Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove MS Remote Desktop support #1535

Merged
merged 68 commits into from
Aug 11, 2023
Merged

Remove MS Remote Desktop support #1535

Show file tree
Hide file tree
Changes from 57 commits
Commits
Show all changes
68 commits
Select commit Hold shift + click to select a range
fc99407
Remove updating NSG for MSRDS
craddm Jul 10, 2023
209faa1
Remove script for removing RDS gateway
craddm Jul 10, 2023
3f60f3c
Remove msrds gateway NSG rules
craddm Jul 10, 2023
a1d02a2
remove MSRDS elements from updating SRE SSL cert
craddm Jul 10, 2023
91639de
Remove script for setting up MSRDS SRE
craddm Jul 10, 2023
a061d9a
Remove set up of NSG rules for MSRDS
craddm Jul 10, 2023
8fcf6b9
Remove scripts for creating MSRDS
craddm Jul 10, 2023
a509e76
Remove MSRDS network config code
craddm Jul 10, 2023
d0a1240
remove RADIUS auth rule from NSG rules
craddm Jul 11, 2023
8093093
Remove script for setting up RDS gateway
craddm Jul 11, 2023
bf21be9
Remove configure SRE RDS script
craddm Jul 11, 2023
595c4fc
Remove disable legacy TLS script (msrds)
craddm Jul 11, 2023
0dcd652
No longer need to remove Radius client
craddm Jul 11, 2023
2825ec3
Remove MSRDS-only VM secrets from key vault
craddm Jul 11, 2023
53cee3f
Remove RDS ARM template
craddm Jul 11, 2023
2f53c72
remove session hosts NSG rules
craddm Jul 11, 2023
a9fad79
Remove MSRDS code for restarting VMs
craddm Jul 11, 2023
1cdc3ba
Remove NPS admin key from vault
craddm Jul 11, 2023
ecb4b46
Remove NPS from deployment script
craddm Jul 11, 2023
60a5864
Remove NPS ARM template
craddm Jul 11, 2023
e4d26fe
REmove NPS setup script
craddm Jul 11, 2023
1a2a90f
remove NPS files from desired state config
craddm Jul 11, 2023
bdab3ad
Remove references to NPS from VM management
craddm Jul 11, 2023
207262f
Remove RDS code from Config powershell script
craddm Jul 11, 2023
9bf4c69
Remove MSRDS related elements from DC1 DSC
craddm Jul 11, 2023
6789d5a
remove MSRDS domain config
craddm Jul 12, 2023
8b5c6b9
Remove MSRDS domain configuration SRE removal
craddm Jul 12, 2023
1052ab4
remove MS RDS from documentation on SRE details
craddm Jul 13, 2023
356d48e
Delete deploy MSRDS SRE instructions
craddm Jul 14, 2023
8684bf6
Replace deploy_sre page with Guacamole version
craddm Jul 14, 2023
8fc5d2b
Merge branch 'alan-turing-institute:develop' into remove-msrds
craddm Jul 31, 2023
d0f26fd
Merge branch 'alan-turing-institute:develop' into remove-msrds
craddm Aug 3, 2023
14e7a85
remove msrds config example files
craddm Aug 3, 2023
7ccf223
remove trailing whitespaces
craddm Aug 3, 2023
23182eb
remove msrds user guide
craddm Aug 3, 2023
302b829
Remove description of NPS from SHM docs
craddm Aug 3, 2023
2373a83
remove trailing whitespace
craddm Aug 3, 2023
caa3222
replace user_guide with guacamole version
craddm Aug 3, 2023
f0d58be
remove separate guacamole user guide
craddm Aug 3, 2023
3966072
Change link to user guide
craddm Aug 3, 2023
75e6771
remove msrds config check from tests
craddm Aug 3, 2023
3b4bfb3
Add t3guac config check to tests
craddm Aug 3, 2023
f119eec
remove MSRDS elements from reference shm configs
craddm Aug 3, 2023
9ecd4c9
remove MS RDS elements from reference configs
craddm Aug 3, 2023
f78e58a
remove unneeded user guide snippets
craddm Aug 3, 2023
37539c7
fix linting errors
craddm Aug 3, 2023
bb5ccfc
fix linting error and rename user guide
craddm Aug 3, 2023
ef2ea73
remove NPS section from SHM deployment docs
craddm Aug 4, 2023
c51b11d
Remove MS RDS specific elements from arch pngs
craddm Aug 4, 2023
af726bf
remove NPS server reference from checklist
craddm Aug 4, 2023
9e82542
temporarily reinstate deleted files
craddm Aug 8, 2023
60477dc
Merge branch 'alan-turing-institute:develop' into remove-msrds
craddm Aug 8, 2023
8fbe1e0
redelete msrds files
craddm Aug 8, 2023
fca1c3f
remove MSRDS related images
craddm Aug 8, 2023
81c7f1b
