Personal computing discussed

Moderators: renee, JustAnEngineer

 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Remote management - what do I need?

Thu Feb 28, 2019 5:06 pm

I want to remotely connect to my home desktop while I'm at work, because my home desktop is faster than my work desktop. But I think I need some extra hardware, so I'd like some help figuring out what I need.

First, since I have a dynamic IP at home, I need some dynamic DNS software installed on the home desktop, that will constantly update a static domain name with the dynamic IP. That way, I can remotely connect to the static domain name, and it will direct me to the dynamic IP.

Second, if I put my desktop to sleep, I need a way to wake it up. Wake-on-LAN isn't enough, because while the computer is asleep, it cannot update its dynamic DNS. Therefore, I could have an always-on Raspberry Pi that serves as a WOL device. I remotely connect to the Raspberry Pi (which would have some dynamic DNS software installed) and instruct to the Pi to send a WOL magic packet to the desktop. Then the desktop is awake, and I can connect to it.

But then there's a third problem I haven't figured out how to solve. When I remotely reboot my home desktop, there are pre-boot authentic mechanisms to enter, like a BIOS password and a BitLocker password. So how do I remotely enter those passwords before the operating system has loaded? Moreover, since it's the OS that has the dynamic DNS software installed, I won't know if the IP address has changed until the OS has loaded, but I need to enter the passwords before that.

So it seems like what I need is remote pre-boot management. So do I need a server motherboard with a server management processor? (E.g., the new ASRock X470D4U.)

Is a server motherboard with an ARM processor for out of band management what I need? And if so, what else do I need to research before I go spend money on the wrong things? And where can I learn how to set this all up?

(And presumably, the server management processor can perform the WOL, obviating the need for the Raspberry Pi.)

Or is there a way to output the video from my desktop to the Raspberry Pi, and set up the Raspberry Pi as the keyboard for the desktop? So I'd remotely connect to the Raspberry Pi, and within my video (showing the Raspberry Pi's desktop), I'd see a video-within-a-video of my desktop's screen, showing the request for a boot password. Then, I'd remotely type a password, and the Raspberry Pi would then represent itself as a keyboard and type that password into the desktop. Then, when the desktop was finished booting, I'd close the remote session with the Raspberry Pi and switch over to a session with the desktop. That sounds a bit convoluted, of course.

So what should I do, and what do I need to do that?

Thanks!
 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Re: Remote management - what do I need?

Thu Feb 28, 2019 5:21 pm

Or do I just need a processor with the equivalent of vPro? (See e.g. this article about using vPro to set up a remote KVM.)

That would be a problem, because among Ryzens, only the Ryzen Pro has the equivalent of vPro, and the Ryzen Pro isn't for retail sale.

I could get an EPYC, but then I'd be limited to Linux and Windows Server.

The Xeon E only goes up to 6 cores, and I need more cores than that. And a Core with vPro isn't an option because it doesn't support ECC.

I suppose I could do a Xeon Scalable, but at that point, I'm spending so much money, it defeats the purpose. The whole purpose was to avoid buying two desktops - one for work and one for home - but if I'm building a Xeon Scalable system, it might end up costing close to double anyway.
 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Re: Remote management - what do I need?

Thu Feb 28, 2019 5:26 pm

What about a KVM-over-IP switch? Can I connect my desktop's video and keyboard/mouse to the KVM-over-IP switch, and then from work, I remote desktop into the KVM switch rather than into the desktop itself?
 
TheRazorsEdge
Gerbil Team Leader
Posts: 219
Joined: Tue Apr 03, 2007 1:10 pm

Re: Remote management - what do I need?

Thu Feb 28, 2019 5:54 pm

The computer will retain its IP address after sleep, generally speaking. This is a minor concern anyway, as its internal IP address is not related to the dynamic DNS issue at all.

You should probably configure your router to update dynamic DNS records, assuming it supports the service you're using. This way, it won't matter which machines are sleeping/offline. Rebooting your PC should have no effect on the IP address. Dynamic DNS maps your external IP address to a name, so you'd have to reboot your modem/router for that to change.

