Sunday, October 14, 2007

Contacting SoftGrid servers in untrusted domains

In large environments, it is not uncommon to have different setups for a development/test/production environment which typically consist of three domains without trusts. Suppose that you are working on a production workstation and want to launch an application from the SoftGrid server in the test environment, what would you do?

The problem is that the desktop configuration service captures the security token upon the user login, and uses these NTLM credentials to authenticate against the desktop configuration server that was specified in the SoftGrid Client. When there is no trust between the production and test environment, this means that you are presenting unknown credentials to the SoftGrid server in test, and thus you cannot perform a desktop configuration refresh...

One option is to just live with this and start applications from the OSD file. When the SoftGrid client sees that it does not have the proper credentials to start an application, it will query the user for valid credentials...

This can be used to launch applications from a different domain that the SoftGrid server is placed in (or rather: the browser account of that SoftGrid server).

Recently, I read about another option on Justin Zarb's blog, which uses the Windows XP network password features for computers that are not joined to a domain: by opening the XP Users And Accounts control panel, then clicking the user account & then the option "Manage My Network Passwords", it is possible to supply the credentials that should be used to contact a certain server (given its FQDN). when supplying the FQDN of the SoftGrid server that you want to use, you can force the SoftGrid client to use the credentials specified there. Read a full howto on Justin's page.

No comments: