Surge in home working highlights Microsoft licensing issue: If you are not on subscription, working remotely is a premium feature Working from home and want to access your PC at work? The best solution may cost thousands in additional Microsoft licensing costs. In the scramble to migrate employees to home working, there are issues for businesses who normally have staff in an office working on desktop PCs, or accessing network file shares and intranet …
Same here, but due to corporate policy and GDPR, no private devices can be connected to the corporate network (even via VPN) and you cannot even use a private device (PC or smartphone, for example) to access E-Mail via Webmail or OWA.
Home working is only possible with company devices. No company device, no homeworking.
Spent some considerable time working for a particular US bank with operations here in London. Due to some changing requirements (and they fact they couldn't hold on to certain key members of staff in the US) I was asked to cover hours from 10am to 7pm.
I agreed to it on the basis that I could do so remotely, my manager agreed and approved it in a heartbeat.
For 7 months, I connected (using a Citrix Receiver based solution) from my own Windows laptop to my office machine. Multiple levels of security including a one time code for each Citrix login via my mobe(none of this RSA Token nonsense) and the performance was exemplary. The only day I had an issue was when BT had a fire impacting a duct somewhere in their core network.
Oh and all of this without *any* equipment from the relevant company setting foot in my house.
It can be done without company gear at home *but* you need the right systems setup and in place to do so.
I brought home my PC (not a laptop, a small tower) + screen + cables, (with autorisation from the boss). Then I can use a VPN to connect to the company network. Yeah, it was some kit to move around, but once set up, it's way better than what was proposed to those without a company-provided laptop: on your personal machine, install vmware player, use this Win10 image and connect to the VPN from the virtual machine; once on the VPN, you can connect remotely to your PC (since security doesn't want any connection to the VPN from personal machines)
I'll put my personal machine's security over the company's any day. The company set Windows policy settings always have us months behind on patches, among other things.
Having said that, we've been having our corporate stuff screwed up by Oracle & SharePoint for years, with us all issued laptops with docks, that 99% of work can be done off site without a VPN, and the other 1% of work can be done through the VPN. The bigger issue was the company being too cheap to issue second docks for home setups, but $40 on eBay & an old monitor fixed that problem years ago.
Biggest WFH issue, which won't go away when WFH ends, is the boss just discovered the instant video chat in Teams.
We are primarily a Remote Desktop environment, even for people in the office, so moving to home working has been (relatively!) painless, so far at least. No, the likes of Teams won't work fully in RDS very well - no group video call meetings for a start (thankfully!) - but it works OK in a browser for text messaging, and the staff have be prepped to run audio/video calls and meetings from their phones, home computers (eep!) or iPads.
So far, aside from assisting some non-techie people to get connected, the world hasn't ended. Yet.
A/C
But Teams is web based. If you're using Teams as a remote app, or through a terminal session, you missed a very important webinar in around 2013. Unless of course your IT department has made all your Office 365 stuff only available on prem, in which case in the next 5 years someone is going to ask a very awkward question regarding remote access and licensing costs.
If you want Teams, then kiss everything except a direct connection to the Internet goodbye. I just find it unbelievable that such an abomination is being forced on everyone. The concept is not bad, it is just such a rubbish implementation. Of course from Microsoft's perspective this is all good because it forces yet more corporate data into O365 and their cloud.
What could possibly go wrong.
Yes same here
Anyway with people being forced to stay home and work if possible it would almost be price gouging by Mi$$yshaft It's not like its our idea to stay home and work. Now the schools are closed so now thats going to make more people expected to work from home Mi$$yshaft are just going to have to wear it.
And porn. Never forget the porn. It's not just the lowest rungs of the ladder either - CxOs and manglement are quite capable of having an interesting browsing history as well.
That said, my sister's oldest used to be an expert in getting his mother's laptop into such a state that I had to go and purge the system. Curiously, when I pushed for him to have his own laptop, that stopped. What a coincidence, eh ?
What is going on with TheReg?
Most simple solution: Activate RDP on the client computer (which must be running) for that user. Give user a cooperate Laptop, tell him to connect the VPN and then RDP to HIS machine right in the office. He gets exactly his desktop, all applications including some special ones (usually finance) which wouldn't work directly over the VPN anyway. While we install outlook and a few other things directly on the machine as well, the RDP-to-his-computer way saves a lot of hassle and the users can work right on. Not special or extra licence cost. Even smartcard-auth works for i.e. finance.
