Is RD Gateway useful?
-
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.
Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.
If using Window's RDP client in addition to Guacamole is still a requirement
Not even possible. Guacamole = web page, not RDP. That's what it is.
Right, what I was trying to say there is that I couldn't only use Guacamole and thus would still have the consideration of securing RDP
-
I like RDGateway. I'd set it up -- even if there was only one system behind it. It keeps 3389 off the internet, lol.
But seriously speaking, it does add some extra features that make it easier to set up more than one server behind it and not have to get fun with the port forwards.
-
@dafyre said in Is RD Gateway useful?:
I like RDGateway. I'd set it up -- even if there was only one system behind it. It keeps 3389 off the internet, lol.
But seriously speaking, it does add some extra features that make it easier to set up more than one server behind it and not have to get fun with the port forwards.
I deployed RDGateway to access 2 systems. One was for the general terminal server. The other was for our ERP partner to access our ERP server for support and configurations.
-
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.
Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.
If using Window's RDP client in addition to Guacamole is still a requirement
Not even possible. Guacamole = web page, not RDP. That's what it is.
Right, what I was trying to say there is that I couldn't only use Guacamole and thus would still have the consideration of securing RDP
RDP already includes lots of security features, like the integrated VPN I mentioned earlier.
Guacamole is the only thing exposed too the public network, and that can be secured like any other web service.
RDP would never be exposed too anything but the private network, and is already secure enough that exposing it to a public network shouldn't be a problem.
Where do you see the need for additional security?
-
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.
Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.
If using Window's RDP client in addition to Guacamole is still a requirement
Not even possible. Guacamole = web page, not RDP. That's what it is.
Right, what I was trying to say there is that I couldn't only use Guacamole and thus would still have the consideration of securing RDP
Why can't you just make people use Guac?
-
@travisdh1 said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.
Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.
If using Window's RDP client in addition to Guacamole is still a requirement
Not even possible. Guacamole = web page, not RDP. That's what it is.
Right, what I was trying to say there is that I couldn't only use Guacamole and thus would still have the consideration of securing RDP
RDP already includes lots of security features, like the integrated VPN I mentioned earlier.
Guacamole is the only thing exposed too the public network, and that can be secured like any other web service.
RDP would never be exposed too anything but the private network, and is already secure enough that exposing it to a public network shouldn't be a problem.
Where do you see the need for additional security?
Let me bring my question back at a different angle. If you were paying for a hosted, fully managed terminal server, what would be your expectations for how it would be secured?
Personally, I would sleep fine at night with RDP exposed, but with 2-step authentication, and good log monitoring (and enforcing the security built into RDP and Windows authentication). However, maybe that is not enough for a professional solution.
-
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.
Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.
If using Window's RDP client in addition to Guacamole is still a requirement
Not even possible. Guacamole = web page, not RDP. That's what it is.
Right, what I was trying to say there is that I couldn't only use Guacamole and thus would still have the consideration of securing RDP
Why can't you just make people use Guac?
Really, I think that is the best solution. But this isn't really my project, and trying to take it that direction might be overstepping the line. Plus it would also probably end up making me the one who has to deploy it and maintain it, which isn't really my role right now.
-
@flaxking said in Is RD Gateway useful?:
@travisdh1 said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.
Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.
If using Window's RDP client in addition to Guacamole is still a requirement
Not even possible. Guacamole = web page, not RDP. That's what it is.
Right, what I was trying to say there is that I couldn't only use Guacamole and thus would still have the consideration of securing RDP
RDP already includes lots of security features, like the integrated VPN I mentioned earlier.
Guacamole is the only thing exposed too the public network, and that can be secured like any other web service.
RDP would never be exposed too anything but the private network, and is already secure enough that exposing it to a public network shouldn't be a problem.
Where do you see the need for additional security?
Let me bring my question back at a different angle. If you were paying for a hosted, fully managed terminal server, what would be your expectations for how it would be secured?
I'd only allow connections via HTTPS, HTTP wouldn't even be exposed. Securing things is really that simple. Adding anything else is a business decision.
You can add on lots of stuff after that however you want, but just HTTPS should be sufficient. Even for PCI/HIPPA/ETC.
-
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
@scottalanmiller said in Is RD Gateway useful?:
@flaxking said in Is RD Gateway useful?:
Well, some of our clients are familiar with RDP and specifically want to use RDP in the ways they are familiar with. So I don't think it makes sense to go down the Guacamole route, if you also have to secure rdp connections not using a web client.
Why would you need to secure RDP in addition to Guacamole? Guac doesn't expose RDP.
If using Window's RDP client in addition to Guacamole is still a requirement
Not even possible. Guacamole = web page, not RDP. That's what it is.
Right, what I was trying to say there is that I couldn't only use Guacamole and thus would still have the consideration of securing RDP
Why can't you just make people use Guac?
Really, I think that is the best solution. But this isn't really my project, and trying to take it that direction might be overstepping the line. Plus it would also probably end up making me the one who has to deploy it and maintain it, which isn't really my role right now.
Then just spend the fortune for RDS Gateways and be done with it.
-
@flaxking said in Is RD Gateway useful?:
Let me bring my question back at a different angle. If you were paying for a hosted, fully managed terminal server, what would be your expectations for how it would be secured?
Personally, I would sleep fine at night with RDP exposed, but with 2-step authentication, and good log monitoring (and enforcing the security built into RDP and Windows authentication). However, maybe that is not enough for a professional solution.
You can add RDPGuard to the RDS server too.
Although, like @travisdh1 stated, put HTTPS in front and your all good. I use an SSL-VPN myself.
