Hello guys, I have a special client request that I'm not quite certain the most secure way to fulfil.
Client wants to host a virtual office environment of Windows VMs on the cloud but needs the VMs to be connected to an onsite print/scan/fax. Access to all VMs must be available at this same onsite office via thinclients but some VMs must also be able to be RDPed in from a remote location. My first instinct would be to install a virtual router with a single static IP (maybe 2) but I'm not sure if there will be any negative implications of such a setup. Onsite, there would be a VPN compatible router that would talk to the virtual router to establish the VPN so that the onsite thinclients can connect to the VMs via RDP to their internal IPs. Since the printer is plugged to the same VPN router, this would allow all VMs connect to the printer directly. Regarding the issue about external RDP, the virtual router would forward specific ports to specific computers. Targets will be identified via the port being connected to - i.e. x.x.x.x:11111 redirects to VM1:3389, 22222 to VM2:3389 etc. I understand that I can modify the listen port on RDP but these VMs will be created from template so a common port would be the least troublesome. Alternatively, the virtual router could authenticate the redirections via MAC address but I think this would be an administrative nightmare. So after reading my wall of text, my questions would be: 1. Any VPN routers that work well with CloudStack? 2. Can someone point me to some links on how to setup the virtual router based on the above requirements? 3. Do advise if not having a particular static IP for the VPN router (means the virtual router would have to listen to traffic from all global traffic) would be opening a can of worms. Thank you in advance. Regards, Joshua
