newbie question about port forwarding and remote connection

[Nicola Schwendener]

Hello all,

I'm totally new in Qubes OS. I'm moving from Windows and a "single" OS doing all... 

I'm posing some (stupid) questions that maybe I understand better how to migate it:

Right now I've NoMachine running on my windows pc, allowing connection through sshd daemon and let me doing whatever I want on the PC 

how can I accomplish that on qubes? If I install on the fedora template, how can I manage the application to run (and in which AppVM)? 

I don't think is the case to expose the dom0 in order to allow working remotely as I were at home.

thank you very much

best regards

Nick

[Eva Star]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Simple migration way for Windows user:

1) Buckup all of your Windows data to USB Flash with all programs and
add to it some windws.iso to install it on Qubes.
2) Install Qubes Os
3) Install Windows on Qubes using windows.iso
4) Mount you flash USB to FedoraVM that is available by default and
copy all your data&programs to your new virtual Windows.
5) Use Windows as you do it regular and learn QubeOS in parallel.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXemouAAoJEGSin3PC/C0AemAP/jwD7msDUuFYpXjZnmdZ9UDp
WGbTpGbHlrtOPbJld4KyByyTvA83fWmlNJ5rmLhruV6PW0KX/xSivS8JjvndU8Vo
/hN2Cb+PCp4Vf3ZyweItfp0INmxig4uy8yiqftR7aNvNj/Iqd1kMUKYFQZaV6QQD
8PTdGqn3MtVLk97iHRImnuInuPDcizq5+10x1gXYkFZN7NSJJ99mLd93giZvzK+I
iggSv947YiGR93fXxb7/ePX4QhDVHJQS3BwYZqafdAvRLP/S+Di2z9t3UtUE+XBy
esr5LBFXzksiqULj71h/E1aBo1uA+0siSaUGZJXmuiS9tgbYjWak7hfyVYn1Xx4n
+43mDnUIPH6BfgUt1tIlkRtOlfL4XiDGhDVJGRGTtWyTSBUEfFbahU6GWaRZcW1N
fYTZctu56qt6V2AY8huw6FWgviPmWg1UqH56nValGMDvV+hQyJz2GZdJtWeDwIMT
48yTlkQB8IctF5xa1oOhZ9QHpujwL/WBNGLg+YPmiGWlbtIXw9jlQYhFxu7mquO+
4AmhRNTtcAlTmxbB0Q3QbEM3HsDvT1beynYhdq7LeCs2k/gcICL2stCy0b5H7m13
xBPtK9nI6syaMwgYEDwaGw7PWskSVjvSh0V1S1sG1m2XruKfujgW1MGNohvVlfao
SP4b43P8FsJ8LwnGoCp8
=yUKV
-----END PGP SIGNATURE-----

[Chris Laprise]

> --

Hi,

There is a helpful guide on port-forwarding for Qubes appvms:
https://www.qubes-os.org/doc/qubes-firewall/

You could install nomachine in either a template or a standalone appvm.
If you do the former, you may want to also use 'systemctl disable' on
the nomachine service in the template... then you would enable it in the
appvm which uses that template. (You would have to re-enable it each
time you booted the appvm, however.)

With a standalone appvm, installing the software is much the same as any
regular OS. You just have to take care of port forwarding (see above link).

dom0 isn't a networked domain, and its against Qubes security philosophy
to access it remotely. Of course, you can find ways to circumvent this.

Chris

[Eva Star]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

What settings do you really need?

Just re-install all software that you need at Windows for first time.
After you get comfortable at new OS. Gradually move to linux apps and
Qubes App Domains.

Do not listen for developers who suggest to somehow create image from
your already instated Windows, then move it somehow to Qubes, then
convert it to Qubex/Xen format. It's too difficult to start from that
point the study of new system :) I know it from my experience.


On 07/04/2016 05:43 PM, Nicola Schwendener wrote:
> Hi Eva, this isn't a bad solution, but I'm using windows 8.1 and
> settings between windows versions (a least some) are different. but
> this idea isn't bad at all!! thank you best regards Nick

