Forum / General Discussions / Setup with a jump host
- This topic has 3 replies, 2 voices, and was last updated 2 years, 10 months ago by Bilbotine.
-
AuthorPosts
-
December 23, 2021 at 16:58 #36813patvdvParticipant
Hi,
My company is still looking into using NoMachine as a remote desktop solution that are situated in a dedicated and separated network. We have about 200 workstations and servers we need to access with various OS (95% Linux-based, 5% Windows-based). Corporate requirements dictate that we must use a jump host in the connection path:
End-user client hosts (Win10/Linux) —-> jump host —-> Linux/Windows target hosts
Both networks are firewalled and and services are passed through via NATting.
My question is whether this is possible using a setup with NoMachine? Note that the jump host may not host any desktops or related services. It is meant for jumping across the network border only. Additionally we would like to make the jump host in a highly available or redundant fashion.
Regards,
Patrick Van der Veken
December 24, 2021 at 15:03 #36839BilbotineParticipantHi Patrick,
Based on your description, the best setup is NoMachine Cloud Server + NoMachine Enterprise Desktop.
If you need failover ability, a second NoMachine Cloud Server will be needed. More information about this setup in the article here: NoMachine – Setting up highly available centralized access to remote physical desktops – Knowledge Base
You can download the free client + a free for 30 days evaluation version of our products here: NoMachine – Download Enterprise Remote Access Solutions
Currently, Cloud Server’s licensing and pricing model is based on the server’s physical CPU core – not counting hyper threading.
In the upcoming v8 release, the current Cloud Server will be replaced with Enterprise Cloud Server and will have a fixed cost. The CPU cores count will no longer apply.
January 5, 2022 at 20:36 #36927patvdvParticipantHi Bilbotine,
Thanks for your answer and my apologies for the late reply on my behalf (Christmas break). If I understand correctly we would need:
end-user laptop —————–> Jump host ———————–> end-user desktop
NoMachine client Nomachine Cloud Server NoMachine Entreprise desktop
As a follow-up question: we need to avoid at any cost that applications and/or desktop sessions can be opened on the jump host itself as our security policies only allows us to use that host for the single purpose of jumping onto a 2nd target host. Is it possible to limit the NM cloud server functionality to ONLY allow opening CLI (SSH) & GUI (NM/VNC) sessions to further machines for connecting users?
January 7, 2022 at 09:44 #36957BilbotineParticipantHi Patrick,
I confirm your assumption, but recommend to test the product to make sure it corresponds to your needs.
Concerning your follow-up question: by default, only privileged system users (root or ‘sudo’ users on Linux and Mac, administrator users on Windows) are allowed to connect to the physical desktop of the Cloud Server host. You can disable it by setting in the server configuration:
EnableAdministratorLogin 0
Let us know if you need further help.
-
AuthorPosts
This topic was marked as solved, you can't post.