?
Solved

Remote Desktop into Virtual PC, Virtual Server or VMware

Posted on 2006-05-27
19
Medium Priority
?
2,556 Views
Last Modified: 2013-11-21
Virtualization is the IT buzzword du jour, and I'm building an 8 GB RAM PC to run multiple OSes.

1. Can I use Remote Desktop from the Internet to get into Guest (WinXP and Win2K3) OSes?  

2. Can I do this while keeping the Host OS inaccesible from the Internet (for security)?  

I've more Virtual Networking questions but will ask separately to maximize points.

Very grateful for any insights or experiences you can share on these issues.
0
Comment
Question by:csharp_guru
  • 5
  • 5
  • 4
  • +4
19 Comments
 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 1000 total points
ID: 16776302
Hi csharp_guru,
> 1. Can I use Remote Desktop from the Internet to get into Guest (WinXP
> and Win2K3) OSes?  

Yes - the virtual PCs get their own IP addresses, so in most cases, this just becomes a matter of forwarding ports.


> 2. Can I do this while keeping the Host OS inaccesible from the Internet
> (for security)?  

Yes, as I said, it's really just a matter of port forwarding to the guest OSs IPs.


Cheers!
0
 
LVL 81

Expert Comment

by:arnold
ID: 16776417
Like leew said. There  are various options available to you.

In  a sense the Guest OS's use the peripherals of the host system.  The network Card/s of the host system will be used by the guest systems for their network connectivity.

You would need to configure your Guest OS's to get their OWN IPS on the LAN versus get NAtted IPs from the HOST.

You can then configure your firewall to allow access to the GUEST systems while denying access to the host system.  Note that once access to a Guest system has been achieved, access to the Host OS provided RDP service is running, can be achieved.

0
 
LVL 13

Expert Comment

by:prashsax
ID: 16776562
The best option is to either not give any IP address to you host OS.

Or give a IP address with no routing.

This will maximize your host OS security.

With this, you can manage your host OS locally, or only from a pc which is in same subnet.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 6

Accepted Solution

by:
nexissteve earned 1000 total points
ID: 16776700

I suggest you implement a vpn solution.

There are known vulnerabilitys and attack vectors from a virtual machine directed at the host os

Here is an example of one:

http://www.vmware.com/community/thread.jspa?messageID=61936

So in answer to your question: 2. Can I do this while keeping the Host OS inaccesible from the Internet (for security)?  

No, not really.

1. Can I use Remote Desktop from the Internet to get into Guest (WinXP and Win2K3) OSes?

Absolutely, but always think of security in layers. Add a vpn solution, preferably with two factor authentication.

Hope this helps.

Cheers.......S
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 16776714
nexissteve - if you want to get technical, there is NO SUCH THING as a secure machine that has internet access.  EVERYTHING has vulnerabilities - it's a just a matter of if they've been found yet.

But I agree - VPN setup is the most advisable.
0
 
LVL 6

Expert Comment

by:nexissteve
ID: 16777063

leew - the whole idea of this forum is to get technical. The problem is that there ARE known attack vectors.

0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 16777088
What are the known attack vectors of Windows Virtual Server - because the question is NOT limited to VMware, which is all your answer covered.  

There's a certain limit to which you should go with technicalities... And I've been told by other experts here NOT to get too technical - you can't have it both ways.  You have to look at the question and decide on your own.
0
 

Author Comment

by:csharp_guru
ID: 16777134
Great answers.  I didn't expect such fast responses, thank you all very much.  If you don't mind, I'd like to to try 'em out before accepting,

In my current setup, my home network has a Cisco Pix 501 that forwards RDP to one of the desktops.

In my new setup, I want to prevent RDP access to any real machine.  Instead, I want the Pix to foward RDP to one of the virtual machines on the new desktop I'm building.  Then from there, I should be able to run multiple Remote Desktops on the other virtual machines as well as on the real machines on the home LAN.  Yes, this will be a huge resource hog!  But I'm building the new desktop with a Pentium 955EE that is dual core with hyperthreading, giving 4 logical CPUs, 8GB RAM and 2 SATA Raid 10,000 rpm drives.  If I configure everything right it should be doable.

What I'm worried is that I've never run Virtual PC or Virtual Server.  I've run VMware with a minimal network.  So I don't know what problems I might encounter running multiple networked virtual machines.  I don't know if the 4 logical CPUs can be properly utilized, or I'll end up with unacceptable latencies on the nested Remote Desktops.  Maybe I can bind specific VMs to specific CPUs.

Is this really practical?  The main goal is to prevent any Internet access to the real machines on the LAN, and hopefully use one or more virtual machines as gatekeepers.  Of course, the other goal is to run multiple OSes.  Does this really secure the real machines, or not?  I can't try the full setup until my new PC boots up, hopefully Thursday, June 1.
0
 

Author Comment

by:csharp_guru
ID: 16777177
Sorry I wrote my above comment in parts and did not see some of the other comments.  Yes, I should really use a VPN.  

In case you are wondering why I need such an elaborate setup for a home LAN, there will actually be at least 5 remote users (not counting any interested hackers).  At least my wife, two sons a friend and myself may use Remote Desktop access to the home LAN.

