1

I've just setup a Windows 2008 R2 Terminal Server with IE9, it's intended to be used for testing. Unfortunately the web-bods tell me they ALL have a local apache on their machines and they've all edited their hosts file with lots of entries pointing to 127.0.0.1 (loopback).

This works fine on their own machine to point them at their own apache to see their results as they're developing on their Windows XP machines.

Of course, when they log onto the terminal server, they're not going to be able to access these, the hosts file is machine-based and multiple users could be on the Terminal Server at once.

I've been trying to think of a way that when User A logs onto the Terminal Server, a set of rules (in a file or location they can edit) unique to them are loaded and when they type in test.site1.com it will point it to their computer's IP 192.168.1.1 and User B types test.site1.com it will point it to User B's computer IP 192.168.1.2, this is while both users are logged onto the Terminal Server at the same time (lets say 192.168.1.10).

Ideally want to avoid having to make too many changes to their local apaches (besides making sure they listen on their actual LAN IP and not just 127.0.0.1 of course).

Hosts file is out from what I can tell... is there a clever proxy program that can do this? One I could install on the Terminal Server itself that will accept user-based config files? Or DNS as suggested below, great idea, again the only issue is providing different IPs for the same hostname to the respective user.

test.site1.com 192.168.1.1 for User A test.site1.com 192.168.1.1 for User B

This is while both User A and User B are logged onto the same Terminal Server.

Andrew
  • 21
  • 6
  • Doing some Googling, on the DNS idea, it sounds like BIND does something called DNS Views, which is along the lines, though from what I can tell that's based solely on source IP, which being the Terminal Server will be the same for both users. – Andrew May 16 '12 at 19:30

3 Answers3

3

A clever proxy program to resolve names to ip addresses? Why yes, it's called a DNS server. Set one up internally (presumably you already have one), add the relevant A records, and voila!

EDIT

Here's an idea, albeit maybe more complicated then you'd hoped for: Use the Remote Desktop IP Virtualization feature of W2K8R2 RDS in tandem with the "views" feature of BIND DNS (match-clients in this case I think) to "present" a different A record to each developer, based on their RDS session VIP. Take note that I haven't used the Remote Desktop IP Virtualization feature and I've never in my life even seen a BIND DNS server, but I think this could work for you.

http://blogs.msdn.com/b/rds/archive/2009/07/09/configuring-remote-desktop-ip-virtualization-part-1.aspx

http://www.oreillynet.com/pub/a/oreilly/networking/news/views_0501.html

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Yes, we have DNS servers, I can install another one on the Terminal Server, but what about the issue of User A getting a different IP than User B for the same hostname? – Andrew May 16 '12 at 17:51
  • You edited your question. Originally you stated that userA was using www.testsite1.com and userB was using www.testsite2.com. That's the way they should set up the sites, which will enable you to use DNS to solve this problem. – joeqwerty May 16 '12 at 19:02
  • My mistake that was a typo, while some maybe different, a lot of them are the same, and yes this could be a potential solution, however it involves them making changes to their local apaches installations to respond on slightly different hostnames which they don't want to do (think they've setup local web pages with shortcut links on, and all manner of things). Hence the looking for a Proxy/DNS that could be user-specific. – Andrew May 16 '12 at 19:25
  • Gotcha. If I think of anything I'll post back. – joeqwerty May 16 '12 at 19:38
  • Interesting idea, I looked at that myself on the Terminal Server, problem is you can assign a specific IP to a program, so all programs use that IP, or per-session... however I don't see anywhere you can assign an IP to a user, and if they don't have a static assignmen, BIND won't be any help. Even if possible, that means adding a lot of additional IPs to the Terminal Server :-/ Nice try though. I was looking into DNS further, hoping to use the permissions tab on records to block/deny/hide A records so the user only resolves the correct one for them... unfortunately doesn't seem to work. – Andrew May 16 '12 at 19:56
  • Granted I haven't read all of the details of Remote Desktop IP Virtualization, but each user session is independent of every other session, so each user session (hence, each user) should be able to be assigned a distinct and separate RDS VIP. From the blog entry I lniked to: What are the different modes of Remote Desktop IP Virtualization? Per-Session mode: In per-session mode, Remote Desktop IP Virtualization assigns an IP address per user session. – joeqwerty May 16 '12 at 20:01
  • Well, from that screenshot, you can say "Assign IPs to Programs" or "Assign IPs to Sessions", what I don't see and taking another look I see why, is how to assign them individually. Looking again it says "A properly configured DHCP server is required..." therefore I'd wager when a new session connects, it makes a DHCP request and gets an IP and gives it to the session, that IP is only valid to that user for that session, logging off, reboot of the server and they'll get a different IP next time, so BIND won't be able to use that. Good feature though, wonder if it's in Windows 7 too. – Andrew May 16 '12 at 20:07
1

