Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3592
Views
12
Helpful
4
Comments

New: Secure Remote Desktop Protocol Connections Without a VPN

lgreer
Level 1
Level 1

on ‎01-10-2022 01:37 PM

Duo Network Gateway (DNG) provides a Zero Trust Network Architecture (ZTNA) that allows users to access web applications, websites, or SSH servers on any device and from any location. The organization controls user access on a per-application basis and applies granular control policies. This ensures healthy devices, on acceptable networks, are allowed access after the appropriate checks are completed while the riskier devices are denied access accordingly.

Duo is pleased to announce that Remote Desktop Protocol (RDP) support for Duo Network Gateway is in Public Preview! RDP is one of the most widely used remote access protocols, but it is also one of the most vulnerable. With this launch, our customers can embrace secure VPN-less access to remote desktops while using the native RDP applications and workflows they are already familiar with.

The user’s experience will change slightly:

  • Start to access an RDP server with any RDP client
  • Primary authentication with your identity provider (IdP)
  • Multi-factor authentication (MFA) with Duo Prompt
  • Secure connection established through DNG to RDP server

RDP for Duo Network Gateway is currently in Public Preview, meaning that you can set things up, try it out, and even break things as you see fit! The only ask from Duo is that if a rough edge is discovered or something within the documentation feels like it could be more complete, let us know. This is your opportunity to push the DNG forward, in the direction that keeps you and your organization in mind!

To learn more, check out the links below:

DNG-RDP Documentation:
https://duo.com/docs/dng#protect-rdp-servers-with-duo-network-gateway

DNG-RDP Feedback Form:
https://forms.gle/CsMvfqXdRdj7WeGA8

Comments
kknopp
Level 1
Level 1
‎01-10-2022 01:57 PM

Already using it and it’s great. Thanks for doing this!

bjames
Level 5
Level 5
‎01-11-2022 01:37 PM

Interesting, so it’s RDP tunnelled inside SSL?

What does it do for higher latency RDP session with the addition of the encryption overhead?

Thanks

lgreer
Level 1
Level 1
‎01-12-2022 02:20 PM

That is correct. Everything protected by the DNG is tunneled over 443 wrapped with SSL for traffic coming from the outside in.

Latency was an early concern that was on the teams mind and the team is keeping an eye on customer feedback overall with latency as a particular point of interest.

Thus far in the current Public Preview, we have not heard feedback regarding added noticeable latency. That does not mean that latency is not introduced into the connection given a proxy is being added as an extra hop, but we have not received feedback that latency is an issue.

If you notice that you are experiencing an unusually high amount of added latency with a DNG-RDP setup, this is the perfect time for us to collaborate and explore the reasoning behind why that is!

This feedback is why we perform Previews before full general availability and I very much appreciate the feedback, questions, and conversation as it ensures that we are building the best possible solution for you all.

bjames
Level 5
Level 5
‎01-12-2022 02:35 PM

Very nice descriptive response! I would have to see this on an international connection to know for sure.

Thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents