Skip to main content

Appendix A – Integration with symlink use case

Actors:

User, User Portal, Spark Gateway

Preconditions:

User Portal

  • Have user credentials in plain text.

Spark Gateway

  • Configure password in gateway.conf.
  • Allow IP addresses of User Portal to access the Spark Gateway API (Optional, Admin Manual 3.25).
  • Create RDP servers with config.html or HTTP API (Integration Guide 4.1), and make it as a white list.
  • Allow symlink access only by setting symlinkOnly = true in gateway.conf. Server id or address will not be allowed to create a connection.
  • Disable VNC access by setting vnc = false in gateway.conf (SSH, Telnet are disabled by default).

Basic flow:

  1. User login to User Portal.
  2. (optional) User Portal create a server on Spark Gateway with HTTP API if that server is not created yet:
    http://gatewayAddress/SERVER?id=serverId&displayName=Name&server=hostName&gatewayPwd=passwordInGateway.conf&...; Check if server exists: http://wthink/SERVER?action=list&gatewayPwd=21232f297a57a5a743894a0e4a801fc3&id=serverId;
    The gateway will return HTTP Status code 500 and {"error:": "not found"} in JSON format.
  3. User Portal create a symlink on Spark Gateway with HTTP API:
    'http://gatewayAddress/SYMLINK?symlink=symlinkId&server=existingServerId&validTime=8h&gatewayPwd=passwordInGateway.conf&parameters=' + encodeURIComponent('user=domainUser&pwd=domainPassword&domain=domain');
  4. User portal construct a connection link and display it to user:
    http://gateway/rdpdirect.html?symlink=symlinkId&displayName=nameOnBrowserTitle; or use the Spark View JS library directly to create a connection:
    var rdp = new svGlobal.Rdp(‘wss://gateway/RDP?symlink=symlinkId&..’, width, height, color);
  5. User click the link and connect.
  6. User portal delete the symlink when user exist or close the browser:
    http://gatewayAddress/SYMLINK?symlink=symlinkId&action=delete

Pros:

  • Easy and secure.
  • Symlink will be invalid or deleted and it cannot be reused by other.
  • No need to send the user credential to the browser side.

Cons:

  • User domain credentials need to be sent to the gateway in plain text.