You could even use some very ceap linux machines on the home end for the vpn+RDP stuff.
And yes, I am making such a setup right now, here at a customer site, before the mayor issues a lockdown due to some idiots not behaving and still party in big groups.
That must be a strange compliance. Any details, or is it against your compliance to give those? You can configure such remote laptops ot be able to ONLY use VPN, no other internet, everything else locked down / dumbed down. But if your company has such a compliance it is big enough to afford other setups easily, like mentioned in the article.
You need an RDP-CAL for each PC being attached to, I believe.
It was before I started, but MS said that RDPing into the PCs wasn't covered by the standard licensing - we used it, for example, for remote support on some PCs.
Also, you can't RDP into it from a non-Microsoft device without a separate CAL for each device (E.g. thin clients, smartphones etc.).
You're confusing RDS (a windows server feature) with the one in Windows Pro (let's call it RDC). RDS allows multiple server hosted sessions.
Two users can login simultaneously on the given machine and have sessions going in parallel.
Windows Pro and above have remote desktop RDC that is equivalent to logging in on the machine. If someone else logs in you are kicked out (whether physically or remotely). You paid for the license here when you bought windows.
The latter feature does not require additional licensing. I'd be surprised there are compliance issues there, it is no different from physical use - it cannot support multiple sessions say across users, you cannot cheat any differently from physical PC. This is unlike RDS - you can cheat here with just one application licence but multiple users simultaneuosly using it.
RDS on Windows Server, is the one needing licences from Microsoft. Otherwise you'd just buy 1 copy of windows server and have the entire org login thin-client style, instead of buying "full client" Windows for each user/PC.
The reason the subscription includes it is probably the very reason the affected companies don't buy it - it is per user not device, so the difference becomes irrelevant.
So Jou (Mxyzptlk) WoW should not need additional licensing (you just need licenced win prio or greater) and should not pose compliance problems for other SW.
> You need an RDP-CAL for each PC being attached to, I believe.
Well, no. Double no.
You take one Windows pro machine (even Windows XP pro can do it), and it allows ONE RDP connection. One alone, and not more. Requires nothing special, and NO license at all.
You take one Windows Server, and you can use it for two concurrent RDP sessions. Designed for Administration, and not for users though. If you use it for the latter you are probably doing something illegal, even though it works.
The next level is what you talk about, a full Windows Terminal Server, which require your mentioned RDP CAL.
And one step beyond that is Citrix.
I have fond memories of Windows NT 4.0 Terminal Server Edition...
>The next level is what you talk about, a full Windows Terminal Server, which require your mentioned RDP CAL.
Which (if memory is right) is concurrent user-session based not actual machine, named individual or location based. Hence if you have a correctly licenced RD or TS (without without gateway systems) for normal office use, it is correctly licenced for remote access by those same users.
So the licence issues only really appear when under normal circumstances an organisation with a large user population but low level of concurrent RD/TS users changes to one with a large level of concurrent RD/TS users.
About the only licence issue an organisation may encounter is if they decide to use a Windows server as the VPN host, but who in their right minds would do that when dedicated VPN appliances are readily available and can be up and running in minutes compared to building a Windows VPN server.
> >The next level is what you talk about, a full Windows Terminal Server, which require your mentioned RDP CAL.
> Which (if memory is right) is concurrent user-session based not actual machine
You can choose! Most of the time User-RDP-CAL ist cheaper and easier to handle, but there are situations where Device-RDP-CAL is the right choice.
If you have more users than machines take Device-RDP-CAL. Happens often with shared workplaces where half of the day one user works, the other half another, and on weekend again another and so on. Or an education facility with 20 clients for 100 students.
I do wonder which, if any, of some of these onerous licensing terms are actually legal. It could get interesting if some of the licencors start sending out invoices and the licencees kick up a stink over "unfair" licence terms. After all, if the licencor wanted to restrict things unless you pay more, surely the software should not let you it without the licence. It's almost as if they are setting traps for the unwary to fall into and create extra revenue.
This is a good solution if you have a corporate laptop to give out. There's an issue if you have lots of staff usually on desktop PCs suddenly working from home, and haven't got kit to hand out, as VPN from home PC is not so good. From Android, iOS or Chromebook probably fine. But there are lots of ways to do this and this isn't meant to be telling anyone how to do it, more to highlight potential licensing snags.
