RES Hyperdrive – Secure those /VA admin pages

RES HyperDrive is configured via a admin webpage reachable on the default web url of the appliance https://fqdn/va. When you connect to the admin page you have to enter the appliance password to be able to configure the HyperDrive appliance.

hyperdrive va

The problem here is that anyone who knows the appliance URL is able to browse to the VA page and there is no option to disable this page on a certain interface. Although you need the appliance password for this this leaves you with a security risk.

The solution proposed by RES Software is to just delete all of the files in the RES Hyperdrive VA folder but this means that you as an administrator are disallowing yourself to ever change anything on the admin pages again.

The nicest thing here would be to have an option to enable/disable the VA admin pages which is not available.

After some searching on the appliance  in the default web site path /var/www/html we see that the /va “folder” is just a symbolic link to /usr/local/nomadesk-vaconfig/……..

RES hyperdrive dirs

This gives us some options because there’s nothing easier then removing a symbolic link with the unlink command. If we would ever need the VA pages again we simply ecreate the symbolic link.

Now we get to the cool part of this blog!

Do you remember we manage RES HyperDrive with RES Automation Manager? Since we do, we have a running Linux Automation Manager agent on the RESvHyperDrive appliance. I’ve created two jobs called enable/disable RES HyperDrive VA pages which are attached to this blog post for your pleasure!

Hyperdrive

Tagged , , . Bookmark the permalink.

About Barry Schiffer

Barry is an IT Architect with 15 years of IT experience. He has gained both a broad and deep knowledge in the sphere of IT. Throughout the years, Barry has developed into a specialist in the field of Microsoft Windows, Server Based Computing, desktop and server virtualisation.Barry is co-founder and member of the Board of the Dutch Citrix User Group.Barry is awarded with the Citrix Technology Professional award in 2015 and received the RES Software Valued Professional award in 2012.

Leave a Reply