SL:Virtual Machines und SL:Remote Access: Unterschied zwischen den Seiten

Version vom 6. August 2013, 15:28 Uhr

Single Hop

Repetition of some well known facts and a standard procedure:

local computers are not reachable from the outside world as this is the definition of "local"
all our "normal" LANs uses subnets in several sub-ranges of 172.16.0.0/12. E.g. Telematic uses 172.22.0.0/16
the Sensor Lab's net is behind a local router 172.22.255.253) and uses a private network 192.168.22.0/24
standard protocol to access local machines from outside is SSH
to reach (for example) tmgsim1.sl.tmg.loc you need to login to a public server first and then connect to the final destination

This does work only if your destination address:port is reachable from the single intermediate hop.

Accessing a virtual Windows Desktop from a local Windows machine

tmgsim4.tmg.loc is running Windows 7

Please note that this machine is not located in the Sensor Lab Network because of limitations of the available license for Qualnet.

~$ host tmgsim4.tmg.loc
tmgsim4.tmg.loc has address 172.22.98.204

Use the login server (login.stud.informatik.uni-goettingen.de) and establish Port Forwarding of an arbitray /unused local port (e.g. 12345) to port 3389 on that target machine using PuTTY.

For reference: the unix command line looks like this:

ssh  -L 12345:tmgsim4.tmg.loc:3389  username@login.stud.informatik.uni-goettingen.de

In PuTTY you need to go to Connections --> SSH --> Tunnels and fill Source Port with 12345 and Destination with tmgsim4.tmg.loc:3389. After pressing "Add" the result is one line in the "Forwarded Ports" list reading:

L12345  tmgsim4.tmg.loc:3389

Now you can connect with rdesktop (Linux) or "Remote Desktop Connection" (Windows) to

localhost:12345

You will get a windows login screen. Log in with your credentials in the usual form, e.g. UG-STUDENT\username or GWDG\username

Please note the number of licenses is small, so you might not be able to use Qualnet.

Successfully verified: Eduroam/WLAN --> login.stud --> rdesktop --> Qualnet. Udo, 05.10.2011

Double Hop

http://sshmenu.sourceforge.net/articles/transparent-mulithop.html

Please read and adapt and document here :-)

Links

...

SL:Virtual Machines und SL:Remote Access: Unterschied zwischen den Seiten

Version vom 6. August 2013, 15:28 Uhr

Inhaltsverzeichnis

Single Hop

Accessing a virtual Windows Desktop from a local Windows machine

Double Hop

See also

Links

Navigationsmenü

Suche

@@ Zeile 1: / Zeile 1: @@
-== Current state ==
+== Single Hop ==
+Repetition of some well known facts and a standard procedure:
-.2014:
-* tmgsim1 - dead
-* tmgsim2 - dead
-* tmgsim3 - dead
-* tmgsim4 - Available, Windows/Gwdg
-* tmgsim5 - power down, Roman Seibel
-* tmgsim6 - power down, Udo Burghardt - useable by everyone
-* tmgsim7 - power down, Ansgar Kellner
-* tmgsim8 - power down, Youssef Shehadeh
-* tmgsim9 - power down, Saleh Al-Shadly
-* tmgsima - Available, Udo Burghardt
-* tmgsimd - Available, Omar Alfandi + Arne Bochem
+* local computers are ''not'' reachable from the outside world as this is the definition of "local"
-Additional infrastructure machines:
+* all our "normal" LANs uses subnets in several sub-ranges of <code>172.16.0.0/12</code>. E.g. Telematic uses <code>172.22.0.0/16</code>
-* slgm - Gateway
+* the Sensor Lab's net is ''behind'' a local router <code>172.22.255.253</code>) and uses a private network <code>192.168.22.0/24</code>
-* zabbix3 - Monitoring attempt
+* standard protocol to access local machines from outside is [[SSH]]
-* vma1 - vmware assistant
+* to reach (for example) <code>tmgsim1.sl.tmg.loc</code> you need to login to a public server first and then connect to the final destination
+''This does work only if your destination address:port is reachable from the single intermediate hop. ''
-== Virtual Machines ==
-=== tmgsim1.sl.tmg.loc - Windows 7 ===
-Quad Core, 6 GiB Ram. 32 GB Disk, transparent access to AFS Storage.
+=== Accessing a virtual Windows Desktop from a local Windows machine ===
-==== Installation ====
+* <code>tmgsim4.tmg.loc</code> is running Windows 7
-Example walkthrough with a windows machine:
+Please note that this machine is ''not'' located in the Sensor Lab Network because of limitations of the available license for [[Qualnet]].
- Windows 7 Professional 64 bit,  english
+ ~$ host tmgsim4.tmg.loc
- Internal name: win7sim1
+ tmgsim4.tmg.loc has address 172.22.98.204
- Manually set IP Address to 172.29.22.201 / 16 on the first run.  '''Update 07.2011: DHCP delivers 192.168.22.61'''
- Because this would NOT work with Qualnet (only 172.22./16 as client address range has been bought) switch to bridged mode and to DHCP with DNS tmgsim1.tmg.loc
+Use the login server (<code>login.stud.informatik.uni-goettingen.de</code>) and establish Port Forwarding of an arbitray /unused local port (e.g. 12345) to port 3389 on that target machine using [[PuTTY]].
- Disable IPv6
- Enable ICMP in Firewall
- <reboot>
- Enable Remote Desktop with "any version"
+For reference: the unix command line looks like this:
- Install Firefox
+ ssh  -L 12345:tmgsim4.tmg.loc:3389  username@login.stud.informatik.uni-goettingen.de
+In [[PuTTY]] you need to go to Connections --> SSH --> Tunnels and fill Source Port with 12345 and Destination with <code>tmgsim4.tmg.loc:3389</code>. After pressing "Add" the result is one line in the "Forwarded Ports" list reading:
- Microsoft: 2 Important Updates
+ L12345  tmgsim4.tmg.loc:3389
- <reboot>
- Microsoft: 62 (!) Important Updates in several steps
- <reboot>
- Install Notepad++ 5.8.7
- Install Updatechecker 1.038
- Firefox: Prefbar
+Now you can connect with <code>rdesktop</code> (Linux) or "<code>Remote Desktop Connection</code>" (Windows) to
- Activate Windows. Licenses are available  from MSDNAA
+ localhost:12345
- Install KfW 3.2.2 32bit + 64bit
- Install Network Identity Manager 2.0.102 32bit + 64bit
- Install [[OpenAFS]] 1.5.78 64bit
+You will get a windows login screen. Log in with your credentials in the usual form, e.g. <code>UG-STUDENT\username</code> or <code>GWDG\username</code>
- Change Computer Name --> UG-UMINTMGSIM1 to join Active Directoy
