RDP gateway
RDP Gateway Docker Installation
Introduction
Soffid allows you to deploy a new docker container with the RDP gateway. The configuration is similar to the sync server configuration.
Prerequisites
The RDP Service is only released as a docker service.
1. Install docker ( https://docs.docker.com/install/ )
2. Install Soffid PAM (store container and launcher container)
You can visit the PAM Jump Server Installation page for more information about how to install PAM
3. Create a Docker network(*), that network allows you to connect containers to the same bridge network to communicate:
sudo docker network create -d bridge NETWORKNAME* You can use the same network defined in the Console and Sync Server installation to avoid visibility problems.
Installation
The steps required to install RDP container are:
1. Create a user
We need to create a user in the pam store container. To do this, we need to connect to the store container.
sudo docker exec -it soffid-pam-store /bin/bashOnce, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter
root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdptest launcher
Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
root@soffid-pam-store:/#As a result of the script, we receive the password for the created user. This password will be needed later when we create the container.
2. Create volume
We need to create a volume that will be used by the docker container
sudo docker volume create soffid-rdp3. Create a docker container
Finally, we need to execute the command to create the rdp gateway container
docker run \
--name soffid-rdp \
-e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \
-e SOFFID_USER=admin \
-e SOFFID_PASS=changeit \
-e SOFFID_HOSTNAME=rdp-gateway \
-e STORE_SERVER=http://soffid-pam-store:8080 \
-e STORE_PASSWORD=/Dp77Kho5QB2vVKjNNGmXYLzVa6PoPWJ8p0E4O7EP++9/ZM+l3cieGKMRSgOnFCMc \
-e STORE_USER=proxyrdp \
-v soffid-rdp:/opt/soffid/iam-sync/conf \
--privileged \
--shm-size=1024m \
-p 3389:3389 \
--network=soffidnet.intenal \
soffid/pam-rdp:1.4.2Environment Variables
To create the new SSH container you need to set the following environment variables:
| Variable | Description | Example |
|
SOFFID_SERVER |
Sync Server URL |
https://syncserver01.soffid.com:1760 |
|
SOFFID_USER |
Soffid user to join the security domain |
admin |
|
SOFFID_PASSWORD |
Soffid user password |
changeit |
|
SOFFID_HOSTNAME |
The hostname used to access the ssh gateway |
ssh-gateway |
|
STORE_SERVER |
Store URL |
http://soffid.pat.pam:8082 |
|
STORE_PASSWORD |
Password received when you created the user in the store container. |
************ |
|
STORE_USER |
Store user |
proxyrdp |
RDP Gateway Docker Compose Installation
Introduction
Soffid allows you to deploy a new docker container with the RDP gateway. The configuration is similar to the sync server configuration.
Prerequisites
The RDP Service is only released as a docker service.
1. Install docker (https://docs.docker.com/install/)
2. Install docker compose (https://docs.docker.com/compose/install/)
3. Install Soffid PAM (store container and launcher container)
You can visit the PAM Jump Server Installation page for more information about how to install PAM
Installation
The steps required to install RDP container are:
1. Create a user
We need to create a user in the pam store container. To do this, we need to connect to the store container.
sudo docker exec -it soffid-pam-store /bin/bashOnce, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter
root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdp-user launcher
Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
root@soffid-pam-store:/#As a result of the script, we receive the password for the created user. This password will be needed later when we create the container.
2. Execute the YAML
version: '3.8'
services:
ssh-gateway:
image: soffid/pam-rdp:1.4.47
environment:
SOFFID_SERVER: https://syncserver01.soffid.com:1760
SOFFID_USER: admin
SOFFID_PASS: admin123
SOFFID_HOSTNAME: rdp-gateway-2
STORE_SERVER: https://soffid-pam-store:8443
STORE_PASSWORD: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
STORE_USER: proxyrdp
ports:
- "2222:22"
networks:
- network
volumes:
- rdp-gateway-data:/opt/soffid/iam-sync/conf
networks:
network:
name: netcompose
driver: bridge
volumes:
rdp-gateway-data:
name: compose-rdp-gateway-dataExecute:
sudo docker compose up -dEnvironment Variables
To create the new SSH container you need to set the following environment variables:
| Variable | Description | Example |
|
SOFFID_SERVER |
Sync Server URL |
https://syncserver01.soffid.com:1760 |
|
SOFFID_USER |
Soffid user to join the security domain |
admin |
|
SOFFID_PASSWORD |
Soffid user password |
changeit |
|
SOFFID_HOSTNAME |
The hostname used to access the ssh gateway |
ssh-gateway |
|
STORE_SERVER |
Store URL |
http://soffid.pat.pam:8082 |
|
STORE_PASSWORD |
Password received when you created the user in the store container. |
************ |
|
STORE_USER |
Store user |
proxyrdp |
RDP Gateway Connection
Introduction
We can establish a connection to the target system using the RDP remote access protocol. You can use a remote desktop client.
How to connect
You can establish the connection with the ssh gateway using a desktop client and then Soffid will ask you the parameters to connect:
- System name: system to which you want to connect.
- Account name: Soffid's account.
- Account system: account to use to connect to the target system.
https://es.wikipedia.org/wiki/Remote_Desktop_Protocol