[Thinlinc-technical] server->agent proxy
Vitaly Zverev
vitaly.zverev at gmail.com
Wed Aug 30 11:09:11 CEST 2017
Hi Daniel,
whenever we're looking on security side of networking it's time to think about
lovely pair: model of invader and associated police (vpn, firewall, etc). Nothing new.
As usually, hardest part of work relies on proof about safety in such pair.
Drilling of ports in firewall for reverse proxy looks like longer wires to detonator.
It's gift for smart invader, not for scientists near the neutron accelerator in the center of Europe. Just ask your security team about existing proof of safety and keep smile :)
Vitaly.
> On 29 Aug 2017, at 17:19, Daniel Kollmer <danielk at nikhef.nl> wrote:
>
> Hello
>
> I am new to the list, so a quick introduction first. I am Linux System
> Engineer for the Dutch Institute for Particle Physics. We have just set
> up Thinlinc as an environment for our educational computer lab where
> students receive courses in scientific computing applications. Next week
> Monday it will be used the first time for a course, so we are looking
> forward to see how things work out.
>
> At this time, we are only using the Thinlinc setup internally, but we
> would also very much like to offer the possibility for students to log
> in from home or abroad. The way how Thinlinc builds its sessions this
> would require that we open ports 22 and 443 (for tlwebaccess) across our
> whole range of agent IP adresses to make that possible. Our security
> team is reluctant to do so, therefore I was thinking of possibilities to
> build a sort of proxy setup where external users can connect to one
> entry point (like the Thinlinc server for example) and then be passed
> through to the Thinlinc agents transparently i.e. without their ssh or
> https connection being redirected from their perspective.
>
> Does anyone have experience with such setups or any suggestions on how
> to approach this.
>
> Any ideas are welcome.
>
> Kind regards;
>
> --
> D. Kollmer
> Computer Technology Group
> NIKHEF - Dutch National Institute for Sub-atomic Physics
> Science Park 105 1098 XG Amsterdam
> Phone: +31205922164
>
>
> _______________________________________________
> Thinlinc-technical mailing list
> Thinlinc-technical at lists.cendio.se
> Manage your subscription:
> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
More information about the Thinlinc-technical
mailing list