VPN solution - SCO

This is a discussion on VPN solution - SCO ; got another call from a prospoective client who wants some sort of VPN solution. Digging deeper, he wants something 'like' microsoft terminal services. Distrusting things from redmond, what might be the Unix alternative? Thanks! -- _________________________________________ Nachman Yaakov Ziskind, FSPA, ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: VPN solution

  1. VPN solution

    got another call from a prospoective client who wants some
    sort of VPN solution. Digging deeper, he wants something
    'like' microsoft terminal services.

    Distrusting things from redmond, what might be the Unix
    alternative?

    Thanks!

    --
    _________________________________________
    Nachman Yaakov Ziskind, FSPA, LLM awacs@ziskind.us
    Attorney and Counselor-at-Law http://ziskind.us
    Economic Group Pension Services http://egps.com
    Actuaries and Employee Benefit Consultants

  2. Re: VPN solution

    On 2008-07-07, N. Yaakov Ziskind wrote:
    > got another call from a prospoective client who wants some
    > sort of VPN solution. Digging deeper, he wants something
    > 'like' microsoft terminal services.
    >
    > Distrusting things from redmond, what might be the Unix
    > alternative?


    I think you need to have another discussion with the client, since
    Terminal Services is not a VPN solution. You should clarify exactly
    what it is they're after. I have a hunch they are actually after
    Terminal Services since VPNs are largely invisible from a user
    perspective and it would be an unusual request unless they are
    particularly concerned about security. VPNs are usually something
    that you would suggest rather than the client requesting them at
    the outset.

    Assuming that this is the case you need more info, particularly
    what application on what platform is being served to the clients
    and what platform they are running. If everything is Unix then
    the Terminal Services equivalent would be X windows which is network
    transparent as is. If everything is Windows Terminal services
    comes into play. For a Unix app on Windows clients my inclination
    would be to install an X server on each client machine. For the
    other way round there is an 'rdesktop' client that provides a
    terminal services client for Unix.

    --
    Andrew Smallshaw
    andrews@sdf.lonestar.org

  3. Re: VPN solution

    Andrew Smallshaw wrote:
    > If everything is Unix then
    > the Terminal Services equivalent would be X windows which is network
    > transparent as is.


    Well, in Windows Terminal Server you have a resilient state for the GUI,
    while in X-Window a small network hic-cup would crash the application...
    X-Window is not exactly something you can trust to work fine outside the
    local LAN. For that kind of scenario on Unix, you would need VNC which
    does have a resilient state for the GUI, or NX (NoMachine) which is a
    commercial product.

  4. Re: VPN solution

    Andrew Smallshaw wrote (on Mon, Jul 07, 2008 at 11:59:49PM +0200):
    > On 2008-07-07, N. Yaakov Ziskind wrote:
    > > got another call from a prospoective client who wants some
    > > sort of VPN solution. Digging deeper, he wants something
    > > 'like' microsoft terminal services.
    > >
    > > Distrusting things from redmond, what might be the Unix
    > > alternative?

    >
    > I think you need to have another discussion with the client, since
    > Terminal Services is not a VPN solution.


    Really? Pardon my ignorance. Why not? My definition of VPN is:

    a setup that 1) allows remote access to a LAN 2) over the
    Internet 3) using encryption.

    > You should clarify exactly
    > what it is they're after. I have a hunch they are actually after
    > Terminal Services since VPNs are largely invisible from a user
    > perspective and it would be an unusual request unless they are
    > particularly concerned about security. VPNs are usually something
    > that you would suggest rather than the client requesting them at
    > the outset.
    >
    > Assuming that this is the case you need more info, particularly
    > what application on what platform is being served to the clients
    > and what platform they are running. If everything is Unix then
    > the Terminal Services equivalent would be X windows which is network
    > transparent as is. If everything is Windows Terminal services
    > comes into play. For a Unix app on Windows clients my inclination
    > would be to install an X server on each client machine. For the
    > other way round there is an 'rdesktop' client that provides a
    > terminal services client for Unix.


