Jump to content

  •  

CNers have asked about a donation box for Cloudy Nights over the years, so here you go. Donation is not required by any means, so please enjoy your stay.

Photo

Software to remotely access computer in Observatory

  • Please log in to reply
63 replies to this topic

#26 CltFlyboy

CltFlyboy

    Apollo

  • *****
  • Moderators
  • Posts: 1,293
  • Joined: 06 Dec 2019
  • Loc: Charlotte, NC

Posted 19 November 2020 - 12:01 PM

What would be a good NUC with this feature?  I would assume the VNC link would be cross platform?

Good question. Let me look at the current Intel NUC lineup and get back to you. I'm due for an update myself, I'm still running 7+ year old i5 NUCs (they still work great). Basically anything that calls out vPro should be able to do this since it's built into the processor itself.



#27 CltFlyboy

CltFlyboy

    Apollo

  • *****
  • Moderators
  • Posts: 1,293
  • Joined: 06 Dec 2019
  • Loc: Charlotte, NC

Posted 19 November 2020 - 12:07 PM

On Intel's NUC site, they state this (red text my highlights):

 

Built for Business: Intel® NUC on the Intel vPro® Platform
The Intel vPro® platform delivers the performance, security, manageability, and stability businesses need to be productive and efficient. Look for Intel vPro® platform-eligible Intel® NUC Mini PCs, kits, and boards.

 

https://www.intel.co...s/business.html

 

edit - adding link to an example i5 NUC kit. Note in the specs there is a field for "Intel vPro® Platform Eligibility":

https://www.intel.co.../nuc8v5pnk.html


Edited by CltFlyboy, 19 November 2020 - 12:13 PM.


#28 NoDarkSkies

NoDarkSkies

    Viking 1

  • -----
  • Posts: 859
  • Joined: 21 Feb 2020
  • Loc: Colorado City Colorado

Posted 19 November 2020 - 01:43 PM

Under Windows 10 I just use Remote Desktop and this even has a version for my iPad but hard to use the Mouse.

I use a mid grade Laptop in the Observatory and a Desktop or Laptop in the house less than 50 feet away using WiFi but want to lay a Cat 6 or 7 Cable one day. I use MaxIm DL 6 and Starry Night 8 Pro and copy the File Sets to my Remote Computer to Stack and fine tune them, I really like the Filter in MaxIm DL 6 "Digital Development" Found in Post #7


Edited by NoDarkSkies, 19 November 2020 - 01:47 PM.


#29 GrandadCast

GrandadCast

    Apollo

  • *****
  • Posts: 1,072
  • Joined: 23 Jan 2011
  • Loc: Hill Country, Texas

Posted 20 November 2020 - 08:42 AM

For the local (Private) network, I use Remote Desktop (RDP) on my PC and iPad/iPhone. RDP gives local screen resolution (it’s not a picture of the Astro PC) and I can use dual monitors inside the house. Observatory located 200 feet plus away, has a extra wide single monitor.

 

Internet connection, I used Splashtop for six or seven years on the PC and iPad/iPhone. For my wife’s business I use Splashtop as it is Hipa compliant and is now by subscription ($65 a year) as a secondary connection. VPN and RDP is her main method.

 

Team Viewer is just popular but it’s not really the best.

 

RDP can be setup for an internet connection by using a VPN on your router (best way) or port forwarding the router to the Astro computer for RDP. I prefer Splashtop however for internet connection as I don’t like my router exposing an open port to the internet 24/7.

 

When I need to help a fellow with his SGPro, he will open a port forward for RDP on his router to his Astro computer, I can connect and get the issue resolved, disconnect, and he closes the router port forwarding.

 

Jess



#30 rimcrazy

rimcrazy

    Viking 1

  • *****
  • Posts: 569
  • Joined: 03 Mar 2012
  • Loc: Overgaard, AZ

Posted 20 November 2020 - 11:56 AM

VNC works across any platform.  You need to remember how the keyboards work...ie if you are on a Mac and VNC to a Windows machine Copy/Cut/Paste is CNTL-C,CNTL-X,CNTL-V not CMD-C,CMD-X,CMD-V.  Other than that no worries.  You can use Windows RDT or TeamViewer too.  All will work.  This is not rocket science anymore as there are lots of solutions.

