We thought to ourselves - there has to be a better way. For years deploying Microsoft RDS to 1000’s of people could take a week or longer as IT professionals integrated third-party security products and tried to synchronize multiple moving parts. Deployment was anything but simple.
TruGrid has found a way to simplify, increase security and to deploy Microsoft RDS to hundreds or thousands of desktops in minutes. To truly appreciate TruGrid’s approach, let's take a look at the 8 traditional steps to to deploy RDS. PS... we got it down to 4.
The Traditional (Difficult) Way to Deploy RDS:
Traditionally, using the built-in method to deploy Microsoft RDS requires multiple steps and several moving parts. To securely deploy for 1,000s of desktops with required redundancy and safeguards can take a whole week or longer and typically requires integrating third-party security products. Here’s Microsoft overview diagram of Remote Desktop Services. A summary of the traditional steps is outlined below.
1. Create the RDS Farm
- Install Remote Desktop Connection Broker (RD Connection Broker) roles on one server: Connects or reconnects a client device to RemoteApp programs, session-based desktops and virtual desktops.
- Install Remote Desktop Web Access (RD Web Access) on one server: Enables users to connect to resources provided by session collections and virtual desktop collections by using the Start menu or a web browser.
- Configure SSL Certificate on RD Web Access server
2. Deploy RDS Host Role:
- Install Remote Desktop Session Host (RD Session Host RDSH) roles on one or more servers: Enables one or more servers to host RemoteApp programs or session-based desktops
- Install Remote Desktop Gateway (RD Gateway) on one server: Enables authorized users to connect to virtual desktops, RemoteApp programs, and session-based desktops on the corporate network or over the Internet.
4. Publish Desktops and Applications
5. Configure High Availability for Remote Desktop Connection Broker
- Install SQL Server Database
- Configure Remote Desktop Connection Broker for SQL Server Database
6. Configure Remote Desktop Gateway for High Availability
7. Configure Firewall for TCP Port 443
8. Deploy Two-Factor Authentication / Multifactor Authentication
- Research and select 2FA / MFA vendor
- Make provisions for the selected 2FA / MFA solution
- Deploy selected 2FA / MFA solution
The TruGrid (Simple) Way:
TruGrid is the simplest and most effective way to deploy and secure Microsoft RDS. TruGrid is cloud-based and already contains several of the systems that are traditionally required to be deployed and maintained onsite. With TruGrid, you only need to support and maintain the desktops that your end users need to connect to. TruGrid handles everything else in the Microsoft Azure Cloud.
Below are the basic steps for deploying RDS with TruGrid:
- Register and validate the domain that needs RDS on TruGrid website (5 Mins): This step is a security requirement and ensures that only authorized domains are accessible via TruGrid
- Install and activate the TruGrid Sentry software on one or more servers in your datacenter (5 Mins): The TruGrid Sentry software protects and hides your datacenter from direct Internet access and connects it to TruGrid cloud without any firewall modification
- Populate TruGrid Active Directory security groups (5 Mins): This helps you determine who can access desktops via the TruGrid cloud
- Use TruGrid cloud to assign users to desktops. TruGrid includes integrated 2FA / MFA for all users that cannot be disabled. TruGrid includes Dark Web Scan for all licensed users and will notify administrators if a licensed user’s login name is compromised. TruGrid is secure by design
Please Note: TruGrid does not require any of the below components to create an RDS Farm. The TruGrid Cloud protective layer is your RDS Farm:
- TruGrid does not require firewall ports to be opened on networks with Windows RDS systems. This way, nothing is directly exposed to the internet and nobody knows that your Windows RDS systems exist.
- TruGrid does not need Microsoft RD Web, RD Broker, or RD Gateway. It does not require any third-party VPN or MFA solutions
- TruGrid creates a cloud protective layer with integrated MFA. The TruGrid cloud is protected from denial-of-service attacks. The TruGrid MFA does not send passwords to Active Directory until MFA is validated – thereby making it impossible for passwords to be compromised.
- TruGrid can be added to any network with any number of Windows RDS desktops in minutes.
- TruGrid can link Windows RDS systems in multiple data centers for effortless business continuity.
Here is an architectural overview of TruGrid: https://info.trugrid.com/security
Ready to test it our for yourself? Click below for more information on our 30 day free trial.