Remote Desktop Manager with Devolutions Server: Managing secure privileged access

Home Blog Remote Desktop Manager with Devolutions Server: Managing secure privileged access

4sysops - The online community for SysAdmins and DevOps

    , ,   0
Learn how to use Devolutions Remote Desktop Manager and Devolutions Server together for secure privileged access management.
Contents
  1. Remote Desktop Manager
  2. Devolutions Server
  3. Final thoughts and impressions
Latest posts by Brandon Lee (see all)

One of the top cybersecurity threats involves the bad guys getting their hands on a privileged account. Privileged accounts have high levels of access to business-critical resources. Once a privileged account is compromised, attackers can cause much damage with it and establish a foothold in the environment. Managing and securing passwords and privileged access once the number of resources grows beyond a handful of servers can be challenging without stifling productivity. Devolutions has several solutions that can help manage passwords and privileged access across an environment. These include Remote Desktop Manager with Devolutions Server. New features were added in recent updates to both products.

Remote Desktop Manager

One of the challenges facing IT admins managing dozens or even hundreds of resources is managing connection and credentials information. Devolutions Remote Desktop Manager (RDM) is a tool that unifies managed resources, connection information, and credentials.

Remote Desktop Manager centralizes all the connection information, including hostnames, IP addresses, connection protocols, credentials, connection options, and much more. It then allows saving these entries in easy-to-launch connection entries. In addition, for IT departments with multiple team members, entries can be securely shared among team members.

I have been using Remote Desktop Manager for a few years now. The product is an absolute beast in terms of features and functionality provided to connect to just about any system imaginable. I used other utilities that aggregated RDP connections for years, such as the legacy Remote Desktop Connection Manager.

However, Devolutions RDM is far beyond what many of these tools provide. It has been referred to as a "Swiss Army knife" tool, which is accurate. If you are looking for capabilities to configure and save connections to just about any type of system beyond RDP connections, RDM is it. When you add sharing capabilities for teams, it is arguably one of the best tools on the market in this space.

Remote Desktop Manager provides a Swiss army knife utility for centralizing connectivity to resources

Remote Desktop Manager provides a Swiss army knife utility for centralizing connectivity to resources

RDM password management functionality can be further enhanced using the Devolutions Web Login tool, which provides the seamless "password fill" functionality for web resources that users have experienced with other cloud-based password management utilities.

One really nice aspect of the product is that Devolutions drives much of the development of new features based on what customers want to see in the product. So, if there is a feature, technology, or other solution you would like to see added, Devolutions takes this feedback and uses it to drive development efforts for future releases.

New features with the RDM 2022.1 release

Recently, Devolutions released a landmark release of RDM, 2022.1, with new capabilities to note:

  • Inherited VPN type and inherited VPN at the vault level—These new features will undoubtedly appeal to MSPs and others managing different client environments and using different VPN connections. Now, the VPN can be set directly at the vault level. If you have multiple vaults, such as an MSP with different vaults for each client, they can easily be configured with separate VPN connections.
You can now choose an inherited VPN type

You can now choose an inherited VPN type

  • New default vault permissions and permission types—You can now set default permissions when creating a new vault, and there are new permission types—Move an Entry and Password Analyzer.
  • Restrict access to user vaults to specific users—Devolutions has added the ability to restrict user vaults to specific users. For example, some organizations may only want certain users to have a "personal" user vault. With this new feature, this is now possible.
  • Three new credential types—Devolutions supports many different connection types and technologies. With this release, Hudu, Psono Password Manager, and DVLS PAM have been added.
  • Added support for the new MSRDC.exe Remote Desktop Client—If you have used Windows 365, you will be familiar with the new MSRDC.exe client, as it is required to use modern remote desktop solutions such as Windows 365, based on Azure virtual desktops. It is likely that in the future, MSRDC.exe will replace the legacy MSTSC.exe utility.

Devolutions Server

Devolutions has structured its solutions in a tiered approach to help SMBs choose the right tool and solution for their particular use case.

  • Tier 1—Privileged account management and privileged sessions management
  • Tier 2—IdP (identity provider) support, isolated database, role-based access control, self-hosted, syslog integration, alerts, and notifications
  • Tier 3—Basic connection management, centralized database for sharing, time-saving features
Devolution solution tiers

Devolution solution tiers

While RDM helps solve Tier 3 challenges, many SMB enterprise organizations need a solution to extend beyond the capabilities of RDM. In addition to other Devolutions solutions in the portfolio of products, Devolutions Server helps solve Tier 2 and Tier 1 challenges.