 

NUC's are awesome.  All will support RDT, TeamViewer, VNC.   You can get an Intel NUC or one of the Third party solutions.  There are lots of them out there now.  I'm sure there are AMD solutions that are both cheaper and faster than current Intel NUC's.  You can run either Windows or Linux on them. Up to you with what ever you are comfortable in using.



#31 rgsalinger

rgsalinger

    Cosmos

  • *****
  • Moderators
  • Posts: 9,310
  • Joined: 19 Feb 2007
  • Loc: Carlsbad Ca

Posted 20 November 2020 - 07:32 PM

I'd be curious about how to set up port forwarding on my router to allow RDP to work remotely. While I love AnyDesk, I wonder every night if they are going to cut me off abruptly the way that TV did 2 years ago. I'm going to look into how to do that but if there's a link giving step by step I'd love to see it.. I use port forwarding to get to my digital loggers so I know how to set it up on my router - but I don't know how to set up RDP across a WAN without setting up a VNC.

 

The VNC route always just looks too complicated or requires spending money for a subscription.  I don't worry about the observatory LAN being hacked, maybe I should but I just don't. The computers are only even booted up at night.

 

Rgrds-Ross



#32 GrandadCast

GrandadCast

    Apollo

  • *****
  • Posts: 1,072
  • Joined: 23 Jan 2011
  • Loc: Hill Country, Texas

Posted 20 November 2020 - 10:07 PM

Ross, I think you meant to say VPN. 

 

The internet provided by your ISP gives you a dynamic IP address and that internet IP address will change. So that is a problem. You can buy from your ISP a static IP Address, business website or VPN etc. So knowing your internet WAN IP address changes, your not going to know what it is all the time. So the draw back to RDP, is what the heck is the IP address, now, few hours from now and tomorrow. 

 

When you port forward for RDP to the PC you want to control, you not only have to setup that up in the router, that is a given, but you must find what the internet IP address of the router's WAN is. All the routers I have used has that information, look for WAN or Internet WAN either in the WAN setup or status page. Then remember that IP address may be different tomorrow. If you have a static IP Address then problem solved.

 

Once you know the current internet WAN IP address, you set your router to port forward the RDP port and directed that port to the PC IP address you want to control. Now to remote into it, put the router's internet IP address, just like you do now with your local network when you run RDP. Yep, that easy and it works just like it was on the local (home) network.

 

I haven't look but there are ways to find your internet IP Address. A service or DDNS service where you will run a client (app or program) that has a timed burst of information (packet of data) leaving your home network to a service that then knows your WAN IP address. So when you log into that service you can see what your home internet IP address is. I would think that some would let you login into it using it's IP address and then it will redirect that to your home internet IP address. You see this at work, Team Viewer, Splashtop (the one I use for internet), webcams, smart house login etc., these log into a service, the program inside the home network keeps a connection to that service so that server knows what your home internet IP address is all the time and directs your TV, Splashtop or webcam etc. to your home.

 

Splashtop is just install, create a login and its done. No router configure and simple to use. I am not a fan of Team Viewer. 

 

Jess


Edited by GrandadCast, 20 November 2020 - 10:09 PM.


#33 rgsalinger

rgsalinger

    Cosmos

  • *****
  • Moderators
  • Posts: 9,310
  • Joined: 19 Feb 2007
  • Loc: Carlsbad Ca

Posted 20 November 2020 - 11:05 PM

My observatory has a static IP address so that's not a problem. I can also assign static addresses to the two computers that control the observatory. I already use port forwarding on my digital loggers so I know how to set that up as well. So, that's all well in hand.

 

However, as I looked into this a bit more, I wondered how to connect to both computers at once from my home computer because RDP uses only one port. Do I just create two rules for the different computers with the same port number? When I'm running locally I just type in the names of the computers into RDP and it finds them and connects be in. If I just have one available RDP port, how would I be able to access both of my computers? 

 

I guess that there's no harm in trying since I can always connect into them from using anydesk unless I manage to cause them to drop off the LAN out there.  

 

Rgrds-Ross



#34 my-spot

my-spot

    Ranger 4

  • -----
  • Posts: 302
  • Joined: 07 Mar 2010
  • Loc: South East Michigan

Posted 21 November 2020 - 08:49 AM

There are cloud based remote options such as RealVNC Connect that forgo much of "IT" headaches. However I'm not a big fan of the fees and having my connection info on someone else's servers.

