[Thinlinc-technical] server->agent proxy

Daniel Kollmer danielk at nikhef.nl
Tue Aug 29 16:19:47 CEST 2017


Hello

I am new to the list, so a quick introduction first. I am Linux System
Engineer for the Dutch Institute for Particle Physics. We have just set
up Thinlinc as an environment for our educational computer lab where
students receive courses in scientific computing applications. Next week
Monday it will be used the first time for a course, so we are looking
forward to see how things work out.

At this time, we are only using the Thinlinc setup internally, but we
would also very much like to offer the possibility for students to log
in from home or abroad. The way how Thinlinc builds its sessions this
would require that we open ports 22 and 443 (for tlwebaccess) across our
whole range of agent IP adresses to make that possible. Our security
team is reluctant to do so, therefore I was thinking of possibilities to
build a sort of proxy setup where external users can connect to one
entry point (like the Thinlinc server for example) and then be passed
through to the Thinlinc agents transparently i.e. without their ssh or
https connection being redirected from their perspective.

Does anyone have experience with such setups or any suggestions on how
to approach this.

Any ideas are welcome.

Kind regards;

-- 
D. Kollmer
Computer Technology Group
NIKHEF - Dutch National Institute for Sub-atomic Physics
Science Park 105 1098 XG Amsterdam
Phone: +31205922164


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20170829/744743a6/attachment.sig>


More information about the Thinlinc-technical mailing list