ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Does VDI Conquer the Dashrender Challenge?

    Water Closet
    4
    76
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

      @DustinB3403 said in Does VDI Conquer the Dashrender Challenge?:

      @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

      NTG runs NX as our VDI protocol. We use Deepin Linux desktops running on a Scale HC3 cluster. Scale storage does a dedupe and compression process so our VDI nodes use almost zero storage as almost every bite of each VM overlaps with the others. They are "always on", though, so using RAM and CPU all of the time.

      But what if I want to use my Windows only software? What then Scott, what then?!

      What do you mean? We use Windows on that too, just not as often.

      I'm assuming the Scale would do the same for the storage with Windows... because that's part of the Scale system.

      S 1 Reply Last reply Reply Quote 0
      • D
        Dashrender @DustinB3403
        last edited by

        @DustinB3403 said in Does VDI Conquer the Dashrender Challenge?:

        @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

        @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

        @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

        We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?

        That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.

        RDP has a tendency to be a high profile target, which is still not a big deal.

        The biggest issues with RDP are that...

        1. Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
        2. End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.

        If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.

        I've head this belief for many years.

        What?

        poor typing skills -

        1 Reply Last reply Reply Quote 0
        • S
          scottalanmiller
          last edited by

          If you do RDP from Linux, and have Linux users, RDP is totally secure.

          To address short coming of the Windows products and users, you can get add ons to RDS that add "fail2ban" style functionality, and add a secondary authentication mechanism to make it harder to brute force. But it is all silly that it is needed.

          Also, like any protocol, you can lock it at the firewall. Some firewalls will have the needed functionality to increase RDP security.

          D 1 Reply Last reply Reply Quote 0
          • S
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

            @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

            @DustinB3403 said in Does VDI Conquer the Dashrender Challenge?:

            @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

            NTG runs NX as our VDI protocol. We use Deepin Linux desktops running on a Scale HC3 cluster. Scale storage does a dedupe and compression process so our VDI nodes use almost zero storage as almost every bite of each VM overlaps with the others. They are "always on", though, so using RAM and CPU all of the time.

            But what if I want to use my Windows only software? What then Scott, what then?!

            What do you mean? We use Windows on that too, just not as often.

            I'm assuming the Scale would do the same for the storage with Windows... because that's part of the Scale system.

            Correct

            1 Reply Last reply Reply Quote 0
            • S
              scottalanmiller @DustinB3403
              last edited by

              @DustinB3403 said in Does VDI Conquer the Dashrender Challenge?:

              @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

              @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

              @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

              We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?

              That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.

              RDP has a tendency to be a high profile target, which is still not a big deal.

              The biggest issues with RDP are that...

              1. Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
              2. End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.

              If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.

              I've head this belief for many years.

              What?

              That RDP is secure and the concerns around the protocol are FUD.

              1 Reply Last reply Reply Quote 0
              • D
                Dashrender @scottalanmiller
                last edited by

                @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

                If you do RDP from Linux, and have Linux users, RDP is totally secure.

                To address short coming of the Windows products and users, you can get add ons to RDS that add "fail2ban" style functionality, and add a secondary authentication mechanism to make it harder to brute force. But it is all silly that it is needed.

                Also, like any protocol, you can lock it at the firewall. Some firewalls will have the needed functionality to increase RDP security.

                How would a firewall increase RDP security? by doing the lockout at the firewall?

                S 1 Reply Last reply Reply Quote 0
                • S
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

                  @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

                  If you do RDP from Linux, and have Linux users, RDP is totally secure.

                  To address short coming of the Windows products and users, you can get add ons to RDS that add "fail2ban" style functionality, and add a secondary authentication mechanism to make it harder to brute force. But it is all silly that it is needed.

                  Also, like any protocol, you can lock it at the firewall. Some firewalls will have the needed functionality to increase RDP security.

                  How would a firewall increase RDP security? by doing the lockout at the firewall?

                  Right

                  1 Reply Last reply Reply Quote 0
                  • pmonchoP
                    pmoncho @Dashrender
                    last edited by

                    @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

                    @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

                    @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

                    We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?

