Hosted RDP, VDI, FTP, VNC, Telnet, and Web Link Security Infrastructure
Written by: Douglas Brown, Microsoft MVP, Citrix CTP
The Problem:
A few months ago I realized I had a real problem that needed to be solved and solved fast. What is the problem you ask? Simply put, I need a way to securely connect to all my applications, servers, and files across my entire working environment. When I say "working environment" I'm including all the different networks I'm required to connect to. For example, I must have access to our remote web server hosted by a different company. I must also point out that I'm not the only person in my company that needs access to these resources and I'm also sometimes required to give contractors access too. All this needs to be easy and secure and I realized I was anything but secure and it was anything but easy.
Don't get me wrong, when I think of remote access I think Citrix. I do have a Citrix Presentation Server farm severing up a vast majority of my applications and most of the desktops we need access to. My problem is that a few of the desktops I need to connect to are hosted elsewhere so I don't have access to install a hardware solution such as a Citrix Access Gateway or traditional VPN appliance nor do I have the ability to bring up a Citrix Presentation Server to serve up the desktop and administrative applications I need to access.
Another problem with Citrix is sometimes it becomes less than finically practical as you might only need access to a few applications and/or desktops and putting in a Citrix environment would just be too expensive as you are not only required to pay for the software but you have the expense of the additional hardware and other hardware related expenses. Not to mention you are required to maintain those servers.
Of course you might just use the built in Remote Desktop (RDP) capabilities found in Windows XP, Windows Vista, Windows 2000 and/or 2003 servers and don't get me wrong, I did. The problem was that by using core remote desktop service I was forced to open the RDP port(s) on my firewall thus opening a potential point of entry for any hacker who dare try to hack their way in to our network. This was not good and left me more than a bit worried. What I needed was a software VPN that I could easily install on the remote server that would simply allow me to secure the RDP traffic. Simple, eh? Yes it should be...
The Solution:
Fortunately for me, about the same time I started looking for a solution to secure my working environment I received a call from a new company who claimed to have created a new "secure" way to connect to desktops and applications called SecureIDA. Perfect timing I thought, so I gave it a shot and needless to say I was very happy with what I found.
I'm a huge fan of a simple solution to complex problems and WorldExtend's SecureIDA is just that. In its simplest form all you need to do is run through a web based wizard which installs an agent on a Windows device within the subnet you wish to securely connect to (you only need one agent per subnet!). Then all we need to do is login to a hosted web interface. Once logged in you are presented with a list of the applications, desktops, and resources you added through this simple wizard.
The following screen shots show the default login page and with the all applications (connections) page.
Once you click on an application or desktop it is launched in a secured RDP session. The software agent installed during setup acts as a secure communications gateway. When your session is launched, the system randomly selects a port (from a pool you establish) and opens it at the exact moment you need it. Once your session is established, the port is returned to the pool. This protects your network from unwanted hackers and Denial of Service attacks. The SecureIDA system is simple but very feature rich and although you can configure your applications and desktops during agent setup this is really just the tip of the iceberg as far as features goes as I learned as I dove deeper in to the product.
SecureIDA is not just another traditional "go to my pc" style solution either. It gives me, as the administrator of my network, the ability to publish applications and desktops and then assign users to those newly created resources, as you do in a Citrix world, but again, without the need for expensive dedicated hardware, software, and maintenance. It does this through a simple "Administration" web admin tool.
The following is a screen shot of the main SecureIDA web admin page which gives you the ability to create a new connection, edit the system settings, view the quick start guide, and/or read the online help.
Let me explain each of these categories in a bit more detail.
· The Connection Wizard category acts as the "wizard" which is where you create a new connection to a desired internal resource. The following screen shot is the first page in this very simple four step process.
The first thing you are required to configure when creating a connection is the type of service you wish to connect to. WorldExtend allows you to securely connect to the following connection types:
ü VPN Tunnel - Allows you to create one or more encrypted channels (pipes) from a remote client to an internal resource using no VPN hardware.
ü Windows Desktop - Allow a remote user to securely access the desktop of a Windows-based computer.
ü Windows Program - Allow a remote user to securely access a single application running on a Microsoft Terminal Server.
ü Remote Launch Pad - The Remote Launch Pad is a WorldExtend application that groups connections into one session.
ü VNC Desktop - Allow a remote user to securely access the desktop of a VNC-based computer.
ü Telnet - Allow a remote user to securely access a Telnet server.
ü FTP - Allow a remote user to securely access an FTP server using a Windows Explorer type interface.
ü Web Link - Allow a remote user to launch a web address within their default web browser.
The next step in setting up a new connection is to define the Windows device you wish to install the agent upon. This is as simple as pointing to the server and the SecureIDA web management tool will do the rest. You are then asked to define the resources you will have access to, for example, local drives and printers. Once you are done setting up how the connection will connect to and what resources you will have access to then you have one step left and that is to simply assign users and groups to it. It is that simple.
· The Systems Settings category gives you the ability to add, edit, or delete any of the configuration settings you defined during the initial online setup of SecureIDA and also to any of the connections you created above. You can also add, edit, or remote IronDoor Agents.
I also must point out that in the "System Settings " category you have the ability to view current user sessions, view the IDA sessions, and view the log files which might help with troubleshooting in case of a problem.
The following is a screen shot of the SecureIDA's System Settings category.
· The Quick Start Guide and Online Help categories are where you will go to learn more about SecureIDA and all the advanced features it has. WorldExtend did this by creating two forms of help.
1. An easy to follow 11 page Quick Start Guide which can be downloaded at: http://downloads.secureida.com/v30n/documentation/wxqsgd.pdf
2. An extensive online help web application as seen below.
As you can see, it is very simple and thus once you have created the desired connections and assigned them to the users and groups then all you need to do is send your users the URL to the login page along with their new username and password and the rest is just self explanatory for them. It is truly that simple. WorldExtend claims you can be up in running in minutes and for me this was true.
Complementing Terminal Services and Remote Desktop Deployments
If you are currently connecting to remote desktops via Remote Desktop connections (RDP) then you will find SecureIDA to be ideal as it secures my connections while centralizing the login and configuration required. It solves two problems, the two big problems, I was experiencing.
· The need to make it easy which SecureIDA does by allowing my users to login via a simple web interface and for the administrators to centrally manage the configuration.
· The need to open the dreaded RPDRDP port of my firewall. Simply put, it is the final piece needed if you are using Terminal Services and do not already have a VPN solution in place.
Conclusion:
Now that I have implemented SecureIDA in my environment I have solved the above problem at the same time given myself the following thee key benefits.
1. Easy - SecureIDA was very easy for me to implement for me and my employees. It took less than 30 minutes.
2. Cost Effective - Thanks to the fact that SecureIDA is a hosted security solution I was not required to install any additional hardware or software that takes time and money to maintain. All this is being done by WorldExtend.
3. Powerful - Due to SecureIDA's ability to secure not only RDP connections but FTP, Telnet, VNC, and web links I was able to secure my entire environment with one solution through one interface.
Simply put, SecureIDA is not just another Citrix alternative but due to its architecture it is a very cost effective solution allowing you to quickly and easily gain access to the resources you need, no matter where they reside.
I recommend you give it a shot. The first two application publishing user connections are free (they throw in a lot of other free platform elements as well) so visit http://www.secureida.com/ today and try it for yourself. I think you will find it as easy and powerful as I did.
Article Tags
Trackback this Article
http://www.dabcc.com/trackback.aspx?nCdType=1&nCdContent=5033
Latest Articles