>
> On Monday, July 4, 2016 at 3:52:51 PM UTC+2, Eva Star wrote:
>
> On 07/04/2016 04:29 PM, Nicola Schwendener wrote:
>> Hello all, I'm totally new in Qubes OS. I'm moving from Windows
>> and a "single" OS doing all... I'm posing some (stupid) questions
>> that maybe I understand better how to migate it: Right now I've
>> NoMachine running on my windows pc, allowing connection through
>> sshd daemon and let me doing whatever I want on the PC how can I
>> accomplish that on qubes? If I install on the fedora template,
>> how can I manage the application to run (and in which AppVM)? I
>> don't think is the case to expose the dom0 in order to allow
>> working remotely as I were at home. thank you very much best
>> regards Nick
>
> Simple migration way for Windows user:
>
> 1) Buckup all of your Windows data to USB Flash with all programs
> and add to it some windws.iso to install it on Qubes. 2) Install
> Qubes Os 3) Install Windows on Qubes using windows.iso 4) Mount you
> flash USB to FedoraVM that is available by default and copy all
> your data&programs to your new virtual Windows. 5) Use Windows as
> you do it regular and learn QubeOS in parallel.
>
>
>

> -- You received this message because you are subscribed to the
> Google Groups "qubes-users" group. To unsubscribe from this group
> and stop receiving emails from it, send an email to
> qubes-users...@googlegroups.com
> <mailto:qubes-users...@googlegroups.com>. To post to this
> group, send email to qubes...@googlegroups.com
> <mailto:qubes...@googlegroups.com>. To view this discussion on
> the web visit
> https://groups.google.com/d/msgid/qubes-users/19f9c6cf-543d-4bfd-85ec-
8f8e18fbf812%40googlegroups.com
>
>
<https://groups.google.com/d/msgid/qubes-users/19f9c6cf-543d-4bfd-85ec-8
f8e18fbf812%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXeneTAAoJEGSin3PC/C0AbUQP/1pv/3gKXtgj7ulfzOZvW8yn
wB7h4S66NuLqoaxPGGlUQbxOlWCF+vaWS+nJHu/qmDYeK2mBpgiPSJikzSxIgHxN
+eY/+8DJxwbe/IYt1uFuJKIsBUsuGXJT94+cdVHxkqSVhUtvj3yKRTz/kOi2NusI
qg1Ex4RH5siL01Vfvu+Oo01FsN8x4gNXatrKnV9AarVlrSIjHOO1oUo67+nKechX
LC3QURUfz4Vx7y655jYrjfnMPooeZMkWITxyMrQmjOWo3e737Pb2Oc0wHYtPgq8L
yZ5OBTfrghRiSnTVkI6DH2pX1ENma2FO3Rv7N7DgKnO4COPrbx390u2sLD9WEzcG
DgKgFdg5MSS+RZdx7VraQcfouLInhdctVYnNABOdDQt88UErltmEJeMYXkTp2toz
c9n5gXGZqk74JtSxbSFxFnPqhyv0xvfBnbzvLyytGLdwNdMiuJteugUUb71EEbFG
+KRKu+vsUP7LmW73Nsarp+Qrucv+eZZGdYtwWevCedA0RWsN5il+0h0D/xf5aaW3
QW0sJKDJGrzWAqHcoQnEO7BSsa/idNHSAPhWR72dyOr9rUhHntOwCWVBwX+YIP7G
1cwlOsa6wzZvM0qinDJl0R1FsuSedwe9VRlMPVeesf3X9eTWUiwz9X4MzxbdHsla
m2XcbwQ/NIWUZYHHoEnH
=xc2m
-----END PGP SIGNATURE-----

[Nicola Schwendener]

Hi Eva,

thank you for your reply. Reinstalling the entire windows OS is ok. I've a lot of services running in background right now (synchronization, protection, antivirus, ...). would they work normally? do you recommend to use AV, antimalware, ...? 

and I've to use photoshop and lightroom (which I've purchased). do they run in a HVM environment?

there's a way to automount external disks (I've an ssd for the OS, and some HDD in raid for the data) on HVM.

[Eva Star]

> thank you for your reply. Reinstalling the entire windows OS is ok. I've a lot of services running in background right now (synchronization, protection, antivirus, ...). would they work normally? do you recommend to use AV, antimalware, ...? 
> and I've to use photoshop and lightroom (which I've purchased). do they run in a HVM environment?

I have not tried to install these applications into windows HVM. I guess that they will run, but with strange usability speed. Because there is no GPU for Photoshop&Lightroom to draw images on Windows HVM. As I know you can pass-through your secondary GPU to Windows and this will work fine, but I do not have secondary GPU and display to test it

Maybe for Photoshop&Lightroom tasks you can boot from the secondary hdd where Windows and applications available?

