Remote Connection Security Challenges

I ran into an issue the other day with a remote connection to one of our customers and thought I would share the solution we came up with.

connect-20333_1920

We started out with the following setup:
1. VMware 5.5 ESXi host
2. Windows 2008R2 virtual machine
3. Sentinel HASP (application security) USB key connected to the host and mapped to the guest
4. RDP Connection to a non-console session on the guest
5. Running applications with the “run as administrator” option

With this set up we were not able to access the HASP key. After a little research, we found the HASP key requires the console session on the guest OS to work properly. This was a big problem for us as it prevented the applications from running.

So we inserted Cisco WebEx into the solution to give us access to the console session by having a user who was logged into the console on the guest VM, join a WebEx meeting from the VM console, sharing the VM desktop and then passed control to us (we were unable to RDP directly to the console for other reasons) through the WebEx session.

The good news is this allowed us to see the HASP key. The bad news is we discovered a new security feature (at least new to us) in WebEx that prevented controlling any applications that were run as administrator using the “run as” command.

run-as

Since the programs we were using needed to be run as administrator to see local disks we were in a bit of a quandary.

The fix we employed to get around the security feature in WebEx was to insert a second machine into the mix. The customer connected this second Windows box to the console session on the guest VM using VMware’s vCenter. We then joined the WebEx meeting from the new machine and shared out the desktop. From there we were able to remotely control guest OS and use the “run as administrator” option to successfully run the applications.

So in recap:
Situation: Gaining access as a Windows guest on a VMware ESX Host with a Sentinel HASP USB Key to run applications using the “run as administrator” option from the console.

Issues: Sentinel HASP requires the console session to see the USB security key. We were unable to RDP to the console directly. Cisco WebEx blocks remote control of applications when “run as administrator” is used.

Solution: Connect a new Windows system to the WebEx meeting, then from that system, connect to the console of the virtual machine via vCenter and then launch the applications on the guest system.

Advertisements

About datalossguru

I am a data recovery engineer by trade, attorney by license, husband, father and coach by choice.
This entry was posted in Business, Data Recovery, IT and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s