Remove MSRDS troubleshooting from user guide
craddm Aug 8, 2023
94fb403
remove more msrds images
craddm Aug 8, 2023
89e3a1a
remove MSRDS only sections from docs
craddm Aug 8, 2023
9eabdd4
fix linting and code fences
craddm Aug 8, 2023
d6614d9
Correct fenced blocks spacing and closes
JimMadge Aug 8, 2023
3224042
complete merge
craddm Aug 8, 2023
16fbf55
change MSRDS in smoke test readme to GUAC
craddm Aug 8, 2023
562f9a3
Remove reference to MS RDS
craddm Aug 8, 2023
e4f40aa
Enforce ApacheGuacamole as remoteDesktopProvider
craddm Aug 9, 2023
2fd9093
Edit config documentation
craddm Aug 9, 2023
a8bc1c7
fix linting errors
craddm Aug 9, 2023
8e0df0c
Update deployment/common/Configuration.psm1
craddm Aug 10, 2023
16e8f36
Update deployment/common/Configuration.psm1
craddm Aug 10, 2023
e848460
Change warning to fatal error if not RD other than Guac supplied
craddm Aug 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 3 additions & 8 deletions deployment/administration/SHM_Manage_VMs.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ if ($Group -eq "Identity") {
} elseif ($Group -eq "Mirrors") {
# Remove Identity VMs from list
$vmsByRg.Remove($config.dc.rg)
$vmsByRg.Remove($config.nps.rg)
}

switch ($Action) {
Expand All @@ -48,23 +47,19 @@ switch ($Action) {
$primaryDCAlreadyRunning = Confirm-VmRunning -Name $config.dc.vmName -ResourceGroupName $config.dc.rg
if ($primaryDCAlreadyRunning) {
Add-LogMessage -Level InfoSuccess "VM '$($config.dc.vmName)' already running."
# Start Secondary DC and NPS
# Start Secondary DC
Start-VM -Name $config.dcb.vmName -ResourceGroupName $config.dc.rg
Start-VM -Name $config.nps.vmName -ResourceGroupName $config.nps.rg -SkipIfNotExist
} else {
# Stop Secondary DC and NPS as these must start after Primary DC
# Stop Secondary DC as it must start after Primary DC
Add-LogMessage -Level Info "Stopping Secondary DC and NPS as Primary DC is not running."
Stop-Vm -Name $config.dcb.vmName -ResourceGroupName $config.dc.rg
Stop-Vm -Name $config.nps.vmName -ResourceGroupName $config.nps.rg -SkipIfNotExist
# Start Primary DC
Start-VM -Name $config.dc.vmName -ResourceGroupName $config.dc.rg
# Start Secondary DC and NPS
# Start Secondary DC
Start-VM -Name $config.dcb.vmName -ResourceGroupName $config.dc.rg
Start-VM -Name $config.nps.vmName -ResourceGroupName $config.nps.rg -SkipIfNotExist
}
# Remove Identity VMs from general VM list so they are not processed twice
$vmsByRg.Remove($config.dc.rg)
$vmsByRg.Remove($config.nps.rg)
}
# Process remaining SHM VMs covered by the specified group
foreach ($key in $vmsByRg.Keys) {
Expand Down
29 changes: 3 additions & 26 deletions deployment/administration/SRE_Manage_VMs.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ $vmsByRg = Get-VMsByResourceGroupPrefix -ResourceGroupPrefix $config.sre.rgPrefi
switch ($Action) {
"EnsureStarted" {
# Remove remote desktop VMs to process last
# May be able to simplify this further now that MSRDS is removed
$remoteDesktopVms = $vmsByRg[$config.sre.remoteDesktop.rg]
$vmsByRg.Remove($config.sre.remoteDesktop.rg)
# Start all other VMs before RDS VMs so all services will be available when users can login via RDS
Expand All @@ -40,32 +41,8 @@ switch ($Action) {
}
# Ensure remote desktop VMs are started
Add-LogMessage -Level Info "Ensuring VMs in resource group '$($config.sre.remoteDesktop.rg)' are started..."
if ($config.sre.remoteDesktop.provider -eq "ApacheGuacamole") {
# Start Guacamole VMs
$remoteDesktopVms | ForEach-Object { Start-VM -VM $_ }
} elseif ($config.sre.remoteDesktop.provider -eq "MicrosoftRDS") {
# RDS gateway must be started before RDS session hosts
$gatewayAlreadyRunning = Confirm-VmRunning -Name $config.sre.remoteDesktop.gateway.vmName -ResourceGroupName $config.sre.remoteDesktop.rg
if ($gatewayAlreadyRunning) {
Add-LogMessage -Level InfoSuccess "VM '$($config.sre.remoteDesktop.gateway.vmName)' already running."
