I am seeking clarification regarding the usage and capabilities of the [Jupyter Remote Desktop Proxy(GitHub - jupyterhub/jupyter-remote-desktop-proxy: Run a Linux Desktop on a JupyterHub)], as I found the README lacking in providing an overview of its use cases and functionalities.
Our current setup involves a JupyterHub server and five Jupyter Notebook servers. The JupyterHub server serves as a proxy, directing users to their respective Jupyter Notebook servers based on their user group.
Now, we have a specific requirement: we want users to access every notebook session through a VNC session to ensure the security of our files and prevent unauthorized downloading and copying of contents.
Here are the questions I need clarification on:
Can we utilize the Jupyter Remote Desktop Proxy to proxy our JupyterHub in a way that enables opening a notebook session within a VNC desktop session?
If such proxying is possible, I’d like to understand whether the VNC sessions opened will be dynamic or static. For instance, if user A logs into the JupyterHub and user B also logs in, will they each receive separate VNC desktop sessions? It’s crucial that each user has their own isolated desktop session, ensuring changes made in one user’s Jupyter Notebook do not reflect in another user’s desktop session.
Not sure what you mean by it. Where are your notebook servers running? On a linux server using a LocalProcessSpawner of JupyterHub or containers? The isolation depends on how you are spawning the notebook servers using JupyterHub. For instance, if you use LocalProcessSpawner to spawn notebook servers on a single Linux server, each notebook server will run under the Linux user account and all the standard Linux isolation between users are applicable for the notebook sessions as well. That means one user cannot access files of other user. So, I dont see how VNC session can improve the security in this case.
Yes our notebook servers operate on Linux using JupyterHub’s LocalProcessSpawner, with Linux isolation between users. Now, we’re looking to run a Linux desktop on our Jupyter single-user servers, forwarding it to browsers via VNC through Jupyter. This setup aims to address a crucial issue: ensuring files from our filesystem are downloaded into the VNC environment rather than users’ local machines.
Your thoughts on whether Jupyter Remote Desktop Proxy can meet this need would be greatly appreciated.
Jupyter Remote Desktop Proxy is designed to run a singleuser VNC Linux desktop in an isolated container, so typically you’d use it with something like KubeSpawner or DockerSpawner. Since each user has their own container isolation is guaranteed.
Since it’s a full Linux desktop you can run anything you want, such as JupyterLab accessed via a browser in the desktop. However users can still bypass Jupyter Remote Desktop Proxy and just use the standard JupyterLab/notebook interface to access files.
If you want to guard against that too you’re into the realm of Secure/Trusted Research Environments (there’s probably 10+ different names for the same concept) where you’re also blocking network access (since it’s trivial to copy a file out). There’s some mention of those in Run Linux Desktop Apps in mybinder.org / your JupyterHub, and it should be doable, but you’ll need to invest a lot of time yourself to customise it, and to ensure there are no loopholes. Even after all that, it’s impossible to prevent a determined user from copying files out, at some point you need to rely on contractual/legal agreements with your user.