Or there is some alternative applications at Linux to draw and edit images: GIMP, and I found Krita 3.0 (plane to test it very soon, screenshots looks well)

About Antivirus:
I do not use them on Windows. I think for your is better to forget about "Windows way" and start to learn the conception of Qubes and use other VM for download and run apps, then open files at disposable VM. And of course install software only from trusted sources.

About synchronization:
You can setup some... But are you really sure that you want to share your data across internet? :)

> there's a way to automount external disks (I've an ssd for the OS, and some HDD in raid for the data) on HVM.

Yes, they mount automatically when attached to some Linux based AppVMs. If filesystem is NTFS, then you can work with them.
And for today windows HVM does not support this feature :)

[Nicola Schwendener]

> > and I've to use photoshop and lightroom (which I've purchased). do they run in a HVM environment?
>
> I have not tried to install these applications into windows HVM. I guess that they will run, but with strange usability speed. Because there is no GPU for Photoshop&Lightroom to draw images on Windows HVM. As I know you can pass-through your secondary GPU to Windows and this will work fine, but I do not have secondary GPU and display to test it

You mean I've to install a separated graphic card? well I could try.. then I will use in the windows HVM?... I will try...

> Maybe for Photoshop&Lightroom tasks you can boot from the secondary hdd where Windows and applications available?

this could be a solution but I want to secure my entire pc... for a migrating period is ok, then I wish to have a "single boot option"

> Or there is some alternative applications at Linux to draw and edit images: GIMP, and I found Krita 3.0 (plane to test it very soon, screenshots looks well)

I know, but since I've already paid for them...

> About Antivirus:
> I do not use them on Windows. I think for your is better to forget about "Windows way" and start to learn the conception of Qubes and use other VM for download and run apps, then open files at disposable VM. And of course install software only from trusted sources.

ok thank you

>
> About synchronization:
> You can setup some... But are you really sure that you want to share your data across internet? :)

yes, these are cloud backup (crashplan and sugarsync).

> > there's a way to automount external disks (I've an ssd for the OS, and some HDD in raid for the data) on HVM.
>
> Yes, they mount automatically when attached to some Linux based AppVMs. If filesystem is NTFS, then you can work with them.
> And for today windows HVM does not support this feature :)

... this is the most important question: you mean I cannot attach a second disk to my HVM windows? or I cannot attach automatically on startup?

thank you again
best regards
Nick

[Nicola Schwendener]

Eva,
another question:
should I use the HVM or HVM-Template for the windows VM?
what the main difference between them in a Windows VM?
best regards
Nick

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

If you haven't already had a chance to read these pages, you may find
it useful to learn about how TemplateVMs work in general:

https://www.qubes-os.org/getting-started/
https://www.qubes-os.org/doc/templates/

The basic TemplateVM principle is the same when it comes to Windows
TemplateVMs.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXfSP6AAoJENtN07w5UDAw+BAP/1sn4le0yUqnnQgu7C1tyYYP
GCNQNBtvT7qoR2VbJjvtQxxO98dgyyTbveqtt0CO150f9WRTxUVjw/J8DHT3IcPQ
bPp0dbOLUKTvomIItVDEz5T52dQH0lmsX2RjO7jt5xSEhUTNAPEVR1wrsZG77B6e
NVZCIoWURYuEcyvR43cfFFpAJJcqWk2S0geTKDSU4Szow89PigINPVClNpxqHrEF
AGuDSrammiC/kgka5nEmMFkOMysBhAtWrsgESfszcKl0uTIbhh9Xs7NttbIOJaqX
/5M7EWO57F5dOhBn1YMMgQBS7SXmpRWtxJ9+FT+9zwEDaGy90pL3dXfLVx4CaAF9
6SE7jQScAGu4fd7M+0+6PcsukUIbStcliW6H0xUd0lzKzxmEx/fxR7UXu4/BC/HZ
Y0+dnW7+e6d/DT93Uo2Wz8rS2xNDwMTaF0oRSAtoHRc+Wuo3+Kdfsofbr7NuHXB2
veVdv6o08fooFTgjvdE3tIangz+y4sF51zXaxpVxPQd3SEghQVkyYHyclRrDzVWQ
x+aM6yPm1J8XPppA0YwOQz6paMEFrhv0Y8olYqzsR6tDQCzx+DwX6AQ6RB5q+0Yl
xKl6DdHYSMlBkXqsVnjKGsyF/l3wmgRXgS4jTL2fNotrvll09WJFmox0lk9Fg2m0
9rI7inGrEnEiUfWdAE8M
=FWny
-----END PGP SIGNATURE-----