My work moved over to laptops years ago for the flexibility and also as turns out long term return on investment - A slightly above base model lenovo can be had for not much more than a base unit, montior and keyboard/mouse and when going through refreshes usually still worth about 2-3 times that of a desktop (which is why they end up not getting refreshed too often since theres' next to nothing to recoop when cleaning them and selling them off again).
I just wish they've offer the machines to staffers first, since some of the machines get very little use as said staffer might have a dev machine that gets far more abuse (like me for example).
And don't forget the stress it burdens the corporate network with.
My company took everything it could out of the VPN and into cloudy infrastructure (O365 including Teams, Zoom, Confluence, fileserver contents being migrated to OneDrive, etc.) But then, they had to cope with a sudden 10000% increase in the number of people working from home.
They're real aces making all this work! A well deserved pint they should have, in the safety of their homes.
The MDM product that I'm a sales engineer for has it built in (using VNC because, well, why wouldn't you), so not only do you get remote desktop, you get MDM on top :-)
Anon because I don't want to come across as trying to sell it :-) Just pointing out...
> You could even use some very [cheap] linux machines on the home end for the vpn+RDP stuff.
That won't work.
Linux does not have the support for most corporate VPNs (e.g. Cisco) and Linux cannot support the latest RDP version, which means that any connection will take more bandwidth than it should. Or you have to use VNC which is worse and fundamentally insecure.
Next you have to in add all the training required for IT support and the end users, plus dealing with the myriad of problems with desktop Linux and the headache of keeping a completely different OS stack properly updated.
Linux seems to have a lot more support than you think. Linux anyconnect download is here
https://software.cisco.com/download/home/286281283/type/282364313/release/4.8.03036
If you have something not-cisco, and don't have to do proprietary Cisco wrapped up SSLVPN that anyconnect is, Linux has a plethera of options for IPSec VPNs. IPSec is IPsec. While there are many options, there are also many solutions.
There are many RDP clients that work well on linux. I don't think anybody would tend to think VNC is the only option. My main day-to-day RDP option is built ontop of FreeRDP that works better than the Microsoft RDP client on windows.
Linux seems to have a lot more support than you think. Linux anyconnect download is here
https://software.cisco.com/download/home/286281283/type/282364313/release/4.8.03036
If you have something not-cisco, and don't have to do proprietary Cisco wrapped up SSLVPN that anyconnect is, Linux has a plethera of options for IPSec VPNs. IPSec is IPsec. While there are many options, there are also many solutions.
There are many RDP clients that work well on linux. I don't think anybody would tend to think VNC is the only option. My main day-to-day RDP option is built ontop of FreeRDP that works better than the Microsoft RDP client on windows.
Of course that still doesn't account for the RDP client license that Microsoft will make you get because you aren't using their desktop OS that conveniently bundles said license with it. Also a Microsoft auditor will come in and inform you that if there is any chance of non-windows desktops ever connecting, that you'll need to buy RDP client licenses for everybody "just-in-case".
"Linux does not have the support for most corporate VPNs (e.g. Cisco)" - have a look at the feature list for NetworkManager
"and Linux cannot support the latest RDP version," - well what the blazes am I using to all those 2019 servers then? Have a look at the feature list for xfreerdp.
My wife uses a Linux laptop at home. She calls it the internet, which might imply her level of technical expertise.
Please try to keep up AC
> Linux does not have the support for most corporate VPNs
YOUR Linux maybe... It is the other way around: There is no cooperate VPN it cannot connect to. The price is: Knowing how.
Linux can connect Cisco, IPSec to various other routers, or openvpn which is used in i.e. Sophos, or PTPP/L2TP connecting an microsoft VPN/RAS server etc etc etc. Been there, done all that about ten years ago at least. Nowadays it is even easier!
1) PaloAlto's "Global Protect" VPN has a linux client that works just fine. (I like it better than the Windows one tbh)
2) I'm not sure if any linux RDP clients support every last feature of the latest RDP protocol (v 10.0), (and frankly they all seem to do a bad job of listing exactly what features they do support), but at the end of the day, even the earliest versions of RDP are a massive step forward from VNC in terms of bandwidth and general usability.
RDP is backwards compatible though, so you can connect to almost any version of Windows RDP with any client that supports the basic protocol.
(There's also open source servers too. Virtualbox uses it to allow access to VMs).
