In The Trenches LogoThe Devolutions Blog Logo
The Front Line Against
IT Chaos & Cyber Threats

A Closer Look at Devolutions Gateway

A Closer Look at Devolutions Gateway

Recently, we took a closer look at one of our exciting new products in 2022: Devolutions Workspace. Today, we are focusing on another product that is also built to improve efficiency, productivity, and security: Devolutions Gateway.

What Is Devolutions Gateway?

Designed to work with Devolutions Server, Devolutions Gateway provides authorized just-in-time access to resources in segmented networks. This way, end-users can securely access the company’s internal network from home. As for managed service providers (MSPs), they can connect to their separate customer networks in no time. It supports RDP and SSH connections, and is a significant improvement on using VPNs and RD Gateway (see tables below).

If you are unfamiliar with Devolutions Server, it is our full-featured shared account and password management solution, with add-on privileged access management (PAM) functionality. Devolutions Server can be rapidly deployed and implemented, and it is offered at a price position that is affordable for SMBs. A free 30-day trial is available here.

Devolutions Gateway vs. VPNs

For several years, virtual private networks (VPNs) have been a must-have tool. However, despite their advantages, VPNs trigger multiple problems. These are solved by replacing a VPN with Devolutions Gateway:

IssueVPNsDevolutions Gateway
DeploymentVPN servers are notoriously difficult and time-consuming to deployDevolutions Gateway is deployed easily and quickly.
PerformanceVPN clients tunnel traffic through the private network, which can significantly degrade network performance.Improves network performance by restricting tunneling to RDP connections, so there is no negative impact on other network traffic.
ProductivityWhen granting temporary access, SysAdmins must spend time updating and keeping track of VPN and firewall rules.Devolutions Gateway replaces static VPN and firewall rules with dynamic access rules controlled by Devolutions Server. This eliminates the need to update VPN and firewall rules for temporary access.

For more information on the benefits of Devolutions Gateway vs. VPN, please download the Use Case [PDF].

Devolutions Gateway vs. Remote Desktop Gateway (RD Gateway)

The Microsoft Remote Desktop Protocol (RDP) should never be exposed directly on the Internet (port 3389). As such, Microsoft advises deploying the Remote Desktop Gateway (RD Gateway) for secure remote access. However, there are some key problems with this approach. These are solved by replacing RD Gateway with Devolutions Gateway:

IssueRD GatewayDevolutions Gateway
Network ExposureThe RD Gateway protocol uses Windows authentication (NTLM/Kerberos) over HTTP. Hackers can exploit this vector to launch brute force and password spraying attacks against Active Directory.Devolutions Gateway reduces network exposure by tunneling external RDP connections, but without exposing Active Directory accounts to potential brute force attacks.
Multi-Factor AuthenticationEnforcing multi-factor authentication (MFA) on the RD Gateway connections is known to be particularly difficult.Devolutions Gateway enhances security by enforcing MFA via Devolutions Server authentication on all Devolutions Gateway RDP connections.
Connection PerformanceThe RD Gateway degrades network performance by tunneling RDP TLS over HTTPS (TLS in TLS connections).Devolutions Gateway improves network performance through efficient RDP connection tunneling that does not use TLS in TLS connections.

For more information on the benefits of Devolutions Gateway vs. RD Gateway, please download the Use Case [PDF].

Not Cloud Dependent

Another key advantage of Devolutions Gateway is that it is not dependent on the cloud. It can be deployed inside a network with no internet access or survive internet downtime.

Licensing

Customers with an active Devolutions Server subscription, and who choose to install Devolutions Gateway with Devolutions Server (i.e., “side-by-side installation”), may launch up to 5 concurrent sessions without purchasing a Devolutions Gateway license. Please refer to the diagram below:

Gateway-diagram-1.png

Customers with an active Devolutions Server license who either want to install more than one Devolutions Gateway instance or who want to launch 6 or more concurrent sessions, are required to purchase a license. Please refer to the diagram below:

Gateway-diagram-2.png

Requirements

Devolutions Gateway requires the following:

  • Windows 10
  • Windows Server 2012, 2012 R2, 2016, 2019 or 2022
  • Microsoft .NET Framework 4.8

Recommended Specifications

The recommended specifications for Devolutions Gateway are:

  • Small implementation (1-10 concurrent RDP/SSH sessions): 8-core processor; 8 GB RAM; Network Adapter (1 GB)
  • Mid-range implementation (15-75 concurrent RDP/SSH sessions): 16-core processor; 16 GB RAM; Network Adapter (1 GB)
  • Large implementation (75+ concurrent RDP/SSH sessions): please see note below

For large implementations, we recommend deploying multiple Devolutions Gateway instances to balance the load. Based on our analysis, one Devolutions Gateway instance can handle up to 75 concurrent sessions with good performance.

For more information, please read this technical specifications sheet.

Deploying Devolutions Gateway

Devolutions Gateway must be deployed and configured first with the Devolutions Server Console, then you can use it in Remote Desktop Manager to launch RDP and SSH sessions.

image (9).png

image (10).png

For more information on how to configure Devolutions Gateway, please refer to this step-by-step tutorial.

Share Your Feedback

Devolutions Gateway makes authorized just-in-time access to resources in segmented networks efficient and secure. As discussed above, it is a significant improvement vs. VPNs and RD Gateway.

Please share your feedback below if you have used Devolutions Gateway. Please also comment if you are considering Devolutions Gateway for your organization and have any questions. You can also contact our Sales Team at sales@devolutions.net for answers, advice, and a custom quote.

Stephanie Gagnon

Hello, I am a Product Marketer here at Devolutions. I have been with our company for several years, and previously I worked in our Translation Department. My role includes creating technical and marketing content for our roster of products, as well as for our website. I also continue to oversee our Translation team. I am passionate about IT, which I studied at college. I am also very interested in cybersecurity, and currently taking college courses in networking and security (the learning never stops!). On a more personal note, I looooooooooooove Legos and my two Coton de Tulear dogs whose names are “Q-Tips” and “Fluffy”.

Follow us by Email

Delivered by FeedBurner

Devolutions is a leading provider of remote connection, password and credential management tools for sysadmins and IT pros.

DEVOLUTIONS.NET | 1000 Notre-Dame, Lavaltrie, QC J5T 1M1, Canada | infos@devolutions.net
All rights reserved © 2022 Devolutions