Photo by Iwona Castiello d'Antonio on Unsplash
App Proxy support for Remote Desktop Services
Full Supply
Azure Active Directory Application Proxy (AAP) has found its way into many organizations during the pandemic as an approach to delivering internal applications quickly and securely to stay-at-home employees. Security comes from Application Proxy (App Proxy) integration with Conditional Access, which can enforce multifactor authentication (MFA) and ensure access from trusted, managed devices tagged as "healthy." The architecture makes deployments simple. The proxy does its work with outbound network connections to the cloud only – central IT does not need to drill down into firewalls [1].
Many applications continue to make use of a full-fledged client architecture, according to which the client talks to the back end with special or proprietary protocols – or the back end cannot be easily published. In other use cases, especially when the client does not remain on the user's device but is also to be made available, the standard scenarios of a classic HTTP proxy end. A trick provides a way out: By publishing a session on a VM or session host, entire applications can be published, provided the solution makes the session accessible by a gateway or proxy over HTTPS. If you can publish the Citrix or remote desktop environment with App Proxy, you can also handle these scenarios.
In other words, you are changing the task to one of providing clients with access to a session server, which you do in as simple a way as possible, with single sign-on (SSO) – but with protection, of course. The session server then gives access to clients that do not need to talk to the back end over HTTP protocols.
Get Prepared
The implementation with Microsoft technology envisages Remote Desktop Services (RDS) for this task in combination with AAP, which publishes the RDS, supports SSO, and adds safeguards with the help of Conditional Access.
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Cloud protection with Windows Azure Backup
Microsoft offers the Windows Azure Backup service, which lets you back up data from servers in the cloud. This removes the need for your own infrastructure, and the service alleviates privacy concerns by using continuous encryption. -
ASP.NET web development framework
ASP.NET Core enables the development and operation of dynamic web applications. -
Monitor Active Directory with Azure AD Connect Health
Microsoft cloud service Azure Active Directory Connect Health supports monitoring of Active Directory, especially in large and distributed environments, but the tool is also useful for monitoring hybrid landscapes using Azure Active Directory. -
A central access manager for SSH, Kubernetes, and others
Teleport centrally manages logins against various protocols, including SSH, Kubernetes, and databases. Functions such as two-factor authentication are included in the scope of delivery, as is management of your own certificates. -
Managing network connections in container environments
Traefik promises not only to manage mesh implementations for container environments reliably, but to do so in a way that makes them enjoyable to administer.