We would be very happy if proxmox were to adopt IronRDP. I see you've already found the work from Marc-André Lureau, he's been doing an incredible job for the IronRDP server side. He's also been working on adding QOI image codec in IronRDP with incredible results. You're welcome to pop in the IronRDP matrix channel: https://matrix.to/#/!opeocvkWZVaLDouykU:matrix.org?via=matri...
If you want to connect to the built-in macOS remote desktop server, don't use a standard VNC client, use a real ARD client like Remote Desktop Manager. While the server accepts standard VNC, you will only get zlib the codec, which has very poor performance. With ARD, you get a special codec inspired by progressive JPEG, along with server-side downscaling and chroma subsampling, etc. It's actually closer to RDP RemoteFX in terms of performance: https://devolutions.net/integration-center/apple-remote-desk...
My apologies for the name choice, I actually didn't know "Iron" was taken for a lot of C#/.NET projects. We were looking for something that meant "hardened" because it's written in Rust, and went for "IronRDP". This being said, we're generating .NET bindings to IronRDP which we use in Remote Desktop Manager.
RDP-over-SSH will break Kerberos authentication for two reasons: 1) you'll point the RDP client to localhost and a random port and 2) you won't get a KDC line-of-sight. The irony is Microsoft has demoed this with SSH over Azure Arc, which can only result in an NTLM downgrade.
IronRDP is designed to work with Devolutions Gateway (https://github.com/Devolutions/devolutions-gateway) for just-in-time RDP connections made from the web or through the desktop client. Devolutions Gateway also supports just-in-time KDC proxying alongside the main RDP connection, making Kerberos possible.
You can install the free standalone web access package of Devolutions Gateway to try it out, it will give you a simple web interface where you can enter the hostname, username and password.
But if you really want the simplest solution, it's with the rest of the Devolutions stack with Remote Desktop Manager and Devolutions Server. In the end, you'll be able to make RDP connections from RDM or through the web with just a double-click, and it'll automatically generate short-lived tokens and make RDP + Kerberos work seamlessly: https://devolutions.net/gateway/
Kerberos has a protocol for when you don't have a line of sight to the KDC: IAKERB. IIRC MSFT is very interested in it in order to kill off NTLM finally.
IAKerb still hasn't shipped - it's a preview feature. Meanwhile, we've been doing KDC proxying successfully in Devolutions Gateway for several years. Sometimes you can wait forever for a supposedly better solution, or you can just make it work in the most obvious way. In the end, all you need is to forward KDC messages, right? It's annoying that it's out-of-band, but the KDC proxying protocol is just an HTTP POST that takes a request message, and sends the response message back.
The RDP GDI messages are from RDP6, graphical messages have changed many times over in the versions of RDP that followed. Would you be surprised to learn that WSLg uses a FreeRDP server hooked to a Wayland compositor running in the Linux guest, and that the RDP client in the Windows host is MSRDC in a special RemoteApp mode? In theory someone could build a similar RDP server using IronRDP
The Desktop Composition extension was never used in practice, check the date on the spec - the last update was in 2017. I don't know the whole story behind the scenes but the feature got pulled early.
Devolutions Gateway implements the RDCleanPath extension used to bridge WSS to RDP, making the connection from a web client possible. The same IronRDP core can be compiled to a native client for regular RDP connections outside the browser. There is also some work done for the server, but it's not as advanced as XRDP.
I just realized what you saw, I originally meant to say "Hyper-V is undeniably a critical component of the Microsoft virtualization stack as Azure runs on it", I've got it fixed and also removed the Windows Subsystem for Android mention since Microsoft killed it
I actually love PowerShell and use it extensively to automate Hyper-V labs, but there's a big difference between automation and one-off things like a checkbox to enable nested virtualization. There's also a large portion of users looking for something just good enough as a desktop GUI to manage just a few VMs with no automation, and Hyper-V Manager is definitely behind when compared to VirtualBox or VMware Workstation in that regard.
Weird, right? That's exactly the argument repeated ad nauseam by Microsoft as "proof" that Hyper-V isn't dead, somehow excluding the lack of a good desktop GUI for Hyper-V VMs from why users would feel differently
Oh and the funny thing is that since writing this blog post Microsoft killed Windows Subsystem for Android despite its immense value as a developer tool
