forked from Controls/gitea-pages
117 lines
3.5 KiB
Markdown
117 lines
3.5 KiB
Markdown
# NX
|
|
|
|

|
|
|
|
Highavailability mode really needed
|
|
NX does the decision - sometimes not transparent how it is done
|
|
|
|
##rem-acc.psi.ch
|
|
decides who is allowed to connect to a certain nx machine connected to rem-acc
|
|
|
|
configuration inside NX in a database
|
|
|
|
svc-nx - AD group this defines who is allwed to access NoMachine Proxy from rem-acc
|
|
|
|
|
|
|
|
/root/scripts/change_rule.sh Written by Dima does nxserver commands - used to update rules
|
|
history of root will show last changes
|
|
|
|
/root/scripts contain a set of other scripts
|
|
|
|
|
|
|
|
Usually NX access from rem-acc to machines in the office network is not allowed (security request)
|
|
There are exceptions:
|
|
* detector group shared workstateion - pcmic05
|
|
* ENE - Jens Ehler - mpc2053, mpc2959
|
|
*
|
|
|
|
|
|
Rules for these machines are not dynamically modifiable, need to be done manually!
|
|
need request to security to open a firewall rule
|
|
|
|
|
|
|
|
# Commands on rem-acc
|
|
|
|
List of all configured servers
|
|
```
|
|
nxserver --serverlist --extended
|
|
# nxserver --serverlist --extended | grep psi.ch | grep nomach
|
|
|
|
```
|
|
|
|
Output: one line for each server
|
|
|
|
|
|
Show all access rules
|
|
```
|
|
nxserver --rulelist
|
|
```
|
|
|
|
# Software
|
|
RemACC - NoMachine Cloud Server
|
|
xxx proxies - NoMachine Enterprise Desktop Service
|
|
nodes behing proxy - NoMachine Enterprise Server Nodes - you can only to these nodes through a proxy (Enterprise Desktop Service)
|
|
|
|
consoles - Enterprise Desktop - allows connections to the physical console) (- with Windows this is the only product that we use) - 1 session
|
|
|
|
Virtual desktops Linux:
|
|
NoMachine Workstation - up to 4 virtual session can be created - usually used on the *-vcons-* systems
|
|
Small Business Terminal Server Subscription - same as above but up to 10 virtual sessions - (only used for ENE)
|
|
Terminal Server - same as above but unlimited number of sessions
|
|
|
|
Desktop - completely free license - funcionality same as Enterprise Desktop but cannot be connected/accessed from proxy/cloudServer!!!
|
|
|
|
|
|
Depending on the product the price differences are HUGE
|
|
|
|
|
|
Each machine has its own license!
|
|
Bought in packs of multiple licenses
|
|
Some licenses depend sometimes on the number of code
|
|
|
|
|
|
All licenses are now synchronized to be payed in April
|
|
|
|
> Distribution of the licenses via Puppet (encrypted ...)
|
|
> machines this is distributed to machines in different hiera classes - so its difficult to assign/configure the licenses
|
|
|
|
|
|
There are 50 Windows machines !!!! (we have 60 Licenses)
|
|
Distribution - Baramundi - Dima has access to this
|
|
Update of the software done by the Windows Team (they make the Baramundi packaging)
|
|
|
|
Linux 85 machines (90 Licenses - Enterprise Desktop)
|
|
|
|
|
|
Every installation of the nomachine software requires 2 reboots!
|
|
1 after remove
|
|
1 after install
|
|
|
|
For linux you don't need the reboot
|
|
When installing the virtual sessions will be killed - on pysical desktop no affects
|
|
|
|
!!!! Need communication regarding the Updates with users !!!!
|
|
|
|
Linux RPMs are located in this repository - updated by Dima
|
|
http://repo00.psi.ch/el7/manual/nxserver/
|
|
|
|
__THERE IS A .htaccess file in there that restricts the access to this repo to only the listed nodes !!!!__
|
|
This file gives info about all linux nodes that are somehow related to NX
|
|
|
|
NoMachine only releases RPM for current version - but removes older ones
|
|
|
|
|
|
|
|
Open firewall (network@psi.ch)
|
|
install sw on node
|
|
Nodes are registered on rem-acc with /root/scripts/add_node.sh
|
|
update of Mongo-DB for Rama (done by Dima)
|
|
connect to rama.psi.ch as root
|
|
`mongo`
|
|
`use rama`
|
|
`db.TargetMode.insert(......` (check history)
|
|
|
|
!!!!! RAMA IS NOT UP TO DATE !!!! |