Scaling up VNC and SSH

Jeffrey Harris harris "at" gate.sunquest.com
Fri, 18 Aug 2000 23:52:03 +0000


If anyone has already answered this question, please just point me there.  I
work for a company with some 1000 client sites spread out all over the world
(although mostly US/Canada).  We sell software and both UNIX and NT servers.
We have some 100-support personnel who need  the ability to do remote support.
Although we dial-out with PCAnywhere right now, some UNIX support goes through
SSH.  I think that we could use those SSH connections for VNC.  I'd like to
funnel all support personnel through a personal website that they would have
to log in to from their NT Workstation.  (Security, tracking purposes).  Next
the employee would click on the appropriate link which would be a *.VNC file
(which is located on the server) and a command to begin an SSH session on
another box.  Next our (Linux) SSH client would connect over the Internet
through their firewall to their SSH box and begin TCP port redirection.  At
some point the VNC connection and SSH connection would have to be terminated.
I have played with VNC and SSH for a couple months and I know that they work
well at a one to one level. (Kudos to the VNC team, you truly have an
outstanding product).  I know that this has been well documented on the
smaller scale.  Now my questions are

		1.	Has anyone tried anything similar on that scale?

		2.	How processor intensive is the SSH client?  Right now we have a DEC Alpha
box as our SSH connection to the outside world.  Would we need 10 * 1 GHz
Intel boxes running Linux or BSD to handle the clients in the future?

		3.	What is a good way of keeping all of the port numbers straight?  Would I
need to set it up so that so that port 5901 goes to server A in Cleveland and
port 5902 goes to server B in Houston (and so on for about 2000 servers)

-or-

		4.	Would a more elegant way be to pass along

		5.	What is the best way to have the SSH session tear down after you are
done?

A byline in this is that I want to hide info like passwords and complexity
from our support personnel.  One of the requirements that I have been given is
simplicity.

Thanks in advance for your tips (and for not flaming me)  :)
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------