I have been spending time trying to wrap my head around Containers, mainly the Docker container. There are others that are up and coming, but since Docker is the most popular, understanding it will prepare you to understand the rest. It is not easy for me, coming from a VM background. Especially, understanding some of the ways that things work in containers versus how they work in a VM environment. Trying to model Dcoker from a VM perspective is the fastest way for me, but there are some major differences.
I found a good web gateway to allow access from the Internet to a local server. It can be accessed over the web using a browser. Apache Guacamole is not a household name, but it offers access via SSH and Windows desktop through its web interface. Just click on a pre-defined link and it will bring you to the interface in the browser.
I tried extracting the vmdk file (the disk file) and creating a VM around it. But the disk didn't like the way it was being booted and kept dumping me into EFI. A little reading made me aware that the Guacamole VM was running on Debian.. running GRUB, my mortal enemy. My clashes with it are here elsewhere, so I won't bore you.
I then tried running it on a KVM host. Again, I unpacked the OVF, converted the VMDK to QCOW2 and created a VM around it. It worked straight out of the box. Bitnami VMs have a one-time startup sequence, and first time logging in does require a password change. But once the banners show how to connect to the Guacamole (or whatever service the VM is providing), it is intuitive to work with. Links and menu items can be spawned off into other tabs (showing a high degree of HTML compatibility).
Making it work with SSH hosts is straightforward, and Windows Remote Desktop connections are not too difficult if you are the Admin. Windows requires some modifications to the server's Remote Desktop Connection server settings, but nothing that would cripple or make it more risky.
I used to love SSL gateway devices before they were killed off by Java security updates and the lack of understanding by security professionals that always favoured VPNs. This gets it close to the connectivity level those devices used to provide.
What makes this solution really interesting to me is its ability to record sessions. Nothing makes people more careful when they know they could be watched. I've had problems in the past when people wouldn't share or tried to hide stuff they weren't supposed to. This way, people can focus on their work instead of trying to show off (a huge problem in the tech arena, I discovered).
No comments:
Post a Comment