Let’s start with the definition.
Remote Desktop Gateway (RDG or RD Gateway) is a role service that enables authorized remote users to connect to resources on an internal corporate or private network, from any Internet-connected device that can run the Remote Desktop Connection (RDC) client. It encrypts the RDC traffic into an HTTPS tunnel which creates a secure connection.
In layman’s lingo, RD Gateway is basically a funnel into your corporate environment. However, before you can use RD Gateway in your environment, clients must meet the conditions specified in at least one Remote Desktop connection authorization policy (RD CAP) and Remote Desktop resource authorization policy (RD RAP). RD CAPS specify who can connect to an RD Gateway server and the authentication method that must be used.
Now, because RD Gateway acts as a proxy between the external user and the Remote Desktop infrastructure, system administrators monitor those connections for security reasons.
The management also wants this info to track people’s remote logins and see who’s remoting into their desktops using RD Gateway to check who’s really working remotely from home and who’s just fooling around.
For system admins, knowing who’s connecting through RD Gateway is an absolute must. By monitoring active and inactive RD Gateway connections, you can tell if there’s anything strange going on, especially these days, when remote work is a common scenario.
For example, you might have an unknown user trying to connect to the corporate network in the dead of night from an unknown IP address.
How can you tell if that’s a colleague working from home once they have put their kids to sleep? If you don’t monitor RD Gateway connections, how will you be able to spot a potential hacker who tried to log in with the wrong user ID and password.
Auditing user logons through the RD Gateway is demanding. You have three ways to do this. First you can log onto each server to check for failed and successful logins (if you have enabled this feature). Second, you can deploy a custom PowerShell script to extract this kind of information automatically from the Event Log.
The first option takes time and it’s a hassle because you have to dig your way through all those logs. You’d go bananas before you have any real records. For the second one, you need a good PowerShell script or have enough skills to write your own.
The third option is to use a third-party tool to put all the information you need on one central console.
Well, apart from knowing WHO is using the RD Gateway to access the corporate network from the outside, you need the following:
As I’ve already mentioned, you can audit and monitor Remote Desktop Gateway connections with a third-party tool. One of server monitoring tools is Syskit Monitor, a monitoring and administration tool that tracks server performance, licenses, applications, and user activities to make your life as a system admin more enjoyable.
Syskit Monitor automatically gathers real-time and historical data to give a complete logon history through the Remote Desktop Gateway. These data are collected and available within a single interface. Also, all Remote Desktop Gateway reports are represented as professional-looking documentation and can be saved and exported as Word or Excel files.
Syskit Monitor offers Remote Desktop Gateway monitoring and gathers the following:
You can start with a 30-day trial version today and test out the other features that Syskit Monitor has to offer, like diagnosing server performance problems, tracking system inventory, and monitoring application usage.