Of course, anything on the Internet is vulnerable, but this will add one or more layers of defense.  The big question is how vulnerable the real machines would be through the virtual gateways.  Thanks for the link provided by NexisSteve.  I will check it out.
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 16777206
although most of the differences between Vmware workstation and virtual PC are minimal, it is my opinion that Vmware offers an improved networking abstraction layer.  If you plan on running many virtual network adapters, you would prefer vmware.  What brings you to choose virtual pc?
0
 
LVL 6

Expert Comment

by:nexissteve
ID: 16777357
Hi Csharp,

What virtual machines solution were you intending on using? Also what were you intending the host OS to be?

cheers

S
0
 
LVL 6

Expert Comment

by:nexissteve
ID: 16777378

leew -

Fair call on that my answer was directed at vmware.

I am all for healthy debate, but I am also for giving the correct information. And if in giving the correct information, my answer conflicts with another person on this forum then i dont give a rats to be honest.

I didnt think my above answer wasnt really that technical. It just provided the information on a solution.

As a technical forum we should be advising users on best practice in the industry. In fact I wouldnt really be comfortable not giving the full information and risking someone putting in a solution that was badly implemented. That would mean we had failed in providing a proper answer. In summary I dont care what other experts have told you, I will continue to post complete solutions.

Us debating the above answers is probably against the rules at expert exchange, so I wont post off topic further.

Csharp_guru -

Currently there are no known vulnerabilities for vmware server or virtual server in the wild " If you have the latest patches installed", So in short patch everything to the hilt, use a VPN and you should be fine. If you are serious about keeping the host OS as safe as possible then make sure you keep it maintained and up to date.

I hope this helps

Cheers

S

0
 

Author Comment

by:csharp_guru
ID: 16778045

Thanks again for the new comments.  

NexiSteve,  In answer to your question, I am planning to use Windows XP Pro as the host, because that'e the only OS that Microsoft authorizes to host both Virtual PC and Virtual Server.  Since this is a new machine, it will intially be "patched to the hilt".  The challenge will be keeping it that way, but that's one reason I want to focus on this one machine.  While Remote Desktop is great, VPN can be a pain, in my experience.  So I can usually rely on corporate Sys Admins to solve my VPN problems.  In this case, using VPN for home LAN, I'll be the one debugging VPN problems, so can you point me to any good link for setting up and managing RDP via VPN?  Otherwise, I may just fall back to encrypted RDP and not a true VPN.

Carl_Legere, you asked, why Virtual PC?  I agree that VMware is probably much better, and I've actually used it in the past.  However, for the last 5 years, I've been a Consultant on Service-Oriented Architecture, and my multiple VMs are for modeling multiple servers and workstations talking to each other using XML and Web Services.  SInce I'll be using primarily Microsoft products such as SQL Server, Office Server, Biztalk, SBS etc., I might be better off using Microsoft VM products also.  A better reason is that I have an MSDN Premium subscription and get all these products free, while I would have to pay for the VMware products.  If Microsoft VMs don't do the job, I'll go ahead and switch to VMware.

Leew, Arnold and PrashSax, I appreciate your recommendations, and please bear with me while I test them out, before accepting the most useful solution(s),
0
 
LVL 6

Expert Comment

by:nexissteve
ID: 16778089
FYI csharp.

Vmware server is now free. Check it out at www.vmware.com

Fair call on the VPN setup. Sometimes they can be a pain in the neck.

Cheers

Steve
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16781770
" and I'm building an 8 GB RAM PC to run multiple OSes "

Yeah, great idea, but BIG BIG mistake as Arnold would say.  A multiple OS system CANNOT - repeat, CANNOT multi-task different OSs concurrently, so you are killing your idea before it can begin.  If you have 3 OSs and you want them to be accessible to run concurrently, then you run 3 COMPUTERS EACH WITH ONE OS -- that is the ONLY way to get this to work.  Buy 3 simple setups each to run an OS, not one MEGA system to mutitask 3 OSs, which is impossible to do.  SORRY.  It does not work.
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16781778
BTW, VMWARE still cannot multi-task 3 separate OSs, they work one by one.  You simply CANNOT do this, as you think you can, it does not work.  WindowsXP, linux, and 2003 CANNOT run at once from one computer, it is 10000000% impossible.
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 16781818
In that case, I'm doing the impossible on my server, running 2 virtual machines on it at the same time quite effectively.
0
 

Author Comment

by:csharp_guru
ID: 16784796
Scrathcyboy, thanks for your sobering comments.  I agree that VMs are limited compared to hardware.

However, this is not a production setup, it's a home desktop that I'm building.   When I need performance, I can hibernate the VMs and focus the full power of the machine, e.g. for benchmarks or gaming.

Also, it's easier to build (and maintain) one Mega machine than four small ones!  Of course, it's a single point of failure, but PCs are pretty reliable these days.

CPU I'm using is Pentium 955EE (dual core HT) which acts like four logical CPUs.  Now Virtual Server claims to  utilize multiple processors.  I'm sure VMware server can too, since it's more capable.  Hope reality matches the hype.

I hope to complete this PC next weekend, as I'm waiting on some parts.  Then maybe I can run some benchmarks, and understand the pros and cons of this setup.

BTW, scrathcyboy, yours were the accepted answers for my first two (Storage) questions on EE.  This is my third question, and I appreciate your help.
0
 

Author Comment

by:csharp_guru
ID: 16793942
Well, this question has started to meander.  The original question on Remote Desktop into VMs was answered very well by NexisSteve and LeeW, so I accepted their answers 50:50 with a grade A.  I'll have more questions on this. Thank you all.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question