This article describes Banyan’s capability to access an Individual RDP Server. With the release of Netagent v1.27.1 in August-2020, this technique has been superseded by Banyan’s Access to a Collection of RDP Services capability, which uses RD Gateway mode and HTTP Connect Tunneling.
If your RDP service was created in Banyan before Banyan v2.50 (Oct-28-2020), then you must recreate it using the steps below.
You can use Banyan’s default Mutually Authenticated TLS (MTLS) flows for TCP services to provide your end users VPN-free Zero Trust access regardless of their network location. RDP traffic flows through the Banyan Access Tier and is wrapped in a MTLS tunnel (shown in the diagram below).
Setting up VPN-free access to an individual RDP server is the setup process followed to secure a TCP service, as described in Notes on Securing TCP Services.
You can securely expose your RDP server in 4 steps. In this article, we will create a Banyan Role (for contractors) and a Banyan Policy so only users on devices that meet the policy can gain to secure access to the SSH Server, using the following steps:
1. In the Banyan Command Center, navigate to Secure Access > Roles and then click + Add Role.
2. Create a User Role and then click + Add Role Attributes to apply it to specific sets of users (such as By Group
1. Navigate to Secure Access > Policies and then click Create Policy.
2. Select the option Basic Authorization Policy for Users. Be sure to select the option that specifies this policy is intended for
TCP - for remote access using a TCP-based protocol.
1. Navigate to Manage Services > Infrastructure and then click + Register Service. Select the option RDP Service.
2. Configure the RDP service as shown below:
myrdpserver.corp.example.comand keep the port as
banyanproxywill tunnel RDP traffic over port 8443.
banyanproxywill tunnel traffic over port
1. In the Banyan Desktop App, locate the RDP service and click Connect.
2. Open your preferred RDP client (such as Windows Remote Desktop) and create a new PC.
3. Copy the IP and port from the Banyan Desktop App and then save the new PC. Enter user account credentials as needed.
4. The RDP client will use
banyanproxy to automatically tunnel the RDP session over a Mutual-Auth TLS channel using HTTP Connect.