- (The DNS Name stays tmgsim1.tmg.loc though!) '''Update 07.2011: tmgsim1.sl.tmg.loc'''
- Join Active Directory (one needs to be a ''Domain Admin'' to do so)
+Please note the number of licenses is small, so you might not be able to use Qualnet.
-Granted Remote Desktop manually (no groups mechanism available in AD for this task) access to:
-* akellne
-* oalfand
-* shartung
-* staheri
-* yelhajj
-* geyu -- ''local'' user account, no Admin. (Local due to problems with <code>UG-STUDENT</code>.)
-* uburgha
-* gtest2 -- user only, no Admin
-* c.wehrberger
-* pmemarm
+<small>Successfully verified: Eduroam/WLAN --> login.stud --> rdesktop --> Qualnet. Udo, 05.10.2011 </small>
-I've put these five user accounts into group <code>ADMINISTRATORS</code>! This way it is possible to log in with <code>gwdg\username</code> also for administrative tasks.
+== Double Hop ==
-Please note that ''only one single user'' can run a Remote Desktop session at any given time. If you want to share a single virtual machine you need to create yourself a schedule...
+* http://sshmenu.sourceforge.net/articles/transparent-mulithop.html
+Please read and adapt and document here :-)
-Installed [[Qualnet]] 5.0.1 connected to license server. Tested usage from a remote site as described below.
-==== Multiple-User access ====
-* it ''is'' possible to run applications in the background without being logged in: you may close the Remote Desktop window and leave everything running!
-* ONLY ONE user can have an ''established'' Remote Desktop connection at any given point in time.
-** when a second user tries to connect the first one will get a message box.
-** the ''first'' user has the priority. He may simply deny lo loose his connection.
-** if that first user is not watching his terminal then an automatically implied answer is "yes, loosing the connection is ok for me"!
-* there are ONLY TWO Qualnet licenses. You need to talk with each other to schedule usage of these.
-====  Remote Access from outside ====
-The system is reachable ''only from inside the Institute's LAN.''
-The Remote Desktop inside the guest is configured in the default manner, listening on standard port 3389.
-You may login to <code>login.informatik.uni-goettingen.de</code> (Staff only. Students ''and'' staff may use <code>login.stud.informatik.uni-goettingen.de</code>) and forward any unused local port (e.g. 12345) to
- tmgsim1.sl.tmg.loc:3389   '''(Updated 07.2011)'''
-* on unixoid OS' use <code>ssh  -L 12345:tmgsim1.sl.tmg.loc:3389  user@login.informatik.uni-goettingen.de</code>
-* on Windows you may use [[PuTTY]], see https://intra.informatik.uni-goettingen.de/wiki/index.php/SshTunnel for a screenshot showing forwarding a port.
-The result is the same: with this tunnel established it is possible to use the standard Remote Desktop application to connect to <code>localhost:12345</code>.
-For Linux run something like this:
- ~$ rdesktop  -u gwdg\\username  -g1200x1000  -a16   localhost:12345
-==== Updates ====
-Someone should be responsible for keeping the system up-to-date!
-* Udo, 26.04.2011
- Several Windows Updates
- Firefox 3.6.13 --> 3.6.16 --> 4.0
- IE 9
- Notepad++ 5.8.7 --> 5.9
- Java 1.6.0.24 --> 1.6.0.25
-* Udo 07.2011 Network jumping 172.xxx --> 192.168.22.x
-=== tmgsim2.sl.tmg.loc ===
-Deleted...
-=== tmgsim3.sl.tmg.loc ===
-Deleted...
-=== tmgsim4.sl.tmg.loc ===
-ESXi: once again Windows 7 Prof, english, 64bit, new installation because the Migration from the old Virtualbox-Containers is not as simple as expected...
- Fresh Installation
- (was temporary 172.22.98.204, now 192.168.22.64)
- <strike>Qualnet 5.0.2</strike>
- Integration in Gwdg / Active Directory
- Enable Remote Access for individually picked accounts
- Enable All ICMPv4 (for ping-Tests)
-Remote Access is granted only for a few users:
-<pre>
-C:\Users\lu>net localgroup "Remote Desktop Users"
-Alias name     Remote Desktop Users
-Comment        Members in this group are granted the right to logon remotely
-Members
------------------------------------------------------------------------------
-GWDG\akellne
-GWDG\gtest2
-GWDG\oalfand
-GWDG\pmemarm
-GWDG\shartun
-GWDG\staheri
-GWDG\uburgha
-GWDG\yelhajj
-UG-STUDENT\c.wehrberger
-UG-STUDENT\hang.zhang1
-UG-STUDENT\s.hosseini1
-The command completed successfully.</pre>
-Administrator rights may be granted on demand ---> [[User:Burghardt]]
-=== tmgsim5.sl.tmg.loc ===
-Roman Seibel:
- Ubuntu 11.04 Natty Server, 64bit, 4GiB Ram, Dual Core, 16GB Disk
-=== tmgsim6.sl.tmg.loc ===
-Udo:
- <strike>Ubuntu 11.04 Natty Server</strike> [[debian]] [[Squeeze]], 32bit, 1GiB Ram, Dual Core, 8 GB Disk
-* useable by everyone, including [[OpenAFS]] $HOME
-<pre>~$ ssh -p 22222 ub@tmgsim6.sl.tmg.loc
-ub@tmgsim6.sl.tmg.loc's password:
-Linux tmgsim6 2.6.32-5-686 #1 SMP Sun Sep 23 09:49:36 UTC 2012 i686
-//
-// tmgsim6.sl.tmg.loc
-//
-ub@tmgsim6:~$ pwd
-/afs/informatik.uni-goettingen.de/user/u/ub
-</pre>
-=== tmgsim7.sl.tmg.loc ===
-Ansgar Kellner:
- Ubuntu 11.04 Natty Server, 32bit, 4GiB Ram, Dual Core, 12 GB Disk
-=== tmgsim8.sl.tmg.loc ===
-Youssef El Hajj Shehadeh:
- Ubuntu 11.10 Oneiric Server, 32bit, 2GiB Ram, Dual Core, 32 GB Disk
- # host tmgsim8.sl.tmg.loc
- tmgsim8.sl.tmg.loc has address 192.168.22.68
-Local accounts only (no ldap/kerberos/...)
-=== tmgsim9.sl.tmg.loc ===
-Saleh Al-Shadley:
- Ubuntu 11.10 Oneiric Server, 32bit, 1GiB Ram, 8 GB Disk
-=== tmgsima ===
-Udo Burghardt
-=== tmgsimd.sl.tmg.loc ===
-.2014:
-Linux simulation machine. Omar Alfandi / Arne Bochem
-Requested configuration: 6GiB Ram + 100 GB disk -- this a "no backup" system.
-Delivered:
-* 2 * Dual Core Xeon @ 2.4 GHz (= four cores)
-* 4 GiB Ram (6 GiB requested, will only deliver if machine does actually swap.)
-* 4 GB disk for operating system
-* 100 GB disk for simulation data, mounted on '''<tt>/srv</tt>'''
-Though Ubuntu 14.04 is not finished yet I decided to give it a try
- server-amd64-daily-build-20140207.iso
- tmgsimd.sl.tmg.loc has address 192.168.22.70
-Local (installation-time) user: lu
- echo "apt-get update && apt-get -d -y dist-upgrade">/usr/local/sbin/gu && chmod +x /usr/local/sbin/gu
- apt-get dist-upgrade 2>&1 | tee -a /var/log/apt/apt-get-upgrade_$(date +%F).log
- apt-get install htop jed mc lsof uptimed screen byobu molly-guard update-notifier-common exim4
- apt-get install libnss-ldap libpam-ldap auth-client-config ldap-auth-client ldap-auth-config
- apt-get install krb5-config  krb5-user krb5-multidev libpam-krb5 openafs-krb5
- apt-get install openafs-client openafs-krb5 nscd
- id user # funktioniert
- kinit user # funktioniert
- aklog # funktioniert nun
- scp gtest2@login.stud.informatik.uni-goettingen.de:/etc/pam.d/* /etc/pam.d/
- apt-get install libpam-afs-session
- apt-get install libpam-ck-connector libpam-cap
-'''Test:'''
- ~$ ssh gtest2@tmgsimd.sl.tmg.loc pwd
- gtest2@tmgsimd.sl.tmg.loc's password:
- /afs/informatik.uni-goettingen.de/user/g/gtest2
-Access restriction: '''access granted for all senslab user:'''
- cat /etc/security/access.conf
- -:stud:ALL
- +:senslab tmg admins:ALL
- -:ALL EXCEPT root:ALL
- getent group senslab
- senslab:*:6172:ub,ashah,c.wehrberger,mohamad.hotait,felipe.cadenamuniz,s.hosseini1,shartun,hang.zhang1,arne.bochem,araha,pmemarm,hbrosen,gtest2,oalfandi,brosenne,pmemarmo,taheri,kellner,sensorlab,uburgha,rseibel
-'' '''Is the above list real??? Who is responsible for removing them???''' '' -- tell Udo
-root access granted via sudo:
- getent group sudo
- sudo:x:27:lu,oalfandi,arne.bochem
-Disks:
- df -h |grep sd
- /dev/sda1       3.9G  1.3G  2.5G  35% /
- /dev/sdb1        99G   60M   94G   1% /srv
-Todo:
-* "ssh user@tmgsimd" takes ''very'' long to display the password prompt. Obviously it runs into a 30 second timeout. But what is it waiting for?
 == See also ==
-* [[SL:tmg94]] -- the host
+* [[SL:Virtual Machines]]
-* [[SL:Remote Access]]
+* [[SL:Introduction]]
-* [[SL:Topology]]
 == Links ==
+* ...
 [[Category:Sensorlab]]