ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Securing Windows Server RDS with ZeroTier

    Scheduled Pinned Locked Moved IT Discussion
    zerotierwindows server 2008 r2windows server 2012windows server 2012 r2rdsterminal servervpnsecurityencryptionsdnsoftware defined network
    17 Posts 5 Posters 7.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dafyreD
      dafyre @Dashrender
      last edited by

      @Dashrender said in Securing Windows Server RDS with ZeroTier:

      @dafyre said in Securing Windows Server RDS with ZeroTier:

      @scottalanmiller And connects via IP address.

      exactly!

      If you have thin clients on the local network and they use DNS to connect, the Thin Clients will have issues if they try to connect to the ZT address that could easily be provided by the DNS servers.

      This is one of those scenarios where you have to decide if you want to go through that kind of hassle... or if it would be easier to configure the thin clients just to connect to a ZT IP address and be done.

      DashrenderD 1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender @dafyre
        last edited by

        @dafyre said in Securing Windows Server RDS with ZeroTier:

        @Dashrender said in Securing Windows Server RDS with ZeroTier:

        @dafyre said in Securing Windows Server RDS with ZeroTier:

        @scottalanmiller And connects via IP address.

        exactly!

        If you have thin clients on the local network and they use DNS to connect, the Thin Clients will have issues if they try to connect to the ZT address that could easily be provided by the DNS servers.

        This is one of those scenarios where you have to decide if you want to go through that kind of hassle... or if it would be easier to configure the thin clients just to connect to a ZT IP address and be done.

        You mean create a ZT gateway and have the TC connect to that? Why would you bother assuming the TCs are local to the server? Of course if the TC are remote, then you're probably really running from a PC of some sort and you just have ZT installed there.

        dafyreD scottalanmillerS 2 Replies Last reply Reply Quote 0
        • dafyreD
          dafyre @Dashrender
          last edited by

          @Dashrender said in Securing Windows Server RDS with ZeroTier:

          @dafyre said in Securing Windows Server RDS with ZeroTier:

          @Dashrender said in Securing Windows Server RDS with ZeroTier:

          @dafyre said in Securing Windows Server RDS with ZeroTier:

          @scottalanmiller And connects via IP address.

          exactly!

          If you have thin clients on the local network and they use DNS to connect, the Thin Clients will have issues if they try to connect to the ZT address that could easily be provided by the DNS servers.

          This is one of those scenarios where you have to decide if you want to go through that kind of hassle... or if it would be easier to configure the thin clients just to connect to a ZT IP address and be done.

          You mean create a ZT gateway and have the TC connect to that? Why would you bother assuming the TCs are local to the server? Of course if the TC are remote, then you're probably really running from a PC of some sort and you just have ZT installed there.

          Not use the ZT Gateway... I think @scottalanmiller is just thinkg of installing ZT on the RDS Server, and ZT on the clients that need to access it... Then instead of setting up DNS and all of that, just telling the clients to connect to the ZT IP of the RDS server.

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @dafyre
            last edited by

            @dafyre said in Securing Windows Server RDS with ZeroTier:

            @Dashrender said in Securing Windows Server RDS with ZeroTier:

            @dafyre said in Securing Windows Server RDS with ZeroTier:

            @Dashrender said in Securing Windows Server RDS with ZeroTier:

            @dafyre said in Securing Windows Server RDS with ZeroTier:

            @scottalanmiller And connects via IP address.

            exactly!

            If you have thin clients on the local network and they use DNS to connect, the Thin Clients will have issues if they try to connect to the ZT address that could easily be provided by the DNS servers.

            This is one of those scenarios where you have to decide if you want to go through that kind of hassle... or if it would be easier to configure the thin clients just to connect to a ZT IP address and be done.

            You mean create a ZT gateway and have the TC connect to that? Why would you bother assuming the TCs are local to the server? Of course if the TC are remote, then you're probably really running from a PC of some sort and you just have ZT installed there.

