Question: Remote desktop protocol for remote working ?

Add your own question »

Still looking for the right answer? Log in or Register to ask a question.
  • Like
  • Unlike


Just a question to get a feel from peers on the perceived (or implemented) suitability of the Microsoft remote-desktop-protocol as a method for permitting remote working to University staff members.

To date our remote working solution has been to offer our staff access to MS terminal-servers via an established VPN connection; Cisco Anyconnect + ASA + ISE in our case.

We have recently retired the terminal-server offering and replaced it with the closely related Microsoft remote-applications counterpart; sticking with the same security gateway/overlay of the Cisco VPN.

As we are now only offering a single service to our remote workers (the app/terminal servers via RDP) we had some internal discussion where we floated the idea of dropping the front-end VPN component and having our users make direct RDP client connections to the server over the internet.

At current the servers live 'inside' our private network and we would not consider permitting access to them via direct firewall holes. What we discussed was a pair of options around a) placing proxy/gateway Microsoft remote-application gateway servers in a DMZ area, to act as inbound proxy-servers to the actual remote-app servers which would still live inside, or b) placing the application servers themselves in the DMZ area.

This second concept seems obviously flawed since we would most likely have to create many firewall ACL entries to be able to have the application servers perform their required functions; damaging the security posture of the DMZ areas and thus being unsuitable.

Has anyone else implemented, or looked at implementing, a remote workers solution which looks anything like the abovel with RDP being the open transport to the internet ?

We would of course be running the most recent version of the RDP protocol and require the client-side to be of the most up-to-date version, making the highest level of security connection.

Hopefully someone has the time to add some useful information to this thread?

Kind regards,

Simon (University of East London).