In this blog post, we are going to focus on RD Gateway (Remote Desktop Gateway). We’ll explain what it is, and how it‘s different from our unified workspace Awingu.
What is Remote Desktop Gateway?
Definition of Remote Desktop Gateway
Remote Desktop Gateway (RD Gateway in short) is a component of Windows Server and Remote Desktop Services. It is a role that can be activated, in the same way as an RD Session Host or RD license manager. The Remote Desktop Gateway enables remote users to launch the Remote Desktop Client from a browser (encrypted connection), so it establishes a remote desktop connection.
End-users can browse a launcher webpage (not calling it a ‘workspace’) via their browser from there, a .rdp file is downloaded to the device where the rdp client will be launched.
How is a Remote Desktop Gateway set up?
RD Gateway is typically set up over port 443 (with SSL certificate) and transports the Remote Desktop protocol in HTTPS. This opposite to a simple deployment without RD Gateway, where there is no https encapsulation.
The following high-level picture illustrates the principles of the setup:
What are the benefits of Remote Desktop Gateway?
he biggest benefits of RD Gateway are that TCP port 3389 does not need to be used for external access and that the user is provided a list of applications/desktops he can access.
What are the risks of Remote Desktop Gateway for remote access?
Using the default port 3389 for external access is a rdp attack magnet for hackers and really easy to breach (password injection, brute force, …). With the use of RD Gateway, a web application is put in front of the vulnerable Remote Desktop Service Hosts (RDSHs). TCP Port 443 is used and the RDP stream from the RDSH is encapsulated in HTTPS. Web applications are more difficult to breach than old-school port 3389 deployments: More difficult, but obviously far from impossible.
Even if users launch their apps/desktops via the browser, running the sessions themselves still requires usage of the RDP client on the device. One of the main downsides is that there is still an end-to-end RDP connection from the endpoint to the RDSH (even if the first leg is encapsulated in https). It means that if the endpoint is compromised, the risk to get the exposure on the backend is very real. Hackers will without doubt try to gain access via these endpoints.
How to compare Remote Desktop Gateway vs. Awingu?
Awingu is used for remote working, but it really is a different product than Remote Desktop Gateway.
What is Awingu?
The unified workspace offers secure remote access to RDP-based applications or desktops, to file servers, and to web applications. That access to those internal network resources is offered in the form of a browser-based workspace, where all services are available (translated to HTML5) from within the browser for your remote workforce. From there, Awingu offers thus a rich turnkey solution with a focus on UX and security.
What are the similarities between RD Gateway and Awingu?
Let’s start with the few similarities that exist between the solutions:
Awingu has a browser based workspace (so does Remote Desktop Gateway with its web launcher);
Awingu is available over TCP port 443 (so does Remote Desktop Gateway);
Awingu is installed on a Virtual Machine, typically in the same datacenter as the Remote Desktop Service Host (RDSH) back-end (however, there is a difference because Awingu is delivered as a virtual appliance, not a Windows Server role like Remote Desktop Gateway)
What are the differences between RD Gateway and Awingu?
- Awingu does not use the RDP protocol as such towards the client. A 100% HTML5 experience is given where RemoteApps (or desktops computers and virtual desktops) are made available fully in the browser.
- There is no dependence on the Remote Desktop Protocol Client (or other clients for that matter).
- For avoidance of doubt: Awingu does not use the Remote Desktop Gateway. It connects directly with the RDSH by using RDP as the a protocol.
- As a workspace aggregator, Awingu can also provide a remote user access to file servers (WebDAV or CIFS) and to web applications (via the built-in Awingu Reverse Proxy).
The Awingu workspace is built with ease-of-use in mind, for the admin, and for the remote users (yes even for small businesses with smaller IT teams!). It’s supported by capabilities such as:
Rich multi-monitor working
File sharing (similar-ish to WeTransfer)
Virtual printing (a PDF printer engine)
As a turnkey security solution, Awingu is built on Zero Trust principles with lots of built-in capabilities you can use as secure measures to provide remote access:
Multi Factor Authentication (besides using user credentials (*), IT administrators can enable two factor authentication on remote connections for users as an extra layer for security)
(*) enforce strong password usage and please don’t let your users use the same password!
Encrypted connection with SSL certificate
Granular usage controls (easily define which user or user groups can access which applications on which particular servers, can use which capabilities, … and control access this way)
Context awareness (define context based on geo location or ip addresses for users or user groups in which they are allowed to access applications or sensitive data, …)
Usage auditing and anomaly detection
Session Recording (have insights in what happens during remote working sessions in specific apps or in general)
Rich SSO (Single Sign-On) capabilities – that do not rely on password vaulting – with external Identity providers such as Azure AD, Okta and ForgeRock;
To access the Awingu workspace end-users don’t have to install anything on their device. This means they only have a secure connection via their browser to the internal network resources they need. Awingu is not a virtual private network (VPN) so there isn’t a vpn connection established. There is no direct connection to the company’s network.
If you want more information about Awingu as a security layer on top of RDP, find out why most companies rely on our unified workspace solution to enable secure remote work in our whitepaper!
Download our whitepaper: “Above and beyond RDP”
DOWNLOAD OUR WHITE PAPER
Above and Beyond RDP
About the author
Chief Sales & Marketing Officer