Jaybone Posted January 28, 2016 Report post Posted January 28, 2016 Hi, all. Got a weird one, here... We have two separate organizations that work closely together. Call them A and B. A's remote sites connect to each other in a datacenter. A's servers live in the datacenter. A's offices are connected to that datacenter. B's remote sites connect to each other in a datacenter. B's servers live in the datacenter. B's offices are connected to that datacenter. A's and B's networks converge in shared office space. A's remote sites <--> A's Datacenter <--> A's offices <-->B's offices <--> B's datacenter <--> B's remote sites A's network policies don't allow traffic to/from the remote sites to get past the datacenter for most remote endpoints. E.g. one of A's central office computers has zero connectivity to a domain controller or workstation at remote site A1. A's and B's network policies do allow traffic from as far away as B's datacenter and a couple of B's remote sites to get to A's datacenter. These connectivity restrictions are not routing issues, but something akin to ACLs (I'm a cisco guy, and A's gear isn't cisco, they have some other name for essentially the same sort of thing). We have users in A's offices that require CMRC access to workstations in A's remote sites. We may soon have users in B's offices and/or remote sites that will need CMRC access to workstations in A's remote sites. To this date, Config Manager users have worked around this by simply using RDP to connect to the Config Manager server (which lives in A's datacenter) and launching the remote control from there. The additional remote control users that are or may soon be coming online are not ones that A would like to have logging into their Config Manager server, for various reasons. Changing network configs to pass the traffic is not an option at this time. Anyone know of a way to work around this? I know I could throw up a VM or two in A's datacenter with cmrc on them and have the new remote control users connect to that with RDP and go from there, but I'm wondering if there's a better way. RemoteApp server in A's datacenter? Anyone know of some way to proxy *just* the cmrc traffic for these users' workstations, so that as far as the network gear is concerned, the endpoint lives in A's datacenter, and therefor can talk to A's remote sites? Doesn't seem to be any way to have the cmrc client bounce traffic off the Config Manager server, or anything along those lines. Quote Share this post Link to post Share on other sites More sharing options...
BeerBelly90 Posted February 24, 2016 Report post Posted February 24, 2016 Joining the Question!Does anyone know how to route the traffic only through another server? Currently we do this: We are using terminal services and warped CMRC only in what's called a "RemoteApp" where the user get an icon (essentially a link to a .rdp file) that connects him via RDP to the server but displays only the CMRC app. also the server it connects him to is just an empty server (not an sccm server) with the CMRC files sitting in a folder and working as a standalone. I was considering playing around with ssh tunneling but implementing our smart card authentication is a bit challenging... Quote Share this post Link to post Share on other sites More sharing options...