Has Windows 10 VDI Licensing changed yet?
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
Interesting - I just never saw it deployed that way. There was always a VPN concentrator in front of the RDP solution.
I never saw it, so I simply didn't consider it. Good to know. Now to remember it.
What was connecting to that VPN concentrator if not other RDP endpoints? The most common thing was for Windows clients to connect to VPNs. Or did you only ever seen site to site VPN?
An example setup would be Cisco firewall as VPN concentrator, with Windows RDS (TS) or PCs with RDP behind it.
I've personally never seen a VPN server software deployed directly onto the Windows clients or Windows servers for people to VPN directly into the Windows machines.
Obviously, the use of ZT or Pertino in these cases could/should simplify things.
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
An example setup would be Cisco firewall as VPN concentrator, with Windows RDS (TS) or PCs with RDP behind it.
But what is connecting TO it?
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
I've personally never seen a VPN server software deployed directly onto the Windows clients ....
It's built right into Windows. There isn't even anything to deploy. All Windows, both desktops and servers, have the VPN clients right there. Plus then there are things like Cisco clients, OpenVPN clients, Pertino, ZeroTier, etc. Lots that you can deploy, but several options built in. Even on Windows NT 4 VPN was built into the workstations. It was PPTP so we like to not talk about it, but it was fine at the time.
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
Obviously, the use of ZT or Pertino in these cases could/should simplify things.
A little, perhaps. But VPNs are really pretty simple already. Using other standard VPN approaches would be very easy as well.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
An example setup would be Cisco firewall as VPN concentrator, with Windows RDS (TS) or PCs with RDP behind it.
But what is connecting TO it?
Here is a picture
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
An example setup would be Cisco firewall as VPN concentrator, with Windows RDS (TS) or PCs with RDP behind it.
But what is connecting TO it?
Here is a picture
And in that example that "user" is on a Windows PC, right? So that would be an RPD server over VPN. Exactly as I was describing. So you HAVE seen what I've been talking about all the time, I assume.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
An example setup would be Cisco firewall as VPN concentrator, with Windows RDS (TS) or PCs with RDP behind it.
But what is connecting TO it?
Here is a picture
And in that example that "user" is on a Windows PC, right? So that would be an RPD server over VPN. Exactly as I was describing. So you HAVE seen what I've been talking about all the time, I assume.
Except in my case 100% of the time, the firewall is it's own box, typically it has been a Cisco Firewall/router.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Its nice that you can replicated everything to the cloud for DR, but man Azure's new GUI sure is a headache compared to the one I was using a couple years back.
Hard to believe that it could get worse
The terrible interfaces and unintuitive system are some of the reasons that I like to avoid it. It is a huge pain to do anything on it compared to the alternatives.But things like capacity based MS SQL Server are big bonuses of it.
And yeah it is amazingly worst. And I still hate that the RDS Gateways are a requirement. It complicated an otherwise simple installation for a small setup like ours. If we are lucky we MAY have 20 people by end of year and I doubt we add a person or two per year at peak growth.
What makes you require an RDS gateway?
Perhaps instead of on Prem, you should go for Colo. You're own hardware with your own firewalls.
I'm not aware of them ever being required.
I believe I am picking up this assumption from 2012 RDSH, and I only tested it on Azure. I also may be remembering that I was playing with app publishing.
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
The real story here is the way you can run an RDSH server as a container, move profile data and app profile data into storage blobs and save sandbox changes to app and OS updates back to the container.
Or I am sure in a larger environment using App-V along with container based RDSH servers would be a real win.
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
An example setup would be Cisco firewall as VPN concentrator, with Windows RDS (TS) or PCs with RDP behind it.
But what is connecting TO it?
Here is a picture
And in that example that "user" is on a Windows PC, right? So that would be an RPD server over VPN. Exactly as I was describing. So you HAVE seen what I've been talking about all the time, I assume.
Except in my case 100% of the time, the firewall is it's own box, typically it has been a Cisco Firewall/router.
You mean every PC had a firewall hardware device in front of it? So network to network VPNs?
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
SSL is a VPN, we just don't think of it that way.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
SSL is a VPN, we just don't think of it that way.
I have been thinking about this but isn't RDP SSL a pre-shared certificate that prefaces auth info transmission. Or are you saying with the right routing table, once connected, you can send/receive packets to the remote network once connected?
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
SSL is a VPN, we just don't think of it that way.
I have been thinking about this but isn't RDP SSL a pre-shared certificate that prefaces auth info transmission. Or are you saying with the right routing table, once connected, you can send/receive packets to the remote network once connected?
Yes, and that's what a VPN is. RDP over SSL is just a highly focused SSL VPN.
-
I just see a linear difference between SSL VPN and an SSL encrypted transaction for authentication.
But given the standard VPN definition I see your point. You also can consider that mapping of remote and local resources. But this also is possible without the SSL. So...
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
I just see a linear difference between SSL VPN and an SSL encrypted transaction for authentication.
What's the difference? I mean quite literally... aren't they exactly the same thing?
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
You also can consider that mapping of remote and local resources. But this also is possible without the SSL. So...
but that's not the part that makes it a VPN. It's that it is an encrypted tunnel.
-
@scottalanmiller its tunnels vs sockets though.... in the traditional sense.
VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller its tunnels vs sockets though.... in the traditional sense.
VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.
VPNs don't use routing protocols. They create sockets and use ports. Literally, the two are ACTUALLY the same thing.
-
That's why SSL VPNs and SSH VPNs don't have any "products", it's just "how you look at existing protocols." You can literally just change the configuration of existing tunnels to be other kinds of tunnels.
-
Yeah Scott is right on this one.. Took me a long while of him saying the same thing over and over again before I finally understood what he was saying.
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
Yeah Scott is right on this one.. Took me a long while of him saying the same thing over and over again before I finally understood what he was saying.
It's honestly a weird one, the two use cases are SO different, it's easy to miss how it's just two aspects of the same underlying behaviour. I was lucky that I knew SSL before it was used with HTTP so I had the advantage of a different perspective on the use cases. In the early days, it was far more obvious that HTTPS was "HTTP over an SSL VPN" that was set up dynamically at use time.
