- This topic has 4 replies, 2 voices, and was last updated 1 week ago by
.
-
Posts
-
Hello,
Is the following use case possible with “NoMachine Cloud Server” (or another product) ?
We have one “trust zone” (with T machines) and one “untrust zone” (with U machines).
T needs remote access to U.[ T !M Client ] ====> | Firewall | ====> [ U !M Ent.Desktop]
Some users (potentially untrustworthy) have admin privileges on U then they can modify “!M Enterprise Desktop” security parameters (i.e upload/download, copy/paste…).
We don’t want that, strict rules must be applied about data transfer between untrust and trust zones.
Can “!M Cloud Server” (or another product) answer this use case ?
How ?
I think about something like that:
[ T !M Client ] ====> | Firewall | ====> [ !M Cloud Server ] ====> | Firewall | ====> [ U !M Ent.Desktop ]
Both FW and “Cloud Server” would be administrated by trustworthy teams.
Only administrators of “Cloud Server” must be able to modify “!M Enterprise Desktop” parameters.What could be the solution ?
Thanks,
Regards.
Steve.
Hi, yes it is possible and it’s done using the concept of “profiles”. The Cloud Server already supports a system of rules which can then be inherited by its nodes. We implemented this for a number of important server workings and features so that specific rules related to, for example, clipboard, file transfer, audio, recording and others are propagated from the Cloud Server (or Enterprise Terminal Server) to any of its nodes to allow or disable a service, feature or session type. You can see more about this in the Cloud Server guide https://kb.nomachine.com/DT09S00252#4.5.
We are working to extend the configuration and security options that are made available by the system and that are enforced and eventually negated, and reverted, by the master (Cloud in your case) server in future versions.
Hello,
Great news for the POC in progress !
It’s crucial for us to protect “!M Enterprise Desktops” settings.An FR : (if I don’t need to change my glasses 😉 )
We need to give access to all Nodes only via Cloud Server.
I can’t see that “EnableDirectConnections” can be disabled by using a command line like :
nxserver --ruleadd --class propagation…It is “ON” by default.
Could you confirm please ? Is this FR already registered ? How long will it take to add this FR ?
I guess we’ll have to deal with this need at firewall level… 🙁
Regards,
Steve.
Hello,
So, is it possible , with a profile , to propagate EnableDirectConnections=OFF to all nodes linked to a Cloud Cluster ?
If not, when will it be OK ?
Thanks
Regards
Steve.
You must be logged in to reply to this topic. Please login here.