Accessing an RDS server from the Remote Desktop Manager (RDM) application with recording and password vault¶
This article describes the procedure for using the Remote Desktop Manager (RDM) application installed locally on a user's workstation, while recording the session and using the password vault.
This way, users, whether they are internal to the organization or remote, can continue to use this application without having to go through the user web portal.
The operating principle is as follows: from the local RDM application on the user's workstation, an RDP connection will be initiated directly to the cyberelements Edge Gateway which, depending on the authorizations and settings in place, will allow access to a target RDP server.
A remote user must first have a VPN connection.
Prerequisites¶
Attention
At this stage, certain MFAs are not supported in direct access without an agent.
These are MFA types such as: FIDO2, user certificate, or e-CPS.
The authentication domain must therefore be duplicated. Leave the Authentication token field blank for internal users performing direct access:
It is necessary to enable the cleanroom-xdrp-direct service present by default on cyberelements Edge Gateway servers for direct agentless RDP access.
Start by opening an SSH session as root on the relevant Edge Gateway server.
Then run the following command to enable:
1 | |
Next, use the following command to start the service:
1 | |
Information
You can check the status of the service by running the command:
1 | |
Configuration of accessible applications¶
Start by configuring the target RDP applications.
The Without agent mode box must be checked.
Example
Configuration of a contract without access¶
You must then configure an access contract to allow users to access the resource directly.
Open the contrat d'accès RDP direct sans agent menu:
In the Groups tab, select the user groups concerned by the contract by simply dragging and dropping them from the list on the right:
In the Sites tab, select the site concerned:
In the Applications tab, select the applications that users will be able to access. The applications are organized by category. You can select an entire category by clicking on it, or select only certain applications by clicking on to expand the category:
Login syntax in the Remote Desktop Manager application¶
A specific syntax must be used to log in to the RDM application on the workstation.
The syntax has the following form: USERNAME/CYBERELEMENTS_DOMAIN_NAME:APPLICATION_NAME
Warning!
The syntax is case sensitive!
Customize your login according to your authentication settings:
| Custom value | Variable | Description |
|---|---|---|
USERNAME |
User name cyberelements.io or cyberelements Cleanroom | |
CYBERELEMENTS_DOMAIN_NAME |
Name of identity provider cyberelements.io or cyberelements Cleanroom domain for user login | |
APPLICATION_NAME |
Name of the RDP application without agent to be accessed |
1 | |
Example
Note
- Le mot de passe est à laisser vide.
- L'IP cible est celle du serveur Edge Gateway cyberelements du site concerné
When you start the connection, you will be asked for the account password specified in the previous identifier:
After entering the password, the connection to the server is established and a message reminds you that the session is being recorded:
