The Best Security Architecture for Microsoft RDS

TruGrid blog image - Best security architecture for Microsoft RDS featured image

Microsoft provides two different architectures for deploying Remote Desktop Services: the traditional method and the highly available method. Let’s take a look at each one and compare the security features to the TruGrid advantage:

Traditional RDS Deployment

Traditional RDS deployment looks like the following:

The standard deployment method is usually suitable for any application. Users can access the virtual network from an internet connection, through the RD Gateway and RD Web access points.

The basic deployment can be set up for remote apps and session-based desktop virtualization.  

Highly Available RDS Deployment

The highly available RDS deployment is nearly identical to the basic deployment. The primary differences are that the highly available RDS deployment method requires setup on multiple servers to create highest possible uptime for RDS users and the presence of the Azure SQL database. It looks like the following:

The TruGrid Advantage

In each of the two deployment methods provided by Microsoft, there are some built-in security features but not without a few potential setbacks. Both configurations expose your network to the internet. Both require a virtual network to access your data. And there are several third-party integrations you will need to invest in to create a complete security solution.

TruGrid provides a third option for safe, secure, scalable RDS architecture. 

Compare the image below with the Microsoft illustrations:

As an integrated solution, TruGrid has created a comprehensive security layer that protects your network and critical data.

Take a look at what gives TruGrid the security advantages over traditional RDS deployment:

Fully Integrated Security Features

TruGrid offers integrated multi factor authentication and threat detection to keep your users safe, so there’s no need to shop for a third-party solution and try to include it in your RDS infrastructure.

Multi factor authentication with TruGrid provides additional security layer beyond the username and password to ensure that only authorized users can access the network. Moreover, TruGrid MFA includes a proprietary security feature that virtually makes password attacks impossible.

Geo IP Blocking

You can set up TruGrid to make your RDS only accessible from certain geographical areas and block out locations that don’t comply with your requirements. This helps to limit user access based on geographical location to prevent your data from falling into the wrong hands.

Compromised Login Monitoring

TruGrid’s robust solution includes an automatic scan of all authorized users against compromised databases, usually referred to as the Dark Web. You will be notified if any of your user logons are in these Dark Web databases

Automatic Session Time Outs

When you have remote workers, you never know exactly where they’re accessing your network from, or who might happen to be around them. If a user is inactive for 15 minutes, TruGrid’s security will automatically log them out of their web session. This way, unattended web sessions are logged off to protect your company data.

Enhanced Network Security

TruGrid was designed to provide superior security for your network, including mitigating the risk of distributed denial of service attacks that could leave you vulnerable to hackers. 

One of TruGrid’s crowning features is that no one will know your virtual network even exists, except for its users. 

There’s also no need to alter your firewall protections. An open port on your firewall can easily be discovered by would-be hackers. It exposes you directly to the internet, just like placing a computer in a public space and allowing anyone attempt to log in (only worse, since the internet is used by people all over the world, not just a single public space). 

Active Directory Anti Hacking Feature

Your Active Directory is full of highly sensitive information. Everything about your domain is stored here: usernames and passwords, transactions, hardware, apps, and more. If a hacker were to gain entry to the Active Directory, they could control your entire system. 

Hackers often infiltrate the Active Directory through password hack or theft, an infected file, flash drive, or email. They can break into the system to gain admin rights, which will allow them to steal things like banking information and credit card numbers – even identities. 

TruGrid’s anti hacking feature protects your Active Directory from over-the-internet password hacks with a proprietary solution that keeps unauthorized users where they belong.  

Cloud-Based Security at Scale

Microsoft RDS offers several types of configurations: on premise, cloud, or a hybrid model. Each setup looks and functions a little differently, including how they’re maintained. In any case, it’s a lengthy process to set up, usually taking about a week to make the infrastructure fully functional.

TruGrid is a comprehensive, cloud-based solution that takes much of the guesswork and hassle out of creating your RDS from scratch.

Within about 15 minutes, you can successfully deploy TruGrid and all its security features to all of your devices, regardless of their location on-premise or cloud. 

This is perhaps one of the biggest security perks of using TruGrid over traditional RDS deployment. Because almost every step has already been done for you, there’s less room for error in setting up a safe RDS environment. You don’t have to spend time sourcing third party providers for added security. You don’t have to make any changes to your firewall or create an RDS farm or worry about server maintenance. TruGrid does it all for you, in the safest way possible.

How to Deploy TruGrid for Safe Remote Connections

Ready to see TruGrid in action for yourself? Take a free 30-day test drive of TruGrid and see how it’s creating the safest remote connections in the industry.