Remote Desktop over http

[bsquirle]

Hi,

I'm looking for a remote desktop solution for one of our clients.

Here's what the solutions should have:

• It should be secure
  
• It should only connect to 1 or 2 servers (no other machines in the same network)
  
• It should work over http (port 80) only
  
• It needs to be cross-platform (so not only IE - ActiveX) (for example, some users will be using Macs)
  
• It should support multiple concurrent sessions (Each user in it's own desktop.)
  

If you take a look at the requirements, you can see that the MS Remote Desktop Web connection does not qualify.

(This web application allows to connect to the other servers in the network and uses an ActiveX-component which will probably not load on Macs.)

The servers are Windows 2003-based.

I've been searching the internet for possible solutions, currently we have found logmein to work, but that only supports 1 session.

Are there any other options? Is this even possible at all?

Thanks in advance,

bsquirle

[popisdead uk]

I don't think you can get more than one active session on anything other than Terminal sessions, and they don't use port 80 :(

[+BudMan MVC]

2k3 only supports 2 concurrent logins without licensing of the terminal server for application mode.

Why do these logins have to be to these servers? What exactly are they going to be doing in these remote desktops? Fixing something on the server, or running some application?

[deactivated_]

LogMeIn comes close to all your requirements except for the multiple concurrent sessions. It's secure, can be set to only connect to the machines you specify in the account, operates over port 80 and has cross platform client access.

I agree with the above and can't think of a way around the multiple concurrent sessions issue.

[MrKuro]

2k3 supports 2 concurrent terminal sessions out-of-the-box (as bud described) , also xp3 can have multiple active concurrent sessions as well with a pach installed (google: concurrent sessions + sp3)

also if the port is an issue, you can change the rdc listening port to something non-standard (google: change rdc port)

so i still think remote desktop connection fits the bill (clients, not the activex web version):

It should be secure (check)

It should only connect to 1 or 2 servers (no other machines in the same network) (check)

It should work over http (port 80) only (check, again easy to chg port)

It needs to be cross-platform (so not only IE - ActiveX) (for example, some users will be using Macs) (check, there are clients for all the major platforms, win/mac/linux)

It should support multiple concurrent sessions (Each user in it's own desktop.) (check, standard in 2k3, hacked in xp)

[+BudMan MVC]

"also xp3 can have multiple active concurrent sessions"

So you are honestly suggesting he "hack" xp so that it can run more than 1 concurrent Remote desktop session for one of his "clients".

Um thats just crazy -- if he needs more than the 2 "admin" sessions that 2k3 supports then he needs to license it for application mode - period!

http://www.microsoft.com/windowsserver2003...ermservlic.mspx

Windows Server 2003 Terminal Server Licensing

http://www.microsoft.com/windowsserver2003...ing/ts2003.mspx

Licensing Terminal Server in Windows Server 2003 R2

[MrKuro]

  BudMan said:

"also xp3 can have multiple active concurrent sessions"

So you are honestly suggesting he "hack" xp so that it can run more than 1 concurrent Remote desktop session for one of his "clients".

Um thats just crazy -- if he needs more than the 2 "admin" sessions that 2k3 supports then he needs to license it for application mode - period!

i wasnt suggesting he do anything, i merely was offering up the ability if he so wants (and the fact that it so simple to do (one tiny .dll, and some reg entries), why not)

meh...licensing , and software rules .. blah I say! (glad i'm not in IT, i'd go nuts without patchs/hacks/cracks/tweaks/etc. , especially for simple things that could have easily been standard ) :p

anyways.. seems like you're pointing him on the more "proper" & "moral" path. Best advice, bsquirle .. listen to Budman, he knows his networking stuff :)

[+BudMan MVC]

As to my "personal" opinion on the hack you suggest. For "HOME/Personal" use it might be something to look at, etc. That would be between the person doing it and whatever morals/ethics they might or might not have or follow ;)

But as he clearly stated "client" this would suggest payment for his services, etc.. Doing anything that is not fully on the up and up with concern to all software licensing terms and or restrictions is asking for trouble pure and simple. For what to save someone else a few bucks? Are they going to give you more money for saving them money by cheating the licensing -- is this money worth you getting fined or jail?

If for whatever reason they get audited in the future, or one of their employee's turned them into the BSA, etc.. Where do you think the blame would get put for any type of licensing issue!

I will be first to admit that some of the licensing terms MS has come up with are just crazy money hungry nonsense -- and I would have no issues with not sending extra money to MS. The whole "cal" thing is just them wanting more money for not providing anything.

But if you don't want to send extra money to MS, then there are other solutions out there. Depending on what the user is going to be doing on this desktop?? You could always fire up a linux box and provide as many remote desktops you would want and the hardware can handle, etc.. With no extra licensing costs associated in doing so.

[bsquirle]

  BudMan said:

Why do these logins have to be to these servers? What exactly are they going to be doing in these remote desktops? Fixing something on the server, or running some application?

Our client will be running applications on these servers that will be used by his clients.

At least 4 concurrent users are needed at this time.

  WolfDV said:

also if the port is an issue, you can change the rdc listening port to something non-standard (google: change rdc port)

so i still think remote desktop connection fits the bill (clients, not the activex web version):

It should be secure (check)

It should only connect to 1 or 2 servers (no other machines in the same network) (check)

It should work over http (port 80) only (check, again easy to chg port)

It needs to be cross-platform (so not only IE - ActiveX) (for example, some users will be using Macs) (check, there are clients for all the major platforms, win/mac/linux)

It should support multiple concurrent sessions (Each user in it's own desktop.) (check, standard in 2k3, hacked in xp)

I know the remote desktop port can be changed, but I was going to try and keep port 80 open for http traffic (maybe a small website).

I was hoping someone knew a web application I could deploy in a virtual host on Apache or IIS.

Anyway, the current course will be this:

I'll be installing the activex client in iis.

Open the remote desktop port.

Add the additional cals.

Isolate these 2 hosts from the rest of our network (somehow I don't really trust this client's setup (the part they are doing)).

If needed I can put the remote dektop on port 80, should our client still need a webserver, I'll get him a nice virtual linux box or something ;-) .

Oh, and no crazy stuff, all legal software, can't afford to get cought :-)

Thanks for the help and ideas!

[ScottieG]

well, you could do what your asking with a load balancer. on the load balancer you can create a VIP that your users come in as and redirect that VIP to accept traffic on port 80 and forward it behind the load balancer to the servers on 3389. You can then setup the load balancer on the same VIP to listen for the websites via host header values, therefore when they want to come in to your website it will forward to a different, content IP behind the load balancer and you have have the web server working just as well.

[1337ish]

  bsquirle said:

I know the remote desktop port can be changed, but I was going to try and keep port 80 open for http traffic (maybe a small website)

For that you need 2008 TS publishing which must use https I believe but that allows a secure TS tunnel.

[ScottieG]

you can have remote desktop listening on any port as long as that port is not already in use. This is a simple registry change:

How to change Terminal Server's listening port

http://support.microsoft.com/kb/187623