People lose laptops & data, one place I worked provided loaner units for employees to RDP into their work machine if they had to WFH.
Everything was setup, they were comfortable with the setup of their machine etc, no files or data left the premises.
> If you have a corporate laptop, why bother with RDP to the desktop?
File sizes, and therefore speed. Have you ever opened an 10MB+ file in Office, Autodesk, Indesign, Photoshop (name yours) or just an Access DB (latter just as an example) over VPN? It takes aeons to open, and you end up with corrupt files way too often. Or take more complex constructions like ADDSION software or SAGE... Woah...
If you have to do a quick and secure solution, do it my way. If you have enough time to design for this, like pumping up the office internet connection, you can choose other ways.
And if you know BT, they are just like the German Telekom on that behalf: May take 6+ Month to get a bigger line.
Everything you need on the fileservers? - sure if you're just editing documents, how about the myriad of servers, networks and applications that many of us need to access daily that are blocked (quite rightly) over VPN access?
If I use my company laptop from home I'm severely limited, RDP to that laptop sat on the company network from my home machine over VPN, which is definitely as secure as my work machine, and all functionality is available to me.
RDP is interesting, if it's supported [it's likely a smaller business has HOME versions of windows, which don't allow remote-in].
There is a VERY SIMPLE solution, however:
a) VPN login to corporate network
b) VNC server running on the desktop [you'll need to log in first and leave it logged in, turn off those annoying lock screens, etc.]
BUT... if you run Linux or another POSIX operating system chances are you have OTHER things available, too, like ssh, "remote desktop" via the DISPLAY environment variable, and so on.
VNC is probably the easiest (so long as you don't lose the login on the desktop)
and when it comes to outright performance, remote X11 desktops are probably as good as (or maybe even better) than RDP...
[I do not know if there's an open source RDP server out there for windows, but there MIGHT be one for POSIX systems...)
It's also possible, on a POSIX system, to use something like 'Tiger VNC' to operate on its very own desktop. I do this a LOT to test X11 applicaitons. Run vncviewer on the main desktop, run the test applications on the tigervnc's X server with a different desktop (usually loalhost:1). There's really no reason you cannot have that secondary desktop running on a network-visible IP address, and then you just need to be able to VPN into the corporate network to access it.
> b) VNC server running on the desktop [you'll need to log in first and leave it logged in, turn off those annoying lock screens, etc.]
Run it as a service. All those VNCs offer it, and work fine even if UAC is set to the highest level - which is the only correct level.
But I prefer RDP when possible. Login is AD-Controlled (Single Sign On), and you can select which user can connect. Requires more work to do the same with VNC.
likely a smaller business has HOME versions of windows
They're already breaking their license by doing that then. The Home version is specifically for non-commercial use. (Not that most small businesses care).
Disabling RDP is one of the ways Microsoft differentiates Home vs Pro, to encourage you to buy the Pro version.
Not bad. Except if someone introduces a worm to the network that exploits an as yet undiscovered RDP bug or a variant of an existing one and your IT guys are on lockdown...you're fucked.
I've put critical web based services behind a reverse proxy, (gitlab, SVN, etc) file sharing is now proxied through a Linux box (mounted SMB group shares symlinked inside SAMBA shared folders for each group) and that box is only accessible via VPN.
Remote access to workstations is possible, but only on request if absolutely necessary.
Email and conferencing is Office365/Teams as it has been for a while.
Most importantly I have 3 encrypted off-site backups and a warm empty file server in the cloud if I need it, everything ready to go...just no data there until I restore it.
Web services are already replicated to a warm set of DC servers for failover.
All good. Everyone working just fine. Most issued with company laptops (at most 1 year old).
Don't forget security and backups guys, you might not be able to get onsite if the shit hits the fan.
That is a very poor solution. It requires the customer desktop to be up and running. not hung, rebooted or shutdown by accident. It's just about OK for a one of or a fudge for some small scale software issue such as a product that still need XP, but as a corporate business continuity strategy it should be a sacking offence.
The issue is many organizations are not set up to have a large portion of their staff work remotely. Those that already were issued laptops with the appropriate software preinstalled so using a personal computer was not required (or often not allowed). I am not sure how using a home computer would affect the licensing, it is a rather messy issue. But if Slurp, et. al. wants to really anger potential ex-customers hammer companies over licensing during this time. It is not as if the customers are trying to violate their licenses. Also, I am not sure that many courts worldwide would look kindly on what many would view as a shakedown attempt to profit on the misery of others; not exactly a winning strategy. But Silly Valley is notorious for their collective tone-deafness.
