# RDP gateway



# RDP Gateway Docker Installation

## Introduction

Soffid allows you to deploy a new docker container with the **RDP gateway**. The configuration is similar to the sync server configuration.

### Prerequisites

The RDP Service is only released as a docker service.

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">1.</span> Install docker ( [https://docs.docker.com/install/](https://docs.docker.com/install/) )

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">2.</span> Install Soffid PAM (store container and launcher container)

<p class="callout info">You can visit the [PAM Jump Server Installation page](https://bookstack.soffid.com/books/pam-install-config/page/pam-jump-server-installation) for more information about how to install PAM</p>

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">3.</span> Create a Docker network(\*), that network allows you to connect containers to the same bridge network to communicate:

```
sudo docker network create -d bridge NETWORKNAME
```

*\* You can use the same network defined in the Console and Sync Server installation to avoid visibility problems.*

## Installation

The steps required to install RDP container are:

### 1. Create a user

We need to create a user in the pam store container. To do this, we need to connect to the store container.

```shell
sudo docker exec -it soffid-pam-store /bin/bash
```

Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter

```shell
root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdptest launcher
Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
root@soffid-pam-store:/#
```

As a result of the script, we receive the password for the created user. This password will be needed later when we create the container.

### 2. Create volume

We need to create a volume that will be used by the docker container

```shell
sudo docker volume create soffid-rdp
```

### 3. Create a docker container

Finally, we need to execute the command to create the rdp gateway container

```shell
docker run \
  --name soffid-rdp \
  -e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \
  -e SOFFID_USER=admin \
  -e SOFFID_PASS=changeit \
  -e SOFFID_HOSTNAME=rdp-gateway \
  -e STORE_SERVER=http://soffid-pam-store:8080 \
  -e STORE_PASSWORD=/Dp77Kho5QB2vVKjNNGmXYLzVa6PoPWJ8p0E4O7EP++9/ZM+l3cieGKMRSgOnFCMc \
  -e STORE_USER=proxyrdp \
  -v soffid-rdp:/opt/soffid/iam-sync/conf \
  --privileged \
  --shm-size=1024m  \
  -p 3389:3389 \
  --network=soffidnet.intenal \
  soffid/pam-rdp:1.4.2
```

##### Environment Variables

To create the new SSH container you need to set the following environment variables:

<table border="1" id="bkmrk-variable-description"><tbody><tr bgcolor="#ddd"><td class="align-center" style="width: 175px;">**Variable**</td><td class="align-center" style="width: 336px;">**Description**</td><td class="align-center" style="width: 290px;">**Example**</td></tr><tr style="padding-left: 40px;"><td style="width: 175px;">SOFFID\_SERVER

</td><td style="width: 336px;">Sync Server URL

</td><td style="width: 290px;">https://syncserver01.soffid.com:1760

</td></tr><tr style="padding-left: 40px;"><td style="width: 175px;">SOFFID\_USER

</td><td style="width: 336px;">Soffid user to join the security domain

</td><td style="width: 290px;">admin

</td></tr><tr style="padding-left: 40px;"><td style="width: 175px;">SOFFID\_PASSWORD

</td><td style="width: 336px;">Soffid user password

</td><td style="width: 290px;">changeit

</td></tr><tr style="padding-left: 40px;"><td style="width: 175px;">SOFFID\_HOSTNAME

</td><td style="width: 336px;">The hostname used to access the ssh gateway

</td><td style="width: 290px;">ssh-gateway

</td></tr><tr style="padding-left: 40px;"><td style="width: 175px;">STORE\_SERVER

</td><td style="width: 336px;">Store URL

</td><td style="width: 290px;">http://soffid.pat.pam:8082

</td></tr><tr style="height: 29px;"><td style="width: 175px;">STORE\_PASSWORD

</td><td style="width: 336px;">Password received when you created the user in the store container.

</td><td style="width: 290px;">\*\*\*\*\*\*\*\*\*\*\*\*

</td></tr><tr style="height: 29px;"><td style="width: 175px;">STORE\_USER

</td><td style="width: 336px;">Store user

</td><td style="width: 290px;">proxyrdp

</td></tr></tbody></table>

# RDP Gateway Docker Compose Installation

## Introduction

Soffid allows you to deploy a new docker container with the **RDP gateway**. The configuration is similar to the sync server configuration.

