The Awingu 5.2.4 maintenance release is now available!

Awingu vs. Remote Desktop Gateway

In this blog post, we are going to focus on RD Gateway (Remote Desktop Gateway). We’ll explain what it is, and how it‘s different from our unified workspace Awingu.

What is Remote Desktop Gateway?

Definition of Remote Desktop Gateway

Remote Desktop Gateway (RD Gateway in short) is a component of Windows Server and RDS. It is a role that can be activated, in the same way as an RD Session Host or RD license manager. The Remote Desktop Gateway enables remote users to launch the Remote Desktop Client from a browser. End-users can browse a launcher webpage (not calling it a ‘workspace’) via their browser from there, a .rdp file is downloaded to the device where the Remote Desktop Client will be launched.

How is a Remote Desktop Gateway set up?

RD Gateway is typically set up over port 443 (with SSL certificate) and transports the Remote Desktop protocol in HTTPS. This opposite to a simple deployment without RD Gateway, where there is no https encapsulation.

RD Gateway screenshot
Example of RD Web Access (a.k.a. the “launcher”)

The following high-level picture illustrates the principles of the setup:

What are the benefits of Remote Desktop Gateway?

The biggest benefits of RD Gateway are that TCP port 3389 does not need to be used for external access and that the user is provided a list of applications/desktops he can access.

What are the risks of Remote Desktop Gateway?

Using the default TCP port 3389 for external access is a magnet for hackers and really easy to breach (password injection, brute force, …). With the use of RD Gateway, a web application is put in front of the vulnerable RDSHs. TCP Port 443 is used and the RDP stream from the RDSH is encapsulated in HTTPS. Web applications are more difficult to breach than old-school TCP port 3389 deployments: More difficult, but obviously far from impossible.

Even if users launch their apps/desktops via the browser, running the sessions themselves still requires usage of the RDP client on the device. One of the main downsides is that there is still an end-to-end RDP connection from the endpoint to the RDSH (even if the first leg is encapsulated in https). It means that if the endpoint is compromised, the risk to get the exposure on the backend is very real.

How to compare Remote Desktop Gateway vs. Awingu?

Awingu really is a different product than Remote Desktop Gateway.

What is Awingu?

The unified workspace offers secure remote access to RDP-based applications or desktops, to file servers, and to web applications. That access to those internal network resources is offered in the form of a browser-based workspace, where all services are available (translated to HTML5) from within the browser. From there, Awingu offers thus a rich turnkey solution with a focus on UX and security.

What are the similarities between RD Gateway and Awingu?

Let’s start with the few similarities that exist between the solutions:

  • Awingu has a browser based workspace (so does Remote Desktop Gateway with its web launcher);

  • Awingu is available over TCP port 443 (so does Remote Desktop Gateway);

  • Awingu is installed on a Virtual Machine, typically in the same datacenter as the RDSH back-end (however, there is a difference because Awingu is delivered as a virtual appliance, not a Windows Server role like Remote Desktop Gateway)

What are the differences between RD Gateway and Awingu?

  • Awingu does not use the RDP protocol as such towards the client. A 100% HTML5 experience is given where RemoteApps (or desktops) are made available fully in the browser. There is no dependence on the Remote Desktop Protocol Client (or other clients for that matter). For avoidance of doubt: Awingu does not use the Remote Desktop Gateway. It connects directly with the Remote Desktop Service Host (RDSH) by using RDP as the a protocol.

  • As a workspace aggregator, Awingu can also provide access to file servers (WebDAV or CIFS) and to web applications (via the built-in Awingu Reverse Proxy).

  • The Awingu workspace is built with ease-of-use in mind, for the admin, and for the remote users. It’s supported by capabilities such as:

    • Rich multi-monitor working

    • Session sharing

    • File sharing (similar-ish to WeTransfer)

    • Virtual printing (a PDF printer engine)

Screenshot of the Awingu workspace.
The Awingu workspace
  • As a turnkey security solution, Awingu is built on Zero Trust principles with lots of built-in capabilities to provide secure remote access:

      • Multi Factor Authentication (besides using user credentials, IT administrators can enable MFA on remote connections for users)

      • encrypted connection with SSL certificate

      • Granular usage controls (easily define which user or user groups can access which applications on which particular servers, can use which capabilities, …)

      • Context awareness (define context for users or user groups in which they are allowed to access applications, …)

      • Usage auditing and anomaly detection

      • Session Recording

To use Awingu end-users don’t have to install anything on their device. This means they only have a secure connection via their browser to the internal network resources they need. Awingu is not a virtual private network (VPN) so there isn’t a vpn connection established. There is no direct connection to the company’s network.

Cover of the Awingu Whitepaper about securing RDP

Want to learn more about how Awingu adds security layers on top of your RDP?

Download our whitepaper: “Above and beyond RDP”

DOWNLOAD WHITEPAPER
About the author
arnaud square
Arnaud Marliere

Chief Sales & Marketing Officer

Table of contents
Want to learn more about Awingu?
This website uses cookies. Read our transparent cookie policy!