IBM Support

RDP Proxying

Question & Answer


RDP Proxying


The RDP Proxying feature allows RDP connections, established using the launcher, to be routed through Secret Server. It does this using a SSH tunnel, created using SSH local client port forwarding, from the client's machine to the Secret Server SSH Proxy.
RDP Proxying requires that the SSH Proxy is enabled with the SSH Tunneling setting turned on.
How it works
1. The user clicks the RDP launcher in Secret Server.
2. The launcher executes on the client's machine.
3. The launcher establishes a connection to the SSH Proxy using unique credentials generated for the session. These credentials are short lived and can only be used once.
4. Once the launcher has successfully authenticated with the SSH Proxy, the launcher will open a socket and listen for a connection on an available ephemeral port (the forwarding port) on the client's machine.
5. RDP launches on the client machine and connects locally to the forwarding port.
6. All RDP traffic for this session is now routed through the SSH tunnel to Secret Server, then forwarded to the target machine.
7. The RDP session is established.

[{"Product":{"code":"SSWHLP","label":"IBM Security Secret Server"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
17 June 2018