Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft for connecting to Windows devices remotely to access the full Windows desktop. With Axis Security, RDP servers are not exposed to the Internet because users must pass through the Axis Cloud, which protects the RDP server from threats like ransomware and known Common Vulnerabilities and Exposures (CVE) related to the RDP protocol. Because RDP Applications are published through Axis Security, users are never directly accessing RDP resources. In this way, Axis Security provides more secure access. Additionally, Axis provides visibility (logs events) when users access RDP through axis.
Axis Security offers RDP options for the Atmos Agent and Agentless deployments.
Use the *Remote Desktop Server **option to provide access to a specific RDP server. Learn more.
Axis Security has another RDP offering, Remote Desktop Pool.
Use this option to provide:
- Desktop access to a pool of load balancing RDP servers
- Access to one or more applications without providing access to the desktop
- Access to an application for a single RDP server
Only the remote desktop pool option provides access to applications.
You must configure your Windows servers registry (manually or via policy) to allow specific remote applications to be published; otherwise your published applications through Axis Cloud will not work.
Axis Security Architecture from an RDP Perspective
The following diagram illustrates Axis Security and how it provides access to resources via RDP using the native RDP client.
The following native RDP integration flow outlines the flow of events through the architecture diagram. It shows the different components in Axis Cloud architecture from the RDP, Axis Portal, and Axis Connector perspective, how they work, and how the Axis Cloud connects to them.
The users go to the Axis Portal and download an Axis RDP file, which contains their RDP settings.
The RDP file allows the Windows client to make a connection to the Axis Cloud front-end RDP.
Axis Security transfers a security token that validates the user against the Axis Cloud.
For native RDP, the Axis Cloud uses only port 3389.
- The Front-end RDP verifies that the client gets access to a specific target and begins communicating with the Axis Security backend to allocate a connection from the Axis Connector.
- Axis Security initiates a connection with the Windows Server and acts as a smart proxy and monitors the connection.
With the native RDP client, the desktop, the user experience is much smoother and faster because it is running natively. It provides better resolution and smoother video playing.
In contrast to the native RDP client, the Web RDP client is useful for supporting different types of devices (phones, tables, laptops), operating systems, and only requires a browser. Web RDP is transported over HTTPS.
The Axis RDP launcher file contains RDP settings to communicate with the Axis Cloud RDP front end. These settings identify the user, tenant, and target that the user needs to meet to establish a connection with the right server using the right Axis Connector.
From the Axis User Portal, users can start an RDP session by one of the following:
- Native Client: Download an RDP launcher file to connect natively and import it into their RDP client.
- Web RDP Client: Open a web RDP session in their browser and then enter their RDP credentials to connect to a configured RDP server (s).
The Axis administrator can prompt users to enter their Windows credentials for the RDP session or pre-populate this information so that the users are not prompted for their credentials.
Updated 5 months ago