You will need to configure the router to forward inbound packets on port 3389 to your desktop. If your router can dynamically handle this, great. E.g., some routers will associate the rule with a MAC address. If not, you may want to set a static IP on your desktop so that you can configure a static port forwarding rule to that address on your router.

Most importantly, make sure that this is permitted by your employer. Some employers will not like company data being moved to a home PC. In some cases, it is actually illegal, and there are severe penalties. In the US, your employer may punish or fire you if you do this without approval. In addition, your employer may have firewalls or other security measures which prevent RDP from working outside of their network.

Again, check with your employer first. Where I work, this is immediate grounds for termination. Automatically. Neither my immediate supervisor nor my second-level manager could appeal it.
 
TheRazorsEdge
Gerbil Team Leader
Posts: 219
Joined: Tue Apr 03, 2007 1:10 pm

Re: Remote management - what do I need?

Thu Feb 28, 2019 6:08 pm

mikewinddale wrote:
What about a KVM-over-IP switch? Can I connect my desktop's video and keyboard/mouse to the KVM-over-IP switch, and then from work, I remote desktop into the KVM switch rather than into the desktop itself?


You generally cannot RDP into KVM-over-IP switches. They present a web interface, and they allow you to open KVM consoles once you authenticate.

The features vary, but some important considerations are:

Some KVMs will redirect local devices (Smart Card readers, USB drives, etc), but some will only handle keyboard/mouse.

Some KVMs require client software installed locally, and you may not rights to install that client on a work computer.

All KVMs have some sort of software prerequisite. E.g., the web interface may present the KVM console as a Java application, which means you'll need a supported version of Java on your workstation. Alternatively, it may use .NET Framework or HTML5. Basic KVMs will often work with HTML5 alone (native in Edge/Chrome/Firefox), but advanced functionality usually requires something outside the browser sandbox.
 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Re: Remote management - what do I need?

Thu Feb 28, 2019 6:32 pm

Okay, so at work, I could just buy my own low-powered computer, to which I'd have administrator access. So I'd put most of my money into say a ThreadRipper at home, and then at work, I'd buy a cheap Pentium or whatnot to act like a dumb terminal - to which I'd have full administrator access.

Also, I would be fine with using the KVM-over-IP for pre-OS management (e.g. entering BIOS passwords), and then switching over to RDP with the desktop itself once the OS boots. So the KVM would need keyboard, video, mouse, and for things like USB, I'd rely on the RDP with the desktop's own OS (e.g. Windows).

Would that work?

And again, one important consideration is that the home network has a dynamic IP. So are KVM switches able to interface with an online dynamic DNS service? I know there's Windows software for that, but I need pre-Windows dynamic DNS.
 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Re: Remote management - what do I need?

Thu Feb 28, 2019 6:41 pm

TheRazorsEdge wrote:
You should probably configure your router


Oh, so at home, I use the Wifi provided by my landlord, so I can't configure the router. Nor can I control when it reboots. Nor can I set up a static IP.

TheRazorsEdge wrote:
Most importantly, make sure that this is permitted by your employer.


Good point. Thanks. But I already know that my employer has no restrictions whatsoever on what we do with our data, nor do they restrict what we connect to the network. So that's not an issue.
 
Redocbew
Gold subscriber
Minister of Gerbil Affairs
Posts: 2128
Joined: Sat Mar 15, 2014 11:44 am

Re: Remote management - what do I need?

Thu Feb 28, 2019 6:48 pm

:o
Do not meddle in the affairs of archers, for they are subtle and you won't hear them coming.
 
SecretSquirrel
Minister of Gerbil Affairs
Posts: 2652
Joined: Tue Jan 01, 2002 7:00 pm
Location: North DFW suburb...
Contact:

Re: Remote management - what do I need?