    Everything is Windows. I'd like to push in a Unix box, for stability's
    sake. I assume that X Windows cannot do what TS can: provide a
    Windows session.

    Thank you for your thoughts.

    > Andrew Smallshaw


    --
    _________________________________________
    Nachman Yaakov Ziskind, FSPA, LLM awacs@ziskind.us
    Attorney and Counselor-at-Law http://ziskind.us
    Economic Group Pension Services http://egps.com
    Actuaries and Employee Benefit Consultants

  5. Re: VPN solution

    On 2008-07-08, N. Yaakov Ziskind wrote:
    > Andrew Smallshaw wrote (on Mon, Jul 07, 2008 at 11:59:49PM +0200):
    >>
    >> I think you need to have another discussion with the client, since
    >> Terminal Services is not a VPN solution.

    >
    > Really? Pardon my ignorance. Why not? My definition of VPN is:
    >
    > a setup that 1) allows remote access to a LAN 2) over the
    > Internet 3) using encryption.


    All essentially true, but that is _all_ it is. Essentially a VPN
    works over whatever network connects the nodes (which could well
    be one or more WAN links) and presents a single logical 'local'
    network. Traffic on the VPN is usually encrypted before is is
    placed on the physical networks connecting the nodes. The interface
    presented by the VPN is a low level one in software terms - layer
    3 of the OSI reference model. Any services between the nodes run
    _on_top_ of the VPN.

    This is true even of basic stuff like ftp and telnet. If you want
    Terminal Services-style remote applications you need to provide
    the service for that separately. This can be layered on top of a
    VPN but the VPN is not necessary - it will be just as happy over
    the physical network connecting the nodes.

    > Everything is Windows. I'd like to push in a Unix box, for stability's
    > sake. I assume that X Windows cannot do what TS can: provide a
    > Windows session.


    http://www.rdesktop.org/ but make sure that is really what the
    client wants. If the client wants thin client workstations for
    all their needs then the platform is an irrelevance and one of the
    free Unixes would be ideally suited. OTOH if it is only a few apps
    that are to be executed remotely Windows clients would be better
    suited to a mix and match approach.

    --
    Andrew Smallshaw
    andrews@sdf.lonestar.org

  6. Re: VPN solution


    ----- Original Message -----
    From: "N. Yaakov Ziskind"
    Newsgroups: comp.unix.sco.misc
    To:
    Sent: Monday, July 07, 2008 11:32 PM
    Subject: Re: VPN solution


    > Andrew Smallshaw wrote (on Mon, Jul 07, 2008 at 11:59:49PM +0200):
    >> On 2008-07-07, N. Yaakov Ziskind wrote:
    >> > got another call from a prospoective client who wants some
    >> > sort of VPN solution. Digging deeper, he wants something
    >> > 'like' microsoft terminal services.
    >> >
    >> > Distrusting things from redmond, what might be the Unix
    >> > alternative?

    >>
    >> I think you need to have another discussion with the client, since
    >> Terminal Services is not a VPN solution.

    >
    > Really? Pardon my ignorance. Why not? My definition of VPN is:
    >
    > a setup that 1) allows remote access to a LAN 2) over the
    > Internet 3) using encryption.



    A vpn is like 3-phase electricity. The customer may or may not say they need that, but really all you should allow them to say is what job they need done. They say they need to run this machine, you say OK that machine requires 3-phase electric service so you need 3-phase electric service.

    As it happens, you don't need a vpn to provide remote encrypted terminal services.
    There are usually only fairly rare and special cases that actually do require a vpn, and more reasons _not_ to have one.

    >> You should clarify exactly
    >> what it is they're after. I have a hunch they are actually after
    >> Terminal Services since VPNs are largely invisible from a user
    >> perspective and it would be an unusual request unless they are
    >> particularly concerned about security. VPNs are usually something
    >> that you would suggest rather than the client requesting them at
    >> the outset.


    "Yeah, what he said."

