On Fri, Mar 8, 2013 at 11:36 AM, Dragseth Roy Einar <roy.drags...@uit.no>wrote:
> We're in the process of establishing an open remote desktop service for the
> users of our HPC-cluster. The plan is to provide an unrestricted vnc
> access
> to the login screen (using xdm) and require TLSnone as encryption for all
> connections. So, my question to the forum is: Do anyone have experience in
> running such a service in a production environment? Are there any
> pitfalls we
> should be aware of?
>
I've been doing this for a similar environment for several years now. In
our case, we have about 40 login servers that are all individually
accessible. I created a perl daemon that runs on each server, listening on
tcp/5900 and offers only the Ident SecurityType (which AFAIK is only
supported by the TigerVNC and TurboVNC java clients). This allows the
daemon to identify the client user and then sends a ClientRedirect message
to the viewer with the address of the user's existing or newly spawned Xvnc
session. It's not very sophisticated, but it gets the job done.
> Yes, I'm aware that we will be exposing the xdm login screen to the whole
> world, but we're currently allowing this for ssh login so in principle
> we're
> already having our jewels hanging out there...
>
We do the same except that the cluster is not publicly accessible.
> If we can pull this off we will be able to improve our service level by
> offering
> a simple linux desktop (XFCE) to our users without requiring anything from
> their side than a java-enabled web browser.
>
Java WebStart can also be used to serve the jar file so that it can be used
more like a native application. Personally, I prefer this because it
decouples the client from the browser and allows client updates to be
managed transparently.
> In the test setup we have 16 login servers behind a NAT firewall and a
> simple
> web frontend that hands out the vncviewer jar and picks a random server
> among
> the 16. I can even run sophisticated 3D molecular modelling software from
> my
> dirt cheap android tablet (using the bVNC app).
>
One problem that my approach has is that there is nothing preventing people
from starting sessions on multiple machines, so this tends to happen and
then they can't understand why firefox says that there's another instance
running, etc. It would be nice to have a portal-type application that
could provide a single point of entry which displays any current sessions
for the whole cluster and gives the option of selecting one of those or
creating a new session.
Also, DRC mentioned something on the TurboVNC list the other day about one
of his customer's possibly open sourcing their portal app. Not sure about
any details yet, maybe he can weigh in.
-brian
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Tigervnc-users mailing list
Tigervnc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-users