[Eva Star]

>>> and I've to use photoshop and lightroom (which I've purchased). do they run in a HVM environment?
>>
>> I have not tried to install these applications into windows HVM. I guess that they will run, but with strange usability speed. Because there is no GPU for Photoshop&Lightroom to draw images on Windows HVM. As I know you can pass-through your secondary GPU to Windows and this will work fine, but I do not have secondary GPU and display to test it
>
> You mean I've to install a separated graphic card? well I could try.. then I will use in the windows HVM?... I will try...
>

Yes, and monitor... And it's not currently guaranteed at Qubes that such
configuration will work. Anyway, I suggest to start with a study of the
system.

>
> ... this is the most important question: you mean I cannot attach a second disk to my HVM windows? or I cannot attach automatically on startup?
>

Yes, you can not attach it to windowsHVM by default. You can enable this
option, but (currently) it can lead to data loss.

But you can attach your other disks to any other unix based AppVMs and
download files, then move files to WindowsHVM without any troubles.

[Nicola Schwendener]

Hi Andrew,
thank you very much for your reply... I understood the templateVM in a linux environment, but my doubts are on a windows template hvm. Windows normally changes many files during normal operations (open documents, ...) normally in the programdata folder. in a normal hvm I guess these files will be updated, in a template-hvm no... is it correct? then how can works third party services in a template-hvm? do they interact with the user?
thank you very much.
best regards
Nick

[Nicola Schwendener]

Hi Eva,
thank you very much for your time and your answer:

> > ... this is the most important question: you mean I cannot attach a second disk to my HVM windows? or I cannot attach automatically on startup?
> >
> Yes, you can not attach it to windowsHVM by default. You can enable this
> option, but (currently) it can lead to data loss.
>
> But you can attach your other disks to any other unix based AppVMs and
> download files, then move files to WindowsHVM without any troubles.

I think I cannot understand... I've a bunch of disks in raid (almost 4TB) that are currently a second disk in a Windows environment. These data are documents, photo (>100'000), videos (>10'000), music....
when you say:

> But you can attach your other disks to any other unix based AppVMs and
> download files, then move files to WindowsHVM without any troubles.

you mean I've to copy or to move from the data disk mounted on a Linux appVM to a "temporary" folder in windows, edit (or do whatever I want) and then move back to the linux appvm and back to the data disk?
I imagine doing that for a bunch of files are ok... but If, for example, I need to work with lightroom or other tools that collect, organize all files, is impossible.

best regads
Nick

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

We account for this by allowing C:\Users to be stored in each Windows
AppVM's private storage:

https://www.qubes-os.org/doc/windows-appvms/#tocAnchor-1-1-5

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXfhMSAAoJENtN07w5UDAwNuwQAMT+FUfNdXJdHrNflBD/vzBl
3osD2XeJoFwbwBzObSyBJYbJlL4pi9iY7pbXrshF4lC+3vPYf3JpLcX9u8K3CQmu
sKkKkdgZcv1UzFjiKa/xVDm6fxkd2JsiSTd0afDbjh00YRPndQn2fDkCl6r8AioT
kSYI69L1naiPdQ7u0hSkNwk4JQ8L3hI8L6169i+GMmX606W23JzhZDUz3YrrxAU1
s04Z6VpsEo4PrfjIhPmHjHpIRzZwYnn+/QftqLDXdGd9B2/x8oLnupFjp+L+/PXM
WFgHx83qcY2Dgfom6n+Y7UxzUVWzV4CwosYkV4TOcae+xHAdlaPErzChnFZvzeVc
Sf1vPSAHfX4/oByh6eZaCggZwsYs42CcXhBsNdhzWLp9C8cAO/1Av0BYqeEVUo73
dRPoHhHYAGbooKl2SjdJsQ/CvX/UnVezP7glq3IDE5QK+NVPTzwEGwZAGURQl5VQ
G2WPLzo8/39Dm6m/l6L9ccuU7SDQtW/GXDeHahylVzExAI6HJWG9m8PRlKMz5z9E
U8ugEZ9xipCt4og7mr1+dmVv1ltvkZSHzA4AgG1v8+apbzzV0so20TmIPW4LhRdQ
TslHQZezTNtzVy1Fvd1Lxq2x8sicjQ/zFVz7iW6qd6nATIWyUIgllxxdiRNVeEj4
Pkb1ujTIAcsTp4tcRFrV
=IYfK
-----END PGP SIGNATURE-----