0

Actually in our company we have install a VNC Server on every single computer.

To access them from "outside" i had to add NAT for each internal server to the firewall.

It there existing something like a "Master Server" or "Gateway Server" which i could for example access and it shows me the internal vnc servers which are online and allows me to select to which one i want to connect?

Andreas Hinderberger
  • 142
  • 2
  • 2
  • 10
  • 2
    No. *No* **No** ***NO***. Stop. Go allllll the way back to the beginning and define your problem properly. ***WHY*** do you "have" to install a VNC server on every single computer? ***What*** are you accomplishing by doing this? – voretaq7 Jan 29 '14 at 17:53
  • Of course i could use the MS Remote Desktop to connect to each computer in the company, but this disconnects the local user. We installed it to remotely assists the employees. To be able to remotely control each computer in the company. – Andreas Hinderberger Jan 29 '14 at 17:54
  • 1
    OK, so your *problem* is `you need the ability to connect to and remotely control each desktop in your company to provide support/assistance to your users` -- You should ask ***that*** question. As it stands right now your question *is* [the XY problem](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). You're trying to shoehorn a solution that probably isn't the right one... – voretaq7 Jan 29 '14 at 18:36
  • As it looks actually will have to "extend" the TightVNC server with th e following functions to get us suitable for our needs: LDAP authentication and sending "alive" informations to an internal db server which will then provide a list of all available clients as URI – Andreas Hinderberger Jan 29 '14 at 19:00

1 Answers1

5

Tell me you don't mean plain old insecure VNC? it's in the clear generally - I'm sure you mean TightVNC or similar right?

Either way I REALLY wouldn't do this, I'd simply setup a single terminal/gateway server running Windows Server 2008 or higher, then NAT that. Then use the RDP/mstsc client externally, connect to the gateway machine and then use VNC or whatever from there - for a start it lets you copy files in and out too if needed and it's a hell of a lot more secure than what you're doing now.

Chopper3
  • 101,299
  • 9
  • 108
  • 239
  • Yes, we're using TightVNC – Andreas Hinderberger Jan 29 '14 at 17:56
  • *phew* well at least there's that - but I'd still use the gateway method - way more secure. – Chopper3 Jan 29 '14 at 18:02
  • Even if i have gateway server internally. I would still have to "memorize" all the internal computers. What i'm looking for is something like a gateway which automatically lists me all running VNC Servers in our network to select to which one i want to connect. – Andreas Hinderberger Jan 29 '14 at 18:04
  • Does your DNS updating work within your network? If not, then fix that first. If it does, do your computers have a consistent naming system. Ideally they would have a name that matches some label the end user can easily see and tell you. If DNS is working, and you have good computer names, then you are done. Just use DNS. You could even toss in a good computer inventory that maps computers hostname, to assigned users. – Zoredache Jan 29 '14 at 18:31
  • Computers are following consistent naming system. The thing is simply we wan't to make it more "admin" friendly. Not to type the client address every time. Just to pick it from a list which contains the online clients and that's it. – Andreas Hinderberger Jan 29 '14 at 19:19
  • @AndreasHinderberger There isn't (afaik) a "gateway" for VNC. You'd either have to make one yourself or use an app designed for remote assistance. – Nathan C Jan 29 '14 at 20:46
  • Looks like. As i stated in my last comment on the question i'm going to implemend LDAP authentication and the "client listing" myself. Especially the LDAP part i will then contribute to the TightVNC community. – Andreas Hinderberger Jan 29 '14 at 20:49