However, for my remote observatory, static IP's were not available from the cellular provider I use. But I do have static IP's at home. My solution has been to use a pair of VPN routers as the gateway for both networks. The remote router automatically "phones home" connecting to the home router. The result is both locations act like they are on the same LAN. This arrangement has been very reliable since I set it up almost 2 years ago. With some creative address and port forwarding on my home network, I can also access the observatory from anywhere.



#35 GrandadCast

GrandadCast

    Apollo

  • *****
  • Posts: 1,072
  • Joined: 23 Jan 2011
  • Loc: Hill Country, Texas

Posted 21 November 2020 - 09:34 AM

So you are paying for a static IP, nice! Having a PC port open for VPN or RDP, a port is still open to the internet world. Think of it like the front door. You may have VPN (brink’s armored security) guy knock on your door or RDP (USPS) knock on your door. Notice both know the house (IP address) and front door (open port number). And a thief could see the house and look for the front door. So there are other secure methods like logging into a service that you observatory connects to then you to the service, then your observatory is not leaving any ports opened. However, your not building a bank security, do like most do, port forward the RDP to one observatory computer, no cost and your done. Use a good password not 12345678. A router that can do the VPN, that would be your next step up. 

 

Ross, once you RDP into one of your observatory PC, that PC you have taken control, you use it to RDP from it to the other observatory PC. You can still copy a file(s) from that second RDP hop directly into your local non observatory computer you are using. The copying files are just as fast too. 

 

BTW it looks like a single hop. To get out of the second hop but stay connected to the first RDP, you undo full screen, then you will see the 1st RDP and the 2nd RDP. Disconnect properly use the start shutdown button then disconnect.

 

The company I worked for 30 years, we would have one computer hooked on a rig, the geo people would RDP into, from that computer the Houston base geo department could then RDP to four other computers in our rig cabin. Heck my wife is using RDP to RDP for her work every day. I knew my Astro Intel PC Stick would still be useful.

 

Sound a bit confusing but it’s easier to just do it than explain it. My wife knows her business really well but not computers and every day she is doing double RDP because of needing two separate and different VPN to two different companies in different states.

 

Jess



#36 CltFlyboy

CltFlyboy

    Apollo

  • *****
  • Moderators
  • Posts: 1,293
  • Joined: 06 Dec 2019
  • Loc: Charlotte, NC

Posted 21 November 2020 - 09:41 AM

I'd be curious about how to set up port forwarding on my router to allow RDP to work remotely. While I love AnyDesk, I wonder every night if they are going to cut me off abruptly the way that TV did 2 years ago. I'm going to look into how to do that but if there's a link giving step by step I'd love to see it.. I use port forwarding to get to my digital loggers so I know how to set it up on my router - but I don't know how to set up RDP across a WAN without setting up a VNC.

 

The VNC route always just looks too complicated or requires spending money for a subscription.  I don't worry about the observatory LAN being hacked, maybe I should but I just don't. The computers are only even booted up at night.

 

Rgrds-Ross

I currently have a Linksys high end router as my main egress point (will be changing to Ubiquiti's gear over the holidays). The Linksys app allows me to punch holes whenever I need them from wherever I am. So I can open the port forwarding for RDP (by default 3389 but I changed mine to stop all the scanners/scammers from seeing it on the default). Then when I'm done I can break it down/close the port.

 

It's the closest thing to a bastion host that I have right now. Actually a bastion is what I'll put in place, but I have to stand up the infrastructure on Azure first and get a VPN tunnel configured. But that's way out of scope here wink.gif



#37 CltFlyboy

CltFlyboy

    Apollo

  • *****
  • Moderators
  • Posts: 1,293
  • Joined: 06 Dec 2019
  • Loc: Charlotte, NC

Posted 21 November 2020 - 09:43 AM

My observatory has a static IP address so that's not a problem. I can also assign static addresses to the two computers that control the observatory. I already use port forwarding on my digital loggers so I know how to set that up as well. So, that's all well in hand.

