Our company currently delivers its product via on-prem Remote Desktop Services (RDS), using features like RDWeb, RD Broker, and RD Gateway managed through an on-prem Active Directory. The product is published as an application through RDWeb. We're aiming to modernize the system, particularly to implement single sign-on (SSO) with Office 365, while improving our current multi-factor authentication (MFA), which users find cumbersome. Although a full redevelopment to make the application web/cloud-native would be ideal, that's a long-term project. For now, we're seeking ways to modernize without overhauling the entire application. We've looked into options like Azure Virtual Desktop (AVD) and Citrix, but they don't quite fit our needs. What would you do in our situation?
5 Answers
You might want to look into using an Azure App Proxy. It enables full SSO and MFA functionality without exposing your RDWeb servers. Just be mindful of the possible latency issues since RDP is still done over TCP; it's worth testing to ensure a smooth user experience.
Two words: Omnissa Horizon! It's mainly known for VDI, but it also offers remote app functionality and does a much better job managing RDS deployments than the traditional Microsoft way, plus it supports Entra ID for smoother user access.
Have you tried using the HTML5 web access server? By implementing it, you can get closer to your goals without needing to transition your access point to Azure. It can significantly help with modernizing the experience for your users.
If you're looking for something user-friendly and not too complex, consider TruGrid Secure RDP. It could replace your RDWeb, RD Broker, and RD Gateway setup. It integrates well with on-prem AD and offers its own MFA app. Plus, you can brand the interface for your needs. This solution is secure and benefits from Microsoft's infrastructure without exposing your setup to the public internet. They even provide a trial for you to test it out!
Absolutely, TruGrid seems like it could solve a lot of your issues seamlessly.
Have you considered using NetFoundry/OpenZiti? It's a great fit for what you're trying to achieve, providing zero-trust, identity-aware access without a complete re-architecture. It keeps your RDS environment hidden from the internet while allowing secure connections for users. This approach eliminates potential security risks while facilitating modern identity management features like SSO and MFA.
Yes, totally agree with this! TruGrid fits the bill perfectly for what you're describing.