Getting Started with the Matrix42 Remote Desktop Gateway
Summary
Matrix42 MyWorkspace offers a seamless integration between SaaS/Web-Apps and Remote Desktop/App resources. When dealing with Remote Desktop Resources (RDP) it's often necessary to make applications and desktop available which are hosted in different locations or security zone. The Matrix42 Remote Desktop Gateway allows to make resource which are hosted in an on-premise network or a private cloud instance securely available for every end user.
There are three different deployment options the Matrix42 Remote Desktop Gateway supports:
- Act as On-Premise-Gateway
- Act as Internal HTTP to RDP Gateway
- Act as Hybrid-Cloud-Connector
The following picture illustrates the different options in a more detailed way:
Goal
The Matrix42 Remote Desktop Gateway is a fully managed linux appliance which can be deployed on every Linux machine within your network. There is a special support for the latest Ubuntu Server LTS version. The following getting started guide describes how to install and configure the Matrix42 Remote Desktop Gateway. After finishing this guide you are able to deploy a new Matrix42 Remote Desktop Gateway within 5 minutes:
First Step - Ensure all required prerequisites are fulfilled
The solution relies heavily on the docker platform to deliver fast, easy and reliable updates if the appliance. When you use docker hosting infrastructure the Matrix42 Remote Desktop Gateway plays well with it. For on-premise installations the following requirements need to be fulfilled:
- Virtual Machine or physical server which runs Linux as operating system.
The preferred distribution is Ubuntu Linux in the last stable LTS version. The available gallery images in Microsoft Azure and Amazon Web-Services are usable out of the box. - Docker Services
The docker services can be installed as follows on the machine:
wget -qO- https://get.docker.com/ | sudo sh
Second Step - Install the Gateway Controller
The Gateway Controller is a command line application delivered from Matrix42 which allows to manage the Remote Desktop Gateway. Initially the Gateway Controller can be installed as simple as many other linux service as well via the wget command:
wget -qO- https://myworkspace.matrix42.com/get-gateway | sudo sh
Third Step - Announce the Gateway in MyWorkspace
Establishing a trustworthy relationship between the appliance and the MyWorkspace service the gateway needs to be announced in the service. This can be triggered with the Gateway Controller but required the TenantId. The TenantId can be found in the MyWorkspace Admin Portal here: Admin-Portal - Overview
Please copy the TenantId and execute the following command to announce the new gateway in MyWorkspace:
sudo m42-gateway setup <<YOUR TENANT-ID>>
During this step the gateway generate a unique identifier because of that everything under /etc/matrix42 should be stored safely in a backup in case something needs to be recovered. Also when it's planned to deploy multiple gateways for high availability the same configuration should be used on all machines. More detailed information can be found in the more information section.
Fourth Step - Start the services
After the successful announcement the services can be started. During this process the system also registers a docker restart policy which ensures that the container will be started also after a reboot of the underlying machine.
sudo m42-gateway start
Fifth Step - Activate the announced gateway
Close to the end the trustworthy relationship between MyWorkspace and the Remote Desktop Gateway needs to be established from a MyWorkspace Administrator. The newly announced appliance should be visible in the Connectors section of the MyWorkspace administration area here: Admin-Portal - Connectors
To activate the newly announced gateway just commit by clicking the "APPROVE" button.
Sixth Step - Provider a connection URL
The external connection URL is typically different to the internal hostname of the Remote Desktop Gateway. Because of that it's necessary to provider an connection url which should be used from the MyWorkspace Launchpad when granting access to RDP applications:
After that the gateway can be used in Remote Desktop Connections and Remote App Definitions for the different three deployment scenarios as described above.