 

However, as I looked into this a bit more, I wondered how to connect to both computers at once from my home computer because RDP uses only one port. Do I just create two rules for the different computers with the same port number? When I'm running locally I just type in the names of the computers into RDP and it finds them and connects be in. If I just have one available RDP port, how would I be able to access both of my computers? 

 

I guess that there's no harm in trying since I can always connect into them from using anydesk unless I manage to cause them to drop off the LAN out there.  

 

Rgrds-Ross

Change the RDP listener port on one to a different value (example, default is 3389, change the second machine to 3388) then two rules, one for each port that goes to the appropriate host.

 

https://docs.microso... then click OK.



#38 CltFlyboy

CltFlyboy

    Apollo

  • *****
  • Moderators
  • Posts: 1,293
  • Joined: 06 Dec 2019
  • Loc: Charlotte, NC

Posted 21 November 2020 - 09:45 AM

The company I worked for 30 years, we would have one computer hooked on a rig, the geo people would RDP into, from that computer the Houston base geo department could then RDP to four other computers in our rig cabin. Heck my wife is using RDP to RDP for her work every day. I knew my Astro Intel PC Stick would still be useful.

 

Sound a bit confusing but it’s easier to just do it than explain it. My wife knows her business really well but not computers and every day she is doing double RDP because of needing two separate and different VPN to two different companies in different states.

 

Jess

That's called a bastion host and is used for exactly what you say: sandboxed remote admin of systems from untrusted locations. That's the way to go.

 

Here's how we do it on Azure:

https://docs.microso...astion-overview



#39 GrandadCast

GrandadCast

    Apollo

  • *****
  • Posts: 1,072
  • Joined: 23 Jan 2011
  • Loc: Hill Country, Texas

Posted 21 November 2020 - 09:57 AM

Moving a port number helps some but not much. An open port is an open port. Having worked with field people all the time, I use simple analogies, the house still has a door, be it painted green (port number) red, or blue there still a door to get inside.

Jess



#40 rgsalinger

rgsalinger

    Cosmos

  • *****
  • Moderators
  • Posts: 9,310
  • Joined: 19 Feb 2007
  • Loc: Carlsbad Ca

Posted 21 November 2020 - 10:26 AM

This is sounding easier and easier to do. I may try it over the weekend. As long as I don't lose my Anydesk connectivity, either it works or it doesn't.

 

It also solves a problem (minor) that I have with Anydesk. It will only handle one screen at a time. I use a dual screen setup at home and in the warming room at the observatory. RDP allows both screens to be active at the same time. Since I have limited band width (15mbps) and I'm using a google drive to copy the images to the cloud, I really don't want to open 4 connections every night as well. (I guess I should give it a try sometime.)

 

It just never occurred to me to use port forwarding along with RDP, so again thanks. The observatory computers have only local admin accounts with strong passwords. Not much there to actually steal that I can think of. They really aren't prime targets - no voting machines or bank accounts attached to them. 

 

 

Rgrds-Ross



#41 NoDarkSkies

NoDarkSkies

    Viking 1

  • -----
  • Posts: 859
  • Joined: 21 Feb 2020
  • Loc: Colorado City Colorado

Posted 21 November 2020 - 10:56 AM

A note on the Remote PC, I only Image and go to the next target re-setup guiding and then start the next round of images.

I then copy the image folder to my local computer and process them from there.

I do not disconnect from the Remote PC I only minimize Remote Desktop.

"Remote Desktop Connection" mstsc.exe

I have Not Tried the new App Version of Remote Desktop.


Edited by NoDarkSkies, 21 November 2020 - 11:02 AM.


#42 CltFlyboy

CltFlyboy

    Apollo

  • *****
  • Moderators
  • Posts: 1,293
  • Joined: 06 Dec 2019
  • Loc: Charlotte, NC

Posted 21 November 2020 - 11:20 AM

Moving a port number helps some but not much. An open port is an open port. Having worked with field people all the time, I use simple analogies, the house still has a door, be it painted green (port number) red, or blue there still a door to get inside.

Jess

Yes, of course, but as I said, I only open the actual router port itself when I need to connect, then close it afterwards. That minimizes any potential risks involved. If people are really that concerned then adding MFA to the process could be done, or separating out to a specific bastion host that's only job is to allow remote access, and then to only specific destination/compute processes.

