Jump to content
  • 0

How do I restrict remote users from home to our ODC.


tony Ojomu

Question

Hi guys,

 

We are faced with people remoting from home into our ODC - which shouldn't be. What features is avalable on Citrix solution that I can use to restrict users that are physically in the ODC have access? All other users need to be blocked.

Using GPO, Subnet and location will not work. 

I read something on XenCenter capabilities. Any suggestion, please?

Link to comment

6 answers to this question

Recommended Posts

You can configure IPtables to block external access. Is your server on a private net (10.x or 192,168.x.x)?

If so, there are a number of options that could be used to require logging in first to your office environment

before accessing the XenServer. You can also restrict access using AD authentication.

 

-=Tobias

Link to comment

Alan - 

 

Thanks for your response. RBAC is certainly one of the options I am considerring. I was just looking for other Guru's knowledge on how to lockdown ODC. We have few third party folk remoting through Citrix from home. I want to disable such remote access for India ODC folk. Any suggestion?

 

I am looking for ideas to lockdown every remote access.

 

What is your take on creating a separate comms link to the ODC --> Route every traffic through the new link, restrict based on locations (IPs), monitor and set alert, link to SIEM?

What's your take?

 

Link to comment

Hi Tobias,

 

Thank a bunch. 

Per your question on our server's location, the answer is yes. Let me make sure I grab that suggestion --> what you are saying is, reroute all comms through a monitored and AC link. If that is what you are suggesting, I think it should be doable. 

 

What's your take?

 

Tony

Link to comment

That would be an option, yes. With AD-based authentication, you also get a more retailed audit trail of exactly who logged in. Being behind a firewall on a private network should be pretty standard for any XenServer that has sufficient network flexibility to route VM network traffic separately. Ideally, storage networks should also be on separate subnets.

RBAC becomes interesting if you have various layers of administrative rights you wish to allocate, but won't help with generally network access control to the hosts, themselves.

 

-=Tobias

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...