Forum Replies Created
-
Posts
-
Hi!
I know this article but, alas, it is not precise enough.
We would like metrix of performances benchmarks between SSH and NX.
SSH used on just part of the flow penalizes the end-to-end connection ?
What % performance loss can be expected if using SSH instead of NX in the following configurations ?
Basic :
[ !M Client ] == SSH ==> [ ECS ] == NX ==> [ ED or SBTS ]
Final clustering (ECS A + ECS B) architecture :
[ !M Client ] == SSH ==> [ HAProxy ] == SSH Proxy ==> [ go-mmproxy + (ECS A or ECS B) ] == NX ==> [ ED or SBTS ]
Using SSH would be necessary if there’s no solution to remove the NX authenticity warning on the HAProxy cluster (see https://forum.nomachine.com/topic/disable-warning-about-authenticity-of-host).
It would be a shame to lose X% of performance because of this…
Regards,
Steve.
Hi Britgirl,
Thanks for this answer.
Let’s consider a cluster of 2 ECS on “VM A” and “VM B”.
I fear “data created when new sessions or connections are established” could be a problem.
Q1- What happens if a user is connected to “VM A”, closes !M window (or is diconnected, due to a technical problem) and logs in “VM B” ?
” other data is generated while the server is running ”
Q2- What is exactly this data ?
Q3- What impact for the user if this data is different between nxDB on “VM A” and nxDB on “VM B” ?
“We do not synchronize databases between the two ECS servers, but they can have the same nodes added to them.”
Q4- So, that would be OK to create same nodes , groups of nodes, rules …on “VM A” and “VM B” (with a script) ?
Q5- No problem with internal data (not handled by administrator) ?
Q6- Do you have clients using this architecture ?
Q7- Could a tool like SymmetricDS be used to synchronize SQLite nxDB databases between multiple ECS NoMachines in a cluster ? It does not seem to be possible due to proprietary format of nxDB… ?
Regards,
Steve.
Hi,
While, I suppose, you enjoy your holidays 😉 , I did some testing.
Q1- I can confirm: NO with standard settings. Any solution with special settings ?
Q2- I can confirm: NO with standard settings. Any solution with special settings ?
Q3- YES, for both NX & SSH !
Q4- It works ! “go-mmproxy” (nice piece of open source) translates PROXY protocol (HAProxy) to standard NX or SSH and allows forwarding of the IP address of clients to ECS.
The only problem with NX (not SSH) is the warning box about authentication (see my other post).
!M logs show well the IP address of clients and not the one of HAProxy 🙂 .
Have you ever test this configuration ? Is it used in big enterprises among your clients ?
Regards,
Steve.
Hi!
Does NX actually offer much better performances than SSH ?
In what use cases ? In what measure ?
(forget the 2 last questions in 1st post, they are raised in my other posts)
Thanks,
Steve.
Hi!
I’ve tested this new option, it’s half a success.
I get only one warning box (the 1st one beginning with “The authenticity of host can’t be established…”), I don’t have any more the 2nd box displaying the key.
Any mean to get rid of this pop-up ?
NB: if I use SSH instead of NX, I don’t have the problem even without ticking this new option. I don’t have any warning box.
Is it possible to have the same behaviour (no warning at all) with NX than with SSH ? How ?
The use of a load balancer should be transparent to users.
Regards,
Steve.
Hi!
I’m still very interested in this subject, it’s very important for the last part of the POC.
Q1 – Does ECS V8 support PROXY protocol with NX so ECS can see the IP address of the client (and not the address of HAProxy) ?
I’ve done some testing, it doesn’t seem with standard settings. Is there something to set to make it work ?
Q2 – Does ECS V8 support PROXY protocol with SSH ?
I’ve done some testing, it doesn’t seem with standard settings. Is there something to set to make it work ?
Q3 – Do we need to install mmproxy or better go-mmproxy on both ECS to allow them to communicate with HAProxy, using PROXY protocol ? With NX servers ? With SSH servers ?
Q4 -Have you ever test this configuration ? Is it used in big enterprises among your clients ?
___________________ ==> [ go-mmproxy + !M ECS-A ] ==>
!M Client ==> HAProxy ==|| ________________________ ||==> !M ED or SBTS
___________________ ==> [ go-mmproxy + !M ECS-B ] ==>
HAProxy balances the load between an ECS cluster with 2 members A & B and forwards IP adresses of the clients to the ECS servers thanks to “PROXY protocol”.
Thanks,
Regards,
Steve.
Hi!
The idea would be to use HAProxy to balance load on at least 2 ECS, without using “ECS Cluster” products since they run in active/passive mode, they don’t offer load balancing but only failover.
HAProxy uses PROXY protocol.
Does the implementation on the NoMachine ECS V8 support the PROXY protocol ?
If it doesn’t, from my understanding, it means that IP source addresses (!M Clients) will be unknown for the NoMachine ECS in cluster (they will only see IP add. of HAProxy).
It would be very annoying because we do need traceablity for some sensitive environments.
Would the alternative solution be to use SSH instead of NX (I found some documentation saying ssh servers support PROXY protocol) ?
SSH and NX are quite similar, so I hope NXserver support PROXY protocol too…
Could you please clarify that ?
Thanks,
Steve.
Hi,
When, very approximatively, will V9 be released ?
We can’t wait for it and have to find a solution to get load balancing with v8.
Are ECS compatible with HAProxy solution in TCP (NX) mode ?
What third-party solution can handle load balancing between many ECS ?
Thanks,
Regards,
Steve.
Hi!
Interesting command. 🙂
Yet I’ve noticed a mistake in KB article: ‘NX’ has been forgotten in paths
/usr/NX/etc/server.cfg
/usr/NX/etc/node.cfg
/usr/NX/etc/nxdb
/usr/NX/etc/uuid
/usr/NX/etc/keys => whole directory
Moreover, I’m surprised at not seeing these config files :
/etc/NX/server/localhost/runner.cfg
/etc/NX/server/localhost/player.cfg
/etc/NX/server/localhost/node.cfg
/etc/NX/server/localhost/server.cfg
/usr/NX/etc/web.cfg
/usr/NX/etc/update.cfg
/var/NX/nx/.nx/config/player.cfg
/usr/NX/scripts/etc/localhost/player.cfg
/usr/NX/scripts/etc/localhost/runner.cfg
/usr/NX/scripts/etc/localhost/node.cfg
/usr/NX/scripts/etc/localhost/webplayer.cfg
/usr/NX/scripts/etc/localhost/server.cfg
Aren’t they crucial ?
Licence key file is a must too :
/usr/NX/etc/server.lic
Regards,
Steve.
Hi!
Yes, it was a copy/paste problem from MSWord (doesn’t like –) to terminal window !
I’ve to warn the future admin team… or use notepad to type documentation. 😉
Steve.