 

I've been an IT architect for a long time and honestly have never seen anyone hacked on the RDP port as long as they use standard security best practices (strong passwords are a must, especially for the non-enterprise level home user who might not be able to setup bastions or MFA).


  • GrandadCast likes this

#43 MJB87

MJB87

    Gemini

  • *****
  • Moderators
  • Posts: 3,081
  • Joined: 17 Feb 2014
  • Loc: Talbot County, MD & Washington, DC

Posted 22 November 2020 - 03:51 AM

Quick warning about port forwarding. Many ISPs have started moving to what is called CG-NAT. Basically this means your WAN address is shared. It makes port forwarding extremely difficult if not impossible, My home (60 miles from the nation's capital) does not have access to cable internet. Our primary ISP is ATT Mobility, which employs CG-NAT. We keep our slow and unreliable satellite internet service (Viasat) as a backup in part because it still allows for port forwarding. The combination is quite costly.


  • CltFlyboy likes this

#44 CltFlyboy

CltFlyboy

    Apollo

  • *****
  • Moderators
  • Posts: 1,293
  • Joined: 06 Dec 2019
  • Loc: Charlotte, NC

Posted 22 November 2020 - 09:50 AM

Quick warning about port forwarding. Many ISPs have started moving to what is called CG-NAT. Basically this means your WAN address is shared. It makes port forwarding extremely difficult if not impossible, My home (60 miles from the nation's capital) does not have access to cable internet. Our primary ISP is ATT Mobility, which employs CG-NAT. We keep our slow and unreliable satellite internet service (Viasat) as a backup in part because it still allows for port forwarding. The combination is quite costly.

All the problems IPv6 was going to fix, right? I think we'll never move away from IPv4 grin.gif  I can't stand how ISPs (mobile ones particularly) are doing that. But I get it, they only have so many Class A address blocks they own and their user bases continue to grow like crazy. 


  • RSX11M+ likes this

#45 MJB87

MJB87

    Gemini

  • *****
  • Moderators
  • Posts: 3,081
  • Joined: 17 Feb 2014
  • Loc: Talbot County, MD & Washington, DC

Posted 22 November 2020 - 02:08 PM

Agreed. My ISP's support team didn't even know what carrier-grade NAT was. And when I asked about IPv6 they thought I was crazy.



#46 DaveB

DaveB

    Surveyor 1

  • *****
  • Posts: 1,682
  • Joined: 21 Nov 2007
  • Loc: Maryland

Posted 16 December 2020 - 10:07 PM

 

I have Not Tried the new App Version of Remote Desktop.

I tried it for a bit, but I found it to be not completely reliable. My Obs is in my backyard, and I put in an underground Enet connection, so security isn't a huge issue for me.

 

I went from TeamViewer to TightVNC when I had a stick PC running W10 Home. TV was too resource intensive for the little PC stick that could...

 

Now I have two miniPCs (headless) running RDP, and it is better than either TV or VNC in my opinion. In my home, I have a three monitor setup, with an RDP session on two of them.



#47 *skyguy*

*skyguy*

    Skylab

  • *****
  • Posts: 4,113
  • Joined: 31 Dec 2008
  • Loc: Western New York

Posted 16 December 2020 - 10:13 PM

TightVNC ... free, fast and reliable.



#48 EdM2

EdM2

    Mariner 2

  • *****
  • Posts: 201
  • Joined: 08 Mar 2011

Posted 17 December 2020 - 12:26 AM

I would vote for Remote Desktop.  I have used it for years and get instant response, perfect video/audio, and high reliability.  The fact that it is also free is an added bonus.



#49 Lord Beowulf

Lord Beowulf

    Vendor - Orion Ranch Observatory

  • *****
  • Vendors
  • Posts: 2,251
  • Joined: 13 Oct 2008
  • Loc: Cedar Park, TX

Posted 17 December 2020 - 04:54 PM

So my setup is remote through a tethered cell phone with low bandwidth and spotty connectivity.  I've used a number of different methods starting back with Hamachi before they were bought and became GotoMeeting with pay-only options.  I'd also used a few others but none were that great at the time.  TeamViewer came along not long after Hamachi disappeared and was really a lifesaver, but with my world traveling and logging in from all over the country as well as Europe and Asia, I was constantly having to get them to re-enable it because I WASN'T using it for business even though I'd occasionally trigger their lockout.  I'd also set up with a VPN tunnel between the observatory and my home network so I could use Remote Desktop, but my experience with that was always that it was a resource hog when it came to bandwidth.  TeamViewer is much better about giving me the ability to optimize for viewing/speed and still giving me a good desktop image.  As other people alluded to, I also didn't like the local lockout from remote desktop when I was in remote, although I did come up with a batch file/command line approach for logging out and leaving the remote user logged in. 

