[plug] [OT] XP Remote
Craig Ringer
craig at postnewspapers.com.au
Mon Aug 23 13:06:34 WST 2004
skribe wrote:
> Now we're about to get ADSL and the PHB is instituting all these changes to
> the computing network so that the work-for-the-dolers don't steal all their
> bandwidth by downloading movies all day.
What changes do you _need_ to impose a QoS policy? Make sure your
restricted users are in a defined IP range (ISC DHCPd is good at this
sort of thing) then throttle their HTTP (and RTSP etc) to (say) 50kbit
with a large burst rate to allow decent performance on web pages.
> These changes will of course put a
> serious crimp in the efforts of the people that do the real work and in
> particular the editors.
Hence the need to impose the restrictive QoS and/or firewall policies
selectively. If everybody shares computers, this won't work of course,
but if either the 'priority' users or the restricted users use a select
group of workstations it should be easy.
Anyway, if you're running a windows network you can do all sorts of
magic with using NTLM-auth proxies to impose per-userid QoS for any host
on the domain, right? (Aside: The same could be done by using kerberos
to authenticate with squid or aother proxy. Anybody know if this is
supported by any browsers or proxies?).
You could also just use Group Policy to lock down the user accounts of
the more restricted users. 'No MSIE, Windows Media Player, Real Player,
QuickTime, or program installs for you!'. It's from impossible to get
around unless done extremely carefully (I know someone who configures
Group Policy for a living!) but it's easy to use it to stop casual abuse.
> Our new tech unfortunately has a real job and so can't spend that much time
> at CTV and so plans to Remote Desktop all the computers, which despite my
> best linux advocacy efforts still run XP Pro. How safe is remote operation
> over ADSL?
Well, it should work fine so long as the load on the link is low enough
to keep the latency reasonable. A symmetric ADSL link might be
preferable. As for security, he'll be using a VPN, right?
--
Craig Ringer
More information about the plug
mailing list