cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Simple Remote Desktop Services deployment

Rui Cabral
Brass Contributor

‎Mar 27 2020 05:33 PM

‎Mar 27 2020 05:33 PM

Simple Remote Desktop Services deployment

Hi,
I need to expose a windows server vm which is hoated in Azure, to 3 users for temporary use. I could simply setup RDP with public IP and get the users to connect, but I am afraid this is not secure and I could be exposing the vm access.

The use case is too small for a full blown vdi solution because this is for time to time use.

I though about using WebRD to push the rdp app or tje server desktop. This would add another layer of security.

I can not find a clear guide of what i need to deploy this and if i can do it all with 1 single vm which is actually the hoat i am trying to provision access to.
Also, i can not understand what do i need from a service license point of view. From license i already have vm running so i know about these costs. Its more about the rds setup and access.

Thank you.
1,787 Views
0 Likes
2 Replies
Reply
2 Replies
Bryan Haslip

‎Mar 27 2020 09:44 PM

‎Mar 27 2020 09:44 PM

Re: Simple Remote Desktop Services deployment

You could definitely deploy this all in one VM knowing it is for temporary use. The simplest setup would be to put a Network Security Group in front of the VM and only open TCP 3389 to the ip's of where your users are coming from. If this is going to connect to any services on premises I would highly recommend to firewall the traffic. The NSG does not do deep packet inspection it simply deny's or allows traffic based on your rules. 

 

@Rui Cabral 

0 Likes
Reply
Jamesdld

‎Mar 31 2020 08:40 AM

‎Mar 31 2020 08:40 AM

Re: Simple Remote Desktop Services deployment

Hello,

 

there is a dedicated service for that called Azure Bastion.

- User will connect to the portal with there Azure AD credential (MFA enabled as a good practice)

- They will click on the "Bastion" panel of the VM and use the VM credential and this connection will be done over HTTPS.

 

As another good practice you could also set is to configure NSG on the Bastion subnet and on your VM, for that you could refer to this article: https://docs.microsoft.com/en-us/azure/bastion/bastion-nsg

 

Just keep in mind that an Azure Bastion could cover the connection to the VM located in only one virtual network. If you have over vnet you will need to create one bastion per vnet.

 

Regards,

James

0 Likes
Reply