If you have 20,000 employees then setting them all up to remote work is not a small or cheap task.
Far too many on the Register comment as if 10 seats and a server with everyone an IT Expert are the norm.
Anything is possible at a small scale when a very limited number of people are in control.
TeamViewer on a non-commercial licence (cut off after 3 hours). That is the solution for my better half's remote access to her company computer.
TV must have noticed a surge in non-commercial remote connections during office hours, I wonder when the push to get money out of that will happen.
If that happens the company will probably tell her to switch to Webex or something. And her company is not short of a bob or two.
The company refused to pay for anything new (I guess that answers your question) so people started installing TeamViewer themselves to be able to work from home. I've done a deal with the devil and installed Chrome Remote Desktop as suggested above as a backup in case TeamViewer stops working.
I also looked at M360 Remote Assistant but Mac-Windows isn't possible.
Thanks for the suggestions all.
Good job I made sure we have enough CALs in place in advance then!
Not having enough hardware is a more serous issue. We've just about managed to scrape together enough kit for our desktop users if/when it's needed (not everyone is working from home yet) but we've been caught out by headsets for VOIP and online meetings. Managed to get a few 3.5mm plug ones from Amazon (assuming they're not hijacked on the way) but no USB ones to be found.
And this is why complex software licensing really is the work of the devil (one of his finest, it has to be said).
Add on the hassles of horrible fiddly and unreliable licence servers, and all the registration and activation crapola that accompanies home use licences that make end users give up the will to live, and all these companies which make things far more complicated than it really should be just to buy and use their product are sitting there wondering why FOSS alternatives are often slowly eating their lunch...
Apart from TeamViewer, there are several other applications providing remote access. I use VNC. This does not provide file transfers, which is arguably safer because any virus on the machine at one end cannot be unknowingly transferred to the other. When necessary, transferring a file can be done in several ways - email, uploading to a filesharing site, ftp etc. Works fine between Linux & Windows machines.
- free MS RDC on Google play is really great on everything including Chromebook devices.
- free MS RDC in Apple store works really well.
The free Windows version - - does everything really well (as you might expect after 17 years of upgrade) including cut/paste of files to the desktop.
We currently only use RDP for accounts / Sage, it's not supported by Sage but it works fine.
Email is all OWA as we have on premise exchange so no issues there.
Just bought some extra Screen Connect licenses and giving select users access to their office pc, not sure how that stands with MS licensing but they can take a log walk off a short pier.
Our problem is that most of our customers are not sending us the usual level of work as it's split between retail / leisure and office machine support.
Fingers crossed we get paid at the end of this month :/
Work laptop, home pc, kvm switch and two monitors.
That means work on one monitor and play videos and music on the other one. Got an incoming call from the office?Hit the kvm, space bar to pause and hit it again to get back to the work laptop. Want to play games to let off a bit of stream, emulator and a joypad. Want to do a bit of browsing add a second mouse. A damn near perfect setup in my opinion. It worked for me for nearly 13 years.
As for these issues couldn't you use something like TightVNC to get round licensing?
If I've got to choose between the Corona virus & a Windows VD, I'll pick the Corona as it only might kill me rather than give me a MS STD...
I'll get my coat, it's got the bottles of Corona in one pocket & the limes in the other.
*Cough*
It's IT related I swear! We're talking about beer aren't we?
*Pure, Sweet, & Innocent Grin(TM)*
It's not the licensing for me. I'd not put an RDP-Gateway on the Internet without additional stuff before that. Either require VPN, or set up a reverse proxy which does Auth before connecting to the RDP-Gateway. I'd choose a method where an internet café connection is not possible.
open listening ports for RDP or VNC are a _BAD_ idea, encrypted or otherwise.
best to use an end-end enrypted VPN, and all access to the corporate network (including remote desktops) is through THAT alone. With some creative firewalling, you could prevent normal network access via the VPN, and only allow the remote desktop-ing.
Requiring a VPN connection instead of (prior to RDP) really isn't fixing anything much security-wise, it's just moving the point of attack slightly. Rather than attack an RDP connection malware attacks a VPN connection instead. VPN servers are probably updated even less often than RDP servers.
>it's just moving the point of attack slightly.
