Has Windows 10 VDI Licensing changed yet?
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
An example setup would be Cisco firewall as VPN concentrator, with Windows RDS (TS) or PCs with RDP behind it.
But what is connecting TO it?
Here is a picture
And in that example that "user" is on a Windows PC, right? So that would be an RPD server over VPN. Exactly as I was describing. So you HAVE seen what I've been talking about all the time, I assume.
Except in my case 100% of the time, the firewall is it's own box, typically it has been a Cisco Firewall/router.
You mean every PC had a firewall hardware device in front of it? So network to network VPNs?
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
SSL is a VPN, we just don't think of it that way.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
SSL is a VPN, we just don't think of it that way.
I have been thinking about this but isn't RDP SSL a pre-shared certificate that prefaces auth info transmission. Or are you saying with the right routing table, once connected, you can send/receive packets to the remote network once connected?
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.
SSL is a VPN, we just don't think of it that way.
I have been thinking about this but isn't RDP SSL a pre-shared certificate that prefaces auth info transmission. Or are you saying with the right routing table, once connected, you can send/receive packets to the remote network once connected?
Yes, and that's what a VPN is. RDP over SSL is just a highly focused SSL VPN.
-
I just see a linear difference between SSL VPN and an SSL encrypted transaction for authentication.
But given the standard VPN definition I see your point. You also can consider that mapping of remote and local resources. But this also is possible without the SSL. So...
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
I just see a linear difference between SSL VPN and an SSL encrypted transaction for authentication.
What's the difference? I mean quite literally... aren't they exactly the same thing?
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
You also can consider that mapping of remote and local resources. But this also is possible without the SSL. So...
but that's not the part that makes it a VPN. It's that it is an encrypted tunnel.
-
@scottalanmiller its tunnels vs sockets though.... in the traditional sense.
VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller its tunnels vs sockets though.... in the traditional sense.
VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.
VPNs don't use routing protocols. They create sockets and use ports. Literally, the two are ACTUALLY the same thing.
-
That's why SSL VPNs and SSH VPNs don't have any "products", it's just "how you look at existing protocols." You can literally just change the configuration of existing tunnels to be other kinds of tunnels.
-
Yeah Scott is right on this one.. Took me a long while of him saying the same thing over and over again before I finally understood what he was saying.
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
Yeah Scott is right on this one.. Took me a long while of him saying the same thing over and over again before I finally understood what he was saying.
It's honestly a weird one, the two use cases are SO different, it's easy to miss how it's just two aspects of the same underlying behaviour. I was lucky that I knew SSL before it was used with HTTP so I had the advantage of a different perspective on the use cases. In the early days, it was far more obvious that HTTPS was "HTTP over an SSL VPN" that was set up dynamically at use time.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller its tunnels vs sockets though.... in the traditional sense.
VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.
VPNs don't use routing protocols. They create sockets and use ports. Literally, the two are ACTUALLY the same thing.
Maybe a misfire, VPNs aren't worth much without routing tables. Still different apps though right?
I mean can you establish an ssh connection, add routes and ping a remote server?
Wish there was a mobile app for mangolassi as I always fall off on mobile
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller its tunnels vs sockets though.... in the traditional sense.
VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.
VPNs don't use routing protocols. They create sockets and use ports. Literally, the two are ACTUALLY the same thing.
Maybe a misfire, VPNs aren't worth much without routing tables. Still different apps though right?
I mean can you establish an ssh connection, add routes and ping a remote server?
Wish there was a mobile app for mangolassi as I always fall off on mobile
Actually tons of VPNs don't use routing tables.... and those that do, it's outside of the VPN.
And yes, you totally can do that with SSH. Just like you can with SSL.
-
Pertino and ZeroTier are both full scale enterprise "standard" VPNs that have no need for routing tables for anything. It's actually quite uncommon to use routing tables in the SMB. You only need that when dealing with certain setups. Lots of VPNs work only at layer 2, so no routing at all.
VPNs are just encrypted tunnels.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
Pertino and ZeroTier are both full scale enterprise "standard" VPNs that have no need for routing tables for anything. It's actually quite uncommon to use routing tables in the SMB. You only need that when dealing with certain setups. Lots of VPNs work only at layer 2, so no routing at all.
VPNs are just encrypted tunnels.
So I think I agree. On one hand routing tables definitely matter, say in a site 2 site implementation and in any VPN where you are communicating with a remote network.
However I think about Himachi, which was a VPN of sorts that handled this in a totally different way. VPN isn't limited to TCP/IP. So I concede to your point.
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
Pertino and ZeroTier are both full scale enterprise "standard" VPNs that have no need for routing tables for anything. It's actually quite uncommon to use routing tables in the SMB. You only need that when dealing with certain setups. Lots of VPNs work only at layer 2, so no routing at all.
VPNs are just encrypted tunnels.
So I think I agree. On one hand routing tables definitely matter, say in a site 2 site implementation and in any VPN where you are communicating with a remote network.
However I think about Himachi, which was a VPN of sorts that handled this in a totally different way. VPN isn't limited to TCP/IP. So I concede to your point.
himachi was definitely a VPN. Assuming it's IP block was large enough, no routing would be needed, but it's completely possible that it still would be needed. I really wonder what a broadcast domain looks like Pertino/Zero Tier/Himachi?
-
@Dashrender said in Has Windows 10 VDI Licensing changed yet?:
I really wonder what a broadcast domain looks like Pertino/Zero Tier/Himachi?
Depends on what kind of broadcasts. If you mean Ethernet broadcasts, which is what most people mean (the ones that are limited by VLANs) then these VPNs don't affect them at all.
-
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
On one hand routing tables definitely matter, say in a site 2 site implementation and in any VPN where you are communicating with a remote network.
They matter, certainly, they are just outside of the VPN scope. VPNs exist whether routing tables are there or not or whether they come into play or not.
-
@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:
@bigbear said in Has Windows 10 VDI Licensing changed yet?:
On one hand routing tables definitely matter, say in a site 2 site implementation and in any VPN where you are communicating with a remote network.
They matter, certainly, they are just outside of the VPN scope. VPNs exist whether routing tables are there or not or whether they come into play or not.
Agreed, I guess I am just coming around to accept what you originally postulated, that a VPN by definition isnt limited to the idea of connecting two routable networks. That VPN and SSL are very similar.
I had a guy years ago that used to confuse RDP and VPN, but not because of he knew what he was talking about. He just didn't understand what either of them were to begin with. So he was always telling me he was VPN'd in when in fact he was on our terminal server.
Now I am like...
