[milankragujevic]

I'm interested in what you used to host the RDP sessions? Windows Server? A separate VM for each user? Something else? I'd like to apply that approach for my own personal uses and cloud computing but am having difficulties learning about the proper way to setup a thin-client architecture with RDP.

[KaiserPro]

https://www.nomachine.com/enterprise

^ that basically. A number of large servers (ex file servers in this case, so 2x e5-2690v2 and 384 gigs of ram).

Each person uses an AD login to connect to a terminal server. We would get about ~200 to a server, assuming people didn't have too many tabs open.

If you want smooth browsing, then you'll need to limit tabs and adverts. Cgroups will help you in memory allocation per user.

[AdamJacobMuller]

Interesting stuff.

Doesn't even the relatively small amount of latency introduced over RDP make things like video/audio editing difficult and dealing with things like audio sync impossible?

Or were/are they doing something where the actual video/files/apps are on the local machine, but any outside access is via RDP only?

With those kind of stringent controls, how do you think they could have gotten in?

[KaiserPro]

Very much the later.

as for how they did it..

I only have experience with Visual effects, the post house that was "hacked" was an audio place.

They are much smaller, and have much less engineering staff to deal with this sort of thing.

If I was a hacker, I'd be targeting the FTP/aspera server, or the cinesync machine(its a way of showing what work you've done without having to move the data, like logmein, but colour correct, and with doodling features.)

Or they might have just walked in dressed as a runner and stole a bunch of drives.

[KaiserPro]

I should point out it was a linux terminal server.

much much cheaper. seemed to scale reasonably well too.