dlwynne
asked on
Resolving SPX names w/o a Netware server
We use SPX to remote control machines (XP Pro) running various VPN clients required to connect to our customers. Most customers do not allow split tunneling so bringing up the VPN knocks the connection down if we used IP - so we use SPX. This also isolates these machines as they have no local IP capabilities.
We still have one old Netware server still running, its only purpose is to resolve SPX names so we can "find" the remote control machines using SPX (they are running pcAnywhere). If the Netware box is unplugged, we can't get to any machine.
I would love to replace this with a Windows server or use one we already have running - 2003 preferable.
Any way to do it?
Alternately, is there a way to have a HOST type file for SPX I could put on each controlling machine where I hard code the controllable machine name and (I assume) the network and MAC addresses? This never changes and would be no problem to put on the controlling computers (also XP Pro) so they could find the remote controllable machines.
If I can't do this, then I have to keep the Netware box alive or find another remote control solution that isolates us from the customer's network and can be remote controlled and survives a VPN tunnel.
We still have one old Netware server still running, its only purpose is to resolve SPX names so we can "find" the remote control machines using SPX (they are running pcAnywhere). If the Netware box is unplugged, we can't get to any machine.
I would love to replace this with a Windows server or use one we already have running - 2003 preferable.
Any way to do it?
Alternately, is there a way to have a HOST type file for SPX I could put on each controlling machine where I hard code the controllable machine name and (I assume) the network and MAC addresses? This never changes and would be no problem to put on the controlling computers (also XP Pro) so they could find the remote controllable machines.
If I can't do this, then I have to keep the Netware box alive or find another remote control solution that isolates us from the customer's network and can be remote controlled and survives a VPN tunnel.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
dragon-it:,thanks for the comment.
I had thought about virtual machines but had not though of KVM over IP. The problem with both, I think, is something that I failed to mention in my question :-) . We have multiple support reps active on VPN machines at the same time, does VMware and / or IP KVM allow for this? Rep A needs to control VPN 1 while rep B is controlling VPN 5 while rep C is controlling VPN 3, etc. Also, the reps all have VPN machines at their desks on a standard KVM. When in the office they control them directly. When working from home or the road (nights, weekends, holidays) they access their non-VPN PCs via a secure VPN tunnel them remote control (via SPX) the proper VPN box. Having a VPN machine at your desk is much faster / better access than remote controlling it - would IP KVM pr virtual machines be as responsive (assuming we can have have multiple users at once) ?
I had thought about virtual machines but had not though of KVM over IP. The problem with both, I think, is something that I failed to mention in my question :-) . We have multiple support reps active on VPN machines at the same time, does VMware and / or IP KVM allow for this? Rep A needs to control VPN 1 while rep B is controlling VPN 5 while rep C is controlling VPN 3, etc. Also, the reps all have VPN machines at their desks on a standard KVM. When in the office they control them directly. When working from home or the road (nights, weekends, holidays) they access their non-VPN PCs via a secure VPN tunnel them remote control (via SPX) the proper VPN box. Having a VPN machine at your desk is much faster / better access than remote controlling it - would IP KVM pr virtual machines be as responsive (assuming we can have have multiple users at once) ?
ASKER
Thanks BillBach.
I tried SAP on one of the VPN machines, but it is possible I didn't configure it correctly. I unplugged the Ethernet cable from the Netware box and all my SPX hosts vanished from pcAW remote lists. I then connected up the VPN box with SAP on expecting to see it in the lists of available hosts, but I did not. Would I need SAP running on both the host and the remote box for the host to see the remote? I need to make sure the network number and frame type was set on the test hosts and remote boxes. Normally the local network number is set to all 0's in the SPX config, perhaps that needs to be set when no Netware box is present? I THINK I rebooted the test VPN after I turned SAP on, but I am not 100% sure.
What I need to do is plug two machines together without the LAN or server at all (so everyone can keep working while I test). If I can get the two machines to see each other in pcAW with SPX and SAP then I can do the same for the whole network.
I tried SAP on one of the VPN machines, but it is possible I didn't configure it correctly. I unplugged the Ethernet cable from the Netware box and all my SPX hosts vanished from pcAW remote lists. I then connected up the VPN box with SAP on expecting to see it in the lists of available hosts, but I did not. Would I need SAP running on both the host and the remote box for the host to see the remote? I need to make sure the network number and frame type was set on the test hosts and remote boxes. Normally the local network number is set to all 0's in the SPX config, perhaps that needs to be set when no Netware box is present? I THINK I rebooted the test VPN after I turned SAP on, but I am not 100% sure.
What I need to do is plug two machines together without the LAN or server at all (so everyone can keep working while I test). If I can get the two machines to see each other in pcAW with SPX and SAP then I can do the same for the whole network.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found some multi user IP KVMs but they look quite spendy. What I was not thinking of was a single port KVM. That might do the trick? But one for each VPN machine and control them directly - it may be quicker and more responsive than SPX pcAw (but not as good as direct connection?). It would be ideal if I could fins an inexpensive 1 port VPN with pass through to a real keyboard, mouse, and monitor. Then deskside would work as normal and remote access would work without pcAW or SPX at all!
VM would be fine with this: Lets say you've got a reasonable server / powerful wrokstation with 4Gb RAM.... it can run XP or a basic 2003 server. You can probably run 6-8 simaltaneous basic XP machines with, say, 384k RAM each or obviously pile in the RAM, 64 bit server etc. etc.
I do that myself and have VM's for each client, or at least flavour of VPN software / applications etc. and then either use the web remote access from remotely or onsite into the relevant VM console directly, or also have VNC and/or RDP enabled on them so I can use traditional RDP client into each - this of course fails when using the kind of non split-tunnel VPN solutions you mention.
You can soon have more VM's than your hardware allows and then you just remote into the VMware server console (or ESX etc. etc. if you can purchase better) start / unpause the relevant machine and click into the console window and pause it again when you finish. With some "flag" system of who is using which machine you would know which were free etc. if needed and which could be paused.
I had forgotten that most of the KVM over IP are 1x8 or 1x16 port etc. though as you say there are some 2, 4, or even 8 remote client versions though they are more.
Franly I'd be going the VM route. If nothing else ust think how easy the backups of them are, the putting back when something fouls up, and a new client is copy/paste!
Steve
I do that myself and have VM's for each client, or at least flavour of VPN software / applications etc. and then either use the web remote access from remotely or onsite into the relevant VM console directly, or also have VNC and/or RDP enabled on them so I can use traditional RDP client into each - this of course fails when using the kind of non split-tunnel VPN solutions you mention.
You can soon have more VM's than your hardware allows and then you just remote into the VMware server console (or ESX etc. etc. if you can purchase better) start / unpause the relevant machine and click into the console window and pause it again when you finish. With some "flag" system of who is using which machine you would know which were free etc. if needed and which could be paused.
I had forgotten that most of the KVM over IP are 1x8 or 1x16 port etc. though as you say there are some 2, 4, or even 8 remote client versions though they are more.
Franly I'd be going the VM route. If nothing else ust think how easy the backups of them are, the putting back when something fouls up, and a new client is copy/paste!
Steve
ASKER
Using VM I can have all the VM XP VPN "machines" in use and actively remote controlled by a several users simultaneously? What software is used for the "console" - a web browser? We they all go in on the same local IP while each VM has its own IP (or shares one) on the public side? I don't want the VM VPNs on my local network at all (if I can prevent it), if I do then SPX only like we have now.
You recommend free VMware or Vshere or what?
On an unrelated note, I found some one port IP KVMs that have a 2nd Ethernet port (simplify cabling) OR the ability to run a local kn, mouse, a monitor as well as remote. Either of these makes that even more attractive.
Thanks
You recommend free VMware or Vshere or what?
On an unrelated note, I found some one port IP KVMs that have a 2nd Ethernet port (simplify cabling) OR the ability to run a local kn, mouse, a monitor as well as remote. Either of these makes that even more attractive.
Thanks
Yes. With vmware server which is free you connect to https://server on port 8333 and then authenticate to it. You then get a GUI onto all the machines on it. from where you can stop / start / suspend / configure and click on console link. You can just save the console links too to go direct to them.
Lots of other vm solutions but VMARE server is nicely free :-)
Vmware server for this sort of thing I would have thought would be plenty but obviously of you are looking at vurtualising real production servers etc. then you need to consider vsphere with moving between multiple hosts etc. etc.
With VM each machine could have two physical interfaces if needed but as you are going to be using your machines with VPN's then you wouldn't be talking IP to them just to the VM server.... effectively KVM over IP again ---> you can see them booting from BIOS upwards, not just in the OS.
Being tight I run vmware server 2 with a couple of production servers on and multiple XP machines etc. which are unsuspended / booted as needed to do whetever work it is accessed over combination of RDP and through VM console.
You can of course if the KVM has video passthrough use multiple keyboards and mice.
Steve
Lots of other vm solutions but VMARE server is nicely free :-)
Vmware server for this sort of thing I would have thought would be plenty but obviously of you are looking at vurtualising real production servers etc. then you need to consider vsphere with moving between multiple hosts etc. etc.
With VM each machine could have two physical interfaces if needed but as you are going to be using your machines with VPN's then you wouldn't be talking IP to them just to the VM server.... effectively KVM over IP again ---> you can see them booting from BIOS upwards, not just in the OS.
Being tight I run vmware server 2 with a couple of production servers on and multiple XP machines etc. which are unsuspended / booted as needed to do whetever work it is accessed over combination of RDP and through VM console.
You can of course if the KVM has video passthrough use multiple keyboards and mice.
Steve
ASKER
As long as VMware console allow multiple users to control multiple virtual machines at the same time then that is the direction I am leaning.
The server will have dual NICs (I assume that is enough), one on the private LAN to remote in to the console, the other shared among the VM machines and attached to the WAN (behind a firewall).
