Has Windows 10 VDI Licensing changed yet?
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
An example setup would be Cisco firewall as VPN concentrator, with Windows RDS (TS) or PCs with RDP behind it.
But what is connecting TO it?
Here is a picture
And in that example that "user" is on a Windows PC, right? So that would be an RPD server over VPN. Exactly as I was describing. So you HAVE seen what I've been talking about all the time, I assume.
Except in my case 100% of the time, the firewall is it's own box, typically it has been a Cisco Firewall/router.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Its nice that you can replicated everything to the cloud for DR, but man Azure's new GUI sure is a headache compared to the one I was using a couple years back.
Hard to believe that it could get worse The terrible interfaces and unintuitive system are some of the reasons that I like to avoid it. It is a huge pain to do anything on it compared to the alternatives.
But things like capacity based MS SQL Server are big bonuses of it.
And yeah it is amazingly worst. And I still hate that the RDS Gateways are a requirement. It complicated an otherwise simple installation for a small setup like ours. If we are lucky we MAY have 20 people by end of year and I doubt we add a person or two per year at peak growth.
What makes you require an RDS gateway?
Perhaps instead of on Prem, you should go for Colo. You're own hardware with your own firewalls.
I'm not aware of them ever being required.
I believe I am picking up this assumption from 2012 RDSH, and I only tested it on Azure. I also may be remembering that I was playing with app publishing.
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
The real story here is the way you can run an RDSH server as a container, move profile data and app profile data into storage blobs and save sandbox changes to app and OS updates back to the container.
Or I am sure in a larger environment using App-V along with container based RDSH servers would be a real win.
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
An example setup would be Cisco firewall as VPN concentrator, with Windows RDS (TS) or PCs with RDP behind it.
But what is connecting TO it?
Here is a picture
And in that example that "user" is on a Windows PC, right? So that would be an RPD server over VPN. Exactly as I was describing. So you HAVE seen what I've been talking about all the time, I assume.
Except in my case 100% of the time, the firewall is it's own box, typically it has been a Cisco Firewall/router.
You mean every PC had a firewall hardware device in front of it? So network to network VPNs?
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
SSL is a VPN, we just don't think of it that way.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
SSL is a VPN, we just don't think of it that way.
I have been thinking about this but isn't RDP SSL a pre-shared certificate that prefaces auth info transmission. Or are you saying with the right routing table, once connected, you can send/receive packets to the remote network once connected?
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
SSL is a VPN, we just don't think of it that way.
I have been thinking about this but isn't RDP SSL a pre-shared certificate that prefaces auth info transmission. Or are you saying with the right routing table, once connected, you can send/receive packets to the remote network once connected?
Yes, and that's what a VPN is. RDP over SSL is just a highly focused SSL VPN.
-
I just see a linear difference between SSL VPN and an SSL encrypted transaction for authentication.
But given the standard VPN definition I see your point. You also can consider that mapping of remote and local resources. But this also is possible without the SSL. So...
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
I just see a linear difference between SSL VPN and an SSL encrypted transaction for authentication.
What's the difference? I mean quite literally... aren't they exactly the same thing?
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
You also can consider that mapping of remote and local resources. But this also is possible without the SSL. So...
but that's not the part that makes it a VPN. It's that it is an encrypted tunnel.
-
@scottalanmiller its tunnels vs sockets though.... in the traditional sense.
VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller its tunnels vs sockets though.... in the traditional sense.
VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.
VPNs don't use routing protocols. They create sockets and use ports. Literally, the two are ACTUALLY the same thing.
-
That's why SSL VPNs and SSH VPNs don't have any "products", it's just "how you look at existing protocols." You can literally just change the configuration of existing tunnels to be other kinds of tunnels.
-
Yeah Scott is right on this one.. Took me a long while of him saying the same thing over and over again before I finally understood what he was saying.
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
Yeah Scott is right on this one.. Took me a long while of him saying the same thing over and over again before I finally understood what he was saying.
It's honestly a weird one, the two use cases are SO different, it's easy to miss how it's just two aspects of the same underlying behaviour. I was lucky that I knew SSL before it was used with HTTP so I had the advantage of a different perspective on the use cases. In the early days, it was far more obvious that HTTPS was "HTTP over an SSL VPN" that was set up dynamically at use time.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller its tunnels vs sockets though.... in the traditional sense.
VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.
VPNs don't use routing protocols. They create sockets and use ports. Literally, the two are ACTUALLY the same thing.
Maybe a misfire, VPNs aren't worth much without routing tables. Still different apps though right?
I mean can you establish an ssh connection, add routes and ping a remote server?
Wish there was a mobile app for mangolassi as I always fall off on mobile
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller its tunnels vs sockets though.... in the traditional sense.
VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.
VPNs don't use routing protocols. They create sockets and use ports. Literally, the two are ACTUALLY the same thing.
Maybe a misfire, VPNs aren't worth much without routing tables. Still different apps though right?
I mean can you establish an ssh connection, add routes and ping a remote server?
Wish there was a mobile app for mangolassi as I always fall off on mobile
Actually tons of VPNs don't use routing tables.... and those that do, it's outside of the VPN.
And yes, you totally can do that with SSH. Just like you can with SSL.
-
Pertino and ZeroTier are both full scale enterprise "standard" VPNs that have no need for routing tables for anything. It's actually quite uncommon to use routing tables in the SMB. You only need that when dealing with certain setups. Lots of VPNs work only at layer 2, so no routing at all.
VPNs are just encrypted tunnels.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
Pertino and ZeroTier are both full scale enterprise "standard" VPNs that have no need for routing tables for anything. It's actually quite uncommon to use routing tables in the SMB. You only need that when dealing with certain setups. Lots of VPNs work only at layer 2, so no routing at all.
VPNs are just encrypted tunnels.
So I think I agree. On one hand routing tables definitely matter, say in a site 2 site implementation and in any VPN where you are communicating with a remote network.
However I think about Himachi, which was a VPN of sorts that handled this in a totally different way. VPN isn't limited to TCP/IP. So I concede to your point.
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
Pertino and ZeroTier are both full scale enterprise "standard" VPNs that have no need for routing tables for anything. It's actually quite uncommon to use routing tables in the SMB. You only need that when dealing with certain setups. Lots of VPNs work only at layer 2, so no routing at all.
VPNs are just encrypted tunnels.
So I think I agree. On one hand routing tables definitely matter, say in a site 2 site implementation and in any VPN where you are communicating with a remote network.
However I think about Himachi, which was a VPN of sorts that handled this in a totally different way. VPN isn't limited to TCP/IP. So I concede to your point.
himachi was definitely a VPN. Assuming it's IP block was large enough, no routing would be needed, but it's completely possible that it still would be needed. I really wonder what a broadcast domain looks like Pertino/Zero Tier/Himachi?
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
I really wonder what a broadcast domain looks like Pertino/Zero Tier/Himachi?
Depends on what kind of broadcasts. If you mean Ethernet broadcasts, which is what most people mean (the ones that are limited by VLANs) then these VPNs don't affect them at all.