 

That said, I've dumped both in favor of Chrome Desktop, which at the moment is completely free, and while not the most robust interface, generally works well for my application.  I still keep TV running as a backup when things glitch out with Chrome, which happens regularly enough (although occasionally it's TV that won't work when Chrome does, so go figure!).  Chrome also isn't as tolerant of an intermittent connection, and Microsoft is horrible about it.  However, the main thing that finally had me kill the constant VPN connection (that enabled remote desktop) between home and the observatory was that after having to replace my home router I kept having problems with devices on my home network getting their DHCP information from the remote side server!  After realizing that the reason my XBox One was telling me it was going to take over a week for me to play my new Borderlands 3 disc was because it was trying to download the over a gigabyte update by VPNing out to the observatory (over the phone link) and downloading it (BACK through the phone link) through the observatory and back to the house, I finally said that was enough!  (Since then I finally switched the new router to DD-WRT and could probably go back and fix the bridge, but it's really not worth it at this point.)

 

Just one more complexity of this lovely hobby!

 

Beo


Edited by Lord Beowulf, 17 December 2020 - 04:56 PM.


#50 Phil Sherman

Phil Sherman

    Soyuz

  • *****
  • Posts: 3,501
  • Joined: 07 Dec 2010
  • Loc: Cleveland, Ohio

Posted 18 December 2020 - 10:51 PM

I faced a slightly different issue with a remote observatory. The observatory is shared between two owners who live both thounds of miles apart and from the observatory. A complicating factor is that this is a facility with multiple observatory buildings. There's no AC power available for the observatories which are all run on DC batteries with solar and sometimes wind generators. The internet connect is an ISP provided high speed wireless link to their local consolidation site, a line of sight distance of a couple of miles. The ISP's fixed ip address is fed to a master router thst uses port forwarding to isolate individual buildings. The observatories with the highest security have a single port forwarded to the observatory router. This port is used to access the router using vpn software. Once a user connects to the observatory vpn, his local computer is effectively inside the building allowing direct access to any ip device that is installed.

 

My shared observatory faced a different problem. We each run our imaging rigs using our own computers in the observatory. There's a need for each of us to have current information on the building status. Our solution is to use a separate computer to control all building functions. This is a Raspbery Pi running a split java application that immediately distributes critical building status information to all computers running the user interface portion of the application. I have, on occasion, run the application on the pi with remote display of the status on my local computer while running a second copy on the local computer and a third on my mount control computer. (This was also done as part of the application testing.) . If I turn on my pier power using any of the displays, the status change shows up immediately on all of the other displays.

 

The pi controls pier power for both piers, separate power for my partner's cameras, the roof, lights, and if we do need AC power, the inverter that's installed. The inverter did require some simple modification to allow a remote on/off function. Sensors on the roof tell the pi that the roof is fully open or closed. These are used to control the DC roof motor. If there's glitch in the motor stop function, a second set of sensors will drop power to the motor, preventing additional movement in that direction. Each of our scopes has a parked sensor that is fed into the pi too. If a parked sensor fails, the software allows an override to allow roof movement anyway. We have a webcam that is also used to monitor the scope positions and provides a backup for the park sensors. I also use the pi to power up my computer using its wake-on-lan hardware function. Information about local weather and images from an all sky camera are sent to the pi for consolidation, formatting, and transmission to an internet accessable web site.

 

This setup has been in use for over 5 years with a single failure caused by the pi's sd card failing. We keep a spare card with the pi and a simple swap to the new card by our on site person fixed the problem.




CNers have asked about a donation box for Cloudy Nights over the years, so here you go. Donation is not required by any means, so please enjoy your stay.


Recent Topics






Cloudy Nights LLC
Cloudy Nights Sponsor: Astronomics