Thu Feb 28, 2019 7:11 pm

mikewinddale wrote:
TheRazorsEdge wrote:
You should probably configure your router


Oh, so at home, I use the Wifi provided by my landlord, so I can't configure the router. Nor can I control when it reboots. Nor can I set up a static IP.



Then it is about 99% likely that you can''t do what you want as you will be unable to initiate a connection from the outside.

mikewinddale wrote:
TheRazorsEdge wrote:
TheRazorsEdge wrote:
Most importantly, make sure that this is permitted by your employer.


Good point. Thanks. But I already know that my employer has no restrictions whatsoever on what we do with our data, nor do they restrict what we connect to the network. So that's not an issue.


:o :o :o
 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Re: Remote management - what do I need?

Thu Feb 28, 2019 7:29 pm

If you're curious: my employment is with a university. So all the data are mine, and I can do what I want.

And the computers they give us are fine, but they're not ThreadRippers.

So there's a little bit of a principal-agent problem here. If I were manipulating my employer's data, then they'd give me whatever computer was fast enough to get it done when the employer wants it done. If the employer wants it done tomorrow, they'll give me a computer fast enough to do that. And if the computer is too slow, it's the employer's problem, not mine.

But since I'm manipulating my own data, if I tell the university I want a ThreadRipper, they'll tell me to go apply for my own research grant.
Last edited by mikewinddale on Thu Feb 28, 2019 7:34 pm, edited 1 time in total.
 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Re: Remote management - what do I need?

Thu Feb 28, 2019 7:30 pm

SecretSquirrel wrote:
Then it is about 99% likely that you can''t do what you want as you will be unable to initiate a connection from the outside.


Well, bummer.
 
MOSFET
Gerbil XP
Posts: 369
Joined: Fri Aug 08, 2014 12:42 am

Re: Remote management - what do I need?

Thu Feb 28, 2019 9:05 pm

GoToMyPC ? It doesn't solve your preboot problems, but it conceivably can initiate the outbound connection for remote access, and then it would be IP and DNS-agnostic, and mostly router-agnostic, so it could solve those problems.
Be careful on inserting this (or any G34 chip) into the socket. Once you pull that restraining lever, it is either a good install or a piece of silicon jewelry.
 
ludi
Gold subscriber
Lord High Gerbil
Posts: 8442
Joined: Fri Jun 21, 2002 10:47 pm
Location: Sunny Colorado front range

Re: Remote management - what do I need?

Thu Feb 28, 2019 11:09 pm

I'm getting stuck trying to envision a scenario where you get all these requirements to work simultaneously without spending as much money on terminal and networking hardware as you might otherwise spend on a fast PC and Kensington lock for your desk at the university.

I mean, if you can leave your home PC always on/awake/locked while at the university, and then just want to get the software interface set up for RDP, then sure, great, easy. Some sort of dynamic DNS, a VPN tunnel, and appropriate RDP services enabled on both ends. Done. But beyond that you're starting to push toward enterprise solutions.
Last edited by ludi on Thu Feb 28, 2019 11:14 pm, edited 1 time in total.
Abacus Model 2.5 | Quad-Row FX with 256 Cherry Red Slider Beads | Applewood Frame | Water Cooling by Brita Filtration
 
jihadjoe
Gerbil Elite
Posts: 834
Joined: Mon Dec 06, 2010 11:34 am

Re: Remote management - what do I need?

Thu Feb 28, 2019 11:13 pm

Without being able to configure the router you're pretty much SOL without resorting to specialized software like LogMeIn.
 
cheesyking
Gold subscriber
Minister of Gerbil Affairs
Posts: 2735
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)
Contact:

Re: Remote management - what do I need?

Fri Mar 01, 2019 6:39 am

Yeah, no ability to configure the router means you're pretty much stuck with off the shelf remote access stuff like logmein or teamviewer.

The only way I can see it working is if you had something inside your network "dial out" a VPN connection that would allow you to connect in from outside. By the time you've brought something to go inside your network to act as a vpn client (like and rPI) and got something on the internet (like a VPS) to act as a VPN server and got a remote access card (something like a DRAC) so you can turn the machine on remotely you'll probably find it's cheaper and a lot less trouble to just leave the machine running all day and use teamviewer etc.

