There are two ways to protect RDP servers:
- Native 2FA agents
- Via TRASA access proxy
Either way, you need to create a service first.
1. Native 2FA agents
You need to install and configure 2fa agents in all RDP servers you want to protect. This guide will help you configure native agents in windows.
If you install a native 2fa agent, the 2FA prompt will be shown in local login as well as RDP login.
2. RDP Access Proxy
To use TRASA as an RDP proxy, you need to configure firewall rules to enforce RDP access from TRASA only.
We only support access through RDP proxy from a browser. So, users need to log into the TRASA dashboard(web app) to access RDP. Learn more about accessing RDP proxy here.
TRASA uses guacamole to connect to the RDP server. To enable RDP, guacd (guacamole server daemon) must be running. By default, TRASA will look for guacd on 127.0.0.1:4822, but you can change that in config.