Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
cf5df4be2a8708d84e9fe8fd87bf69b4eebb2a27
gitea-pages/proposals/draft-nx.md
ebner 1c09ba4e10 add draft for nx
2022-12-08 16:12:09 +01:00

3.5 KiB
Raw Blame History

NX

scetch

Highavailability mode really needed NX does the decision - sometimes not transparent how it is done

##rem-acc.psi.ch decides who is allowed to connect to a certain nx machine connected to rem-acc

configuration inside NX in a database

svc-nx - AD group this defines who is allwed to access NoMachine Proxy from rem-acc

/root/scripts/change_rule.sh Written by Dima does nxserver commands - used to update rules history of root will show last changes

/root/scripts contain a set of other scripts

Usually NX access from rem-acc to machines in the office network is not allowed (security request) There are exceptions:

  • detector group shared workstateion - pcmic05
  • ENE - Jens Ehler - mpc2053, mpc2959

Rules for these machines are not dynamically modifiable, need to be done manually! need request to security to open a firewall rule

Commands on rem-acc

List of all configured servers

nxserver --serverlist --extended 
# nxserver --serverlist --extended  | grep psi.ch | grep nomach

Output: one line for each server

Show all access rules

nxserver --rulelist

Software

RemACC - NoMachine Cloud Server xxx proxies - NoMachine Enterprise Desktop Service nodes behing proxy - NoMachine Enterprise Server Nodes - you can only to these nodes through a proxy (Enterprise Desktop Service)

consoles - Enterprise Desktop - allows connections to the physical console) (- with Windows this is the only product that we use) - 1 session

Virtual desktops Linux: NoMachine Workstation - up to 4 virtual session can be created - usually used on the -vcons- systems Small Business Terminal Server Subscription - same as above but up to 10 virtual sessions - (only used for ENE) Terminal Server - same as above but unlimited number of sessions

Desktop - completely free license - funcionality same as Enterprise Desktop but cannot be connected/accessed from proxy/cloudServer!!!

Depending on the product the price differences are HUGE

Each machine has its own license! Bought in packs of multiple licenses Some licenses depend sometimes on the number of code

All licenses are now synchronized to be payed in April

Distribution of the licenses via Puppet (encrypted ...) machines this is distributed to machines in different hiera classes - so its difficult to assign/configure the licenses

There are 50 Windows machines !!!! (we have 60 Licenses) Distribution - Baramundi - Dima has access to this Update of the software done by the Windows Team (they make the Baramundi packaging)

Linux 85 machines (90 Licenses - Enterprise Desktop)

Every installation of the nomachine software requires 2 reboots! 1 after remove 1 after install

For linux you don't need the reboot When installing the virtual sessions will be killed - on pysical desktop no affects

!!!! Need communication regarding the Updates with users !!!!

Linux RPMs are located in this repository - updated by Dima http://repo00.psi.ch/el7/manual/nxserver/

THERE IS A .htaccess file in there that restricts the access to this repo to only the listed nodes !!!! This file gives info about all linux nodes that are somehow related to NX

NoMachine only releases RPM for current version - but removes older ones

Open firewall (network@psi.ch) install sw on node Nodes are registered on rem-acc with /root/scripts/add_node.sh update of Mongo-DB for Rama (done by Dima) connect to rama.psi.ch as root mongo use rama db.TargetMode.insert(...... (check history)

!!!!! RAMA IS NOT UP TO DATE !!!!

View Git Blame Copy Permalink