Secure Remote Access using a Remote Desktop Gateway

PSM can be configured to work with the Microsoft Remote Desktop Gateway. All information that is transferred between the user and the PSM proxy machine is encrypted and protected by the HTTPS protocol. This enables secure cross-network and remote access.

Alternatively, you can configure PSM to work with an HTML5 gateway which tunnels the session between the end user and the PSM proxy machine using a secure WebSocket protocol. For details about configuring the PSM to work with HTML5, refer to Secure Access with an HTML5 Gateway.

Overview

Connecting through RD Gateway requires additional authentication by the end user to the RD Gateway itself.

If the connection is made through the PVWA portal, it is possible to enable single sign-on so users automatically authenticate to the RD Gateway. However, this type of connection is supported only when connecting with ActiveX and does not support RDP files, the RemoteApp user experience, or connections directly from users’ desktops.

Connect with an RDP client application

When the connection is made directly from the users' desktop, the RDP client application can be configured to use the RD Gateway. For more information refer to the documentation of the RDP client application you are using.

Connect using the PVWA portal

When the connection is made through the PVWA portal, you will need to configure access through the RD Gateway.

Before configuration

Verify that a Remote Desktop Gateway is installed for the PSM Server. If the Remote Desktop Gateway is not installed on the PSM server machine, verify that the machine where it is installed has RDP network access to the PSM machine.

For more information, refer to Microsoft documentation.

Verify that the client machine meets the system requirements for the Remote Desktop Gateway:
Windows Vista / 2008 / XPSP3
For XP lower than SP3, make sure that RDP 6.1 is installed
Verify that the RD Gateway certificate is trusted so that users can access the machine through the gateway.
Configure your RD Gateway server, using the Remote Desktop Gateway Manager:
Specify the users who can authenticate to the RD Gateway to connect through the PSM to remote machines.
Configure the RD Gateway to enable access to the PSM server used through this RD Gateway.

For more information on how to configure the RD Gateway, refer to Microsoft Remote Desktop Gateway documentation.

PSM connections via PVWA through RD Gateway without Single Sign-On

Configuring PSM connection through RD Gateway without SSO is done in the connection component level. When a connection using this connection component is established, the user will be prompted to enter credentials to authenticate to the RD Gateway.

Once this authentication is completed successfully, the user will be automatically authenticated to the remote machine.

PSM connections via PVWA through RD Gateway with Single Sign-On

When enabling single sign-on, users are automatically authenticated to the RD Gateway and the remote machine. However, this type of connection is supported only when connecting with ActiveX. In addition, RDP files, the RemoteApp user experience, or connections directly from users’ desktops are not supported.

 
TruePrivileged Access Security11.1