Setup with a jump host

Forums / General Discussions / Setup with a jump host

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #36813
    patvdv
    Participant

    Hi,

    My company is still looking into using NoMachine as a remote desktop solution that are situated in a dedicated and separated network. We have about 200 workstations and servers we need to access with various OS (95% Linux-based, 5% Windows-based). Corporate requirements dictate that we must use a jump host in the connection path:

    End-user client hosts (Win10/Linux) —-> jump host —-> Linux/Windows target hosts

    Both networks are firewalled and and services are passed through via NATting.

    My question is whether this is possible using a setup with NoMachine? Note that the jump host may not host any desktops or related services. It is meant for jumping across the network border only. Additionally we would like to make the jump host in a highly available or redundant fashion.

    Regards,

    Patrick Van der Veken

    #36839
    Bilbotine
    Keymaster

    Hi Patrick,

    Based on your description, the best setup is NoMachine Cloud Server + NoMachine Enterprise Desktop.

    If you need failover ability, a second NoMachine Cloud Server will be needed. More information about this setup in the article here: NoMachine – Setting up highly available centralized access to remote physical desktops – Knowledge Base

    You can download the free client + a free for 30 days evaluation version of our products here: NoMachine – Download Enterprise Remote Access Solutions

    Currently, Cloud Server’s licensing and pricing model is based on the server’s physical CPU core – not counting hyper threading.

    In the upcoming v8 release, the current Cloud Server will be replaced with Enterprise Cloud Server and will have a fixed cost. The CPU cores count will no longer apply.

    #36927
    patvdv
    Participant

    Hi Bilbotine,

    Thanks for your answer and my apologies for the late reply on my behalf (Christmas break). If I understand correctly we would need:

    end-user laptop —————–> Jump host ———————–> end-user desktop

    NoMachine client                          Nomachine Cloud Server               NoMachine Entreprise desktop

    As a follow-up question: we need to avoid at any cost that applications and/or desktop sessions can be opened on the jump host itself as our security policies only allows us to use that host for the single purpose of jumping onto a 2nd target host. Is it possible to limit the NM cloud server functionality to ONLY allow opening CLI (SSH) & GUI (NM/VNC) sessions to further machines for connecting users?

     

    #36957
    Bilbotine
    Keymaster

    Hi Patrick,

    I confirm your assumption, but recommend to test the product to make sure it corresponds to your needs.

    Concerning your follow-up question: by default, only privileged system users (root or ‘sudo’ users on Linux and Mac, administrator users on Windows) are allowed to connect to the physical desktop of the Cloud Server host. You can disable it by setting in the server configuration:

    EnableAdministratorLogin 0

    Let us know if you need further help.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.