Remote desktop vs. remote display [LWN.net]

Remote desktop vs. remote display

Posted Feb 14, 2013 22:42 UTC (Thu) by khim (subscriber, #9252)
In reply to: Remote desktop vs. remote display by Serge
Parent article: LCA: The ways of Wayland

I guess you assume that user works under local administrator in office, and does not use any third-party firewalls like outpost/comodo or some firewall built into installed antivirus.

I'm yet to see an office which allows installation of third-party firewalls. Except for small business, but in this case user usually is, indeed, an admin and can do whatever s/he wants.

If it's something larger then mom-and-pop shop then there will be firewall, antivirus and may be even Parity, but of course the firewalls installed by winops will support WRA. And you don't need to be an admin to use this feature.

I think you are confused. Two usecases cited above are, indeed, the most common usecases - but while they both use RDP as core protocol they have totally different activation sequences and totally different UI. The only thing they share is the ability to start using them without any preparation in this particular session (you need to change OS settings to enable these, of course, but these can be pushed using via Active Directory - and it's true for any remote access protocol; they all need some kind of initial setup).

(Log in to post comments)

RDP

Posted Feb 15, 2013 11:15 UTC (Fri) by tialaramex (subscriber, #21167) [Link]

So, since I work for a huge dinosaur corporation right now, let me burst this particular bubble straight off.

Here's the _reality_, some of this is paraphrased because I wasn't aware that it would be hilarious enough to be worth recording until some way through the process, and my responses (mostly "OK") are elided. It happened to me _yesterday_ but it could be anybody, and any day, of any week in corporations everywhere.

"Hi, I need you to log into your computer, then go to some3rdpartywebsite.com and enter this eight digit code: 12345678"

"Yes, just click through all the security prompts and choose Run"

"OK, I have control of the computer now. You can probably see things moving. Hello."

"I wasn't able to get access to do the task I was assigned. I will talk to my supervisor"

"Sorry, I am not able to complete the task, I am refused permission to download the software. I will have the ticket re-assigned"

That's a _massive_ global corporation, with both ends using Microsoft Windows, trying to install a program, which ought to be centrally provisioned but of course that doesn't work. Notice that they invoke a third party solution, they end up violating a lot of security principles and still they can't get it to work. In the process they aren't able to take control without leaving the desktop unlocked, and they have no clue what they're doing when they're in.

THAT is the reality on the ground, what you're talking about is every bit as much the theory that doesn't translate into practice as what was discussed above about remoting X applications. RDP could work, it's possible to see how on paper it has potential advantages, but it's erroneous to suggest that it's actually out there solving the problem in these big corporate systems.

I do use RDP, in another aspect of my job I have to connect to a remote facility where (we were told) access to the servers is via SSH. What we weren't told was that they're inside a corporate firewall that our contact hasn't got permission to change. So to "SSH" into these machines I connect to an RDP system where I only have permission to run Putty. This clumsy, error-prone solution makes every occasion when we must access those systems a trial.