RD Gateway Agent - Together With RDWeb
Microsoft Remote Desktop Gateway
A gateway is any computer that connects two networks that use different network protocols. A gateway reformats information from one network so that it is compatible with the other network.
The Microsoft Remote Desktop Gateway (RD Gateway) server is a type of gateway that enables authorized users to connect to remote computers on a corporate network from any computer with an Internet connection. RD Gateway uses the Remote Desktop Protocol (RDP) along with the HTTPS protocol to help create a more secure, encrypted connection.
The RD Gateway server enables remote desktop connections to a corporate network without having to set up virtual private network (VPN) connections.
SafeNet Agent For Remote Desktop Gateway
The SafeNet Agent for RD Gateway is a solution to enable strong, Two-Factor Authentication (2FA) on users who wish to access any protected RD resource behind a Remote Desktop Gateway.
Note
The SafeNet Agent for RD Gateway version 1.0 is not supported in high availability Remote Desktop Services configuration.
The SafeNet Agent for RD Gateway is built on top of Microsoft Pluggable Authentication and Authorization (PAA) framework in combination with an integrated approach to provide uniform user login experience on the Microsoft Remote Desktop Web Portal. The Remote Desktop Gateway Agent comprises of the following four components:
-
PAA Plugin: This is built on top of Microsoft PAA framework, and sits and runs on the server which is configured as a Remote Desktop Gateway.
-
SafeNet RD Gateway Monitor service: This service monitors the connections established between the client machine and Session Hosts via RD Gateway, and disconnects any session that is invalid.
-
Remote Desktop Web Update: Remote Desktop Web Access (RD Web Access), formerly Terminal Services Web Access (TS Web Access), enables users to access Remote Desktop Connections.
RD Web Access includes Remote Desktop Web Connection, which enables users to connect remotely to the desktop of any computer where they have Remote Desktop access. In order to support strong authentication at RD Gateway, some updates have been incorporated in the RD Web. This part of the solution includes custom login page module, default page module, and inbuilt security modules that together with the other solution components enable strong authentication of the user at RD Gateway.
-
ActiveX for SafeNet Agent: A custom Active X component will handle the direct invocation of RDP session from within the Internet Explorer.
The Pluggable Authentication and Authorization (PAA) framework for RD Gateway provided by Microsoft allows custom authentication and authorization routines to be used with RD Gateway. This can provide custom two-factor authentication and works seamlessly with Remote Desktop Web Access (RD Web Access) or RDP file resource launching.
Agent Features
Following are the features of the SafeNet Agent for RD Gateway:
-
Resource Access Duration: The user is allowed access to a remote resource only for a specific duration, which is set by the administrator.
-
One-time Usage of RDP File: Once the RDP file is used to access a remote resource, that RDP file cannot be used again unless the administrator permits.
-
Binding an RDP File to an IP Address: The RDP file can be accessed only from the machine where the RDP file was downloaded. If the RDP file is copied to another machine then the user's session will be forcefully disconnected.
-
Binding a User to an RDP File: The remote resource can be accessed only from the user login using which the RDP file was downloaded. If any other user tries to access the remote resource, the session will be forcefully disconnected.
-
Support of Native RAP: The SafeNet Agent for RD Gateway supports native Microsoft authorization.
-
Direct Access Prevention: The SafeNet Agent for RD Gateway restricts access to users who do not come through RD Web. That is, if the user provides the gateway host directly on the remote desktop connection, the connection is denied.
-
Application Support: The SafeNet Agent for RDGateway does not support Microsoft Remote Applications and some functionalities may not work.
System Requirements
| Category | Details |
|---|---|
| Operating Systems | • Windows Server 2012 R2 (64-bit) • Windows Server 2016 (64-bit) • Windows Server 2019 (64-bit) • Windows Server 2025 (64-bit) |
| Architecture | 64-bit |
| Web Servers | • IIS 8.5 • IIS 10 |
| Operating System for ActiveX (Client Machine) | Windows 10 |
| Web Browsers for ActiveX (Client Machine) | • Internet Explorer 11 (supported till June 15, 2022) • Microsoft Edge* *Since Microsoft will retire Internet Explorer 11 on June 15, 2022, we recommend using Microsoft Edge with Internet Explorer mode. For more details, see Enable IE mode in Edge browser. |
Applicability
The information in this document applies to the following:
-
SafeNet Trusted Access (STA) (earlier, SAS Cloud) — The SafeNet's cloud-based authentication service.
-
SafeNet Authentication Service - Service Provider Edition (SAS SPE) — The on-premises, server version targeted at service providers interested in hosting SAS in their data center(s).
-
SafeNet Authentication Service - Private Cloud Edition (SAS PCE) — The on-premises, server version targeted at organizations interested in hosting SAS in their private cloud environment.