Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop Microsoft Remote Desktop #1159

Closed
jemrobinson opened this issue Jul 20, 2022 · 1 comment · Fixed by #1535
Closed

Drop Microsoft Remote Desktop #1159

jemrobinson opened this issue Jul 20, 2022 · 1 comment · Fixed by #1535
Assignees
@martintoreilly @JimMadge
Labels
enhancement New functionality that should be added to the Safe Haven

Comments

@jemrobinson
Copy link
Member

jemrobinson commented Jul 20, 2022
edited
Loading

🍓 Desired behaviour

We should strongly consider dropping Microsoft Remote Desktop for the following reasons:

  1. Recent penetration tests show more issues in Microsoft Remote Desktop than Guacamole. Dropping Microsoft Remote Desktop would close the following issues:
  • Redirect HTTP to HTTPS when connecting to RDS webclient #361
  • alan-turing-institute/data-safe-haven-production#45
  • alan-turing-institute/data-safe-haven-production#46
  • alan-turing-institute/data-safe-haven-production#49
  • alan-turing-institute/data-safe-haven-production#62
  • alan-turing-institute/data-safe-haven-production#59
  • alan-turing-institute/data-safe-haven-production#54
  1. Microsoft prefer Guacamole in their own TRE
  2. Dropping support would allow us to remove three VMs: RDG-SRE-{SRE-ID}; APP-SRE-{SRE-ID}; NPS-SHM-{SHM-ID} and their associated setup and code
  3. Only supporting one remote desktop would reduce our support surface
  4. This would also mean that we could tighten our firewall rules allowing connections to various Windows update services to only apply to SHM VMs.

Thoughts welcome @martintoreilly @JimMadge
@jemrobinson jemrobinson added enhancement New functionality that should be added to the Safe Haven severity: medium labels Jul 20, 2022
@JimMadge
Copy link
Member

I agree, seems like a win-win to me.

@martintoreilly martintoreilly mentioned this issue Aug 10, 2022
Closed
2 tasks
@jemrobinson jemrobinson changed the title Consider dropping Microsoft Remote Desktop Drop Microsoft Remote Desktop Aug 31, 2022
@craddm craddm mentioned this issue Aug 3, 2023
Merged
8 tasks
@Davsarper Davsarper mentioned this issue Aug 11, 2023
Closed
9 tasks
@JimMadge JimMadge mentioned this issue Aug 14, 2023
Closed
10 tasks
@craddm craddm mentioned this issue Sep 12, 2023
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@martintoreilly martintoreilly

@JimMadge JimMadge

Labels
enhancement New functionality that should be added to the Safe Haven
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove MS Remote Desktop support craddm/data-safe-haven
3 participants
@jemrobinson @martintoreilly @JimMadge