But it is a useful move for Internet facing services.
It also changes the attack. With a MS RDS Server directly visible on the Internet, you are enabling the full range of RDP/RDS exploits to be tried directly against a live server. The addition of a VPN gateway, means an attacker has to mount a (successful) VPN attack before they gain access to the RDS server.
Setting aside the fact that response by the UK government, and some elsewhere, to the viral outbreak has been directed by ill-placed emotion (largely fuelled by MSM), panic (again MSM), and unsound advice (mathematical modellers usurping consolidated experience among public health practitioners and 'hands-on' infectious disease academics), this manufactured 'crisis' must not be permitted to allow consideration of so-called 'intellectual property' (IP) rights get in the way of sensible behaviour.
Governments, those not entirely in thrall to rentier interests, either posses or can concoct legislation enabling suspension (even negation) of IP rights when well-being of the general public merits it. In this instance, governments could prevent IP 'owners' from seeking damages/payment for infringing activities within their legal jurisdictions during the emergency.
Not just Microsoft should thus be dealt with but also a host of others. Patents relating to drugs and health technologies must not stand in the way of preventative measures and remedies. It should be permitted to ignore the egregious copyright attached to academic literature. Also, with large segments of populations confined to their homes it would be prudent to keep them entertained and one helpful measure would be an officially sanctioned blind-eye to copyright infringement relating to film, audio, and TV shows.
Incorrigibly avaricious among IP rentiers would squeal like stuck pigs (porcine analogy being appropriate). The more sensible, both through genuine concern over public well-being and preservation of brand image, would not require prompting by governments.
For instance, in the UK, Premier League matches are immensely popular; fans are charged exorbitant sums either through direct subscription or indirectly via what is in effect a surcharge on the price of beer and on products from 'sponsors' of the League. There are increasing efforts to stamp out unofficial live streaming of matches but success is limited.
Consider the following scenario. The Premier League along with other producers of popular televised sporting products could announce free access to live streams, some perhaps going through unofficial sources like Kodi add-ons, for the duration of the crisis. Matches, tournaments, and athletics competitions, could take place in stadia devoid of live audiences. Similar considerations apply to other manifestations of mass entertainment. A potentially restless population, particularly younger folk and school children (a low risk group foolishly being denied education), could be dissuaded from mischief arising from boredom.
Tears need not be shed for any rentiers (whether of patents or copyright). They would be 'doing their bit', possibly under duress. IP dependent industries accumulate considerable bulk of (porcine) fat; this acquired through monopoly protected price-gouging all along a chain of middlemen from producer to end recipient. Indeed, dissemination of digitally encoded entertainment, and information in general, no longer requires the plethora of intermediaries accumulated during the analogue era. Meanwhile, during the wailing and gnashing of teeth by purveyors of trivial 'content' there are previously solid companies, large and small, facing ruin and many (those without backbench MPs and government minsters in their pockets) unlikely to be bailed-out. Similarly, the pharmaceutical industry whilst promulgating lies about its price gouging being necessary for supporting R&D (basic research mostly takes place elsewhere and generally using public or charitable funding whereas development - testing of medicinal products - is given a hidden subsidy through access to NHS facilities) would benefit from shake-up arising from the current 'crisis'.
We have a government that barely concealed its neo-liberal agenda. Present circumstances, particularly potential economic collapse triggered by inept handling of the epidemic, have forced grudging admission of existence of 'society', this disavowed by the late Mrs Thatcher, and recognition of communal inter-dependence. Remarkably, the USA, adopted home of the late Ayn Rand, may be following suit
Governments, those not entirely in thrall to rentier interests, either posses or can concoct legislation enabling suspension (even negation) of IP rights when well-being of the general public merits it. In this instance, governments could prevent IP 'owners' from seeking damages/payment for infringing activities within their legal jurisdictions during the emergency. ...... Long John Silver
That's an interesting concept which might not fully pass ACID and Penetrations Tests, LJS, although one is always free to go down that other route/root which has damages sought and generous grateful payments made to have IP 'owners' temporarily suspend and publicly curtail impinging activities within their legal jurisdictions during an emergency or not.
Also, with large segments of populations confined to their homes it would be prudent to keep them entertained
As opposed to having them thinking on and of things themselves and about how everything has arrived at such a sorry state of affairs in such a very short time, LJS? How very wise. One wouldn't really want revolting natives, would one, armed with undeniable nuggets of actionable truth?
