Creating secure RDP proxy sessions using your native Desktop or Mobile Applications
Xton Access Manager (XTAM) can create quick, easy and secure native client high-trust logins using your own desktop or mobile RDP client like Windows RDP client (MSTSC), Mac RDP client, Remote Desktop Connection Manager and mRemote while enforcing audit events, notifications, permissions, access request and password rotation. Unlike other products, the XTAM RDP Proxy provides this without having to download, install or maintain any custom launchers, agents or deployment packages to your computer or device!
Now your privileged users can securely connect to your managed Windows endpoints over RDP without disclosing passwords:
- Using their native Web browser (desktop or mobile) without installing any custom launchers, agents or packages.
- Using their native RDP client (desktop or mobile) without installing any custom launchers, agents or packages.
Secured passwords are never sent or synced to the user’s computer or mobile device. XTAM maintains complete and total control of all passwords while the user connects to the managed endpoint and it can even reset the password after the user’s session has completed.
The following sections describe how to create secure Windows Host RDP records in XTAM and then how to use these records in your native desktop or mobile clients.
Enabling RDP Proxy in XTAM
Login to XTAM with a System Administrator account
Navigate to Administration > Setting > Parameters
Locate and modify the following settings:
RDP Proxy: Switch this option to Enabled and click the Save button to its right.
RDP Proxy Port: Use or change the port value that XTAM will use for RDP proxy and click the Save button to its right.
Once both settings have been updated and saved, restart the PamManagement service (Windows) or pammanager service (Unix/Linux).
When the services is fully restarted (can take 1-5 minutes), the RDP proxy module is online.
Creating a RDP session record in XTAM
In XTAM, navigate to a Vault or Container and create a new record using the Windows Host record type.
Populate all the fields with your endpoint’s connection details.
Click the Save and Return button.
Your record is now saved and under management in XTAM. All access to this record will be captured in the audit log, including Active and Completed sessions. Permissions and workflows can also be applied to your users or groups ensuring only authorized personnel can access to the record.
Using your RDP session record in a native RDP Client
You can create your remote session in your native RDP client using one of two methods. The first method is to populate your connection parameters into the client manually and the second method is to download a remote desktop file that already contains your Host and User values. If you choose to download the remote desktop file, then you can skip to step 5 in this section. Please note that for MFA authentication, your User value will need to be updated to contain the MFA token or MFA type as described below.
If you are currently logged into XTAM, please logout and log back in to the web portal. Any users that wish to connect using the RDP Proxy must sign in to the XTAM web portal once so their account can be automatically registered for this feature. They only need to do this login once, not every time that want to connect with the RDP Proxy.
Open your local RDP client (we will use the native Windows 10 RDP client in our example but most other RDP clients function similarly) and create a new session.
In the Computer field, enter the hostname of your XTAM serverfollowed by the configured RDP proxy port. For example, xtam.company.com:3388.
In the User name field, enter a user string as described below:
YourXTAMLoginName#XTAMrecordName or YourXTAMLoginName#XTAMrecordID
For example, if your login to XTAM was the username bwilliams and the XTAM record that contains the Windows Host RDP details has the name Windows Production Server and ID i-hyG1KUfAHh8, then the login string would be bwilliams#Windows Production Server or bwilliams#i-hyG1KUfAHh8
Now, click the Connect button in your client.
Enter the password for your XTAM user account when prompted and click OK. Note that you will be connecting to the XTAM server rather than directly to this Windows endpoint.
Confirm the XTAM security certificate by clicking the Yes button.
After a few moments, you will be connected to the remote RDP endpoint using the secured connection details in the referenced XTAM record.
To confirm that the session is being provided via XTAM, you can navigate to the Session tab of this record and note that there is now an Active session using this record. When you end the session using the native Disconnect or Sign Out options, the session will be reported as Completed.
Example using Remote Desktop Connection Manager
Example using mRemoteNG
Example using a generic RDP Mobile App