Microsoft’s Remote Desktop Connection Manager (RDCMan) is gone, it and took the Google Cloud IAP for Remote Desktop plugin with it. But now there is IAP Desktop to supersede both of them.
Cloud computing is all about being able to dynamically scale, provision, and decommission resources or entire environments on demand. But the idea that infrastructure is dynamic clashes with some assumptions Active Directory is built around, and creates a challenge if you run Windows workloads in the cloud.
On Google Cloud, a Linux instance boots in about 30 seconds while a Windows instance takes a full 2 minutes to turn up – why is Windows so much slower?
Twenty years have passed since Microsoft released Windows 2000 and introduced Active Directory to the market. The excitement about Active Directory has certainly ebbed since then – but at the same time, it is difficult to overstate the impact that Active Directory has had on the IT market.
If you have been an MSDN, TechNet, or Action Pack subscriber in the past, you probably remember the binders full of discs that Microsoft used to ship.
If your plan is to develop a tool or desktop app instead of a server-side application, the benefits of application default credentials are less obvious and reusing the user’s personal gcloud credentials instead might seem attractive. But there are some pitfalls.
gcloud manages two sets of credentials, your personal credentials and application default credentials. Having two separate credentials might seem redundant and can cause surprises the first time you use one of the Google Cloud client libraries. But the two credentials serve different purposes.
Installing the Remote Desktop Connection Manager requires administrator privileges. That can be a problem in a corporate environment where you might not have local administrator rights. Fortunately, there is an easy way to overcome this limitation by performing an administrative installation.
Google APIs use OAuth 2.0 for authentication and authorization. To call an API, you first have to obtain an access token for the right scope and then pass it to the respective API by using the
Authorization HTTP header.
But the trouble with access tokens is that they are short-lived, and you somehow have to deal with expiring tokens…
Once you’ve signed in on google.com, the Cloud Console, or any other Google site, your browser session remains valid for multiple days. Not being prompted to sign in over and over again is convenient and at least in typical consumer scenarios, the risk that comes along with keeping the session is limited.
Things can look different in a corporate scenario where users might have access to sensitive data. Keeping sessions alive for 14 days (which is the default) might seem a little risky and might not be in line with an enterprise’s idea of security. G Suite Business and Cloud Identity Premium therefore allow you to change the default session length to a different period such as 8 hours. This setting applies to all Google services, not only GCP.
Recently, Google introduced another way to control session lifetime by allowing you to control the session length for Cloud Console and gcloud sessions.