Outsourcing Consulting News
Virtual Desktop Infrastructure: Remote Access Portal for Linux in LAN
Remote Access Portal for Linux allows users to connect to computers within remote LAN via RDP (Remote Desktop Protocol) and run applications according to user permissions level. With this application users can connect to remote personal work environment from any place in the world using any laptop. The only requirement is Internet connection.
Comprehensive security options and connections being established via dedicated gateway helps controlling access to company VDI in LAN from Internet preventing unauthorized access to computers within LAN and applications installed on them.
The client already had working remote access application for Windows, but needed to have a similar client application running on Linux OS, specifically on tiny versions of Linux to support network-based boot and increase life time of legacy hardware, which is not sufficient performance wise to support modern Windows operating systems.
The main idea of the project was to implement the application in C++ using Qt GUI library to make the application platform independent and use rdesktop open source library to support connections to Microsoft Terminal Services via RDP.
A great deal of attention was paid to client-server network communication security. All communication was organized over secure SSL protocol and authentication broker services were used to redirect incoming connections to remote VDI LAN. All user sensitive data was stored in strongly encrypted form.
The application utilizes SSO (Single Sign-On) mechanism for authentication. It passes authentication procedure only once to gain further access to remote servers and services according to account security policy.
Besides implementation of Remote Access Portal for Linux the team also created a bootable tiny Linux image which is about just 40 MB in size and allows booting systems from CDs or network and automatically obtain settings from network used by both Linux OS and Remote Access Portal to connect to VDIs and run remote applications.
The entire solution consists of the following modules:
- Client module is a desktop application with convenient Qt-based GUI providing user means to work with remote applications and computers.
- Open SSL library located on client computer providing SSL connectivity to remote computers.
- Rdesktop library supporting RDP connections to MS Terminal Services.
- Proxy server used for user authentication and redirection to LAN.
- Web based server application storing user account information and security settings associated with accounts such as lists of available remote computers and applications.
Tools and Technologies
- Linux Debian / Redhat / OpenBSD / Slitaz;
The implemented solution increases life time of legacy hardware and serves as a thin client which can be used to access MS Windows based VDIs and utilize virtualization capabilities from PCs that either have Linux installed on them or even no OS at all.