• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Azure hosting or similar

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    #21
    https://amazonlightsail.com/

    Windows Server:
    2 GB Memory
    1 Core Processor
    50 GB SSD Disk
    3 TB Data Transfer*

    $30 / £22.95 a month

    EDIT: It's Windows 2012 and 2016 only,so you'll have to ensure your s/w runs on it (or go down the Linux + VM route).
    Last edited by Dante; 3 November 2017, 15:54.

    Comment


      #22
      Originally posted by Dante View Post
      https://amazonlightsail.com/

      Windows Server:
      2 GB Memory
      1 Core Processor
      50 GB SSD Disk
      3 TB Data Transfer*

      $30 / £22.95 a month

      EDIT: It's Windows 2012 and 2016 only,so you'll have to ensure your s/w runs on it (or go down the Linux + VM route).
      This looks interesting, thanks. Will give it a spin. Pretty sure the app i need to use will work with 2012, possibly 2016. Will test it out.
      Main concern now is to secure RDP, but still keep the login process simple(ish) - looking at DUO's 2FA option for RDP ...

      Comment


        #23
        Originally posted by Spoiler View Post
        This looks interesting, thanks. Will give it a spin. Pretty sure the app i need to use will work with 2012, possibly 2016. Will test it out.
        Main concern now is to secure RDP, but still keep the login process simple(ish) - looking at DUO's 2FA option for RDP ...
        Yep, just install remote desktop gateway on the same server, and set up Duo. I'd want an admin back door though (so a free VPN appliance, just for the genuinely administrative users, can be a Linux box for an extra fiver a month or something).

        Comment


          #24
          Potential sticking point: https://forums.aws.amazon.com/thread...hreadID=252542

          Comment


            #25
            Originally posted by SeanT View Post
            I'd want an admin back door though (so a free VPN appliance, just for the genuinely administrative users, can be a Linux box for an extra fiver a month or something).
            Just trying to figure out exactly how that would work ...

            Spin up a Linux box in Lightsail, and run OpenVPN server on it.
            Install OpenVPN client on the Lightsail Windows server and connect to the OpenVPN server.
            Then, connect to VPN Server from home PC and run RDP over it.
            If the admin account was secured with 2FA, then I'm still reliant on that working okay.
            If the admin account isn't 2FA, then this leaves it open to brute force type attacks using direct RDP (not over the VPN).
            Unless ... I can restrict an account to only permit logins over the VPN (not sure if that's possible) ???

            Comment


              #26
              Originally posted by Spoiler View Post
              Just trying to figure out exactly how that would work ...

              Spin up a Linux box in Lightsail, and run OpenVPN server on it.
              Install OpenVPN client on the Lightsail Windows server and connect to the OpenVPN server.
              Then, connect to VPN Server from home PC and run RDP over it.
              If the admin account was secured with 2FA, then I'm still reliant on that working okay.
              If the admin account isn't 2FA, then this leaves it open to brute force type attacks using direct RDP (not over the VPN).
              Unless ... I can restrict an account to only permit logins over the VPN (not sure if that's possible) ???
              Windows firewall:

              RD Gateway on 443 open to the world.
              RD service itself on 3389 open to localhost (i.e. the gateway service running on the same machine) and to the OpenVPN box.

              Normal user access: RD via RD Gateway and Duo
              Admin user backdoor: VPN auth with certificate / key, RDP direct to server

              Comment


                #27
                Originally posted by SeanT View Post
                Windows firewall:

                RD Gateway on 443 open to the world.
                RD service itself on 3389 open to localhost (i.e. the gateway service running on the same machine) and to the OpenVPN box.

                Normal user access: RD via RD Gateway and Duo
                Admin user backdoor: VPN auth with certificate / key, RDP direct to server
                Thanks for the clarification

                Comment

                Working...
                X