Is there an internal way to share files among the VMs? To transfer files (via the console) to / from the VMs? We can use an FTP server if we have to (and we do now) to keep the VPN boxes isolated from the rest of the network.
Can you clone an existing (stand alone) XP machine and make a VM or do we have to do an install to the VM and do all the patches and setup on it?
Once we have a working image, we can clone that over and over as much as we need (and our license allows) ?
We have some spare servers, extra 2003 licenses, and VMware is free so we are going to do a test server and see how it goes. We may need a larger / better server for production. We are also planning on splitting up the VM machines over 2 servers so all will not depend on a single server.
Thanks
The server will have dual NICs (I assume that is enough), one on the private LAN to remote in to the console, the other shared among the VM machines and attached to the WAN (behind a firewall).
Is there an internal way to share files among the VMs? To transfer files (via the console) to / from the VMs? We can use an FTP server if we have to (and we do now) to keep the VPN boxes isolated from the rest of the network.
Can you clone an existing (stand alone) XP machine and make a VM or do we have to do an install to the VM and do all the patches and setup on it?
Once we have a working image, we can clone that over and over as much as we need (and our license allows) ?
We have some spare servers, extra 2003 licenses, and VMware is free so we are going to do a test server and see how it goes. We may need a larger / better server for production. We are also planning on splitting up the VM machines over 2 servers so all will not depend on a single server.
Thanks
yes basically!
To copy a new machine... You copy/paste the directory, edit the config file in notepad and change the name. add it to inventory in vmware admin web page and start it... It will tell you copy or move.... Say copy and it will get a new id etc.
Your lan idea is fine.. You can allocat machines one or more nics and they can communicat on private lan, nat range to one nic or bridged to pickup dhcp or fixed ip.
You can setup shared area on host and map drives to that for each machine (and therefore also share it from your other lan if wanted). Share clipbpard if wanted etc.
Effectively a machine is a cluctch of config files and hard drive image files.
Oh yeah you can map cd drives to real ones or iso dir which is handy.
Moving to another server is copy and paste job in vm server. in paid for ones you can migrate over running machines etc.
Good luck, feel free to ask (or employ!) if needed and there are lots of more knowledgable peopl in vm forums here.
Steve
To copy a new machine... You copy/paste the directory, edit the config file in notepad and change the name. add it to inventory in vmware admin web page and start it... It will tell you copy or move.... Say copy and it will get a new id etc.
Your lan idea is fine.. You can allocat machines one or more nics and they can communicat on private lan, nat range to one nic or bridged to pickup dhcp or fixed ip.
You can setup shared area on host and map drives to that for each machine (and therefore also share it from your other lan if wanted). Share clipbpard if wanted etc.
Effectively a machine is a cluctch of config files and hard drive image files.
Oh yeah you can map cd drives to real ones or iso dir which is handy.
Moving to another server is copy and paste job in vm server. in paid for ones you can migrate over running machines etc.
Good luck, feel free to ask (or employ!) if needed and there are lots of more knowledgable peopl in vm forums here.
Steve
Sorry missed this comment on mobile before:
<Can you clone an existing (stand alone) XP machine and make a VM or do we have to do an install to the VM and do all the patches and setup on it?
>
You can use VMWARE converter to make physical into virtual bu probably better of starting with a clean XP image (or whatever). Get it patched up to level you want but NOT on domain etc. if you need that, give it a generic name and DHCP IP address. You can build from ISO image of OS or physical CD in server or client machine. Copy it to a "template" directory and remove from inventory on VM server.
Then copy / paste the dir x how many you need, edit config file, boot them up, set pc names, passwords, fixed ip addresses etc.
<Can you clone an existing (stand alone) XP machine and make a VM or do we have to do an install to the VM and do all the patches and setup on it?
>
You can use VMWARE converter to make physical into virtual bu probably better of starting with a clean XP image (or whatever). Get it patched up to level you want but NOT on domain etc. if you need that, give it a generic name and DHCP IP address. You can build from ISO image of OS or physical CD in server or client machine. Copy it to a "template" directory and remove from inventory on VM server.
Then copy / paste the dir x how many you need, edit config file, boot them up, set pc names, passwords, fixed ip addresses etc.
ASKER
BillBach answered the question I asked.
dragon-it suggested virtual machines (which we were considering) and IP KVM (which we had not thought of).
We have decided to use either VM or IP KVM (or both) and do away with SPX and the Netware server completely, but BillBach's answer should have let us keep SPX if we had decided to go that route.
dragon-it suggested virtual machines (which we were considering) and IP KVM (which we had not thought of).
We have decided to use either VM or IP KVM (or both) and do away with SPX and the Netware server completely, but BillBach's answer should have let us keep SPX if we had decided to go that route.
Yes sorry for hijacking with OT answers really but I think is much more 2010's answer than PcAnywhere and SPX (which inicdentally we did used to do something similar mid-late 1990's with dial-in machines which then internally remoted onto other machines with PCAnywhere to connect to customer networks etc.)
Right-click/Properties on the NIC and click Install, then Service, then SAP. A reboot is likely required.