Building libssh2 on Windows: lessons learntLibssh2 is written in plain C and runs on many platforms, including Windows. But to use the library on Windows, you have to build it first – and as it turns out, that is easier said than done. Continue »
Using IAP Desktop for zero-trust SSH accessIAP Desktop 2.13 now lets you connect to Linux instances by using SSH. You can run multiple SSH and Remote Desktop in parallel, all secured by Identity-Aware-Proxy. Continue »
Updating googet packages behind a proxyCompute Engine uses googet to pre-install drivers and other critical system components on Windows VMs. But how do you update these packages if the VM does not have internet access?
Continue »
Using Google Cloud’s “Set Windows password” function on a domain controllerWhat happens if you use the “Set Windows password” function on a domain controller? Continue »
Preventing users from requesting Windows credentials on GCPAfter creating a Windows VM on Google Cloud, users can use the Cloud Console or IAP Desktop to request login credentials. But what are the risks of letting users generate credentials, and is there a way to prevent them from doing so? Continue »
NTrace, 13 years later13 years ago, I wrote NTrace, a dynamic function boundary tracing toolkit for Windows NT inspired by DTrace. NTrace supported both user-mode and kernel mode tracing and, like DTrace, was able to instrument machine code on the fly. Continue »
Does IAP Desktop support .rdp files, or anything similar?If you frequently use Remote Desktop, then you might be used to creating .rdp files for the servers you connect to most often. IAP Desktop does not support .rdp files, but there is an alternative way to open IAP Desktop and connect to a server in a single click.
Continue »
What does the email_verified claim indicate in Google ID Tokens?When you authenticate a user by using OpenID Connect and request the email scope, most identity providers add two additional claims to the ID Token, email and email_verified. The email claim does not need much explanation – but what about email_verified, what does this claim indicate and how does Google populate it?
Continue »
IAP Desktop 2.11Yesterday I released version 2.11 of IAP Desktop. This new version introduces multi-display support and more. Continue »
Compute Engine feature flags controlled by metadataWhen you create a VM instance on Google Cloud, you can optionally specify instance metadata. Instance metadata is a list of key/value pairs and the most common use case for using metadata is passing a startup or shutdown script to a VM. But startup and shutdown scripts are not the only platform features that rely on metadata. Continue »
Using PowerShell in Cloud ShellOne of the less well known features of Google Cloud Shell is that it has PowerShell preinstalled. All it takes to convert your Cloud Shell session into a PowerShell session is to run a single command. Continue »
How IAP Desktop protects TCP tunnelsIn the last post, we looked at the risks of using local port forwarding and how it’s difficult to protect TCP tunnels in a multi-user environment. In this post, we take a look at how IAP Desktop protects its tunnels. Continue »
Hijacking other user’s TCP tunnelsIf you are a frequent SSH user, then you’ll be familiar with local port forwarding. Creating tunnels by using local port forwarding is useful, easy, but also not without risks. Continue »
Using gcloud in Azure PipelinesUsing Azure Pipelines to deploy Cloud Run applications has recently become a lot easier. Continue »
IAP Desktop 2.10On Tuesday, I released version 2.10 of IAP Desktop, introducing proxy auto-configuration support, better AppLocker compatibility and more. Continue »
Onboarding workforce identities to Google CloudIn a company’s journey to the cloud, one of the topics that is important to sort out early is identity management. To do anything meaningful with Google Cloud, employees need to be able to sign in to the Cloud Console – but manually creating user accounts for each employee is rarely a good idea. Continue »
Raising PropertyChanged events with the help of a LINQ expressionIf you have done any modern GUI development on .NET, then you are probably familiar with the INotifyPropertyChanged interface and the joys of implementing that interface.
Continue »
How do I know when my VM is ready to connectWhen you automatically provision VM instances, you might need to know when the initialization has completed so that you can connect to the VM or initiate the next deployment steps. There are a few ways to determine when a VM is ready, so let us explore what these are. Continue »
Creating a CI/CD pipeline with Azure Pipelines and Cloud RunAzure DevOps has come a long way since its humble beginnings as Visual Studio Team System. Especially its CI/CD component, Azure Pipelines, has made some major leaps over the past years and is now actually quite nice to use. Continue »
Goodbye RDCMan, hello IAP DesktopMicrosoft’s Remote Desktop Connection Manager (RDCMan) is gone, it and took the Google Cloud IAP for Remote Desktop plugin with it. But now there is IAP Desktop to supersede both of them. Continue »