We want to use RD Gateway for remote access to on-prem Windows servers. The RD Gateway will be deployed on the cloud without direct connectivity to the on-prem target machine, the connection from the gateway to the target is through another TCP relay proxy with a random IP/port, which might change between connections. This means that the client specifies the address of the target, but RD Gateway will connect to a different address and port, and the connection will be relayed to the target.
Currently we are doing this with web based RDP connections using Apache Guacamole - since it's open source we can do whatever we want - but that's not the case with RD Gateway. We do have some hook point since we plan to use pluggable authentication and authorization (https://github.com/microsoftarchive/msdn-code-gallery-community-m-r/tree/master/Remote%20Desktop%20Gateway%20Pluggable%20Authentication%20and%20Authorization%20Sample), but I don't think it can be used for address translation.
Is there a way to achieve this using RD Gateway?
Thanks,
Gabriel
Related
I just want my ORACLE APEX APPLICATION along with Database installed in PC-1, and then rest of PC's just access this application via LAN cable or Wi-Fi. How can i do it without using any hosting service!?
And also want to know about the ORDS Restful Services
how to configure it for the other client systems and for the server side!?
Thanks in advance!
Oracle Apex doesn't differ to any other wesite from this point of view.
You need to setup Apex/ORDS listeners, and then you can access it from your local network like :
IpOfThePCWhereApexIsInstalled:PortConfiguredWithApex/Apex
for Example
192.178.160.1:443/Apex (if Apex is configured on port 443)
192.178.160.1:80/Apex (if Apex is configured on port 80)
This way, the browser will search for the ip inside your local network and access it.
I have an Azure VPN client that I use for connecting to a web server using RDP and to an Azure SQL Server instance using SSMS. The problem is, I cannot connect to both at the same time.
When I go to the Networking properties of the VPN connection, then select the properties of TCP/IPv4, if I select "Use default gateway on remote network", I am able to connect to RDP, but not SQL Server. If "Use default gateway on remote network" is not selected, I am able to connect to SQL Server, but not RDP.
What can I do to be able to connect to both at the same time?
As far as I know. By default, once a successful VPN connection creates, the highest priority entry will be added automatically in the local machine route table. When you select Use default gateway on remote network, data that can not be sent on the local network is forwarded to the dial-up network when you are connected to a local network and a dial-up network simultaneously. The local network prefers to select a VPN connection route. The connection to a local network is disconnected automatically by default. So you could RDP to the web server via the private VPN connection in the dial-up network. You could not access the Azure SQL server since the traffic from the dial-up network is not allowed in the firewall of Azure SQL server firewall. In this scenario, you could check if the outgoing traffic to the Internet from your dial-up network is blocking.
When you un-select Use default gateway on remote network, usually default gateway of the PPP adaptor will be empty. In this scenario, you cannot connect to resources on the remote network because you have disabled the Use Default Gateway on Remote Network setting in the VPN TCP/IP configuration. You could add routes for the desired VPN subnets. Refer to this paragraph Configuring Split Tunnel for Windows
You could use route print on the local machine to check the route entry. Compare the route table in the two situations. More details you could get from this DOC.
It sounds to me like you need to configure a service endpoint on your vnet to allow traffic to route through to your Azure SQL database.
https://learn.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview
Try the link above for help configuring it.
How could to connect to Azure DB from any ip that uses Azure,
Without setting the range 0.0.0.0 - 255.255.255.255 in the firewall?
If by connect to Azure DB from any ip that uses Azure you mean any applications running in Azure, then it is possible to do so. In the portal where you configure firewall rules, simply turn on "Allow access to Azure services".
What this does is that it creates a special firewall rule with Start/End IP address as 0.0.0.0. You will not see this firewall rule in portal though.
To do this thing programmatically, simply create a new firewall rule and set the Start/End IP address as 0.0.0.0.
However if your question is about any client IP address that connects to your database, then I would agree with #Aravind's comment above. You should not allow direct connection to your databases from anywhere but only facilitate it via a proxy service/API layer as mentioned by him.
I would like ask if a created google compute engine (vm) can be part of our local area network in our site and serves as our database server where every client can connect through our internet server?
instead of using cloudSQL we will use compute engine to install other database server.
I don't think you can assign a GCE VM to directly have an IP address from your local network, but if you run your own DNS in your network, you could add an entry to point your database server name at the Google IP, and you could configure routes on your network to go through your Internet server to get to that address. Alternately, if you have VPN IPSEC hardware at your site, you could use Cloud VPN to setup a tunnel from your site to your GCE project.
I am making some application and I need to connect to database which is on Amazon server.
It works fine from local but I need direct access to database without ssl tunneling.
On AWS console 3306 port is opened