@scottalanmiller its tunnels vs sockets though.... in the traditional sense.

VPN's create tunnels with routing protocols. SSL's create encrypted sockets against application ports.

I just see a linear difference between SSL VPN and an SSL encrypted transaction for authentication.

But given the standard VPN definition I see your point. You also can consider that mapping of remote and local resources. But this also is possible without the SSL. So...

Yeah it definitely seems like an issue. Since the only interface on the FreePBX is marked EXTERNAL (since its hosted) I wander if that is not a situation FreePBX engineers accounted for.

I seem to remember early on @JaredBusch mentioning a customer of his was blocked when their internet cut in and out and he had to remove them. I saw that a couple months ago in his post.

@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:

@bigbear said in Has Windows 10 VDI Licensing changed yet?:

Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.

SSL is a VPN, we just don't think of it that way.

I have been thinking about this but isn't RDP SSL a pre-shared certificate that prefaces auth info transmission. Or are you saying with the right routing table, once connected, you can send/receive packets to the remote network once connected?

Just this morning I awoke to alerts where a user was reporting NO SERVICE on their phones.

Their networks are marked as TRUSTED now (a last ditch effort) and those IP addresses are explicitly listed in BLOCKED status.

I do know these customers are getting internet from Time Warner and seem to be having intermittent internet issues. But still, "bypass firewall entirely" isn't whats happening.

Last week I also made sure all of the latest updates were installed. There were a number of updates to the firewall interface I recall over a 3 day period when I started this trial. It seems to have stayed the same for a couple months now.

@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:

@Dashrender said in Has Windows 10 VDI Licensing changed yet?:

@bigbear said in Has Windows 10 VDI Licensing changed yet?:

@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:

@bigbear said in Has Windows 10 VDI Licensing changed yet?:

Its nice that you can replicated everything to the cloud for DR, but man Azure's new GUI sure is a headache compared to the one I was using a couple years back.

Hard to believe that it could get worse The terrible interfaces and unintuitive system are some of the reasons that I like to avoid it. It is a huge pain to do anything on it compared to the alternatives.

But things like capacity based MS SQL Server are big bonuses of it.

And yeah it is amazingly worst. And I still hate that the RDS Gateways are a requirement. It complicated an otherwise simple installation for a small setup like ours. If we are lucky we MAY have 20 people by end of year and I doubt we add a person or two per year at peak growth.

What makes you require an RDS gateway?

Perhaps instead of on Prem, you should go for Colo. You're own hardware with your own firewalls.

I'm not aware of them ever being required.

I believe I am picking up this assumption from 2012 RDSH, and I only tested it on Azure. I also may be remembering that I was playing with app publishing.

Forwarding the firewall port has worked so far in my testing, and their are SSL security options that I believe negate the need for VPN.

The real story here is the way you can run an RDSH server as a container, move profile data and app profile data into storage blobs and save sandbox changes to app and OS updates back to the container.

Or I am sure in a larger environment using App-V along with container based RDSH servers would be a real win.

Seems like it happens weekly for a couple installations at least. Even when listing IP as Trusted (bypass firewall)

I may trying re-configuring firewalls on those then.

Before I post on FreePBX I thought I would see if any here (@JaredBusch ) has had this issue.

Whenever you add a network, even as a Trusted Network, and the customer has a brief internet outage it seems I am always having to remove them from the firewall blocked list.

I would think at least as a Trusted Network there would be a way to prevent the firewall from blocking an address.

@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:

@bigbear said in Has Windows 10 VDI Licensing changed yet?:

But am I alone that I would still rather have this on-prem?

I never "want" on prem anything. I hate on prem. Sometimes for latency it's the way to go, but I'm never happy about it.

Just because we have no servers at the moment I am going to give it a go with Vultr. I am even running a couple broadsoft switches there now. Whenever there has been latency it seems to be in Chicago's DC and usually late at nights or weekends.

@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:

@bigbear said in Has Windows 10 VDI Licensing changed yet?:

Its nice that you can replicated everything to the cloud for DR, but man Azure's new GUI sure is a headache compared to the one I was using a couple years back.

Hard to believe that it could get worse The terrible interfaces and unintuitive system are some of the reasons that I like to avoid it. It is a huge pain to do anything on it compared to the alternatives.

But things like capacity based MS SQL Server are big bonuses of it.

And yeah it is amazingly worst. And I still hate that the RDS Gateways are a requirement. It complicated an otherwise simple installation for a small setup like ours. If we are lucky we MAY have 20 people by end of year and I doubt we add a person or two per year at peak growth.

@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:

@bigbear said in Has Windows 10 VDI Licensing changed yet?:

Also it does seem if you want to use Azure you can eliminate SQL and 2 domain contrllers leveraging Azure SQL and Azure AAD.

Yes, AWS offers their own database options too. As does Rackspace.

Yeah but no 2016 Server yet? I will say that I have seen video games streamed on 2012 on AWS videos a while back so I am excited to see what 2016 can do with a dedicated GPU.

But am I alone that I would still rather have this on-prem?

Also it does seem if you want to use Azure you can eliminate SQL and 2 domain contrllers leveraging Azure SQL and Azure AAD.

I am going to try running Vultr servers for the Gateways and internal servers, linking them to AAD today. I feel like this will end up being a premise based deployment though for us.

Its nice that you can replicated everything to the cloud for DR, but man Azure's new GUI sure is a headache compared to the one I was using a couple years back.

@stacksofplates said in Has Windows 10 VDI Licensing changed yet?:

So admittedly I didn't read through the whole thread just the first couple pages. I'm pretty sure we use XenDesktop for this. We have some guys who use a laptop and they get a VDI session with a dedicated graphics card. Then they run SolidEdge,SpaceClaim, or ANSYS Workbench to do their work.

I know a company that uses XenDesktop for Solid Edge and are really happy with it, despite only being a 20 person company.

It seems 2016 Server has done a lot to catch up with XenDesktop though now that I am playing with it.

While Azure has special VM's built for this I dont think GPU is an option on Vultr though.

@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:

@stacksofplates said in Has Windows 10 VDI Licensing changed yet?:

@scottalanmiller said in Has Windows 10 VDI Licensing changed yet?:

@stacksofplates said in Has Windows 10 VDI Licensing changed yet?:

So admittedly I didn't read through the whole thread just the first couple pages. I'm pretty sure we use XenDesktop for this. We have some guys who use a laptop and they get a VDI session with a dedicated graphics card. Then they run SolidEdge,SpaceClaim, or ANSYS Workbench to do their work.

You have a bit more scale. His issue is that he has so few users.

I guess you could do the same thing on a smaller scale. Just have dedicated VMs that people RDP into, you might not even need the graphics cards if they are just viewing CAD files.

Seems like RDS would work fine if you don't need GPU.

So actually 2016 Server DOES support GPU access both for session host and vdi.

Not sure why but I wasnt getting alerts on this thread all weekend, probably because I left the browser open at the office.

@scottalanmiller what @Dashrender was saying above about $130/desktop/yr is just software assurance then?

Is TS licensing (or RDS, whatever) now also annual?

@scottalanmiller So I virtualized server 2016 server (on Vultr) can run a VDI/RDS setup?

@scottalanmiller You have an example link or SKU?

@scottalanmiller We have machines, as part of the split the old company is keeping the existing IT infrastructure. We are taking our data and leaving the premise IT with them.

@scottalanmiller Somewhere along the way I picked up that Windows 10 Pro running as Virtual Desktop was not legal to license in any way. While it would not be a good solution at scale (to manage) running 10 on a server for my situation would be fine.

But maybe its still that Windows 10 Pro licenses can not be optained for this use outside of a large VL bulk purchase?