An increasing amount of organizations are stimulating working from home. Because their employees are asking about it, because it’s proven to increase productivity, or, because of the recent Corona (Covid19) outbreak.
For companies that issue company laptops, VPN (Virtual Private Network) is still a very popular tool – even if proven not to be a very user-friendly or secure remote access enabler. But for diverse reasons, many companies equip their employees with desktops in the office. Enabling these employees to work from home, typically means enabling BYOD (Bring Your Own Device). Here, VPN is a definite no-go.
Furthermore, many organizations don’t have a Server-based Computing or VDI platform. Meaning, the only way to work remotely, is to access the physical desktop.
In this blog post, we’ll explain how organizations that don’t have a VDI setup (or a Server Based Computing platform), nor equip staff with managed laptops, can still enable secure homeworking with BYOD through Awingu. For clarity: Awingu is often used in Server Based Computing context in combination with RDS (Remote Desktop Service). This is a different scenario.
The basic principles
Awingu is a virtual appliance that can be installed in the network of the organization. It has many functions, but let’s summarize the most relevant ones for this use-case
- HTML5 Gateway: Awingu has an RDP to HTML5 gateway. When put in your company network, it can connect per RDP (Remote Desktop Protocol) to the different desktops. It translates this signal in HTML5, and, makes the desktops available in a browser.
- Browser-based access: users don’t need to install anything on their device. They take any device, surf to the access URL using their preferred browser, authenticate securely and get access to their desktop. For the remote access to work, the desktop needs to be powered on in the office. It also means IT support doesn’t need to worry about supporting clients and a multitude of new devices.
- Any Windows version: Awingu talks RDP. That means there is little dependency on the Windows version you are running. You can connect a Windows XP desktop all the way to a Windows 10 desktop.
- AD credentials: Awingu will connect via LDAP to your Active Directory. Users will authenticate with their known Windows credentials.
- Multi-Factor Authentication: Awingu comes built-in with an MFA solution (use Google Authenticator or Microsoft Authenticator on a smartphone. Awingu also supports numerous other MFA integrations. So basically, on top of the Windows Credentials, the user will add another token to assure a secure authentication.
- Port 443 only: The only port which needs to be open to the outside is 443. Nothing more.
- Usage Audit: Awingu has a full audit trace (IP address, timestamp, streamed apps opened and closed, …) to assure compliance, also for remote access.
Simple architecture gets you up-and-running in hours!
In the above high-level picture, we illustrate how the Awingu virtual appliance is set up in an existing network.
- Awingu’s virtual Linux appliance is installed on one or more Virtual Machines (as guidance: up to 500 concurrent app/desktop sessions can run on 1 virtual machine with 8Gb Memory and 8vCPU)
- Awingu is connected per RDP to each desktop (they must be powered on), and coupled to the AD. No installations are needed on the AD or desktops.
- Note: Awingu can also be connected to RDS-based environments, to file shares and SaaS apps such as Office 365 and GSuite. In this blog post, we make an abstraction of this and focus solely on the remote desktop access.
- Awingu is typically installed behind a firewall or proxy and only needs access via port 443.
- End-users login via their browser on their private device: a Windows laptop, an Apple Macbook, a Chromebook, .. any device with a browser will work. The Awingu virtual appliance.
- Single Sign-On is also possible with an external Identity Provider (IdP) such as Okta or Azure AD. When using an IdP, you can also opt to use the associated MFA services to access the Awingu workspace.
Given this simple setup, organizations can get up and running in a matter of hours! Start your free trial today!
What investments are needed?
To enable the above use case, you will need:
There is no need for RDS licensing, given that you are connecting to a client OS (and not a server). You will also not require any additional VDA licensing if you remotely connect from a Windows device to your primary desktop/laptop that is connected to the company network (learn more about how RDS & VDI licensing works here).