Steve92

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 46 total)
  • Author
    Posts
  • in reply to: Active/active clustering #52838
    Steve92
    Participant

    Hi!

    I’m still very interested in this subject, it’s very important for the last part of the POC.

    Q1 – Does ECS V8 support PROXY protocol with NX so ECS can see the IP address of the client (and not the address of HAProxy) ?

    I’ve done some testing, it doesn’t seem with standard settings. Is there something to set to make it work ?

     

    Q2 – Does ECS V8 support PROXY protocol with SSH ?

    I’ve done some testing, it doesn’t seem with standard settings. Is there something to set to make it work ?

     

    Q3 – Do we need to install mmproxy or better go-mmproxy on both ECS to allow them to communicate with HAProxy, using PROXY protocol ? With NX servers ? With SSH servers ?

     

    Q4 -Have you ever test this configuration ? Is it used in big enterprises among your clients ?

     

    ___________________ ==> [ go-mmproxy + !M ECS-A ] ==>

    !M Client ==> HAProxy ==|| ________________________ ||==> !M ED or SBTS

    ___________________ ==> [ go-mmproxy + !M ECS-B ] ==>

     

    HAProxy balances the load between an ECS cluster with 2 members A & B and forwards IP adresses of the clients to the ECS servers thanks to “PROXY protocol”.

     

    Thanks,

     

    Regards,

     

    Steve.

    in reply to: Disable warning about authenticity of host #52820
    Steve92
    Participant

    Could you be more precise ?

    in reply to: Active/active clustering #52771
    Steve92
    Participant

    Hi!

    The idea would be to use HAProxy to balance load on at least 2 ECS, without using “ECS Cluster” products since they run in active/passive mode, they don’t offer load balancing but only failover.

    HAProxy uses PROXY protocol.

    Does the implementation on the NoMachine ECS V8 support the PROXY protocol ?

    If it doesn’t, from my understanding, it means that IP source addresses (!M Clients) will be unknown for the NoMachine ECS in cluster (they will only see IP add. of HAProxy).

    It would be very annoying because we do need traceablity for some sensitive environments.

    Would the alternative solution be to use SSH instead of NX (I found some documentation saying ssh servers support PROXY protocol) ?

    SSH and NX are quite similar, so I hope NXserver support PROXY protocol too…

    Could you please clarify that ?

    Thanks,

    Steve.

    in reply to: Crucial folders & files to backup ? #52703
    Steve92
    Participant

    Hi,

    Is this command actually reliable ?

    Some files seem to have been forgotten…

    Steve.

    in reply to: Active/active clustering #52702
    Steve92
    Participant

    Hi,

    When, very approximatively, will V9 be released ?

    We can’t wait for it and have to find a solution to get load balancing with v8.

    Are ECS compatible with HAProxy solution in TCP (NX) mode ?

    What third-party solution can handle load balancing between many ECS ?

    Thanks,

    Regards,

    Steve.

    in reply to: Crucial folders & files to backup ? #52660
    Steve92
    Participant

    Hi!

    Interesting command. 🙂

    Yet I’ve noticed a mistake in KB article: ‘NX’ has been forgotten in paths

    /usr/NX/etc/server.cfg

    /usr/NX/etc/node.cfg

    /usr/NX/etc/nxdb

    /usr/NX/etc/uuid

    /usr/NX/etc/keys => whole directory

    Moreover, I’m surprised at not seeing these config files :

    /etc/NX/server/localhost/runner.cfg

    /etc/NX/server/localhost/player.cfg

    /etc/NX/server/localhost/node.cfg

    /etc/NX/server/localhost/server.cfg

    /usr/NX/etc/web.cfg

    /usr/NX/etc/update.cfg

    /var/NX/nx/.nx/config/player.cfg

    /usr/NX/scripts/etc/localhost/player.cfg

    /usr/NX/scripts/etc/localhost/runner.cfg

    /usr/NX/scripts/etc/localhost/node.cfg

    /usr/NX/scripts/etc/localhost/webplayer.cfg

    /usr/NX/scripts/etc/localhost/server.cfg

    Aren’t they crucial ?

    Licence key file is a must too :

    /usr/NX/etc/server.lic

    Regards,

    Steve.

    in reply to: How to rename a group of nodes ? #52430
    Steve92
    Participant

    Hi!

    Isn’t it possible to rename a group of nodes ?

    in reply to: How to rename a group of users ? #52429
    Steve92
    Participant

    Hi,

    Isn’t it possible to rename a group of users ?

    in reply to: How to delete a group of nodes #52392
    Steve92
    Participant

    Hi!

    Yes, it was a copy/paste problem from MSWord (doesn’t like –) to terminal window  !

    I’ve to warn the future admin team… or use notepad to type documentation. 😉

    Steve.

     

     

     

    in reply to: How to delete a group of nodes #52351
    Steve92
    Participant

    Hi !

    Thanks, the rules are well deleted but

    sudo /etc/NX/nxserver --nodegroupdel Nodes_Group_01

    gives

    NX> 500 ERROR: Invalid command: '–-nodegroupdel'

    What’s wrong ?

