Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
a855d4c03116d7d2878c8ddaf7202aba516cfc19
gitea-pages/proposals/draft-nx.md
ebner 090a2d1f6c updates
2022-12-19 16:20:31 +01:00

171 lines
5.0 KiB
Markdown
Raw Blame History

# NX
![scetch](draft-nx-overview.drawio.svg)
Highavailability mode really needed
NX does the decision - sometimes not transparent how it is done
##rem-acc.psi.ch
decides who is allowed to connect to a certain nx machine connected to rem-acc
configuration inside NX in a database
svc-nx - AD group this defines who is allwed to access NoMachine Proxy from rem-acc
/root/scripts/change_rule.sh Written by Dima does nxserver commands - used to update rules
history of root will show last changes
/root/scripts contain a set of other scripts
Usually NX access from rem-acc to machines in the office network is not allowed (security request)
There are exceptions:
* detector group shared workstateion - pcmic05
* ENE - Jens Ehler - mpc2053, mpc2959
*
Rules for these machines are not dynamically modifiable, need to be done manually!
need request to security to open a firewall rule
# Commands on rem-acc
List of all configured servers
```
nxserver --serverlist --extended
# nxserver --serverlist --extended | grep psi.ch | grep nomach
```
Output: one line for each server
Show all access rules
```
nxserver --rulelist
```
# Software
RemACC - NoMachine Cloud Server
xxx proxies - NoMachine Enterprise Desktop Service
nodes behing proxy - NoMachine Enterprise Server Nodes - you can only to these nodes through a proxy (Enterprise Desktop Service)
consoles - Enterprise Desktop - allows connections to the physical console) (- with Windows this is the only product that we use) - 1 session
Virtual desktops Linux:
NoMachine Workstation - up to 4 virtual session can be created - usually used on the *-vcons-* systems
Small Business Terminal Server Subscription - same as above but up to 10 virtual sessions - (only used for ENE)
Terminal Server - same as above but unlimited number of sessions
Desktop - completely free license - funcionality same as Enterprise Desktop but cannot be connected/accessed from proxy/cloudServer!!!
Depending on the product the price differences are HUGE
Each machine has its own license!
Bought in packs of multiple licenses
Some licenses depend sometimes on the number of code
All licenses are now synchronized to be payed in April
> Distribution of the licenses via Puppet (encrypted ...)
> machines this is distributed to machines in different hiera classes - so its difficult to assign/configure the licenses
There are 50 Windows machines !!!! (we have 60 Licenses)
Distribution - Baramundi - Dima has access to this
Update of the software done by the Windows Team (they make the Baramundi packaging)
Linux 85 machines (90 Licenses - Enterprise Desktop)
Every installation of the nomachine software requires 2 reboots!
1 after remove
1 after install
For linux you don't need the reboot
When installing the virtual sessions will be killed - on pysical desktop no affects
!!!! Need communication regarding the Updates with users !!!!
Linux RPMs are located in this repository - updated by Dima
http://repo00.psi.ch/el7/manual/nxserver/
__THERE IS A .htaccess file in there that restricts the access to this repo to only the listed nodes !!!!__
This file gives info about all linux nodes that are somehow related to NX
NoMachine only releases RPM for current version - but removes older ones
Open firewall (network@psi.ch)
install sw on node
Nodes are registered on rem-acc with /root/scripts/add_node.sh
update of Mongo-DB for Rama (done by Dima)
connect to rama.psi.ch as root
`mongo`
`use rama`
`db.TargetMode.insert(......` (check history)
!!!!! RAMA IS NOT UP TO DATE !!!!
# Licenses
35000 CHF - 21 April 2023
----
Checkout the app: Open OnDemand
https://rustdesk.com
# Meeting
- Enduser documentation maintained by Dima: https://www.psi.ch/en/photon-science-data-services/remote-interactive-access
if you don't connect to rem-acc via the admin user a script is executed ... somewhere burried in /etc/sshd/sshd.config
most of the stuff dima tries to do with puppet
hiera config: https://git.psi.ch/linux-infra/data-rem-acc
There are no ansible script
- things not done by puppet is/was done manually
rem-acc-1/2 still have access to repo00 and puppet server although it is in the extranet ... but not to git
cron jobs on remacc 1 to synchronize the internal state/database of nx-server!
cron jobs were placed manually!!!
no such cron jobs on rem-acc-2
/root/scripts on remacc1 is
if remacc2 is master no sync and rama will not work
remacc2 only for short breakdowns
need to be discussed whether HA is really needed
we do not have nx-support package
response to tickets is few number of days (defined in license)
have access to portal to no-machine
Dario can issue changes to nx-portal management:
www.nomachine.com
Account need to be done by Dario
Portal used to download the rpms (need to be done one by one) for Linux and Windows
Portal used to issue tickets
https://intranet.psi.ch/de/daas contains some information why nomachine is used ...
!!!!WINDOWS - there are more than x windows machine on this service
need to update the license on a windows admin machine
time for update nx - needs to be scheduled with the user!!!!
View Git Blame Copy Permalink