Turns out I needed a Reverse Proxy, I have a TMG server to hand, so I created a couple of rules:

Website Publishing Rule HTTP Setup an Internal Web Listener listening on the Internal interface, with HTTP Auth using Digest and Integrated. Action Allow From Anywhere To localhost (just a placeholder) Computer Name or IP Address (required if the internal site name is different or not resolveable): Tick "Forward the original host header instead of the actual one (specified in the internal site name field) Public Name (enter all the testing domain names that are on that Web Dev's machine) Paths /* will do or customise as you need Authentication Delegation: No Delegate, but client may auth directly Users Create a User, specifying the Windows user account of the Web Dev of that machine.

Copy and paste, changing the User, and correct the IP address to be the IP of the Web Dev's machine.

Then, on the Terminal Server, edit the hosts file and point all these test domains to the IP address of the TMG server. Make sure all these URLs are also in the Local Security Group in IE so it passes the login.

User A on the Terminal server types in http://local.website-prototype.net, Terminal Server goes to the TMG, passes their login, TMG looks down the rules to find the matching rule for the domain user, then redirects them to the IP of their own machine for their URLs. User B on the Terminal server types in http://local.website-prototype.net, or something else, same thing happens, TMG picks out the rule for User B and directs to User B's machine/ip.

Works a treat, the only downsides is when a Web Dev wants to add another URL, it needs to be added on the Terminal Server(s) hosts file, and added in the User's specific rule in TMG.

I could give them edit permission on the hosts file... they're pretty savvy, unfortunately can't give them full rights to the TMG box.... unless we setup a seperate TMG just for them.

Alternatively, I need to look at creating the same config in something else, Squid? Ideally something that can allow me to split up the config so the Web Dev's can edit their own little bits.

Andrew
  • 21
  • 6
  • Your welcome, works quite well, and more and more users are being let onto our "Virtual IE Trial". I think we may end up setting up a dedicated TMG box for it rather than using the one Exchange goes through, but no big deal. I actually have 3 virtual servers, 1 non-R2 2008, the other two 2008 R2 which provides IE7, 8 and 9, at at some stage in the future, another server will have IE10 on it. All with RemoteApp setup for IE (32 and 64bit just in case) to allow web and webapp developers to test multiple IE's simultaneously. If need be can also get IE6 RemoteApp using a Windows XP SP3 w. term.dll – Andrew May 29 '12 at 18:20
0

Why don't you just create one hosts files with everyone's test domain and IP? Or you could do it more properly by adding a zone to DNS.

Finally, they could just use their machines hostname?

Dan
  • 15,430
  • 1
  • 36
  • 67
  • They use the same identical hostnames, pointing to their local machine via the loopback of 127.0.0.1. DNS/Proxy of some sort is the only way I can think that might work, but something has to substitute the right machine IP for the right user for the same hostname. – Andrew May 16 '12 at 17:52
  • 1
    Gah, corrected a type, both are using the same hostname, but want it to direct to their individual machines (different IPs). – Andrew May 16 '12 at 19:29