Remote Desktop (RDP)

Natively, Microsoft Remote Desktop Protocol has no centralized management, limited identity management integration, no auditing or reporting, and no collaboration capabilities.

In addition, RDP is designed for remote access on a local area network (LAN). Establishing remote desktop connections to computers on remote networks usually requires VPN tunneling, port-forwarding, and firewall configurations that compromise security - such as opening the default listening port, TCP 3389.

Fortunately, BeyondTrust lets you eliminate these problems with RDP. Routing RDP through BeyondTrust brings all the appliance-based security benefits of BeyondTrust to each remote desktop connection and gives you new options for collaboration!

Eliminate RDP Port-Forwarding, VPN Tunneling and Risky Firewall Configuration

BeyondTrust works over the internet and through firewalls with no pre-installed client on the remote computer. Integrating remote desktop brings BeyondTrust’s streamlined connection process to RDP - which makes connecting to Windows systems on remote network both easier and more secure! When you route remote desktop through BeyondTrust, you can still use native RDP to support systems on remote networks. But because BeyondTrust works through firewalls, you prevent the exposure of listening ports to the internet.

Lock down port 3389 for good!

Define Who Can Use Remote Desktop Connections

Remote Desktop Protocol does have some identity management capabilities, such as Active Directory (AD) integration and smart card authentication. However, as with many traditional remote access tools, centralized user management remains difficult.

BeyondTrust integrates with LDAP, Active Directory, RADIUS and Kerberos. You can also inject credentials from your password vault. When you use RDP through BeyondTrust, your centrally-controlled user access privileges and authentication methods cascade down to remote desktop sessions. This makes it easier both to require secure authentication before enabling remote access and manage remote access in an ongoing manner.

If a support representative leaves the company, for instance, his RDP privileges are automatically removed from BeyondTrust when you delete him from Active Directory. Automatic deletion protects your systems from unauthorized remote access.

Remote Desktop Security Requires an Audit Trail

Organizations who use native RDP need a better audit trail. Because RDP has no centralized, tamper-proof logging and reporting, it can be difficult to know how many remote desktop sessions took place, much less who did them or how long they lasted!

BeyondTrust changes that. Built-in reports give you visibility into every remote session, even those involving RDP. All of your support session reports are kept in one, secure repository. BeyondTrust even makes video recordings of remote desktop sessions.

Secure Encryption Guards Each Remote Desktop Connection

While more recent versions of Remote Desktop use 128-bit encryption, some older versions of RDP do not support this level of encryption.

Contrast that with BeyondTrust, where every connection is guarded with 256-AES SSL encryption. When you route RDP through BeyondTrust, that same level of encryption guards your remote desktop connection.

How Remote Desktop Protocol works in BeyondTrust

Every Integrated RDP session connects through a Jumpoint to the BeyondTrust appliance. The Jumpoint can also be used on a remote network to enable secure remote access to Windows systems on that network without opening an external firewall port.

Once you require RDP connections to go through the Jumpoint, you can centrally manage and report on all RDP activity through BeyondTrust.

Jumpoints also make other BeyondTrust features available, such as Intel vPro, isolated LAN support and auditable SSH/Telnet support.

Have you ever wanted to share a Remote Desktop session with another support rep or expert? The server version of the RDP client allows multiple RDP sessions to occur simultaneously on the same system. But does any version of RDP let multiple people access the same session?

No. But when your route RDP through BeyondTrust, all the collaboration features of BeyondTrust apply to your Remote Desktop session.

That means you can share the same session with another rep, transfer the session to an outside expert, invite someone with specific skills into the session (IIS, for example) or bring a vendor into the session.

BeyondTrust lets you collaborate with almost anyone without disconnecting from your original Remote Desktop session. You can even share a Windows RDP session with a support rep on a Mac or Linux computer. Because you're working through BeyondTrust, you can access Windows systems from non-Windows platforms.

For organizations currently using normal (non-RDP) BeyondTrust sessions, Integrated RDP addresses the following issues:

• Standard BeyondTrust session can only connect to a single instance of a Windows Server. Integrated RDP can access the console and Terminal Services sessions of a Windows Server.
• Current BeyondTrust clientless Jump-To requires a non-standard configuration of the endpoint. Integrated RDP uses the built-in Remote Desktop feature of Windows operating systems.
• Standard BeyondTrust sessions allow the end-user to view the screen (even privacy screen can be overridden by the end-user). Integrated RDP allows reps to support an endpoint in a unique user session.
• The endpoint screen resolution can be very different in a standard BeyondTrust session, which can be challenging to support. Integrated RDP allows support reps to specify display resolution and quality before initiating a support session.

Integrated Microsoft Remote Desktop Protocol (RDP) allows you to access remote computers, even if the system is unattended. When you connect, you can use commands native to Windows.

But that's not the only way to connect to remote computers with BeyondTrust. Jump Clients are a great Remote Desktop alternative.

You should use a Jump Client whenever

• The computer may leave the network
• You want more detailed reporting
• You want remote access from a mobile device, such as an iPad or Android tablet
• You want the benefit of BeyondTrust's support session tools