From user-return-3558-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org Thu Mar 15 20:49:33 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 87822180649 for ; Thu, 15 Mar 2018 20:49:32 +0100 (CET) Received: (qmail 39936 invoked by uid 500); 15 Mar 2018 19:49:26 -0000 Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@guacamole.apache.org Delivered-To: mailing list user@guacamole.apache.org Received: (qmail 39927 invoked by uid 99); 15 Mar 2018 19:49:26 -0000 Received: from mail-relay.apache.org (HELO mailrelay1-lw-us.apache.org) (207.244.88.152) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Mar 2018 19:49:26 +0000 Received: from mail-lf0-f45.google.com (mail-lf0-f45.google.com [209.85.215.45]) by mailrelay1-lw-us.apache.org (ASF Mail Server at mailrelay1-lw-us.apache.org) with ESMTPSA id 5B6FBB3B for ; Thu, 15 Mar 2018 19:49:25 +0000 (UTC) Received: by mail-lf0-f45.google.com with SMTP id v9-v6so11970960lfa.11 for ; Thu, 15 Mar 2018 12:49:24 -0700 (PDT) X-Gm-Message-State: AElRT7EKGSwGe6VlF6/fzsmlYGsjOvIJPHGr5L8AiV6zqhbjhErKuBfR /Rhuiie8I+ephPA+5A/aLWtGHqWbhETsgNaFN1U= X-Google-Smtp-Source: AG47ELtVEWmPNaVVIOqNMwY1Au8QZ5WzfhGr30H2bzEPrDP5Ed94lETU+4PhT+8rn9Be+0xFxnwapaLXzm8U/yElAtI= X-Received: by 10.46.152.143 with SMTP id b15mr5119079ljj.131.1521143363452; Thu, 15 Mar 2018 12:49:23 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:547:0:0:0:0:0 with HTTP; Thu, 15 Mar 2018 12:49:22 -0700 (PDT) In-Reply-To: References: From: Nick Couchman Date: Thu, 15 Mar 2018 15:49:22 -0400 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Control outbound socket connection To: user@guacamole.apache.org Content-Type: multipart/alternative; boundary="883d24f22a7cd4c69c056778c92d" --883d24f22a7cd4c69c056778c92d Content-Type: text/plain; charset="UTF-8" On Thu, Mar 15, 2018 at 1:29 PM, R wrote: > Is there a way, that I can tunnel the outbound rdp/vnc/ssh connections via > CASB. I need to authenticate to CASB first before I need to send the > rdp/vnc/ssh connection. > I will be sending all the requests to that CASB and CASB will act as > multi-tenent for all customers. > First, you haven't really defined what CASB is, so it's hard for those of us unfamiliar with the term to know exactly what you're talking about. A quick Google search turns up Netskope's Cloud Access Security Broker, which sounds like it could fit what you're talking about, but you might want to help us out and define that a little better. Besides just what it is, it would be useful to know a little bit about how it functions - what does it mean to "authenticate to CASB" before you send the connection? Do they provide any clients or documentation on how that authentication is accomplished? Is it a REST API, a port knocking handshake, some other username/password? Should it be taking credentials used for the connection and providing those somewhere else? Is there something else that needs to be configured, like a CASB server, etc. There are few things that aren't possible to accomplish, it's just a matter of determining how to accomplish it and whether or not it's worth the difficulty, or if the arrangement of the network with regard to the location of CASB can be adjusted at all. -Nick --883d24f22a7cd4c69c056778c92d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On T= hu, Mar 15, 2018 at 1:29 PM, R <funnny@gmail.com> wrote:
<= blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px= #ccc solid;padding-left:1ex">
Is there a way, that I can tunnel the outbou= nd rdp/vnc/ssh connections via CASB. I need to authenticate to CASB first b= efore I need to send the rdp/vnc/ssh connection.
I will be sending all the requests to= that CASB and CASB will act as multi-tenent for all customers.


First, you haven't really defined what CASB is, s= o it's hard for those of us unfamiliar with the term to know exactly wh= at you're talking about.=C2=A0 A quick Google search turns up Netskope&= #39;s Cloud Access Security Broker, which sounds like it could fit what you= 're talking about, but you might want to help us out and define that a = little better.=C2=A0 Besides just what it is, it would be useful to know a = little bit about how it functions - what does it mean to "authenticate= to CASB" before you send the connection?=C2=A0 Do they provide any cl= ients or documentation on how that authentication is accomplished?=C2=A0 Is= it a REST API, a port knocking handshake, some other username/password?=C2= =A0 Should it be taking credentials used for the connection and providing t= hose somewhere else?=C2=A0 Is there something else that needs to be configu= red, like a CASB server, etc.

There are few things that aren't possible to ac= complish, it's just a matter of determining how to accomplish it and wh= ether or not it's worth the difficulty, or if the arrangement of the ne= twork with regard to the location of CASB can be adjusted at all.

-Nick
--883d24f22a7cd4c69c056778c92d--