Hi All - Need a bit of advice. I am thinking of using UltraVNC for remote control of some 250 systems. I need to provide some 50 users with access to these systems - actually, each user will only need access to a subset of 5-8 systems, with some overlap. Problem is, the 250 systems are on a private satellite network (ie, using 172.x.x.x subnet) and the 50 users are all on external networks - working from home on cable or DSL. I would also prefer these 50 users connect using the web client.
So, is this possible? If so, what mechanism do I need to investigate to make it work? Thanks!!
Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Need advice on implementation
-
Oxyacetylene
- Posts: 2
- Joined: 2004-10-06 20:01
- Location: Greensboro, NC
You could do it, question is how you want to.
You could:
1. Use a VPN solution for the users to connect to the private network and then use NT authentication for the VNC servers and grant access to just the systems they need access to.
2. Use a VPN solution for connection to private network but use a seperate password for each VNC server and give each remote user just the passwords they need.
3. Use a different port for each VNC server and forward that port through the firewall to the appropriate machine in the private network and use seperate passwords for each one. Then give each user only the password they need.
Solution 3 is not desirable at all since you would be opening a big security hole with that many forwarded ports. You cannot effectively restrict access through the firewall based on client IP address since they are on cable/DSL with dynamic IP's.
Solution 2 could involve more administration since you might want to change passwords when someone's access is revoked. You would also want to disable that particular person's VPN access, although they wouldn't have network access to the servers anyway if you disable their VPN access...
You could:
1. Use a VPN solution for the users to connect to the private network and then use NT authentication for the VNC servers and grant access to just the systems they need access to.
2. Use a VPN solution for connection to private network but use a seperate password for each VNC server and give each remote user just the passwords they need.
3. Use a different port for each VNC server and forward that port through the firewall to the appropriate machine in the private network and use seperate passwords for each one. Then give each user only the password they need.
Solution 3 is not desirable at all since you would be opening a big security hole with that many forwarded ports. You cannot effectively restrict access through the firewall based on client IP address since they are on cable/DSL with dynamic IP's.
Solution 2 could involve more administration since you might want to change passwords when someone's access is revoked. You would also want to disable that particular person's VPN access, although they wouldn't have network access to the servers anyway if you disable their VPN access...