            Not use the ZT Gateway... I think @scottalanmiller is just thinkg of installing ZT on the RDS Server, and ZT on the clients that need to access it... Then instead of setting up DNS and all of that, just telling the clients to connect to the ZT IP of the RDS server.

            Exactly. Or an entry in the /etc/hosts file. Or you can even make a public entry for it with a private IP address. Lots of options.

            1 Reply Last reply Reply Quote 1
            • scottalanmillerS
              scottalanmiller @Dashrender
              last edited by

              @Dashrender said in Securing Windows Server RDS with ZeroTier:

              @dafyre said in Securing Windows Server RDS with ZeroTier:

              @Dashrender said in Securing Windows Server RDS with ZeroTier:

              @dafyre said in Securing Windows Server RDS with ZeroTier:

              @scottalanmiller And connects via IP address.

              exactly!

              If you have thin clients on the local network and they use DNS to connect, the Thin Clients will have issues if they try to connect to the ZT address that could easily be provided by the DNS servers.

              This is one of those scenarios where you have to decide if you want to go through that kind of hassle... or if it would be easier to configure the thin clients just to connect to a ZT IP address and be done.

              You mean create a ZT gateway and have the TC connect to that? Why would you bother assuming the TCs are local to the server? Of course if the TC are remote, then you're probably really running from a PC of some sort and you just have ZT installed there.

              No, nothing more than what is described. RDS cuts off the VPN side, it's a gateway of sorts. It's where you can break the VPN if you want.

              1 Reply Last reply Reply Quote 0
              • Deleted74295D
                Deleted74295 Banned @scottalanmiller
                last edited by

                @scottalanmiller said

                ZeroTier is one of the easiest and most effective means of security RDS systems for a wide variety of deployment scenarios.

                But not ready for deployment....yet.

                Had lots of very hit and miss reliability issues with connecting to machines over RDP. Sometimes it works, sometimes it does not and the portal shows all machines as online and working every time.

                scottalanmillerS 1 Reply Last reply Reply Quote 1
                • JaredBuschJ
                  JaredBusch
                  last edited by

                  @Dashrender, there are no DNS issues with something like this. You are conflating ZeroTier issues that occur when you put ZeroTier on a Windows Domain Controller with a simple VPN work around.

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @Deleted74295
                    last edited by

                    @Breffni-Potter said in Securing Windows Server RDS with ZeroTier:

                    @scottalanmiller said

                    ZeroTier is one of the easiest and most effective means of security RDS systems for a wide variety of deployment scenarios.

                    But not ready for deployment....yet.

                    Had lots of very hit and miss reliability issues with connecting to machines over RDP. Sometimes it works, sometimes it does not and the portal shows all machines as online and working every time.

                    I've not see any issues with RDP yet. What client versions were you running? Did you determine what was causing the issues? I've yet to see any networking blips with ZT.

                    Deleted74295D 1 Reply Last reply Reply Quote 0
                    • Deleted74295D
                      Deleted74295 Banned @scottalanmiller
                      last edited by

                      @scottalanmiller said

                      I've not see any issues with RDP yet. What client versions were you running? Did you determine what was causing the issues? I've yet to see any networking blips with ZT.

                      Latest client versions (though we did get the whole network wiped out when ZT upgraded the controller without email alerts, so all devices lost connection a few weeks ago as the installed agents were too old....)

                      Nope, issue still unresolved. A feature request was for some kind of troubleshooting or error alerts in the client. Even pings were not working so it's not just an RDP related problem.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        I had some weirdness with ZT this week. Wonder if it is similarly related.

                        1 Reply Last reply Reply Quote 0
                        • dafyreD
                          dafyre
                          last edited by

                          I've not seen any weirdness, and I've still got some clients that are running 1.0.4.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            Only the other night for me and it was all on one project so I'm not sure what it was, yet.

                            1 Reply Last reply Reply Quote 0
                            • 1 / 1
                            • First post
                              Last post