An increasing amount of organizations are stimulating working from home and try to enable remote access as quickly as possible. Because their employees are asking about it, because it’s proven to increase productivity, or, because of the recent Corona (Covid19) outbreak.
How to access an office computer remotely?
For companies that issue company laptops, VPN (Virtual Private Network) is still a very popular tool to let users connect remotely – even if proven not to be a very user-friendly or secure remote access enabler. But for diverse reasons, many companies equip their employees with desktops in the office. Enabling these employees to work from home, typically means enabling BYOD (Bring Your Own Device). Here, VPN is thus a definite no-go.
Furthermore, many organizations don’t have a Server-based Computing (SBC) or VDI platform. Meaning, the only way to work remotely, is to access the physical desktop.
In this blog post, we’ll explain how organizations that don’t have a VDI setup (or a SBC platform), nor can/want to equip staff with managed laptops, can still enable secure homeworking with BYOD through Awingu.
For clarity: Awingu is often used in Server Based Computing context in combination with RDS (Remote Desktop Service). This is a different scenario.
The basic principles of Awingu: Why is it the ideal solution to enable remote desktop?
Awingu is a virtual appliance that the IT department can install in the network of the organization. It has many functions, but let’s summarize the most relevant ones for this use-case: Enable remote desktop so users can access an office desktop on a home computer via the internet. This of course without compromising the security of your network.
HTML5 Gateway
Awingu is a virtual appliance that the IT department can install in the network of the organization. It has many functions, but let’s summarize the most relevant ones for this use-case: Enable remote desktop so users can access an office desktop on a home computer via the internet. This of course without compromising the security of your network.
Browser-based access
Users don’t need to install anything on their devices. They take any device, surf to the access URL using their preferred browser, authenticate securely and get access to their desktop. For the remote access to work, the desktop needs to be powered on in the office.
It also means IT support doesn’t need to worry about supporting clients and a multitude of new devices. So the level of security is much higher compared to using a vpn, meanwhile the management and user experience is smoother for the IT department.
Any Windows version
Awingu talks RDP. That means there is little dependency on the Windows version you are running. You can for example connect a Windows XP professional desktop all the way to a Windows 10 desktop.
AD credentials
Awingu will connect via LDAP to your Active Directory. Users will authenticate with their known Windows credentials (user name, password) to gain access to the desktop.
Multi-factor authentication
Awingu comes built-in with an MFA solution (use Google Authenticator or Microsoft Authenticator on a smartphone). Awingu also supports numerous other MFA integrations. So basically, on top of the Windows Credentials, the user will add another token beside a password to assure a secure authentication when connecting to the workspace.
Port 443 only
The only port which needs to be open to the outside is 443. Nothing more, so good for security.
Usage audit
Awingu has a full audit trace (IP address, timestamp, streamed apps opened and closed, …) to assure compliance, also for remote access.
Simple architecture gets you up-and-running in hours!
In the above high-level picture, we illustrate how the Awingu virtual appliance is set up in an existing network.
Awingu’s virtual Linux appliance is installed on one or more Virtual Machines (as guidance: up to 500 concurrent app/desktop sessions can run on 1 virtual machine with 8Gb Memory and 8vCPU)
Awingu is connected per RDP to each desktop (they must be powered on), and coupled to the AD. Nothing needs to be installed extra on the AD, desktops or computers.
Note: Awingu can also be connected to RDS-based environments, to file shares and SaaS apps such as Office 365 and GSuite. In this blog post, we make an abstraction of this and focus solely on the remote desktop access.
Awingu is typically installed behind a firewall or proxy and only needs access via port 443.
End-users login via their browser on their private (mobile) device: a Windows laptop, an Apple Mac, a Chromebook, .. all devices with a browser will work to access the workspace.
- Single Sign-On is also possible with an external Identity Provider (IdP) such as Okta or Azure AD. When using an IdP, you can also opt to use the associated MFA services to access the Awingu workspace.
Given this simple setup, organizations can install, set up and roll-out in a matter of hours without risking security!
What investments are needed?
To enable the above use case, you will need:
A virtual machine (at least one)
Awingu licenses
There is no need for RDS licensing, given that you are connecting to a client operating system (and not a server). You will also not require any additional VDA licensing if you remotely connect from a Windows device to your primary desktop/laptop that is connected to the company network.
Want to test out Awingu and see what it is all about? Start your free trial via the button below!
English 
Italian 
German 
Spanish 
French