Forum / NoMachine Cloud Server Products / Only central administration of !M parameters ?
- This topic has 4 replies, 2 voices, and was last updated 1 month, 1 week ago by Britgirl.
-
AuthorPosts
-
October 26, 2024 at 11:11 #50434Steve92Participant
Hello,
Is the following use case possible with “NoMachine Cloud Server” (or another product) ?
We have one “trust zone” (with T machines) and one “untrust zone” (with U machines).
T needs remote access to U.[ T !M Client ] ====> | Firewall | ====> [ U !M Ent.Desktop]
Some users (potentially untrustworthy) have admin privileges on U then they can modify “!M Enterprise Desktop” security parameters (i.e upload/download, copy/paste…).
We don’t want that, strict rules must be applied about data transfer between untrust and trust zones.
Can “!M Cloud Server” (or another product) answer this use case ?
How ?
I think about something like that:
[ T !M Client ] ====> | Firewall | ====> [ !M Cloud Server ] ====> | Firewall | ====> [ U !M Ent.Desktop ]
Both FW and “Cloud Server” would be administrated by trustworthy teams.
Only administrators of “Cloud Server” must be able to modify “!M Enterprise Desktop” parameters.What could be the solution ?
Thanks,
Regards.
Steve.
October 31, 2024 at 17:01 #50552BritgirlKeymasterHi, yes it is possible and it’s done using the concept of “profiles”. The Cloud Server already supports a system of rules which can then be inherited by its nodes. We implemented this for a number of important server workings and features so that specific rules related to, for example, clipboard, file transfer, audio, recording and others are propagated from the Cloud Server (or Enterprise Terminal Server) to any of its nodes to allow or disable a service, feature or session type. You can see more about this in the Cloud Server guide https://kb.nomachine.com/DT09S00252#4.5.
We are working to extend the configuration and security options that are made available by the system and that are enforced and eventually negated, and reverted, by the master (Cloud in your case) server in future versions.
November 8, 2024 at 21:55 #50658Steve92ParticipantHello,
Great news for the POC in progress !
It’s crucial for us to protect “!M Enterprise Desktops” settings.An FR : (if I don’t need to change my glasses 😉 )
We need to give access to all Nodes only via Cloud Server.
I can’t see that “EnableDirectConnections” can be disabled by using a command line like :
nxserver --ruleadd --class propagation
…It is “ON” by default.
Could you confirm please ? Is this FR already registered ? How long will it take to add this FR ?
I guess we’ll have to deal with this need at firewall level… 🙁
Regards,
Steve.
November 13, 2024 at 18:45 #50712Steve92ParticipantHello,
So, is it possible , with a profile , to propagate EnableDirectConnections=OFF to all nodes linked to a Cloud Cluster ?
If not, when will it be OK ?
Thanks
Regards
Steve.
November 13, 2024 at 19:00 #50716BritgirlKeymasterPropagation of EnableDirectConnections to all of a Cloud Server’s nodes is not currently possible. I’ve already passed this request on to our R&D team in the meantime.
-
AuthorPosts
You must be logged in to reply to this topic. Please login here.