# Ensure session hosts started
foreach ($vm in $remoteDesktopVms | Where-Object { $_.Name -ne $config.sre.remoteDesktop.gateway.vmName }) {
Start-VM -VM $vm
}
} else {
# Stop session hosts as they must start after gateway
Add-LogMessage -Level Info "Stopping RDS session hosts as gateway is not running."
foreach ($vm in $remoteDesktopVms | Where-Object { $_.Name -ne $config.sre.remoteDesktop.gateway.vmName }) {
Stop-VM -VM $vm
}
# Start gateway
Start-VM -Name $config.sre.remoteDesktop.gateway.vmName -ResourceGroupName $config.sre.remoteDesktop.rg
# Start session hosts
foreach ($vm in $remoteDesktopVms | Where-Object { $_.Name -ne $config.sre.remoteDesktop.gateway.vmName }) {
Start-VM -VM $vm
}
}
}
# Start Guacamole VMs
$remoteDesktopVms | ForEach-Object { Start-VM -VM $_ }
}
"EnsureStopped" {
foreach ($key in $vmsByRg.Keys) {
Expand Down
83 changes: 10 additions & 73 deletions deployment/common/Configuration.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,14 +186,12 @@ function Get-ShmConfig {
netbiosName = ($shmConfigBase.netbiosName ? $shmConfigBase.netbiosName : $shm.id).ToUpper() | Limit-StringLength -MaximumLength 15 -FailureIsFatal
dn = "DC=$(($shmConfigBase.domain).Replace('.',',DC='))"
ous = [ordered]@{
databaseServers = [ordered]@{ name = "Secure Research Environment Database Servers" }
linuxServers = [ordered]@{ name = "Secure Research Environment Linux Servers" }
rdsGatewayServers = [ordered]@{ name = "Secure Research Environment RDS Gateway Servers" }
rdsSessionServers = [ordered]@{ name = "Secure Research Environment RDS Session Servers" }
researchUsers = [ordered]@{ name = "Safe Haven Research Users" }
securityGroups = [ordered]@{ name = "Safe Haven Security Groups" }
serviceAccounts = [ordered]@{ name = "Safe Haven Service Accounts" }
identityServers = [ordered]@{ name = "Safe Haven Identity Servers" }
databaseServers = [ordered]@{ name = "Secure Research Environment Database Servers" }
linuxServers = [ordered]@{ name = "Secure Research Environment Linux Servers" }
researchUsers = [ordered]@{ name = "Safe Haven Research Users" }
securityGroups = [ordered]@{ name = "Safe Haven Security Groups" }
serviceAccounts = [ordered]@{ name = "Safe Haven Service Accounts" }
identityServers = [ordered]@{ name = "Safe Haven Identity Servers" }
}
}
$shm.domain.fqdnLower = ($shm.domain.fqdn).ToLower()
Expand Down Expand Up @@ -400,31 +398,21 @@ function Get-ShmConfig {
# ---------
$shm.users = [ordered]@{
computerManagers = [ordered]@{
databaseServers = [ordered]@{
databaseServers = [ordered]@{
name = "$($shm.domain.netbiosName) Database Servers Manager"
samAccountName = "$($shm.id)databasesrvrs".ToLower() | Limit-StringLength -MaximumLength 20
passwordSecretName = "shm-$($shm.id)-computer-manager-password-database-servers".ToLower()
}
identityServers = [ordered]@{
identityServers = [ordered]@{
name = "$($shm.domain.netbiosName) Identity Servers Manager"
samAccountName = "$($shm.id)identitysrvrs".ToLower() | Limit-StringLength -MaximumLength 20
passwordSecretName = "shm-$($shm.id)-computer-manager-password-identity-servers".ToLower()
}
linuxServers = [ordered]@{
linuxServers = [ordered]@{
name = "$($shm.domain.netbiosName) Linux Servers Manager"
samAccountName = "$($shm.id)linuxsrvrs".ToLower() | Limit-StringLength -MaximumLength 20
passwordSecretName = "shm-$($shm.id)-computer-manager-password-linux-servers".ToLower()
}
rdsGatewayServers = [ordered]@{
name = "$($shm.domain.netbiosName) RDS Gateway Manager"
samAccountName = "$($shm.id)gatewaysrvrs".ToLower() | Limit-StringLength -MaximumLength 20
passwordSecretName = "shm-$($shm.id)-computer-manager-password-rds-gateway-servers".ToLower()
}
rdsSessionServers = [ordered]@{
name = "$($shm.domain.netbiosName) RDS Session Servers Manager"
samAccountName = "$($shm.id)sessionsrvrs".ToLower() | Limit-StringLength -MaximumLength 20
passwordSecretName = "shm-$($shm.id)-computer-manager-password-rds-session-servers".ToLower()
}
}
serviceAccounts = [ordered]@{
aadLocalSync = [ordered]@{
Expand Down Expand Up @@ -626,20 +614,7 @@ function Get-SreConfig {

# Secure research environment config
# ----------------------------------
# Check that one of the allowed remote desktop providers is selected
$remoteDesktopProviders = @("ApacheGuacamole", "MicrosoftRDS")
if (-not $sreConfigBase.remoteDesktopProvider) {
Add-LogMessage -Level Warning "No remoteDesktopType was provided. Defaulting to $($remoteDesktopProviders[0])"
$sreConfigBase.remoteDesktopProvider = $remoteDesktopProviders[0]
}
if (-not $remoteDesktopProviders.Contains($sreConfigBase.remoteDesktopProvider)) {
Add-LogMessage -Level Fatal "Did not recognise remote desktop provider '$($sreConfigBase.remoteDesktopProvider)' as one of the allowed remote desktop types: $remoteDesktopProviders"
}
if (
($sreConfigBase.remoteDesktopProvider -eq "MicrosoftRDS") -and (-not @(2, 3, 4).Contains([int]$sreConfigBase.tier))
) {
Add-LogMessage -Level Fatal "RemoteDesktopProvider '$($sreConfigBase.remoteDesktopProvider)' cannot be used for tier '$($sreConfigBase.tier)'"
}

# Setup the basic config
$config = [ordered]@{
shm = Get-ShmConfig -shmId $sreConfigBase.shmId
Expand Down Expand Up @@ -900,44 +875,6 @@ function Get-SreConfig {
}
}
}
} elseif ($config.sre.remoteDesktop.provider -eq "MicrosoftRDS") {
$config.sre.remoteDesktop.gateway = [ordered]@{
adminPasswordSecretName = "$($config.sre.shortName)-vm-admin-password-rds-gateway"
vmName = "RDG-SRE-$($config.sre.id)".ToUpper() | Limit-StringLength -MaximumLength 15
vmSize = "Standard_DS2_v2"
ip = Get-NextAvailableIpInRange -IpRangeCidr $config.sre.network.vnet.subnets.remoteDesktop.cidr -Offset 4
installationDirectory = "C:\Installation"
nsg = [ordered]@{
name = "$($config.sre.nsgPrefix)_RDS_SERVER".ToUpper()
rules = "sre-nsg-rules-gateway.json"
}
disks = [ordered]@{
data = [ordered]@{
sizeGb = "1023"
type = $config.sre.diskTypeDefault
}
os = [ordered]@{
sizeGb = "128"
type = $config.sre.diskTypeDefault
}
}
}
$config.sre.remoteDesktop.appSessionHost = [ordered]@{
adminPasswordSecretName = "$($config.sre.shortName)-vm-admin-password-rds-sh1"
vmName = "APP-SRE-$($config.sre.id)".ToUpper() | Limit-StringLength -MaximumLength 15
vmSize = "Standard_DS2_v2"
ip = Get-NextAvailableIpInRange -IpRangeCidr $config.sre.network.vnet.subnets.remoteDesktop.cidr -Offset 5
nsg = [ordered]@{
name = "$($config.sre.nsgPrefix)_RDS_SESSION_HOSTS".ToUpper()
rules = "sre-nsg-rules-session-hosts.json"
}
disks = [ordered]@{
os = [ordered]@{
sizeGb = "128"
type = $config.sre.diskTypeDefault
}
}
}
} else {
Add-LogMessage -Level Fatal "Remote desktop type '$($config.sre.remoteDesktop.type)' was not recognised!"
}
Expand Down
Loading
Loading