    >> Assuming that this is the case you need more info, particularly
    >> what application on what platform is being served to the clients
    >> and what platform they are running. If everything is Unix then
    >> the Terminal Services equivalent would be X windows which is network
    >> transparent as is. If everything is Windows Terminal services
    >> comes into play. For a Unix app on Windows clients my inclination
    >> would be to install an X server on each client machine. For the
    >> other way round there is an 'rdesktop' client that provides a
    >> terminal services client for Unix.

    >
    > Everything is Windows. I'd like to push in a Unix box, for stability's
    > sake. I assume that X Windows cannot do what TS can: provide a
    > Windows session.
    >
    > Thank you for your thoughts.


    What would this unix box do exactly?
    If their applications are windows applications, then they need a windows server to run them.
    Oh sure there are strange things you could do with a linux box and win4lin/vmware/xen, even wine or qemu might possibly be used, in place of a windows server. Good luck getting _any_ software vendor support after that.

    You could install a unix box to take over various common tasks that a windows server may currently be doing, like email, local dns, dhcp. But none of those implies vpn, nor would any of those have anything to do with a remote desktop.
    You'd still need the windows to runthe windows apps, and the clients would still need terminal services client, and they would talk to each other either directly or over vpn but in neither case would the unix box be involved except maybe in the minutest way if it was handling the dns at the server end.

    If you are thinking of the unix box being the NAT router/gateway and vpn endpoint at that end, then you want a linux or freebsd box for that and then, even though the traffic may flow through the linux box, it still has little to do with it.

    None of this would likely make the site as a whole much more stable. The email would probably be the most noticeable improvement, and that may not be noticeable, except in the wallet and maybe in speed.

    --
    Brian K. White brian@aljex.com http://www.myspace.com/KEYofR
    +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
    filePro BBx Linux SCO FreeBSD #callahans Satriani Filk!


  7. Re: VPN solution

    Brian K. White wrote (on Tue, Jul 08, 2008 at 07:07:57AM -0400):
    >
    > ----- Original Message -----
    > From: "N. Yaakov Ziskind"
    > Newsgroups: comp.unix.sco.misc
    > To:
    > Sent: Monday, July 07, 2008 11:32 PM
    > Subject: Re: VPN solution
    >
    >
    > > Andrew Smallshaw wrote (on Mon, Jul 07, 2008 at 11:59:49PM +0200):
    > >> On 2008-07-07, N. Yaakov Ziskind wrote:
    > >> > got another call from a prospoective client who wants some
    > >> > sort of VPN solution. Digging deeper, he wants something
    > >> > 'like' microsoft terminal services.
    > >> >
    > >> > Distrusting things from redmond, what might be the Unix
    > >> > alternative?
    > >>
    > >> I think you need to have another discussion with the client, since
    > >> Terminal Services is not a VPN solution.

    > >
    > > Really? Pardon my ignorance. Why not? My definition of VPN is:
    > >
    > > a setup that 1) allows remote access to a LAN 2) over the
    > > Internet 3) using encryption.


    [Lots of good stuff snipped]

    Thanks, Brian and Andrew, for helping me clarify my thinking.
    What I really want is a Unix box to interpose itself into an
    all-Windows environment, and provide Windows Terminal Services
    to Windows clients. Unrealistic, I know.

    > Brian K. White brian@aljex.com http://www.myspace.com/KEYofR
    > +++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
    > filePro BBx Linux SCO FreeBSD #callahans Satriani Filk!


    --
    _________________________________________
    Nachman Yaakov Ziskind, FSPA, LLM awacs@ziskind.us
    Attorney and Counselor-at-Law http://ziskind.us
    Economic Group Pension Services http://egps.com
    Actuaries and Employee Benefit Consultants

  8. Re: VPN solution

    > Thanks, Brian and Andrew, for helping me clarify my thinking.
    > What I really want is a Unix box to interpose itself into an
    > all-Windows environment, and provide Windows Terminal Services
    > to Windows clients. Unrealistic, I know.


    Well - SCO had a product called "Tarantella" which acts as "middleware"
    between the end user (= browser) and the internal network.

    Sun bought eventually Tarantella and it was renamed to "Sun Secure
    Global Desktop".

    http://www.sun.com/software/products/sgd/index.jsp


    --
    Markus

+ Reply to Thread