Docker in general IT is great for immutable server design. If you want to do OS updates, config changes, etc you roll out a new container.

The downside is if it's not for software you write yourselves, deploying a new version of the software might not be so smooth if the database or backing data storage has to also be updated. You can't design it to be able to be able to do a rolling update, or to be able to rollback, so it's not quite as useful then.

Well, in case you are regretting the change....
https://mangolassi.it/topic/17796/looking-for-senior-it-admins

https://www.jobbank.gc.ca/jobsearch/jobposting/27734586

The title on the job site isn't really accurate. The website restricts what titles we can post, requirements, etc. We are not just looking for network admins. We have a couple different positions we need to fill. One of which will require VMWare experience.

International applicants accepted, with option to work remotely.

I am not a part of the hiring process, but I can try to answer questions. Might have to be through direct message though.

@nexzcore said in Level 1 Basic Training -Network fundamentals:

@flaxking we can provide lab access

And what do you provide that GNS3 couldn't?

7 years ago, when I visiting developing country, pretty much any one living in an urban area had a cellphone, and I would imagine smartphones will have mostly taken over now.

I suppose businesses might use Windows desktops though

@travisdh1 said in ActiveBoot Disk / Hirens: replacement:

@voodoorabbit87 said in ActiveBoot Disk / Hirens: replacement:

if you're lazy and have 11$ to spare this is really good https://partedmagic.com/

Parted Magic has a paid for option now? Has this always been a thing that I've just completely missed?

Newer versions have cost $ for at least 5 years now

@scottalanmiller said in Email Signature : Mobile?:

@jmoore said in Email Signature : Mobile?:

@wrcombs The business gmail is a good product in my opinion.

I think it's mediocre. It looks like a toy and is not efficient at all.

Sometimes you need to use the API in order to do things you would think would be fairly common for businesses. The support can be a bit of a joke. You have to tell them to close the ticket so that people who don't know what they are talking about will stop calling you to try and convince you about things that are bs.

The last I checked, their cheaper offering was well below the features you can get in O365 for the same price.

It has been a fair while since I have needed anything more than Parted Magic, but I've seen Gandalf's Win PE as well recommended

@irj said in What is your perspective on the overall tone of interactions here on ML?:

I like the tone, once you get used to it. It keeps you on your toes and makes you a better IT professional.

I do agree it can be harsh for new people, but honestly I dont give a fuck. I like the challenging attitude.

I feel the same. This is a discussion forum, not a QA site. Everything is open to be challenged, even if it wasn't the main topic of the post. Sometimes people's assumptions need to be identified and challenged before a question can really be answered.

Imagine what kind of power trip @scottalanmiller could go on if no one challenged some of his posts head on

@scottalanmiller said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

@scottalanmiller said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

@scottalanmiller said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.

Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.

If using Window's RDP client in addition to Guacamole is still a requirement

Not even possible. Guacamole = web page, not RDP. That's what it is.

Right, what I was trying to say there is that I couldn't only use Guacamole and thus would still have the consideration of securing RDP

Why can't you just make people use Guac?

Really, I think that is the best solution. But this isn't really my project, and trying to take it that direction might be overstepping the line. Plus it would also probably end up making me the one who has to deploy it and maintain it, which isn't really my role right now.

@travisdh1 said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

@scottalanmiller said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

@scottalanmiller said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.

Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.

If using Window's RDP client in addition to Guacamole is still a requirement

Not even possible. Guacamole = web page, not RDP. That's what it is.

Right, what I was trying to say there is that I couldn't only use Guacamole and thus would still have the consideration of securing RDP

RDP already includes lots of security features, like the integrated VPN I mentioned earlier.

Guacamole is the only thing exposed too the public network, and that can be secured like any other web service.

RDP would never be exposed too anything but the private network, and is already secure enough that exposing it to a public network shouldn't be a problem.

Where do you see the need for additional security?

Let me bring my question back at a different angle. If you were paying for a hosted, fully managed terminal server, what would be your expectations for how it would be secured?

Personally, I would sleep fine at night with RDP exposed, but with 2-step authentication, and good log monitoring (and enforcing the security built into RDP and Windows authentication). However, maybe that is not enough for a professional solution.

@scottalanmiller said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

@scottalanmiller said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.

Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.

If using Window's RDP client in addition to Guacamole is still a requirement

Not even possible. Guacamole = web page, not RDP. That's what it is.

Right, what I was trying to say there is that I couldn't only use Guacamole and thus would still have the consideration of securing RDP

@scottalanmiller said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.

Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.

If using Window's RDP client in addition to Guacamole is still a requirement

@travisdh1 said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.