    Regards,

    Steve.

    in reply to: Inverse connection and node public key #52350
    Steve92
    Participant

    Hi!

    So the symetric encryption key is not encrypted with public key of the node stored in

    /var/NX/nx/.nx/config/authorized.crt

    ?

    How is the symetric encryption key protected during exchange ?

    I’ve noticed sometimes the public key of a node is deleted from  /var/NX/nx/.nx/config/authorized.crt when a node is deleted but it doesn’t seem to be done in a systematic way.

    When exactly a public key is deleted from  /var/NX/nx/.nx/config/authorized.crt file ?

    Is it the same logic when the node is deleted from UI or with the command line ?

    Thanks,

    Regards,

    Steve.

    in reply to: SSO between Enterprise Client and ECS #52271
    Steve92
    Participant

    Hi!

    When I  try to connect ECS from Enterprise Client with Kerberos MS SSPI, I get this error in session log.

    What could be the prob’ ?

    Thanks,

    Steve.

    —–

    sspi_init_sec_context_test: Authentication mechanism ‘Kerberos’ is not supported.

    ssh_sspi_error: The target was not recognized.

    ssh_sspi_error: The requested security package does not exist.

    ssh_sspi_error: The requested security package does not exist.

    ssh_sspi_indicate_mech: ERROR! No more mechanisms.

    12612 14116 17:08:09 620 NXGssapiPrepareMech: ERROR! Cannot indicate mech.

    ialized session at 0x0000000003cf10a0.

    12128 5448 2025-03-14 17:07:43 513.591 ClientSession: Starting session at 0x0000000003cf10a0.

    12128 5448 2025-03-14 17:07:43 515.416 ClientSession: Going to start session ‘C:\Users\xyz\Documents\NoMachine\ECS RIE KERB.nxs’.

    12128 5448 2025-03-14 17:07:43 532.196 Connection: Initializing connection at 0x0000000007786370.

    12128 5448 2025-03-14 17:07:43 537.183 Connection: Initialized connection at 0x0000000007786370.

    12128 5448 2025-03-14 17:07:43 537.183 Connection: Starting connection at 0x0000000007786370.

    12128 5448 2025-03-14 17:07:43 537.183 ClientDaemonConnector: Starting a new connection to host ‘w.x.y.z’ on port ‘4000’.

    12128 5448 2025-03-14 17:07:43 538.672 Connection: Started connection at 0x0000000007786370.

    12128 5448 2025-03-14 17:07:43 538.672 ClientSession: Started session at 0x0000000003cf10a0.

    Info: Slave server running with pid 16608.

    Info: Listening to slave connections on port 35299.

    Info: Connection to w.x.y.z port 4000 started at 17:07:43 553.232.

    12128 5448 2025-03-14 17:07:43 555.304 Main: Entering the GUI event loop.

    12128 14132 2025-03-14 17:07:44 841.855 ClientSession: A valid certificate for this server was found.

    12128 14132 2025-03-14 17:08:09 620.348 DaemonLogin/DaemonLogin: ERROR! Gss oid not specified.

    Error: Gss oid not specified.

    12128 19952 2025-03-14 17:08:09 623.362 DaemonClientApplication/DaemonClientApplication: WARNING! Session terminated abnormally.

    12128 19952 2025-03-14 17:08:09 623.362 DaemonClientApplication/DaemonClientApplication: WARNING! Error is 22, ‘Invalid argument’.

    Warning: Connection to w.x.y.z port 4000 failed at 17:08:09 623.362.

    Warning: Error is 22, ‘Invalid argument’.

    12128 5448 2025-03-14 17:08:09 624.553 Connection: Connection at 0x0000000007786370 failed.

    12128 5448 2025-03-14 17:08:09 624.553 ClientSession: Runnable at 0x0000000007786370 caused the session at 0x0000000003cf10a0 to fail.

    12128 5448 2025-03-14 17:08:09 624.553 ClientSession: Failing reason is ‘Impossible de se connecter au serveur.

    L’erreur est 22 : Argument non valable’.

    12128 5448 2025-03-14 17:08:09 636.440 ClientSession: Stopping session at 0x0000000003cf10a0.

    12128 5448 2025-03-14 17:08:09 659.110 ClientSession: Destroying display client.

     

    in reply to: SSO between Enterprise Client and ECS #52207
    Steve92
    Participant

    Hi
    Any idea ?

    in reply to: Same RSA keys pair for many nodes? #52206
    Steve92
    Participant

    Hi
    Yes, it would be for inverse connection cases.

    in reply to: High RAM usage #52200
    Steve92
    Participant

    Hi,

    After reboot RAM usage is much more reasonable.

    But I’d like advice to size the RAM.

    How much RAM is needed on ECS for:

    – 10 concurent users ?
    – 20 concurrent users ?
    – 50 concurrent users ?

    From what number a cluster is advised ?

    Thanks,

    Regards,

    Steve.

Viewing 15 posts - 1 through 15 (of 46 total)