Recently, we took a closer look at one of our exciting new products in 2022: Devolutions Workspace. Today, we are focusing on another product that is also built to improve efficiency, productivity, and security: Devolutions Gateway.
What Is Devolutions Gateway?
Designed to work with Devolutions Server, Devolutions Gateway provides authorized just-in-time access to resources in segmented networks. This way, end-users can securely access the company’s internal network from home. As for managed service providers (MSPs), they can connect to their separate customer networks in no time. It supports RDP and SSH connections, and is a significant improvement on using VPNs and RD Gateway (see tables below).
If you are unfamiliar with Devolutions Server, it is our full-featured shared account and password management solution, with add-on privileged access management (PAM) functionality. Devolutions Server can be rapidly deployed and implemented, and it is offered at a price position that is affordable for SMBs. A free 30-day trial is available here.
Devolutions Gateway vs. VPNs
For several years, virtual private networks (VPNs) have been a must-have tool. However, despite their advantages, VPNs trigger multiple problems. These are solved by replacing a VPN with Devolutions Gateway:
|VPN servers are notoriously difficult and time-consuming to deploy
|Devolutions Gateway is deployed easily and quickly.
|VPN clients tunnel traffic through the private network, which can significantly degrade network performance.
|Improves network performance by restricting tunneling to RDP connections, so there is no negative impact on other network traffic.
|When granting temporary access, SysAdmins must spend time updating and keeping track of VPN and firewall rules.
|Devolutions Gateway replaces static VPN and firewall rules with dynamic access rules controlled by Devolutions Server. This eliminates the need to update VPN and firewall rules for temporary access.
For more information on the benefits of Devolutions Gateway vs. VPN, please download the Use Case [PDF].
Devolutions Gateway vs. Remote Desktop Gateway (RD Gateway)
The Microsoft Remote Desktop Protocol (RDP) should never be exposed directly on the Internet (port 3389). As such, Microsoft advises deploying the Remote Desktop Gateway (RD Gateway) for secure remote access. However, there are some key problems with this approach. These are solved by replacing RD Gateway with Devolutions Gateway:
|The RD Gateway protocol uses Windows authentication (NTLM/Kerberos) over HTTP. Hackers can exploit this vector to launch brute force and password spraying attacks against Active Directory.
|Devolutions Gateway reduces network exposure by tunneling external RDP connections, but without exposing Active Directory accounts to potential brute force attacks.
|Enforcing multi-factor authentication (MFA) on the RD Gateway connections is known to be particularly difficult.
|Devolutions Gateway enhances security by enforcing MFA via Devolutions Server authentication on all Devolutions Gateway RDP connections.
|The RD Gateway degrades network performance by tunneling RDP TLS over HTTPS (TLS in TLS connections).
|Devolutions Gateway improves network performance through efficient RDP connection tunneling that does not use TLS in TLS connections.
For more information on the benefits of Devolutions Gateway vs. RD Gateway, please download the Use Case [PDF].
Not Cloud Dependent
Another key advantage of Devolutions Gateway is that it is not dependent on the cloud. It can be deployed inside a network with no internet access or survive internet downtime.
Customers with an active Devolutions Server subscription, and who choose to install Devolutions Gateway with Devolutions Server (i.e., “side-by-side installation”), may launch up to 5 concurrent sessions without purchasing a Devolutions Gateway license. Please refer to the diagram below:
Customers with an active Devolutions Server license who either want to install more than one Devolutions Gateway instance or who want to launch 6 or more concurrent sessions, are required to purchase a license. Please refer to the diagram below:
Devolutions Gateway requires the following:
- Windows 10
- Windows Server 2012, 2012 R2, 2016, 2019 or 2022
- Microsoft .NET Framework 4.8
The recommended specifications for Devolutions Gateway are:
- Small implementation (1-10 concurrent RDP/SSH sessions): 8-core processor; 8 GB RAM; Network Adapter (1 GB)
- Mid-range implementation (15-75 concurrent RDP/SSH sessions): 16-core processor; 16 GB RAM; Network Adapter (1 GB)
- Large implementation (75+ concurrent RDP/SSH sessions): please see note below
For large implementations, we recommend deploying multiple Devolutions Gateway instances to balance the load. Based on our analysis, one Devolutions Gateway instance can handle up to 75 concurrent sessions with good performance.
For more information, please read this technical specifications sheet.
Deploying Devolutions Gateway
Devolutions Gateway must be deployed and configured first with the Devolutions Server Console, then you can use it in Remote Desktop Manager to launch RDP and SSH sessions.
For more information on how to configure Devolutions Gateway, please refer to this step-by-step tutorial.
Share Your Feedback
Devolutions Gateway makes authorized just-in-time access to resources in segmented networks efficient and secure. As discussed above, it is a significant improvement vs. VPNs and RD Gateway.
Please share your feedback below if you have used Devolutions Gateway. Please also comment if you are considering Devolutions Gateway for your organization and have any questions. You can also contact our Sales Team at firstname.lastname@example.org for answers, advice, and a custom quote.