Providing centralized privileged access management (PAM) to users in a centralized and fully managed way is tedious and challenging without a solution to handle this for you. Devolutions Server is a fully featured account and password management solution, including a built-in PAM that provides robust features to SMBs. In addition, it is quite affordable compared to other well-known PAM solutions on the market. Features include:

  • A centralized vault of sensitive accounts and other information
  • Controlled access to privileged accounts
  • Visibility to secret management for IT admins
  • An automated and seamless experience for end users
  • A centralized point for auditing purposes for privileged account information
  • Secure sensitive information without stifling user productivity

Security features

Devolutions Server provides tools to help manage security and compliance across many different kinds of resources. In the area of security, administrators have the following capabilities for securing sensitive information:

  • Institute role-based access control (RBAC) to provide granular permissions on accounts and other sensitive information.
  • Restrict users from creating accounts unless they have permission to do so.
  • Use Active Directory groups to assign permissions. This capability allows much easier management of permissions set at the group level. Admins add users to the appropriate groups to inherit the required permissions.
  • Network restrictions—Admins can restrict access to the Devolutions Server based on network ranges and IP addresses. These can be allowed or denied based on the network objects.
  • Multifactor authentication—Allows setting up two-factor authentication for much more secure access.
  • Privilege elevation based on RBAC, where credentials are injected into remote resources without users knowing the passwords.

Compliance and monitoring

Outside of security, compliance is arguably one of the most important challenges organizations face today. In terms of compliance, having proper monitoring and visibility of privileged access and meeting the objectives of specific compliance frameworks is crucial. Devolutions Server has taken steps to ensure compliance with frameworks such as GDPR and to ensure privacy and compliance with these very stringent compliance frameworks.

Devolutions Server also provides detailed reporting to help provide visibility to privileged access in the environment. These reports include:

  • Ability to view connected users
  • Login attempts
  • Login history
  • Opened connections
  • Expired credentials entries
  • Activity, data source, and administration logs
  • Deleted entry history
  • Configurable real-time email alerts

Integrations with Devolutions-associated software

How does RDM integrate with Devolutions Server and other Devolutions solutions? RDM integrates with Devolutions Server (DVLS), which is Devolutions' on-premises, self-hosted PAM platform. DVLS features RBAC for all administrative users.

The Devolutions Gateway, as part of the fully featured PAM solution with Devolutions Server, provides authorized just-in-time access to resources in segmented networks. Features for the Devolutions Gateway component include:

  • No VPN deployment is necessary
  • RDP and SSH sessions
  • No dependency on a cloud service
  • Two-factor authentication
  • Logging and reporting

New features with the Devolutions Server 2022.1 release

Coinciding with the 2022.1 RDM release, Devolutions released the 2022.1 DVLS release. It contains many new improvements to the platform, including the following:

  • New OAuth support—Devolutions Server now supports the industry standard "cloud-protocol" OAuth 2.0
  • New management location for Devolutions Launcher CALs—Devolutions Server 2022.1 features a shift in the management of Launcher CALs and where they are configured
  • Multiple improvements to Devolutions Gateway—There have been multiple improvements in Devolutions Gateway, including the addition of SSH connections, IP address mode instead of DNS name, and support for alternate hosts in RDM
  • New PAM dashboard in RDM—Used with Devolutions Server, Remote Desktop Manager provides a new PAM dashboard that offers a single-pane-of-glass view for monitoring, managing, and controlling PAM resources from within RDM
New PAM dashboard in Devolutions Server used with Remote Desktop Manager

New PAM dashboard in Devolutions Server used with Remote Desktop Manager

  • New Local Windows and Azure AD PAM providers—These are in addition to the existing Active Directory Domain users, Local user SSH, and SQL users
  • Improved console experience—Many console updates for Devolutions Server
  • New Recovery Kit—A new recovery kit is now provided to help recover in an emergency. The recovery kit includes encryption keys and a response file for a "break the glass" emergency
Creating a recovery kit during the installation of the Devolutions Server

Creating a recovery kit during the installation of the Devolutions Server

Final thoughts and impressions

Devolutions RDM is an "everything and the kitchen sink" solution that provides a great connection and password management tool for IT admins and IT departments in general. It allows connecting to many different resources, technologies, and connection protocols. It also allows securely sharing connection information between authorized users.

Devolutions Server is a fully featured PAM solution for organizations that need to solve more complex challenges associated with PAM. It provides the features required to ensure privileged accounts are protected and shared correctly and can be delegated to users "just in time." Used in conjunction with Remote Desktop Manager, Devolutions Server and other Devolutions solutions, such as Web Login and Devolutions Gateway, SMBs and MSPs alike have the tools they need to meet cybersecurity and compliance needs today.

Subscribe to 4sysops newsletter!

Learn more about Devolutions Remote Desktop Manager and Devolutions Server.

avatar
Related Articles
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account