Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IMON Server in use #659

Open
OERCA opened this issue Apr 16, 2022 · 2 comments
Open

IMON Server in use #659

OERCA opened this issue Apr 16, 2022 · 2 comments

Comments

@OERCA
Copy link

OERCA commented Apr 16, 2022

Firstly, LOVE IAP, thank you for your work on this tool. Second, apologies if this is the wrong place for this feature wish list item. I did look in documentation and could not find anything like it (Active IAP tunnels is close).

There are several of us that access our VMs via IAP. We currently use our own page to indicate who is on what server (but it requires user discipline). It would be fantastic to have a feature in IAP to see who is actively on each VM, and when necessary the ability to ping them with a "Waiting for this server" message. Thank you (and if this should go somewhere else please let me know).

IAP_illustration
@jpassing
Copy link
Collaborator

That's an interesting idea, and I can see how such a feature could be useful.

I'm not sure if it's feasible to implement though...

  • The IAP API doesn't provide a way to track or list who's opened a tunnel, and to which VM. And even if it did, an active tunnel doesn't necessarily mean that a user still has an open RDP session.
    Note that the Active IAP tunnels window only shows your own tunnels, so it's not really useful here.
  • It might be possible to query the list of active RDP sessions over WinRM and WMI. But that approach would be pretty slow as each VM needs to be queried individually. It also requires the firewall to permit WinRM access over IAP.
  • IAP Desktop could share the information who's using which VM using some custom backend. From a technical perspective, that would definitely work. But because it's PII that's being shared, such a backend (even if self-managed) would be delicate from a security and privacy perspective.

In some basic way, the Event log window already provides some similar data. If you've enabled data access logs for IAP, then the window shows you who connected to a VM over IAP:

image

It doesn't indicate whether the user is still connected, but maybe that's good enough?

@OERCA
Copy link
Author

OERCA commented Apr 19, 2022

Thank you for such a thorough response. I appreciate the reflection. I wonder if it would be useful to simply make it a user enabled feature? That would require users to manually indicate they're "on" and "off" VMs (which is what we do now just in a separate app). I see how that may not be universally accepted as practical, but to some (like us) it might. Thanks again for the consideration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jpassing @OERCA