Meanwhile, our corporate xrdp servers behind a certain popular open VPN server package continue to chug along as if nothing happened.
One of the reasons for removing Windows from our network was this exact problem. The EULA for Windows changed with Windows 10, to the point of being worse than useless (i.e. a sueball attractor) if CALs aren't purchased. And when you look at CALs, you need Windows Server, not Windows Professional or whatever it is called these days. Bottom line is that it was cheaper and safer to migrate to Linux and use Wine for those handful of legacy Windows-only apps that prior to 10 were running on native Windows on a small number of firewalled boxen. Since the corporate systems were already mostly Linux and BSD-based (including desktop), it was a bit of a no-brainer with that EULA change.
In our shop, management hogs all the VPN RDC licenses when OWA, and Teams would do. "Their impotent!" Meanwhile the line workers/admin assistants are denied them, sent home and futily use VMWare and not allowed to use RDC even from those sessions. Those are the ones that actually need to access the DBs, do the record maintenance/updates and keep the whole operation running. It was a battle to get them the dual displays first as they have the actual need for screen real estate. Exec's have only one schedule to maintain, their assistants? All of them.
Ugh, microsoft and their CALs. Why don't they make their product just twice as expensive and dump all their retarded limitations? It's not that microsoft themselves know what is legal and what is not. All those people working in making sense of the microsoft license agreements can then be repurposed as telephone sanitisers.
Bear in mind the fact, ..... which is practically useless whenever spun as a fiction with particular and peculiar regard to any and all metadata base servers, whether in-house private or corporate or ethereal cloud and externally virtually hosted and anonymous second and third party protected, ..... once information and intelligence is inputted not a system which outputs further processed materiel, it is no longer recognised as solely yours to exclusively command and control.
Be so aware, beware and take care, IT's a ravenous ravaging jungle out there, dying of hunger for your thoughts to exploit and bear fruit for the tables and enjoyment of others in much the same way as is presented in the following short, suitable for all video clip [1:45] ..... South Park
If you can tell us where that is all wrong, we will certainly reconsider and reconfigure the argument and outcome with such newly processed output inputted, for such is bound to make a not inconsiderable difference overall.
In some as can be many cases, they be Great Game Changers and Prime Agents of CHAOS* and Grand Revisions.
* Clouds Hosting Advanced Operating Systems
It's fast... Works on Windows and Linux.
OpenGL/DirectX work.
Low bandwidth. Hardware compression supported.
Your desktop is as if you logged in, unlike RD.
However if you do RD in on Windows hardware acceleration of 3D gets disabled and you have to physically login.
IMHO it's a decent option to access a work machine remotely especially if you use apps that use OpenGL/DirectX/Vulcan...
Been a hell of a week for us....were a bit of a mix with a couple of providers for vpn services. Laptop users are easy but other have taken their desktop machines (with the vpn client on there) management reports 85% productivity as of yesterday so me and the lads are pretty chuffed with our efforts plus all the old laptop hardware that was scheduled for recycling has been reimaged and brought back into service...
2 years ago we moved over to using Office365 completely, so all apps can be on desktop hooked to the MS stores offsite or you can use the browser based apps if you don't need anything too fancy in the Office features, suitable for more IT bods knocking up docs and keeping up on email. The load is then shifted to browers and storage is remote on OneDrives, the load is taken off desktop apps. We still maintain backups of all our docs through the company on prem kit and that's sent off to a completely different storage vendor to comply with regs.
Everyone is offered a laptop to replace their desktop if they wish, they can then keep the laptop with them at all times if they want, bring it back and forth to the office so long as they have laptop locks in use and someone checks the office floors once a day to make sure the laptops are physically locked down when in the offcie overnight.
4 weeks ago the company management started having talks twice a day about how to handle COVID19 as it was ramping in China, they started sending certain depts home about 2 weeks ago so they could check home working was working as expected. When the command was given to clear out all the offices 10 days ago, the first command was clear your desk and the second was to take your laptop home, that covered around 70% of the workers. We have dual gateways in at least 6 sites worldwide, so there's plenty of VPN and Citrix gateways into the company and with O365 access via browsers getting over 1,000 people working from home inside 48 hours wasn't a walk in the park but considering what's been achieved, it's incredible.
