X2Go - everywhere@home

User Tools

Site Tools

Trace:
doc:success-stories:electronic-glovebox

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
doc:success-stories:electronic-glovebox [2013/11/20 09:57]
stefanbaur 		doc:success-stories:electronic-glovebox [2013/11/20 10:06]
stefanbaur
Line 1: Line 1:
 +
 ====== X2Go at the Doctor's office: The Electronic Glovebox ====== ====== X2Go at the Doctor's office: The Electronic Glovebox ======
  
Line 7: Line 8:
 ReCoBS is a security concept designed by the German Federal Office for Information Security ([[https://www.bsi.bund.de/EN/Home/home_node.html|Bundesamt für Sicherheit in der Informationstechnik]], BSI). ReCoBS is a security concept designed by the German Federal Office for Information Security ([[https://www.bsi.bund.de/EN/Home/home_node.html|Bundesamt für Sicherheit in der Informationstechnik]], BSI).
  
-It places a Terminal Server (in our case, a Linux box running X2Go) in a demilitarized zone (DMZ) between two Firewalls. This Terminal Server may freely surf the net, but it cannot initiate "downstream" connections towards the LAN. From the LAN side, it is possible to connect to the Terminal Server (in our case, via SSH), but direct outbound connections to the Internet are blocked by default.+It places a Terminal Server (in our case, a Linux box running X2Go) in a demilitarized zone (DMZ) between two Firewalls. This Terminal Server may freely surf the net, but it cannot initiate "downstream" connections towards the LAN. From the LAN side, it is possible to connect "upstream" to the Terminal Server (in our case, via X2Go/SSH), but direct outbound connections to the Internet are blocked by default.
  
-Where we're diverting from the standard ReCoBS approach is that we're using a single firewall with a third ethernet port for the DMZ, and we're running both the firewall and the X2Go Terminal Server as virtual machines on a stripped down Debian Linux with KVM.+Where we're diverting from the standard ReCoBS approach is that we're using a single firewall with a third ethernet port for the DMZ, and we're running both the firewall and the X2Go Terminal Server as virtual machines on a stripped down Debian Linux with KVM. Also, we're providing a web proxy server with a default deny policy, so that you can whitelist "safe" domains like microsoft and antivirus updates, or online banking portals and access those using your locally installed browser or online banking software.
  
 While the system isn't limited to a particular hardware configuration (we've shipped regular midi-tower cases as well as 19", 1HU rack-mount servers), our standard model is a fanless (i.e. entirely passively cooled), very compact case with enough CPU and RAM for up to 5 concurrent users. A picture, showing the box on top of a stack of copy paper for easy size comparison, is available here: [[http://www.baur-itcs.de/20-servermodelle/10-lexcomputechtwister/]] While the system isn't limited to a particular hardware configuration (we've shipped regular midi-tower cases as well as 19", 1HU rack-mount servers), our standard model is a fanless (i.e. entirely passively cooled), very compact case with enough CPU and RAM for up to 5 concurrent users. A picture, showing the box on top of a stack of copy paper for easy size comparison, is available here: [[http://www.baur-itcs.de/20-servermodelle/10-lexcomputechtwister/]]
Line 23: Line 24:
 Thanks to the Published Application Mode, these applications interact with the Desktop as if they were installed locally on the machine, there is no annoying full-desktop window that you need to drag out of the way to access your local applications, like you might know it from using VNC or RDP.  Thanks to the Published Application Mode, these applications interact with the Desktop as if they were installed locally on the machine, there is no annoying full-desktop window that you need to drag out of the way to access your local applications, like you might know it from using VNC or RDP. 
  
-Please visit our website for further information and to view a screencast. The website is in German only at the moment, but if you are interested in selling GloveBoxes in your country, feel free to contact us by e-Mail and we'll provide you with English translations of whatever you may need. Also, while the screencast has German on-screen text and no translation yet, it should be rather easy to figure out what it's about, even without unerstanding the language.+Please visit our website for further information and to view a screencast. The website is in German only at the moment, but if you are interested in selling GloveBoxes in your country, feel free to contact us by e-Mail and we'll provide you with English translations of whatever you may need. Also, while the screencast has German on-screen text and no translation yet, it should be rather easy to figure out what it's about, even without understanding the language.
  
   * Overview: [[http://baur-itcs.de/10-elektronischeglovebox/]]   * Overview: [[http://baur-itcs.de/10-elektronischeglovebox/]]
   * Screencast: [[http://baur-itcs.de/10-elektronischeglovebox/50-videos/]]   * Screencast: [[http://baur-itcs.de/10-elektronischeglovebox/50-videos/]]
   * e-Mail: [[mailto:kontakt@baur-itcs.de]]   * e-Mail: [[mailto:kontakt@baur-itcs.de]]
 +
 +----
 +
 +Kudos to [[http://das-netzwerkteam.de/|sunweaver]] for jumping in and providing the initial revision of this page. :-)
doc/success-stories/electronic-glovebox.txt · Last modified: 2017/03/27 15:26 by stefanbaur

Page Tools

Imprint & Legal Disclaimer - Data Protection & Privacy Statement
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki