Nick, thanks for getting back on this. Just to make it simpler. Lets say I have VPN concentrator in the cloud and it has the tunnel to other customers. Now I want to have guacamole installed on a server in the cloud and have a client talk to that VPN concentrator (which is also in the cloud) and that client (on guacamole server) will have a connection to that VPN concentrator and tell it to establish the rdp/ssh session and session pass it over to the user browser
User Browser -->[Guacamole Server-->Client]-->VPN Concentrator thanks On Thu, Mar 15, 2018 at 12:49 PM, Nick Couchman <[email protected]> wrote: > On Thu, Mar 15, 2018 at 1:29 PM, R <[email protected]> wrote: > >> Is there a way, that I can tunnel the outbound rdp/vnc/ssh connections >> via CASB. I need to authenticate to CASB first before I need to send the >> rdp/vnc/ssh connection. >> I will be sending all the requests to that CASB and CASB will act as >> multi-tenent for all customers. >> > > > First, you haven't really defined what CASB is, so it's hard for those of > us unfamiliar with the term to know exactly what you're talking about. A > quick Google search turns up Netskope's Cloud Access Security Broker, which > sounds like it could fit what you're talking about, but you might want to > help us out and define that a little better. Besides just what it is, it > would be useful to know a little bit about how it functions - what does it > mean to "authenticate to CASB" before you send the connection? Do they > provide any clients or documentation on how that authentication is > accomplished? Is it a REST API, a port knocking handshake, some other > username/password? Should it be taking credentials used for the connection > and providing those somewhere else? Is there something else that needs to > be configured, like a CASB server, etc. > > There are few things that aren't possible to accomplish, it's just a > matter of determining how to accomplish it and whether or not it's worth > the difficulty, or if the arrangement of the network with regard to the > location of CASB can be adjusted at all. > > -Nick >
