Only central administration of !M parameters ?

Forum / NoMachine Cloud Server Products / Only central administration of !M parameters ?

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #50434
    Steve92
    Participant

    Hello,

    Is the following use case possible with “NoMachine Cloud Server” (or another product) ?

    We have one “trust zone” (with T machines) and one “untrust zone” (with U machines).
    T needs remote access to U.

    [ T !M Client ]  ====> | Firewall | ====> [ U !M Ent.Desktop]

    Some users (potentially untrustworthy) have admin privileges on U then they can modify “!M Enterprise Desktop” security parameters (i.e upload/download, copy/paste…).

    We don’t want that, strict rules must be applied about data transfer between untrust and trust zones.

    Can “!M Cloud Server” (or another product) answer this use case ?

    How ?

    I think about something like that:

    [ T !M Client  ] ====> | Firewall |  ====> [ !M Cloud Server ] ====> | Firewall | ====> [ U !M Ent.Desktop ]

    Both FW and “Cloud Server” would be administrated by trustworthy teams.
    Only administrators of  “Cloud Server” must be able to modify “!M Enterprise Desktop” parameters.

    What could be the solution ?

    Thanks,

    Regards.

    Steve.

    #50552
    Britgirl
    Keymaster

    Hi, yes it is possible and it’s done using the concept of “profiles”. The Cloud Server already supports a system of rules which can then be inherited by its nodes. We implemented this for a number of important server workings and features so that specific rules related to, for example, clipboard, file transfer, audio, recording and others are propagated from the Cloud Server (or Enterprise Terminal Server) to any of its nodes to allow or disable a service, feature or session type. You can see more about this in the Cloud Server guide https://kb.nomachine.com/DT09S00252#4.5.

    We are working to extend the configuration and security options that are made available by the system and that are enforced and eventually negated, and reverted, by the master (Cloud in your case) server in future versions.

    #50658
    Steve92
    Participant

    Hello,

    Great news for the POC in progress !
    It’s crucial for us to protect “!M Enterprise Desktops” settings.

    An FR : (if I don’t need to change my glasses 😉 )

    We need to give access to all Nodes only via Cloud Server.

    I can’t see that “EnableDirectConnections” can be disabled by using a command line like :  nxserver --ruleadd --class propagation

    It is “ON” by default.

    Could you confirm please ? Is this FR already registered ? How long will it take to add this FR ?

    I guess we’ll have to deal with this need at firewall level… 🙁

    Regards,

    Steve.

    #50712
    Steve92
    Participant

    Hello,

    So, is it possible , with a profile , to propagate EnableDirectConnections=OFF to all nodes linked to a Cloud Cluster ?

    If not, when will it be OK  ?

    Thanks

    Regards

    Steve.

    #50716
    Britgirl
    Keymaster

    Propagation of EnableDirectConnections to all of a Cloud Server’s nodes is not currently possible.  I’ve already passed this request on to our R&D team in the meantime.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Please login .