Natively, Microsoft Remote Desktop Protocol has no centralized management, limited identity management integration, no auditing or reporting, and no collaboration capabilities.
In addition, RDP is designed for remote access on a local area network (LAN). Establishing remote desktop connections to computers on remote networks usually requires VPN tunneling, port-forwarding, and firewall configurations that compromise security - such as opening the default listening port, TCP 3389.
Fortunately, BeyondTrust lets you eliminate these problems with RDP. Routing RDP through BeyondTrust brings all the appliance-based security benefits of BeyondTrust to each remote desktop connection and gives you new options for collaboration!
BeyondTrust works over the internet and through firewalls with no pre-installed client on the remote computer. Integrating remote desktop brings BeyondTrust’s streamlined connection process to RDP - which makes connecting to Windows systems on remote network both easier and more secure! When you route remote desktop through BeyondTrust, you can still use native RDP to support systems on remote networks. But because BeyondTrust works through firewalls, you prevent the exposure of listening ports to the internet.
Lock down port 3389 for good!
Remote Desktop Protocol does have some identity management capabilities, such as Active Directory (AD) integration and smart card authentication. However, as with many traditional remote access tools, centralized user management remains difficult.
BeyondTrust integrates with LDAP, Active Directory, RADIUS and Kerberos. You can also inject credentials from your password vault. When you use RDP through BeyondTrust, your centrally-controlled user access privileges and authentication methods cascade down to remote desktop sessions. This makes it easier both to require secure authentication before enabling remote access and manage remote access in an ongoing manner.
If a support representative leaves the company, for instance, his RDP privileges are automatically removed from BeyondTrust when you delete him from Active Directory. Automatic deletion protects your systems from unauthorized remote access.
Organizations who use native RDP need a better audit trail. Because RDP has no centralized, tamper-proof logging and reporting, it can be difficult to know how many remote desktop sessions took place, much less who did them or how long they lasted!
BeyondTrust changes that. Built-in reports give you visibility into every remote session, even those involving RDP. All of your support session reports are kept in one, secure repository. BeyondTrust even makes video recordings of remote desktop sessions.
While more recent versions of Remote Desktop use 128-bit encryption, some older versions of RDP do not support this level of encryption.
Contrast that with BeyondTrust, where every connection is guarded with 256-AES SSL encryption. When you route RDP through BeyondTrust, that same level of encryption guards your remote desktop connection.
Every Integrated RDP session connects through a Jumpoint to the BeyondTrust appliance. The Jumpoint can also be used on a remote network to enable secure remote access to Windows systems on that network without opening an external firewall port.
Once you require RDP connections to go through the Jumpoint, you can centrally manage and report on all RDP activity through BeyondTrust.
Have you ever wanted to share a Remote Desktop session with another support rep or expert? The server version of the RDP client allows multiple RDP sessions to occur simultaneously on the same system. But does any version of RDP let multiple people access the same session?
No. But when your route RDP through BeyondTrust, all the collaboration features of BeyondTrust apply to your Remote Desktop session.
That means you can share the same session with another rep, transfer the session to an outside expert, invite someone with specific skills into the session (IIS, for example) or bring a vendor into the session.
BeyondTrust lets you collaborate with almost anyone without disconnecting from your original Remote Desktop session. You can even share a Windows RDP session with a support rep on a Mac or Linux computer. Because you're working through BeyondTrust, you can access Windows systems from non-Windows platforms.
For organizations currently using normal (non-RDP) BeyondTrust sessions, Integrated RDP addresses the following issues:
Integrated Microsoft Remote Desktop Protocol (RDP) allows you to access remote computers, even if the system is unattended. When you connect, you can use commands native to Windows.
But that's not the only way to connect to remote computers with BeyondTrust. Jump Clients are a great Remote Desktop alternative.
You should use a Jump Client whenever