This feature applies only to NoMachine Cloud Server (CS) version 6 or later.
A new option, --forward-connection, will permit administrators to specify to which server, among those servers federated under the CS, the user's connection will be directed. When this option is set, user will not see the list of the available servers federated under the CS, but will be immediately routed to the given child server.
The user's connection will be directed to the child server according to the client's protocol (NX or SSH) and the forward method set for the federated server. Supported methods are: token, system and tunnel. Note that in case of foreign servers (Unix-based hosts not running NoMachine software) the forward method necessarily has to be 'tunnel' or users cannot be directed to such host. See also https://www.nomachine.com/FR03O03376 for more details about the available options for setting the forward method via the the nxserver --serveradd/serveredit commands.
The --forward-connection option can be set on a per user-basis or on a per-group basis.
When the user belongs to multiple groups, the directive set for the group with highest priority overrides the other settings.
Differences between the --redirect option and the new --forward-connection option
The --redirect directive, already available with servers v. 4 and 5, can be applied to route the user's connection to whichever NoMachine server. The --forward-connection directive, a feature of Cloud Server v.6, permits to assign users to a specific server being part of a multi-host infrastructure. It therefore requires that the given server is federated under a Cloud Server.
How to set the --forward-connection option
There are two ways:
a) by using server commands to add and edit users and groups of users (nxserver --useradd/groupadd; nxserver --useredit/groupedit)
or:
b) by setting a profile rule.
These two methods are fully equivalent, in case of guests users (system accounts automatically generated on demand) it's necessary to use profile rules.
Server commands in detail
1) Server commands to add/edit/list users
--useradd <username> [--system [--home <homedir> | --nohome]
[--gid <gid>] [--uid <uid>]]
[--administrator]
[--redirect <server:port>]
[--group <groupname>]
[--trusted [virtual | physical]]
[--screensharing yes|no]
[--forward-connection <server:port>|<uuid>]
Add the user to the NoMachine backend when a system account already
exists for this user. Inserting a password is requested if server is
configured to use the NoMachine password. Specify --system to create
the system account if it doesn't exist yet. In this case --home or
--nohome, --gid and --uid can be given to override system or server
configuration. These options are not available on Windows platforms.
Specify --administrator to grant NoMachine administrative rights to
the user. If server supports redirection, use --redirect to set IP
or hostname and port for the NoMachine server where connections run
by this user are forwarded. Specify --group to add the user to an
already existent group of users. Use --trusted to allow the given
user to connect to another user's desktop without the need for the
owner's approval. Specify 'virtual' or 'physical' for limiting the
--trusted authorization to connections to physical desktops or to
virtual desktops only. When sharing the physical desktop is enabled
in the server configuration, use --screensharing to preconfigure
personal user's settings and allow or forbid connections to the
user's physical desktop. The user will be still able to change this
setting from the GUI inside the session. Use --forward-connection
to forward the user's connection to a federated server identified by
its name (<server:port>) or id (<uuid>) as it appears in the output
of the 'nxserver --serverlist --extended' command.
--useredit <username> --redirect <server:port> | --group <groupname> |
--trusted virtual | physical | none |
--administrator [yes | no] |
--screensharing [yes | no] |
--forward-connection <server:port>|<uuid>
Use --redirect to modify IP or hostname and port for the NoMachine
server where connections run by the user are redirected. Specify
'--redirect none' to disable redirection for this user. Use --group
to add the user to a group of users and '--group none' to remove the
user from that group. Use --trusted to allow the user to connect to
another user's desktop without the need for the owner's approval.
Specify 'virtual' or 'physical' to limit the --trusted authorization
to connections to physical desktops or to virtual desktops only.
Provide 'none' instead to remove this ability. Use --administrator
to grant NoMachine administrative rights to the user, or specify
'no' to remove them. When sharing the physical desktop is enabled
in the server configuration, use --screensharing to configure
personal user's settings and allow or forbid connections to the
user's physical desktop. The user will be still able to change this
setting from the GUI inside the session. Use --forward-connection
to forward the user's connection to a federated server identified
by its name (<server:port>) or id (<uuid>) as it appears in the
output of the 'nxserver --serverlist --extended' command. In order
to disable auto-forwarding for this user, use ‘--forward-connection
none’.
--userlist [<username>][--guest [--home] | --administrator | --trusted |
--screensharing yes|no]
List all users present in the NoMachine backend and enabled to log-
in. If --guest is specified, list only guest users enabled to login
In this case when --home is given, list guests still having their
system home, but already expired. If --administrator is specified,
list only NoMachine administrators. If --trusted is provided, list
only users allowed to connect to other users' desktops without the
need for the owner's approval. Provide '--screensharing yes' to
list only those users with a personal configuration that allows the
sharing of their physical desktop. Use '--screensharing no' to
see which users disabled the sharing of their screen. When
<username> is provided, display details only about this user.
When --forward-connection is set, the output of the 'nxserver --userlist' command displays the target server (identified by its uuid) in the 'Forwarded to' field:
nxserver --userlist
NX> 149 NX users list
53532db3-0626-4074-ae50-a87ab1f84538
The output of the 'nxserver --userlist <username>' command provides information about the given user in the following format:
nxserver --userlist nxtest01
NX> XXX NX Details for user 'nxtest01':
Redirected to:
Trusted for: virtual
Screen sharing: enabled
Access: enabled
Forwarded to:
GroupnamePriorityRedirected toTrusted forUsersForwarded totesters1 physicalnxtest01,nxtest0253532db3-0626-4074-ae50-a87ab1f84538
3) Server commands to set and manage profile rules
The general format of the server command to set a profile rule to forward the user's connection to the target server is:
nxserver --ruleadd --class server --type forward-connection --value <server:port> OPTION
The target server is identified by its name (<server:port>) or id (<uuid>) as it appears in the output of the 'nxserver --serverlist --extended' command.
OPTION can be any of the following:
--system
to apply the rule to all users connecting to this Cloud Server.
--user USERNAME
to set the rule on a per-user basis. The rule will be applied to the specified user only.
--guest
to apply the rule only to guest accounts.
--group GROUP
to set the rule on a per-group basis. The rule will be applied to the specified group only.