BTW, you mention having to enter a bitlocker password during bootup... Unless you're really paranoid or your computer doesn't have a TPM you shouldn't need to do this.
Fernando!
Your mother ate my dog!
 
Usacomp2k3
Gerbil God
Posts: 23009
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: Remote management - what do I need?

Fri Mar 01, 2019 7:36 am

Just don't put the home computer to sleep? Or have it wakeup automatically during work hours.
 
TheRazorsEdge
Gerbil Team Leader
Posts: 219
Joined: Tue Apr 03, 2007 1:10 pm

Re: Remote management - what do I need?

Fri Mar 01, 2019 2:44 pm

mikewinddale wrote:
Oh, so at home, I use the Wifi provided by my landlord, so I can't configure the router. Nor can I control when it reboots. Nor can I set up a static IP.


You probably won't be able to get RDP working. Popular alternatives include TeamViewer, Citrix, and LogMeIn.

Lack of access to the router will make it more challenging to setup remote access. I'm not sure that any of those alternatives will even work, as I've never used them in a situation where I couldn't control the network.
 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Re: Remote management - what do I need?

Fri Mar 01, 2019 5:11 pm

cheesyking wrote:
BTW, you mention having to enter a bitlocker password during bootup... Unless you're really paranoid or your computer doesn't have a TPM you shouldn't need to do this.


Well, I do have an fTPM in my Ryzen, and my motherboard supports a discrete TPM.

The problem I saw is that because this is a desktop, a thief could just transplant my Ryzen CPU (and its fTPM) into their motherboard, or they could transplant a discrete TPM into their motherboard.

In other words, if someone steals my desktop and wants to access my disk drive data, they could transplant my TPM into their computer and possibly fool BitLocker into thinking it's the same computer. If I set BitLocker to automatically unlock the drive when the TPM is detected, then my encryption might accomplish nothing at all. (By contrast, with a laptop, the CPU and TPM are soldered, so this transplantation would be difficult. A thief who transplanted my disk drive from my computer into theirs would have no ability to transplant the TPM too.)

So I use a PIN so that even if they transplant the TPM, they're still missing another credential.

(Query: given the fact that a desktop's TPM is not soldered, and therefore it is removable, why don't motherboard manufacturers integrate a TPM into the motherboard, like laptops do?)
 
qmacpoint
Gold subscriber
Gerbil Team Leader
Posts: 261
Joined: Wed Mar 14, 2018 12:56 pm

Re: Remote management - what do I need?

Fri Mar 01, 2019 5:27 pm

based on your network constraints, it sounds like you need management over the Internet - you're not going to be able to use any of vPro, or out-of-band management solutions, as your landlord controls the network "architecture". TeamViewer, LogMeIn, and other online options are the way to go in your situation. If you have some sort of management capabilities (i.e. to open ports and stuff like that) you could do an SSH tunnel to your router, and from there RDP with MobaXTerm or something similar...
 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Re: Remote management - what do I need?

Sat Mar 02, 2019 10:07 pm

qmacpoint wrote:
based on your network constraints, it sounds like you need management over the Internet - you're not going to be able to use any of vPro, or out-of-band management solutions, as your landlord controls the network "architecture". TeamViewer, LogMeIn, and other online options are the way to go in your situation. If you have some sort of management capabilities (i.e. to open ports and stuff like that) you could do an SSH tunnel to your router, and from there RDP with MobaXTerm or something similar...


Which means that if I reboot my computer, I can't reconnect until I get home and enter the BIOS and BitLocker passwords, right?

And assuming that's the case (correct me if I'm wrong), then I'd probably be better served by just buying two computers - one for work and one for home.

I could always apply for a research grant and use it to pay for the work computer - but in the end, I'd be buying two computers nevertheless.
 
jihadjoe
Gerbil Elite
Posts: 834
Joined: Mon Dec 06, 2010 11:34 am

Re: Remote management - what do I need?

