Jump to content


Jaybone

Proxying traffic for remote control?

Recommended Posts

Hi, all. Got a weird one, here...

 

We have two separate organizations that work closely together. Call them A and B.

A's remote sites connect to each other in a datacenter. A's servers live in the datacenter. A's offices are connected to that datacenter.

B's remote sites connect to each other in a datacenter. B's servers live in the datacenter. B's offices are connected to that datacenter.

A's and B's networks converge in shared office space.

 

A's remote sites <--> A's Datacenter <--> A's offices <-->B's offices <--> B's datacenter <--> B's remote sites

 

A's network policies don't allow traffic to/from the remote sites to get past the datacenter for most remote endpoints. E.g. one of A's central office computers has zero connectivity to a domain controller or workstation at remote site A1.

A's and B's network policies do allow traffic from as far away as B's datacenter and a couple of B's remote sites to get to A's datacenter.

These connectivity restrictions are not routing issues, but something akin to ACLs (I'm a cisco guy, and A's gear isn't cisco, they have some other name for essentially the same sort of thing).

 

We have users in A's offices that require CMRC access to workstations in A's remote sites.

We may soon have users in B's offices and/or remote sites that will need CMRC access to workstations in A's remote sites.

 

To this date, Config Manager users have worked around this by simply using RDP to connect to the Config Manager server (which lives in A's datacenter) and launching the remote control from there.

The additional remote control users that are or may soon be coming online are not ones that A would like to have logging into their Config Manager server, for various reasons.

 

Changing network configs to pass the traffic is not an option at this time.

 

Anyone know of a way to work around this?

 

I know I could throw up a VM or two in A's datacenter with cmrc on them and have the new remote control users connect to that with RDP and go from there, but I'm wondering if there's a better way.

 

RemoteApp server in A's datacenter?

 

Anyone know of some way to proxy *just* the cmrc traffic for these users' workstations, so that as far as the network gear is concerned, the endpoint lives in A's datacenter, and therefor can talk to A's remote sites? Doesn't seem to be any way to have the cmrc client bounce traffic off the Config Manager server, or anything along those lines.

Share this post


Link to post
Share on other sites

Joining the Question!
Does anyone know how to route the traffic only through another server?

 

Currently we do this:

We are using terminal services and warped CMRC only in what's called a "RemoteApp"

where the user get an icon (essentially a link to a .rdp file) that connects him via RDP to the server but displays only the CMRC app.

also the server it connects him to is just an empty server (not an sccm server) with the CMRC files sitting in a folder and working as a standalone.

 

I was considering playing around with ssh tunneling but implementing our smart card authentication is a bit challenging...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.