnel.  You should be able to send any traffic you want over the SSL tunnel and simple redirect the port (similar to NAT port forwarding) to the desired destination).  The RDP/VNC traffic would go from our desktop to the portal to the TBA to the device, no proxy needed, just IP traffic forwarding.

Oh, BTW, a RDP and VNC protocol wold have to have the ability to change listenting ports.

Another thing you "could" do, though it'd require a customer-site firewall setting, is have the TBA accept one inbound SSL VPN connection and when we want to remote control a system we'd create an SSL VPN connection to the TBA (automatically via the Portal) then control the devices.  Wait, there could be routing issues there.  I'd have to think that out a bit more, but in the end I don't see why you need a proxy when you already have a tunnel to the location.  My point in this paragraph was how do we save Cisco bandwidth?

This is a very exciting feature coming in Drop 3, and having used this feature quite a bit during it's development, I think you folks are going to be impressed.  The port can be changed and is remembered as the default per-device.  We do proxy the connection through the portal, but this allows zero firewall/NAT configuration at the customer location and makes the feature very easy to use.   VNC and generic TCP tunnel connections (SSH/telnet) will also be available.  A possibility for the future could be to setup direct connection through the customer firewall when available, but this would be a feature beyond our current phase of the trial.

-mike

Mike, TB Trials partners,

Having put eyeballs and fingers to the remote desktop access feature in the past couple days, I'm impressed with what the development team has done. For trials participants, Marcos will schedule a training session prior to the drop 3 release date in which he shows, via webex, how the feature works. The UI is straightfroward - doubleclick on the device to launch the device dialog. Click on the connection tab. At the top of the tab's display, you'll have the option of specifying VNC or RDP protocol. Insert connection user ID and password and the session is established. We won't yet proclaim that this is the user interface to beat all user interfaces, but it takes advantage of the nailed up connection from the appliance to the Thunderbolt server so that you dont have to worry about poking other holes in the firewall.

This feature, of course, raises quesitons about the exposure of customer data through RDP/VNC, but our assumption is that your customer has established a trust relationship with those of you who need to use VNC/RDP and have therefore granted access for these operations. As with other trials features, we'll be looking for your feedback as to the user experience and also how you expect to use the capability. We can hone/iterate to a better UI behavior with that feedback

Not to steal Marcos' thunder too much, but Ive also worked with the feature that exposes a limited set of TB portal information through mobile smartphone device UIs.  Its a straightforward UI with controls not dissimilar to what youve experienced on the full-fledged portal browser UI. In scenairios where you dont have a computer/browser handy but a 3G/wifi smartphone is available, you'll be able to view and control critical portal information for any of your customers exposed  through the smartphones browser UI.

Thanks,

Dave

dcorley wrote:

The UI is straightfroward - doubleclick on the device to launch the device dialog. Click on the connection tab. At the top of the tab's display, you'll have the option of specifying VNC or RDP protocol. Insert connection user ID and password and the session is established.

Also, if you can use or have previously set the defaults (port 3389 for RDP or 5900 for VNC for example) for a device, you can just right-click a device from the topology or dashboard (inventory view) to launch the connection.   Any required credentials would be prompted for by the end device, so as long as the protocol used is encrypted (such as with RDP), those credentials are neither exposed to the portal servers nor to any potential evesdroppers across the internet.

-mike

Dave,

Remember, you cannot assume that 3G is available everywhere. It really has to be desgined to run on the slowest of cell networks not the hit-or-miss 3G networks.  Until it works on the slower networks it will be useless to many.

Our current focus is one that offers minimal overhead and it is almost 100% text-based. I think it will work great. We want to test the waters with read-only screens first, and then move on to additional control menus.

On a different (but related) note, I also saw a demo of remote desktop access using Thunderbolt and running on a Blackberry!!

The entire team is working full steam to get these features out to you as soon as possible.


Marcos

Brian,

Understood. We've taken pains to optimize user experience performance for low-bandwidth, low compute-resource devices. But,... that's our asessment. Once deployed, we'll look forward to trials partner feedback...everyone's... for the assessment that matters.

If you have a "thing" that has a browser and internet connectivity, then once you get drop 3, bookmark the login page and try it out... Most every device we have in our test lab is of relatively high bandwidth and UI capabilities. Our avowed target is "smartphones." But we'll take what feedback you give us on mobile devices with 300 baud internet connections and Mosaic 1.0 browser. :-)

Dave

I have been using the X-launch feture lately and really like being able to just click connect and get to a device's web admin page. X-launch will save us a lot of time.  It seems that our techs can never rember what the IP address is of that printer in the clients.office.  Now they can see the IP address and connect to the device to make confige changes; all without ever having to setup a VPN or leap frog from an RDP session.

Having the ability to RDP directly from the Thunderbolt portal is the icing on the cake!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: