NoMachine Support

Your questions answered

Knowledge Base

Searching in: Feature Requests
Filter the search results
Target version:
Last update:
Searching in: Feature Requests
ID: FR02Q03788
Added on:  2019-02-26
Last update: 2020-11-06
Priority: Low
Products: NoMachine Server
Target: 7
Status:  Approved
Adding the possibility to propagate profile rules in a multi-server environment

NoMachine Cloud Server (CS) is designed to allow access to subservers. When there is a significant number of subservers (child servers), managing profiles from one central point becomes a realistic need, and allows to control users, services and resources in a much more efficient way. For example, according to company policies it could be necessary to disable globally services like device sharing, file transfer and copy&paste.

Implementation will be based on propagating rules set on the Cloud Server to a particular subserver, group of subserver or all subservers. As a further benefit, rules will be applied also when connecting to a child server which doesn't support the profile itself when working as a standalone server and without CS control (Enterprise Desktop is here a good example). Profile rules set globally on the Cloud Server overrides the correspondent rule or configuration set on the child server.

Note that these rules will be applied only if users connect via the Cloud Server and via any of its available forward methods ('token', 'system' or 'tunnel'). If users connect directly to any of the child servers, the server configuration or profile rules (if supported) set on that subserver will be applied.


Server usage:

--ruleadd --class <class> --type <type> --value yes|no|<value>
          [--system|--user <username>|--guest|--node <node:port>|
           --group <groupname>|--nodegroup <groupname>|--address <IP>]
          For multiserver environments:   
          --class propagation --type <type> [--server <server:port>|
          --servergroup <groupname> [--user <username>|
          --group <groupname>|--address <IP>]]

  Add a rule if server supports profiles. <class> is a class of rule
  like session, node, service or feature. <type> qualifies the class,
  e.g. '--class session --type unix-gnome'. With --value,allow or deny
  or set the value for the class type. If no additional parameter is
  specified, the rule is applied to all users. This corresponds to the
  --system option. In alternative, use the --user option to apply the
  rule only to the specified user, or --guest to set the rule for all
  guests accounts, or --group to define the rule for a certain group
  of users. To set the rule on a per-node basis, use --node instead
  or provide --nodegroup to apply the rule to a group of nodes. Use
  --address to apply the rule on per-client IP basis.
  In multi-server environments, provide '--class propagation --type
  <type>' to apply the rule to all child servers. Provide --server
  to propagate the rule to a given child or use --servergroup for
  propagating it to a given group of child servers. To apply the rule
  only when a user or a group of users connect, provide also the
  --user or the --group switch respectively. This can be used also
  in conjunction with the --IP parameter, to propagate the rule only
  if the user or group of users connect from the given IP.


--rulelist [--system | --user <username> | --guest | --node<node:port> |
            --group <groupname> | --nodegroup <groupname> | --address <IP>]
           For multiserver environments:   
           [--class propagation [--server <server:port>|
            --servergroup <groupname>]

  List all rules set. If --system is provided, list rules defined for
  the NoMachine system. Use --user or --guest to list only rules set
  for the given user or for guest accounts respectively. If --node
  is given, list all rules set for the node. With --group, list all
  rules set for the specified group of users. List the rules set for
  nodes groups by using the --nodegroup option or those set for the
  given group of nodes. Use --address <IP> to list all the rules
  associated to the given client IP.
  In multi-server environments, provide '--class propagation' to list
  all rules propagated to child servers, or filter by --server or
  --servergroup to list only rules propagated to that server or group
  of servers.


--ruledel [--class <class> --type <type>] [--system|--user <username>|
           --guest|--node <node:port>|--group <groupname>|--nodegroup
           <groupname> | --address <IP>]
           For multiserver environments:
           [--class propagation [--server <server:port>|
            --servergroup <groupname>|--user <username>|
            --group <groupname>|--address <IP>]]

  If --class and --type are not provided, delete all rules set for the
  system (--system) or the given user (--user) or guests (--guest) or
  the given node (--node) or the given group of users (--group) or of
  nodes (--nodegroup). Use --class and --type to delete this specific
  rule from the system (--system can be omitted) or provide any of the
  available options to delete it on a per-user/guests/node/groups of
  users/group of nodes basis. Use --address to delete all the rules
  associated to the given client IP.
  In multi-server environments, use '--class propagation' to delete
  all rules to be propagated to child servers. Provide --server or
  --servergroup to delete only those rules to be propagated to the
  given server or group of servers. Use --user or --group to delete
  rules to be propagated when the given user or group connect. Use
  the --IP parameter to delete rules to be propagated when user
  connects from the given IP.


Notify me when the FR is implemented.