                    That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.

                    RDP has a tendency to be a high profile target, which is still not a big deal.

                    The biggest issues with RDP are that...

                    1. Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
                    2. End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.

                    If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.

                    I've held this belief for many years.

                    I have had so many sudo-Jared FFS's by at least 5 other security individuals about this subject over the last 15 years. I try to state the logic behind RDP with good passwords and lockout (RDP Guard) but get the "No Direct RDP connections" that is so ingrained in the security mantra.
                    It has just become a dead talking point for me.

                    I just tell the doc's, "I have no problem spending more of your money that other "experts" want to rip from your pocket."

                    S D 2 Replies Last reply Reply Quote 2
                    • S
                      scottalanmiller @pmoncho
                      last edited by

                      @pmoncho said in Does VDI Conquer the Dashrender Challenge?:

                      @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

                      @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

                      @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

                      We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?

                      That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.

                      RDP has a tendency to be a high profile target, which is still not a big deal.

                      The biggest issues with RDP are that...

                      1. Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
                      2. End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.

                      If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.

                      I've held this belief for many years.

                      I have had so many sudo-Jared FFS's by at least 5 other security individuals about this subject over the last 15 years. I try to state the logic behind RDP with good passwords and lockout (RDP Guard) but get the "No Direct RDP connections" that is so ingrained in the security mantra.

                      The same "security people" that think constantly changing passwords that are short and easy for computers to brute force is how passwords should be managed, no doubt.

                      pmonchoP 1 Reply Last reply Reply Quote 2
                      • pmonchoP
                        pmoncho @scottalanmiller
                        last edited by

                        @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

                        @pmoncho said in Does VDI Conquer the Dashrender Challenge?:

                        @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

                        @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

                        @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

                        We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?

                        That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.

                        RDP has a tendency to be a high profile target, which is still not a big deal.

                        The biggest issues with RDP are that...

                        1. Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
                        2. End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.

                        If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.

                        I've held this belief for many years.

                        I have had so many sudo-Jared FFS's by at least 5 other security individuals about this subject over the last 15 years. I try to state the logic behind RDP with good passwords and lockout (RDP Guard) but get the "No Direct RDP connections" that is so ingrained in the security mantra.

                        The same "security people" that think constantly changing passwords that are short and easy for computers to brute force is how passwords should be managed, no doubt.

                        ABSOLUTELY!

                        1 Reply Last reply Reply Quote 0
                        • D
                          Dashrender @pmoncho
                          last edited by

                          @pmoncho said in Does VDI Conquer the Dashrender Challenge?:

                          @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

                          @scottalanmiller said in Does VDI Conquer the Dashrender Challenge?:

                          @Dashrender said in Does VDI Conquer the Dashrender Challenge?:

                          We constantly see people saying 'never publish RDP to the internet' - but how much of that is just fud, and the real issue is poor passwords and no lockout policy?

                          That's FUD. RDP is a fully secured protocol. It is wrapped in SSL, so already inside a VPN tunnel. It is as secure as anything else.

                          RDP has a tendency to be a high profile target, which is still not a big deal.

                          The biggest issues with RDP are that...

                          1. Microsoft's implementation of an RDP server lacks common sense security to lock out brute force attacks. Like how fail2ban protects SSH.
                          2. End users of RDP tend to be "Windows users" and that user group is notoriously incapable of doing things properly so tend to use weak passwords that never change on publicly exposed services.

                          If you treat RDP like you normally treat SSH (smart users, good security) they are equally secure.

                          I've held this belief for many years.

                          I have had so many sudo-Jared FFS's by at least 5 other security individuals about this subject over the last 15 years. I try to state the logic behind RDP with good passwords and lockout (RDP Guard) but get the "No Direct RDP connections" that is so ingrained in the security mantra.
                          It has just become a dead talking point for me.

                          I just tell the doc's, "I have no problem spending more of your money that other "experts" want to rip from your pocket."

                          Yep, exactly.

                          1 Reply Last reply Reply Quote 0
                          • 1
                          • 2
                          • 3
                          • 4
                          • 3 / 4
                          • First post
                            Last post