I'm curious if anyone has found a good alternative to Citrix for securely connecting to RDS servers from the internet. I've been exploring this because with Citrix DaaS, I can connect to the Citrix cloud and present desktops without opening my internal network to the public, which feels much safer. On the flip side, using an RDS Gateway means I would need to expose my internal servers, creating potential security vulnerabilities if the gateway gets compromised. I've recently been looking into Apache Guacamole, as I have a feeling it operates similarly. Are there any other solutions out there that can provide secure internet access to RDS servers without compromising security?
7 Answers
Another option is to use RDWebClient in front of the RDGateway and publish it with an Entra Application Proxy. This way, no inbound ports are opened, and remote users authenticate first through the proxy, keeping your internal network safe.
If you're looking for a low-cost solution, we put our RDS server on the TailScale network, requiring MS 365 MFA for authentication. Although we use direct IPs rather than DNS identifiers, this setup keeps things secure for our small operation.
Have you checked out Lumen? They're transitioning from Citrix to Azure-based access for their protected tools, which might be worth investigating!
In the Citrix scenario, it's important to note that you need an HDX proxy near your VDAs for proper session routing. Remember, the session traffic doesn't get routed through Citrix cloud; it's mainly for brokering!
You can put the RDGateway behind an Entra Application Proxy. This would give you a similar setup, preventing direct incoming connections from the internet.
Not exactly the same, but you might want to look into RustDesk as a potential solution. It could be an alternative worth exploring!
I'll check it out, thanks for the suggestion!
When we faced Citrix's licensing changes, we explored a few options, but most were either completely inadequate or didn't work with our Nutanix clusters. We ended up settling for a less painful renewal with Citrix, but it wasn't easy!
We had a similar experience. We tried Parallels briefly but ultimately switched back to Citrix since security was our top priority.
Would I still be able to self-host the RDS servers with Azure access?