What is Remote Desktop Gateway and How it Works (Architecture)
What is Remote Desktop Gateway and How it Works (Architecture). Remote Desktop Gateway is a Windows server way that gives secure connection using the SSL protocol to the server through RDP. The main advantage of RD Gateway is no requirement to use a VPN server.
Nowadays remote access means everything. It is a part of our personal and professional lives. We access remote assets and sometimes don’t even give a second thought about the technology involved to make it all possible. In this article we will look at what is Remote Desktop Gateway – one such technology – is and see how it works (architecture).
What is a Remote Desktop Gateway?
A Microsoft Remote Desktop Gateway (RDG or RD Gateway, for short) is a Windows Server role that provides a secure and encrypted connection to the server via Remote Desktop Protocol (RDP). It enhances control by removing all remote user access to a system and replacing it with a point-to-point remote desktop connection.
A Remote Desktop allows authorized users to connect to virtual desktops, Remote-App programs, and session based desktops over a private network or the Internet. It sits on the perimeter of a network alongside the likes of a firewall and other authentication servers.
What is a Remote Desktop Gateway used for?
There are three primary uses for a Remote Desktop Gateway. They are:
1. Establish an encrypted SSL tunnel
It creates an encrypted SSL tunnel between a user’s device and the Remote Desktop Gateway server.
The server must have a certificate installed on it for the client device to connect through the RD Gateway. Although self signed certificates can be used, it is advised that only certificates from a certificate authority be installed when it comes to production servers.
2. Authenticate the user into the environment
Remote Desktop Gateways use inbox IIS services to perform authentication. They can also use the RADIUS protocol to leverage multi factor authentication.
Administrators can create additional Remote Desktop Resource Authorization Policies (RD RAPs) and Remote Desktop Connection Authorization Policies (RD CAPs), two policies that allow them to specify the network resources that users can connect to through the RD Gateway.
3. Conduct traffic back and forth between user devices and shared resources
It conducts the traffic in both directions for as long as there is an established connection. Administrators can configure properties like timeouts to ensure security in case someone forgets to log off from their connected device.
Why should a business have a Remote Desktop Gateway?
The main reason a business may need to implement this solution would be to cater to its employees who need to access its servers from a remote location.
A Remote Desktop Gateway, as a service, enables the employees to securely log into the business’ Windows servers from any Internet connected device that’s running a Remote Desktop client app – regardless if they are using a Windows PC, a Mac, a tablet or a smartphone.
But, there are more advantages:
- Saves money – businesses don’t need to shell money out on overhead for office workers. Allowing their staff to work from anywhere allows for cutting expenses for on-site hardware (like personal computers) and all the day to day expenses of running an office.
- Flexible working hours – employees accessing their files and programs at any time of the day and from any part of the world means the business can keep its doors open around the clock.
- Happier workforce – a workforce that can work from the comfort of their homes is a happier, and hence more productive, workforce.
- No device compatibility issues – remote workers don’t need to have the latest devices or operating systems to connect to the server. Remote access make it easy for legacy solutions to work on the latest platforms.
- Easy scalability – a business can easily grow its number of users, be they employees or external users, by simply granting them access to their gateway. Thin client access means the business doesn’t even have to worry about purchasing licenses for assets shared or clients added.
- Data security – a business can have full control of its data’s security. It has full control over who can access what and when. One gateway security solution ensures all the data behind it is kept secure at all times.
Remote Desktop Use Cases
Let us go ahead and have a look at the practical implementation of Remote Desktop Gateways in real life scenarios:
Use Case 1: Campus data server
Although not a business, per se, a college could set up dummy (thin client) devices around campus for students to access a central server. Students can log on to the remote devices and access everything from their schedules to custom applications shared by the educational institution.
Use Case 2: International agency
A business that has clients, offices and staff in various locations across the globe, can have everyone access a central server where applications and services are shared securely. The 24-hour access means the business never has to worry about closing its doors for the night.
Use Case 3: Linux server sharing
Some businesses have a simple preference for keeping their Linux based operating systems and applications. They can make these assets available over the Internet without having to force their clients and employees to switch to the operating system. They can simply share their assets – perhaps even use virtual machines (VMs) for an even more secure sharing experience.
The Remote Desktop Gateway architecture
To understand the Remote Desktop Gateway, we need to have a look at the steps that lie between the initial request for access made by a client and the final granting of the access. The steps include:
- When a client initiates a connection, the Remote Desktop Gateway first establishes SSL tunnels between itself and the external client.
- Then it vets the client’s user and/or computer’s credentials to make sure that they are authorized to connect to the Remote Desktop Gateway.
- Then Remote Desktop Gateway makes sure the client is allowed to connect to the requested resources.
- If the request is authorized, then it sets up an RDP connection between itself and the internal resource.
- All communication between the external client and the internal endpoint passes through the Remote Desktop Gateway and the user can access the resources behind it.
These steps make it obvious that the architecture, which can be easily grown into an RDS farm, looks like:
Image: source
Note: the Remote Desktop Protocol (RDP), a Microsoft proprietary protocol that enables remote connections to other computers, typically uses TCP port 3389 which provides network access for remote users over encrypted channels.
Configuring a Remote Desktop Gateway
Here’s a video that shows every step necessary to set up a Remote Desktop Gateway. Once done, the administrator shares some basic applications:
What is Remote Desktop Gateway and How it Works Conclusion
A Remote Desktop Gateway, as we have just seen, is an essential tool for the modern business environment. It is a tool that can help businesses scale from one office operations to global enterprises that work around the clock without putting data and users at risk.
Every business should include at least one instance of this solution on their network if they are thinking of expanding or making the move into cloud computing. It is a system that is a part of the future.
Of course, this also means it is an installation that needs to be done by professionals – lest the asset turns into a liability. And that is where we come in – contact us to learn how we can help set up a secure RD Gateway solution for your business.
