RDP support for VMs or Console only Access
-
So with hypervisors, do you enable RDP access to your virtual servers or do you restrict access to console only access?
Obviously it's just another service that can be enabled, but is it wise to do so, when you can access your VMs via the console from tools like XenCenter, vCenter and Xen Orchestra?
-
The general rule is the opposite, restrict console and focus on remote access. This is why most enterprise cloud platforms (like Azure, Amazon, etc.) don't even allow console access any more. Console access is seen as a crutch in many cases. Once you move to DevOps.... BOTH are considered a crutch.
-
If you have tools in place to remove RDP access though (which opens up a wider surface area), and since such tools like XO expressly provide console access wouldn't management be easier?
The reason I say this is, people who access to your VM's presumably are allowed to be there, and probably have more security than say a website visitor being hosted from one of those VMs.
Opening up RDP access (not necessarily from the Internet) but in general just opens more ports, more firewall changes etc.
-
@DustinB3403 said in RDP support for VMs or Console only Access:
If you have tools in place to remove RDP access though (which opens up a wider surface area), and since such tools like XO expressly provide console access wouldn't management be easier?
No, working with the console is always considered bad. It's extremely inefficient, lacks copy/paste, lacks normal security measures... it's designed as a fall back only. It's not intended to be used any more than sitting in front of the server is not intended to be used.
-
@DustinB3403 said in RDP support for VMs or Console only Access:
The reason I say this is, people who access to your VM's presumably are allowed to be there, and probably have more security than say a website visitor being hosted from one of those VMs.
I don't understand the comparison here. The same would be said about people accessing via RDP.
-
@DustinB3403 said in RDP support for VMs or Console only Access:
Opening up RDP access (not necessarily from the Internet) but in general just opens more ports, more firewall changes etc.
Sure, but granting unnecessary access to the console does that, too. You need access to the VMs from far more places than you need it to the console.