Use case

Remote Desktop Manager + Devolutions Server + Devolutions Gateway

Replacing RD Gateway with Devolutions Gateway for RDP Remote Access

How to enhance security and efficiency by reducing RDP exposure for remote access without using the Microsoft RD Gateway.

Who is this use case for?

This use case is for organizations currently using the Microsoft Remote Desktop Gateway (RD Gateway) for RDP connections, but would like a replacement solution that doesn’t suffer from the same limitations.

The problem

The Microsoft Remote Desktop Protocol (RDP) should never be exposed directly on the Internet, which is why Microsoft recommends deploying an RD Gateway for secure remote access. However, since the RD Gateway protocol uses Windows authentication (NTLM/Kerberos) over HTTP, external malicious actors can leverage it in brute force and password spraying attacks against Active Directory. Moreover, the RD Gateway degrades performance by tunneling RDP TLS over HTTPS (TLS in TLS) when faster, secure approaches are possible. Last but not least, enforcing MFA on RD Gateway connections is known to be particularly difficult.

The solution

Devolutions Gateway, combined with Devolutions Server and Remote Desktop Manager, makes secure, Just-in-Time (JIT) RDP access possible without using RD Gateway. Devolutions Gateway acts as the secure bridge to the internal network, and only accepts connection requests previously authorized by Devolutions Server. The process is transparent for Remote Desktop Manager users, but all sessions are authorized and logged in Devolutions Server for increased visibility.


How it works

  1. Download and install Devolutions Server.
  2. Deploy and configure Devolutions Gateway to be used with Devolutions Server.
  3. Create or update RDP connection entries in Remote Desktop Manager to use Devolutions Gateway.

Summary of benefits