I'm trying to find a better Remote Desktop Gateway solution for a client. Right now, their gateway is set up to be publicly accessible on port 443 without Multi-Factor Authentication (MFA). Users sign in and download a .rdp file to connect via the Remote Desktop Connection client. We also have port 3389 open across all of the continental US, and for users needing temporary access from other countries, we allow wide access as well.
This setup is clearly insecure and needs to be reevaluated. We're pushing for Microsoft Remote Desktop with an HTML5 client, but the HTML5 client has significant limitations, including lacking multi-monitor support and experiencing lag. Adding to the urgency, I've been informed that support for both the Windows Remote Desktop client and the HTML5 version will end soon, which forces us to consider alternatives.
Any recommendations for a cost-effective solution to replace the current method would be much appreciated. Ideally, we need something that simplifies the process and minimizes user complaints about added complexity.
5 Answers
Have you considered using Citrix Netscaler? There's a free version that includes built-in MFA, which could fit your budget while enhancing security.
Why not take a look at Apache Guacamole? It's a free option that comes with MFA built in. Pairing it with Cloudflare can provide extra security without complicating the setup too much.
You might want to check out Parallels RAS. We found it less expensive than Citrix and it seamlessly replaces RD Gateway. Plus, it integrates Let's Encrypt for SSL and allows you to use any Authenticator app for MFA without additional costs.
Setting up a VPN for users is a must. If you're already using Entra, SonicWall can provide secure access with MFA, eliminating any public access vulnerabilities.
You definitely shouldn't keep port 3389 open like that. A proper RD Gateway setup runs everything through port 443, so you can close that off. Look into incorporating MFA for extra security on your RD Gateway. It's not as difficult as it sounds, and it's better for your security in the long run!
Agreed! Investing in MFA is crucial. It may feel like a big change for users now, but they'll thank you later once they realize how much safer it is.
Thanks for the suggestion! I've heard good things about Parallels, and that they make transitioning away from older systems easier.