New: Secure Remote Desktop Protocol Connections Without a VPN

Duo Network Gateway (DNG) provides a Zero Trust Network Architecture (ZTNA) that allows users to access web applications, websites, or SSH servers on any device and from any location. The organization controls user access on a per-application basis and applies granular control policies. This ensures healthy devices, on acceptable networks, are allowed access after the appropriate checks are completed while the riskier devices are denied access accordingly.

Duo is pleased to announce that Remote Desktop Protocol (RDP) support for Duo Network Gateway is in Public Preview! RDP is one of the most widely used remote access protocols, but it is also one of the most vulnerable. With this launch, our customers can embrace secure VPN-less access to remote desktops while using the native RDP applications and workflows they are already familiar with.

The user’s experience will change slightly:

  • Start to access an RDP server with any RDP client
  • Primary authentication with your identity provider (IdP)
  • Multi-factor authentication (MFA) with Duo Prompt
  • Secure connection established through DNG to RDP server

RDP for Duo Network Gateway is currently in Public Preview, meaning that you can set things up, try it out, and even break things as you see fit! The only ask from Duo is that if a rough edge is discovered or something within the documentation feels like it could be more complete, let us know. This is your opportunity to push the DNG forward, in the direction that keeps you and your organization in mind!

To learn more, check out the links below:

DNG-RDP Documentation:
https://duo.com/docs/dng#protect-rdp-servers-with-duo-network-gateway

DNG-RDP Feedback Form:
https://forms.gle/CsMvfqXdRdj7WeGA8

4 Likes

Already using it and it’s great. Thanks for doing this!

6 Likes

Interesting, so it’s RDP tunnelled inside SSL?

What does it do for higher latency RDP session with the addition of the encryption overhead?

Thanks

That is correct. Everything protected by the DNG is tunneled over 443 wrapped with SSL for traffic coming from the outside in.

Latency was an early concern that was on the teams mind and the team is keeping an eye on customer feedback overall with latency as a particular point of interest.

Thus far in the current Public Preview, we have not heard feedback regarding added noticeable latency. That does not mean that latency is not introduced into the connection given a proxy is being added as an extra hop, but we have not received feedback that latency is an issue.

If you notice that you are experiencing an unusually high amount of added latency with a DNG-RDP setup, this is the perfect time for us to collaborate and explore the reasoning behind why that is!

This feedback is why we perform Previews before full general availability and I very much appreciate the feedback, questions, and conversation as it ensures that we are building the best possible solution for you all.

1 Like

Very nice descriptive response! I would have to see this on an international connection to know for sure.

Thank you

1 Like