NAT 后网络的命令行/Powershell 管理
设想。 第 3 方管理员希望通过 PS 远程处理/直接登录 NAT 网关后面的客户端和服务器来管理系统。
系统是 SBS 2003 或 W2K3。 所有这些都位于 NAT 防火墙后面,具有不同的 RFC1918 子网,并且没有站点到站点 VPN(尽管解决方案可能需要这样做。) 每个站点都有自己不相关的 AD 设置。
第 3 方管理网络(也在 NAT 之后)与目标站点没有信任(显然 SBS 站点默认情况下存在此问题,如果双方使用相同的 RFC1918 子网地址范围,VPN 似乎会出现问题。
跨 VPN 的名称解析建议
是否有一些“反射”方法(类似于 Ultra VNC,可以序列化 PS 对象并通过 NAT 传递它们,而不需要重新配置路由器?或者直接远程登录需要端口转发到 SSH 或类似的方法吗?不使用鼠标即可完成或自动化?
什么 .NET 远程处理方法可以帮助解决这个问题?
nsoftware Powershell 服务器解决方案似乎适用于 SSH,但仅适用于可公开寻址的机器,并且由于其按 CPU 许可方案而受到折扣。 。 还有其他类似的替代品吗?
Scenario.
3rd party admins want to administer systems with PS remoting/direct login of clients and servers behind NAT gateways.
The systems are SBS 2003 or W2K3. all are behind NAT firwalls with varying RFC1918 subnets and no site to site VPNs (although a solution would likely require this.)
Each site has its own unrelated AD setup.
The 3rd party admin network (also behind a NAT)has no trusts with the target sites (obviously SBS sites have this problem by default an It seems VPNs have problems if the same RFC1918 subnet address range is used on both sides.
Name resolution across VPN would be a prerequisite. advice
Is there some "reflection" approach (similar to Ultra VNC that would serialize PS objects and pass them through NATs without requiring router reconfig? or is portforwarding to SSH or similar required with direct remote logins? can any of this be accomplished or automated without use of a mouse?
what .NET remoting approaches might help solve this problem?
the nsoftware Powershell server solution works for SSH it seems but only where machines are publically addressable and it was also discounted due to its per CPU licensing scheme.
are there other similar alternatives to it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可能最好找到一种方法来隧道到一台机器,然后从那里跳到您想要管理的机器。 您需要将端口转发到第一台机器。
您的网络安全人员应该非常关心这台机器; 如果他们不知道,他们就不了解自己的工作。
我的第一个方法是对两个跃点使用 PowerShell V2 的远程处理。
You're probably best off finding a way to tunnel to a single machine, and then hop from there to the machines you want to administer. You'd need to forward a port to that first machine.
Your network security people should be very concerned about this machine; if they're not, they don't know their jobs.
My first approach would be to use PowerShell V2's remoting for both hops.
我同意@JayBazuz,i Powershell V2(当前在CTP3中)使用WinRM,它可以配置为通过HTTPS(实际上是您选择的任何端口)工作,从而穿过防火墙和NATS。
詹姆士
I concur with @JayBazuz,i Powershell V2 (currently in CTP3) uses WinRM, which can be configured to work over HTTPS(really any port you choose), thus working through firewalls and NATS.
james