With the release of Windows Server 2012 R2, Microsoft added a new feature for the RD Gateway role called Pluggable Authentication.
“…Remote Desktop Gateway pluggable authentication. Both customers and partners asked for a more flexible way to authenticate users connecting from the Internet. RD Gateway pluggable authentication allows custom authentication routines to be used with RD Gateway. This can provide custom two-factor authentication and works seamlessly with Remote Desktop Web Access (RD Web Access) or RDP file resource launching (even when using third-party browsers with RD Web Access)…”
Source: http://blogs.msdn.com/b/rds/archive/2013/07/09/what-s-new-in-remote-desktop-services-for-windows-server-2012-r2.aspx
In addition to that, Microsoft released sample code to explain the available Remote Desktop Gateway (RD Gateway) authentication and authorization models and demonstrate how to deploy authentication and authorization plug-ins for RD Gateway.
More info and download: http://code.msdn.microsoft.com/Remote-Desktop-Gateway-517d6273/view/Reviews
Hi Freek - are you aware of any 2FA vendors using the PAA model to secure RD Gateway? I know of Azure MFA and I think Duo Security uses a similar model, I'm wondering if there were any others to look into?
ReplyDeleteHi Tom,
ReplyDeleteYes, there are a few. I personally like Azure MFA a lot. If you're interested, here's an article I co-authored on that:
http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/