This is a very confusing statement to me. RDP connections include a VPN tunnel, and any web based SSL/TLS is just an on-demand VPN tunnel. So where do you need additional security beyond what is already provided?

By secure rdp connections, I meant try to make the rds host more secure by having a gateway service on the edge, separate from the RDS host. As far as I know, Guacamole can only accomplish this if you're using Guacamole for a the web client. If you want to use the native Windows RDP client, RD Gateway would still have to be deployed in order to still have the same level of separation.

@scottalanmiller said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

@bbigford said in Is RD Gateway useful?:

-Are you concerned with cost, or functionality? Getting lost in this area as you had randomly thrown in Guacamole so I can't tell if you're going for cost or functionality as the bottom line because both have their strengths. What are you more familiar with, Linux or Windows Server?

Let's just forget I mentioned Guacamole, as it doesn't completely meet our needs. What we're looking for is a good balance of cost and security.

It's free and brings the same kind of security, why rule it out?

Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.

Although if we do have a cheaper option available that's using Guacamole. Then it's easy to make it clear to the client that their specific demands are increasing the cost.

@scottalanmiller said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

I'm wondering if maybe we would be able to devise some kind of RD Gateway that would serve all of our clients? Set up AD specifically for RD Gateway and then somehow set up trust relationships for each of our client's individual AD? (their AD specific for our application in this hosted environment)

Can't do that with MS products. LIcensing doesn't allow that.

Can't do it? Or just can't do it without additional licencing costs?

Either way it's a good point. Licencing was not in my initial consideration, and it probably makes this idea impractical, since cost is a concern.

I'm wondering if maybe we would be able to devise some kind of RD Gateway that would serve all of our clients? Set up AD specifically for RD Gateway and then somehow set up trust relationships for each of our client's individual AD? (their AD specific for our application in this hosted environment)

@bbigford said in Is RD Gateway useful?:

-It's acting as a proxy, basically, that's the additional security.

What I'm looking for is more examples of concrete benefits of using RD Gateway as the proxy. For example:

RDP exposes login for root permissions, using RD Gateway means that one isn't providing that opportunity to the outside world via the directly exposed protocol. And if the RD Gateway is on a separate server, root login to that server doesn't have to accessible at all to the outside world.

When putting RD Gateway on a separate system, it can then go into the DMZ, leaving the RD Host on a more secure network. However, if it is a real DMZ then authentication needs to be figured out.

Using HTTPS for RDP means there are more tools that can be put in front of RD Gateway for additional security.

@bbigford said in Is RD Gateway useful?:

-Are you concerned with cost, or functionality? Getting lost in this area as you had randomly thrown in Guacamole so I can't tell if you're going for cost or functionality as the bottom line because both have their strengths. What are you more familiar with, Linux or Windows Server?

Let's just forget I mentioned Guacamole, as it doesn't completely meet our needs. What we're looking for is a good balance of cost and security.

@bbigford said in Is RD Gateway useful?:

@flaxking said in Is RD Gateway useful?:

I know we've talked about RDP security before, but I'm bring it up again.

Is there a use case for RD Gateway in a single RDS server setup? (assuming we don't want to use the html5 web client) In this scenario it would be installed on the same server.

To me it seems like it would be only really be useful if it was on the edge separate from the RDS host server. RDP can be already be configured to only use TLS (though it looks like TLS 1.0 is the highest it uses).

Or am I missing something here? Is there something else that makes RD Gateway inherently more secure? I'm not too interested in the additional resource access configurations.

Are you going to use it external and configure your registrar to use something like remote.domain.com? If not then there is no purpose for it in your case. If you are, then it would give you better security if you did place it at the edge.

Yes. Basically we want to host our application for some of our clients. We have a hosting partner that has been figuring out the details for our clients, but our clients have been requesting things outside of their experience so it has come back to us to figure out some of the implementation details.

So the networks will basically be a RDS server and a database server (not actually sure where they put AD). I'm trying to figure out the smoothest setup for our clients with the lowest cost.

I would be looking into Guacamole, but no one has requested a web client. But presumably, our partner will be using Datacenter, so maybe an additional Windows Server for RD Gateway wouldn't be the cost increase for our clients that I would expect.

However, I simply don't have a grasp on what additional security it is going to provide. I assume it is going to sit at the same place on our hosting partner as the RDS server, just now the RDS host won't have a port exposed, the Gateway will. And if it was on the same server, what's the difference between the gateway port being exposed or the RDP port?

I mean, if it actually sat on edge infrastructure, I see the use. But otherwise, what's the point?