Sat Mar 02, 2019 10:29 pm

Hugely unpractical solution here, but this should get what you want done:

If one computer has to be absolutely secure, then you can get two computers (your secure workstation, and a cheap unsecure one you use just to wake up and manage it), and an IPMI card for the secure workstation. LogMeIn Hamachi is free for networks of up to 5 members, so you can use it to RDP into the unsecure computer, from which you can send a WoL magic packet to wake up your secure workstation. Since there's a management card installed, you can control it remotely at the BIOS level from the unsecure computer. Make it a member of the Hamachi network so you can RDP to it directly once it's OS is booted instead of having nested remote desktops.
 
qmacpoint
Gold subscriber
Gerbil Team Leader
Posts: 261
Joined: Wed Mar 14, 2018 12:56 pm

Re: Remote management - what do I need?

Sun Mar 03, 2019 12:00 am

mikewinddale wrote:
Which means that if I reboot my computer, I can't reconnect until I get home and enter the BIOS and BitLocker passwords, right?

And assuming that's the case (correct me if I'm wrong), then I'd probably be better served by just buying two computers - one for work and one for home.

I could always apply for a research grant and use it to pay for the work computer - but in the end, I'd be buying two computers nevertheless.

Well, perhaps having a computer you connect to that allows you to wake up your computer through IPMI or some weird management function, and then you can connect to it through LogMeIn, TeamViewer, etc... having that sort of setup can cost a pretty penny, and it sounds too many steps, perhaps you should get your work to get you competent devices to deal with your work... BUT! If you were to do this trick:

a) Have a Linux or any other disposable machine with LogMeIn that allows you to do WOL to your computer + connect to your PCs management interface
b) Connect through LogMeIn to your computer

Also if your motherboard is not compatible with IPMI out of the box, don't think you can use it, usually modules and cards are bundled with supporting hardware at the motherboard level...
 
just brew it!
Gold subscriber
Administrator
Posts: 53163
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Remote management - what do I need?

Sun Mar 03, 2019 6:33 am

A few possibilities that come to mind:

1. How about having an unencrypted boot volume (so you don't need pre-boot display and keyboard access to enter passwords), but an encrypted data volume with all of your sensitive stuff?

2. In theory it should be possible to use the USB OTG port on an RPi Zero to emulate a USB keyboard. Use that plus a webcam aimed at the display to get past the pre-boot.

3. There might be a solution involving some combination of an IP KVM plus a second device (e.g. RPi) to deal with the firewall and dynamic DNS issues and forward the web console connection, but I'm having trouble wrapping my brain completely around that one. This would only be to get you past the pre-boot, since performance will likely suck pretty badly.

4. Convince your cheap-ass employer to get you the proper tools to do your job, or find a new job with an employer that has more of a clue.
Nostalgia isn't what it used to be.
 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Re: Remote management - what do I need?

Sun Mar 03, 2019 4:13 pm

jihadjoe wrote:
If one computer has to be absolutely secure, then you can get two computers (your secure workstation, and a cheap unsecure one you use just to wake up and manage it), and an IPMI card for the secure workstation. . . .


This sounds awesome, thanks! But I have one concern:

qmacpoint wrote:
Also if your motherboard is not compatible with IPMI out of the box, don't think you can use it, usually modules and cards are bundled with supporting hardware at the motherboard level...


Indeed, I'm looking at the manual for the Supericro SIMPLP-3+ and it says:
The AOC-SIMLP-B/SIMLP-B+/SIMLP-3/SIMLP-3+ is a highly efficient, highly compatible and easy-to-use IPMI card that allows the user to take advantage of BMC, a baseboard management controller installed on a server motherboard and the IPMIView, an IPMI-compliant management application software loaded in a PC


So that seems like it's a no-go, unless I'm misunderstanding.

But I could buy a motherboard with a BMC, although that would limit my options a lot. Xeon E only goes up to 6 cores, EPYC motherboards only support Windows Server, and there's only one Ryzen AM4 board I know of with a BMC, and it is limited in other ways (e.g. it's only MicroATX). I suppose I could try a Xeon Scalable board, but then I'm spending so much I may as well just buy two computers. Plus, they have low clock speeds, so I'd lose single-core performance, which is still important.
 
mikewinddale
Gerbil First Class
Topic Author
Posts: 173
Joined: Sat Jan 07, 2017 2:22 am

Re: Remote management - what do I need?

Sun Mar 03, 2019 4:14 pm

just brew it! wrote:
1. How about having an unencrypted boot volume (so you don't need pre-boot display and keyboard access to enter passwords), but an encrypted data volume with all of your sensitive stuff?


Basically, because a lot of applications aren't very transparent about what kinds of data they store, and where. For example, Chrome stores all my passwords and credit cards, and it isn't very clear about whether it stores them encrypted or not. So if I install Chrome on my unencrypted boot drive, are my Chrome data at least encrypted? I don't know. And some applications store their data on the OS drive even if you install the application itself to a different drive. So I'd have to start intensely researching every single application I use and determining where it stores all its data before I could trust an unencrypted boot drive. And I just don't want to have to deal with that. I want to be able to just encrypt my entire drive and be done with that.

just brew it! wrote:
A few possibilities that come to mind: . . . 2. In theory it should be possible to use the USB OTG port on an RPi Zero to emulate a USB keyboard. Use that plus a webcam aimed at the display to get past the pre-boot.


LOL!!! I thought of that, but I thought no, there has to be a better way. But maybe not! So yeah, I could just use the Raspberry Pi to send a WOL magic packet, view the webcam feed, enter the BIOS and BitLocker passwords, and then, once Windows boots, I just RDP into it with some Windows-specific software.
 
Mentawl
Silver subscriber
Gerbil Elite
Posts: 504
Joined: Sun Dec 26, 2004 5:21 pm
Location: UK

Re: Remote management - what do I need?

Sun Mar 03, 2019 6:07 pm

This is a tough one without making some compromises. Even the route you're proposing with a Raspberry Pi has some issues, in that you'll have to leave the RDP port (3389) for your home machine visible to the entire internet if you wish to RDP directly to it. A much more secure option is a machine to act as a VPN termination point inside your home network.

For example, I have pfSense running as my router on a little dedicated always-on-but-low-power Celeron box. pfSense runs an OpenVPN server, and it can also issue WoL packets. If I want to utilise any of my "big" home PCs, I connect up the VPN, hit up the pfSense GUI and power up whichever box I need - though in your case you'd had to leave your desktop asleep, rather than powered down entirely, to avoid Bitlocker PIN - I can then RDP to them (without opening up 3389 to the entire world - all my traffic goes over a closed tunnel VPN). Pretty much any *nix/BSD-based machine can act as an OpenVPN end point/server (though granted I have no idea how much performance you'd get out of the VPN tunnel with a generic ARM chip like on the Pi), so if you didn't want to shift all your routing around you could just setup a second always-on machine to VPN into which could then wake your "big" machines up.

I don't know of any way you could securely get past Bitlocker without removing the need for a PIN at startup - however, as long as you don't actually hard reboot the device (and just sleep it), you shouldn't need to enter a PIN. You could build a small PowerShell script to suspend Bitlocker drive protection if you found you did need to reboot it, which would remove the need for a pin on the next reboot only - this could be combined with a shutdown script to give you a one-click "Suspend Bitlocker and Reboot yourself, don't ask me for a pin" script quite easily.

Hope some of this rambling makes sense.

T
i7-8700k @ 4.7ghz | MSI Krait Z370 Gaming | nVidia GTX1080 | 16gb DDR4 3200 | 2x SSDs 1x HDD | Antec Solo II | Dell U2713HM
 
just brew it!
Gold subscriber
Administrator
Posts: 53163
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Remote management - what do I need?

