Get rid of your VPN – Freedom for your hosted legacy apps

by |

Get rid of your VPN – Freedom for your hosted legacy apps
© AZarubaika / istockphoto.com

Consumerization of IT

Cloud, SaaS, IoT – These buzzwords are not just limited to IT departments now, they are everywhere including consumer products. More and more, the IT department of an enterprise gets requests from end users, because these things are expected. Gartner calls this initiative the “Consumerization of IT”, or in other words, the end user has expectations how IT should work. Especially in many customer projects we hear the same requirement over and over again, “Offer all services without the requirements of a VPN”. The reasons are obvious for at least the mobile workforce, and we can see this in hotels that only support free WiFi for Mail and Web-Browsing but VPN is not possible or comes with an additional surcharge.

MyWorkspace Meets This Expectation

MyWorkspace offers a seamless integration between SaaS-Applications running in the cloud anywhere, and hosted Remote Apps running in your on-premise data center. When you combine this with Silverback by Matrix42 and the Silverback Mail Gateway you hold all pieces for a modern hybrid Workspace in your hand.

When you finish this article, you will be able to implement the MyWorkspace Remote Desktop Gateway. You’ll then be free to serve legacy apps to your users without a VPN or additional software on their devices. In other words your end users will be able to use apps on every device whether it’s a Smartphone, Tablet, Laptop, ThinClient or a good old Desktop. You can improve the security by using this in combination with Silverback, but this will be part of another post.

Deployment Overview

In short there are three different deployment options that the Matrix42 Remote Desktop Gateway supports. You can deploy this as:

  • An On-Premise-Gateway
  • An Internal HTTP to RDP Gateway
  • A Hybrid-Cloud-Connector

The following picture illustrates the different options in a more detailed way:

mwd-deployment-options

The Matrix42 Remote Desktop Gateway is a fully managed Linux appliance, which you can deploy on any virtual or physical machine within your network. We offer enhanced support for the latest Ubuntu Server LTS version.

Step 1 – Ensure that you fulfill all requirements

The solution relies heavily on the Docker platform to deliver fast, easy and reliable updates of the appliance. When you use a Docker hosting infrastructure like Docker Swarm, the Matrix42 Remote Desktop Gateway plays well with it. You need to fulfill the following requirements for an on-premise installation:

  • Virtual Machine or physical server which runs Linux as operating system. The preferred distribution is Ubuntu Linux with the last stable LTS version.
  • The available gallery images in Microsoft Azure and Amazon Web-Services are usable out of the box
  • Docker Services – You can install the Docker services with the following command:

Step 2 – Install the Gateway Controller

The Gateway Controller is a command line application delivered by Matrix42. This allows you to manage the Remote Desktop Gateway. You can install the Gateway Controller as simply as most other Linux services, via the wget command:

Step 3 – Announce the Gateway to MyWorkspace

To establish a trust relationship between your gateway and MyWorkspace you need to make sure your gateway is announced. You can trigger this with the Gateway Controller but this requires the TenantId. You can find this in the MyWorkspace Admin Portal, here: Admin-Portal – Overview

Copy the TenantId and execute the following command to announce the new gateway to MyWorkspace:

During this step your gateway will generate a unique identifier which is stored in /etc/matrix42/environment.json. All files in the folder /etc/matrix42 should be stored safely in a backup in case something needs to be recovered. You should use the same configuration if you intend to deploy multiple gateways for high availability.

Step 4 – Start the Services

After a successful announcement, you can start the services. Your system will also register a Docker restart policy, which means when your server reboots the container will start automatically.

Step 5 – Activate the Announced Gateway

The trust relationship between MyWorkspace and the Remote Desktop Gateway, needs to be approved by the MyWorkspace Administrator. The newly announced appliance should be visible in the Connectors section of the MyWorkspace administration area, here: Admin-Portal – Connectors

mws-connector-approval

Step 6 – Provide a connection URL

The external connection URL is typically different to the internal hostname of the Remote Desktop Gateway. Because of that it’s necessary to provide a connection url which will be used from the MyWorkspace Launchpad when connecting to RDP applications:

mws-add-connector-url

Finally, after this you can use the Gateway in Remote Desktop Connections and Remote App Definitions for the different three deployment scenarios as described above.

Tip: If you have no valid SSL certificate installed, your gateway will show a warning in the admin console. To remove this warning, follow this white paper to replace the self signed certificate with a certificate from your enterprise.

Additional Resources

Leave a Reply

Your email address will not be published.