People like to mock management but ours have been just superb, all the usual squabbles have been pushed aside for the time being and this situation has just been dealt with quickly and efficiently. We in the middle of lots of projects, due to the COVID19 planning we haven't had to stop many the major projects.
I've dome quite a lot of remote working over the years. I am a developer which means I need specialist tools and the like as well as standard word processing and mail software but its never been a problem until recently. Now, apparently with the advent of Microsoft's Office365, everything's got to be licensed up, locked down and generally got at in order to transfer a couple of emails and maybe the odd file.
I have used a lot of the modern collaborative tools such as Teams (as well as the 365 suite) and I fear that this kind of software is designed primarily to enhance vendor revenues than provide enhancements to daily workflow. Its duplicating capabilities that were available 10-20 years ago but weren't too common because you needed to be a multinational company to take advantage of it (and then only peripherally). I suppose Management likes it because it gives the illusion of control, the idea that they can issue orders 24/7/365 and expect prompt responses from their subordinates. It gives the illusion of work while not necessarily getting anything done. Real work requires focus and you don't get focus from being pinged every few minutes.
I can still suggest moving to Linux for the remote work at least until Wayland comes along and ruins everything.
Remember without X11 you don't have:
- ssh/x11 forwarding
- XDMCP
- multiple VNC sessions (because that uses XDMCP -> localhost)
So it will basically be like VNC on Windows, slow screen scraping with a single user at a time :/
Phone your Microsoft account manager and point out that if they can't smell the coffee it could be one of two things:
1. They are about to come down with a Covid-19 infection, as the lack of taste or loss of sense of smell are early signs;
or
2. They really can't smell the coffee! Micro$oft should not be taking advantage of the Pandemic, but rather saying that for the duration there will be no licence constraints.
The good old steel fist in a soft glove discussion, will often work wonders. If it doesn't there are alternatives to Micro$oft products. After the storm there'll be a lot of competition for a reduced customer base. By the way use Google Meet to talk to this person.
All the posts here talking about Linux, VPN connections and RDP clients are missing one critical point......
These all have to be setup be users who are being dropped into this situation. They may have minimal IT expertise and just need to work. However you connect you be consuming some sort of CAL if RDP is involved. If you are using something else like VDI then there are new CALs for that and the costs of the VDI solution. If those users just need to access web-apps then you may be able to do something but as soon as you need corporate functionality other than email and office then it is a whole new world. I have never been a fan of the way Microsoft gouges RDP licenses but you pretty much have no other option.
A VPN on an personal device that connects to a corporate network has now added that device inside your network. It is just not possible in the current situation to do end point checking of the plethora of home devices so it is a trade-off of risk against working. VPNs work well for corporate devices that are taken off site because you can still trust the device. Anything else is just a disaster waiting to happen unless you can make everything web-based and only allow that through. Unfortunately that is just not the case.
Folk using NX don't require a VPN connection and if necessary can have a thin client to take home - all it needs is any old Ethernet connection plugged in and it works exactly as if it were on their desk at work.
This is not fantasy, I have customers who have been working this way for years... it's a myth that you absolutely require Windows on the desktop to run even a medium sized business.
> Folk using NX don't require a VPN connection
You leave out an important point:
The actual implementation is at least ssh / stunnel, or a well secured https. Nicely implemented with certificates, I hope, else you will have to rely on users with passwords. All these technics are there to get the same security as a VPN - which uses the same technics inside to transfer encrypted data.
It is a point of view whether you let your remote application access to the encryption (which RDP does too, including the certificate fun if you want) or you encapsulate everything.
And you talk like there has never been a security hole in *NX, especially application layer encryption security.
NX Client via SSH is not even nearly the same risk as a whole PC connected by VPN. You would need very specialised (and effectively worthless) malware (essentially a trojan copy of NXClient) running on the client machine in order to make any kind of use at all of the secured connection.
However, you are the one that's missed the main point of the article, which is about the licensing pitfalls and uncertainty involved with (in particular) Microsoft software and remote working. Open source software simply does not have these issues at all; use it on one desktop in your bedroom or ten thousand company laptops distributed across the world, nobody minds, nobody will come snooping about demanding an audit.
The flushable loo has been thing since sometime around the 1700’s, I would not describe this wonderful invention as ubiquitous in the world.... yes people do still shit into a pit
The same can be said for a lot of things, their usefulness but lack of ubiquity.
Whats the hold up?
I think parallels can be draw here
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