Sun Mar 03, 2019 6:15 pm

mikewinddale wrote:
LOL!!! I thought of that, but I thought no, there has to be a better way. But maybe not! So yeah, I could just use the Raspberry Pi to send a WOL magic packet, view the webcam feed, enter the BIOS and BitLocker passwords, and then, once Windows boots, I just RDP into it with some Windows-specific software.

Just make sure you use a RPi with USB OTG capability. I believe that means the Zero.

Mentawl wrote:
This is a tough one without making some compromises. Even the route you're proposing with a Raspberry Pi has some issues, in that you'll have to leave the RDP port (3389) for your home machine visible to the entire internet if you wish to RDP directly to it. A much more secure option is a machine to act as a VPN termination point inside your home network.

Could expose the RDP port just to the local network, and do a secure SSH port forward through the RPi... that's roughly the equivalent of your VPN idea from a security perspective without setting up a full VPN.

Yes, it's still a ridiculous hack, but it is probably the cheapest way to do what he wants in a secure way.
Nostalgia isn't what it used to be.
 
qmacpoint
Gold subscriber
Gerbil Team Leader
Posts: 261
Joined: Wed Mar 14, 2018 12:56 pm

Re: Remote management - what do I need?

Sun Mar 03, 2019 6:28 pm

just brew it! wrote:
This is a tough one without making some compromises. Even the route you're proposing with a Raspberry Pi has some issues, in that you'll have to leave the RDP port (3389) for your home machine visible to the entire internet if you wish to RDP directly to it. A much more secure option is a machine to act as a VPN termination point inside your home network.

Could expose the RDP port just to the local network, and do a secure SSH port forward through the RPi... that's roughly the equivalent of your VPN idea from a security perspective without setting up a full VPN.

Yes, it's still a ridiculous hack, but it is probably the cheapest way to do what he wants in a secure way.[/quote]

Yeah RDP over SSH can be done with MobaXterm, but this means that you have to expose an SSH port somehow in your landlord's environment. And then solve the Remote Management portion of the problem (with a new motherboard??) How much are you willing to spend?
 
jihadjoe
Gerbil Elite
Posts: 834
Joined: Mon Dec 06, 2010 11:34 am

Re: Remote management - what do I need?

Sun Mar 03, 2019 11:30 pm

Well OP already said that configuring the landlord's router is a no-go, which is why I suggested using LogMeIn Hamachi for the VPN-side. It's free for networks of up to 5 computers, and will basically do a secure VPN without the need for any port forwarding.

Hmm the need for a BMC seems to throw a wrench in this. What I understand though is that an IPMI card *should* include a BMC. It's what differentiates it from any regular LAN card after all. I'm guessing those SuperMicro cards might be proprietary devices they specifically built to work in conjunction with their motherboards, kinda like ASUS' Supreme Audio card that had to plug in an ASUS motherboard to work.

AMD also has the Pro line of CPUs that should include DASH, which is basically their own version of IPMI. Thing is buying this probably means getting a pre-built from an OEM like HP. You can't even find the Ryzen Pro line of CPUs on retail, let alone their associated motherboards.

Another option is a KVM over IP switch, although it does seem like ridiculous overkill since these things can get really expensive and you'll be using it for just one computer.
 
bthylafh
Maximum Gerbil
Posts: 4248
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Remote management - what do I need?

Mon Mar 04, 2019 1:00 am

This won't help OP's use case, but here's what I'm doing nowadays for RDPing into my home computer from work:

SSH port forwarding on my router to my home Linux server. You could use a Raspberry Pi in lieu of the server. The port's not 22/tcp to discourage bots.
SSH daemon on the Linux box is set up to use a key that's unlocked with a password.
Linux box has a shell script that sends a WoL command to my desktop PC running Windows.
Once my computer's awake, I've got MobaXterm on my work PC configured to tunnel in via SSH and then open an RDP session to the home PC.

I should get around to configuring my Linux machine's SSH server to use my Yubikey instead of the key-and-password but my tuits are insufficiently rounded.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x

Who is online

Users browsing this forum: No registered users and 20 guests
GZIP: On