### Prerequisites

The RDP Service is only released as a docker service.

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">1.</span> Install docker ([https://docs.docker.com/install/](https://docs.docker.com/install/))

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">2.</span> Install docker compose ([https://docs.docker.com/compose/install/](https://docs.docker.com/compose/install/))

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">3.</span> Install Soffid PAM (store container and launcher container)

<p class="callout info">You can visit the [PAM Jump Server Installation page](https://bookstack.soffid.com/books/pam-install-config/page/pam-jump-server-installation-u6p) for more information about how to install PAM</p>

## Installation

The steps required to install RDP container are:

### 1. Create a user

We need to create a user in the pam store container. To do this, we need to connect to the store container.

```shell
sudo docker exec -it soffid-pam-store /bin/bash
```

Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter

```shell
root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdp-user launcher
Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
root@soffid-pam-store:/#
```

As a result of the script, we receive the password for the created user. This password will be needed later when we create the container.

### 2. Execute the YAML


```yaml
version: '3.8'

services:
  ssh-gateway:
    image: soffid/pam-rdp:1.4.47
    environment:
      SOFFID_SERVER: https://syncserver01.soffid.com:1760
      SOFFID_USER: admin
      SOFFID_PASS: admin123
      SOFFID_HOSTNAME: rdp-gateway-2
      STORE_SERVER: https://soffid-pam-store:8443
      STORE_PASSWORD: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ
      STORE_USER: proxyrdp
    ports: 
      - "2222:22"
    networks:
      - network
    volumes:
      - rdp-gateway-data:/opt/soffid/iam-sync/conf
     
networks:
  network:
    name: netcompose
    driver: bridge

volumes:
  rdp-gateway-data:
    name: compose-rdp-gateway-data
```

Execute:

```shell
sudo docker compose up -d
```

##### Environment Variables

To create the new SSH container you need to set the following environment variables:

<table border="1" id="bkmrk-variable-description"><tbody><tr bgcolor="#ddd"><td class="align-center" style="width: 175px;">**Variable**</td><td class="align-center" style="width: 336px;">**Description**</td><td class="align-center" style="width: 290px;">**Example**</td></tr><tr style="padding-left: 40px;"><td style="width: 175px;">SOFFID\_SERVER

</td><td style="width: 336px;">Sync Server URL

</td><td style="width: 290px;">https://syncserver01.soffid.com:1760

</td></tr><tr style="padding-left: 40px;"><td style="width: 175px;">SOFFID\_USER

</td><td style="width: 336px;">Soffid user to join the security domain

</td><td style="width: 290px;">admin

</td></tr><tr style="padding-left: 40px;"><td style="width: 175px;">SOFFID\_PASSWORD

</td><td style="width: 336px;">Soffid user password

</td><td style="width: 290px;">changeit

</td></tr><tr style="padding-left: 40px;"><td style="width: 175px;">SOFFID\_HOSTNAME

</td><td style="width: 336px;">The hostname used to access the ssh gateway

</td><td style="width: 290px;">ssh-gateway

</td></tr><tr style="padding-left: 40px;"><td style="width: 175px;">STORE\_SERVER

</td><td style="width: 336px;">Store URL

</td><td style="width: 290px;">http://soffid.pat.pam:8082

</td></tr><tr style="height: 29px;"><td style="width: 175px;">STORE\_PASSWORD

</td><td style="width: 336px;">Password received when you created the user in the store container.

</td><td style="width: 290px;">\*\*\*\*\*\*\*\*\*\*\*\*

</td></tr><tr style="height: 29px;"><td style="width: 175px;">STORE\_USER

</td><td style="width: 336px;">Store user

</td><td style="width: 290px;">proxyrdp

</td></tr></tbody></table>

# RDP Gateway Connection

## Introduction

We can establish a connection to the target system using the RDP remote access protocol. You can use a remote desktop client.

### How to connect 

You can establish the connection with the ssh gateway using a desktop client and then Soffid will ask you the parameters to connect:

- **System name**: system to which you want to connect.
- **Account name**: Soffid's account.
- **Account system:** account to use to connect to the target system.

[![image-1650883256715.png](https://bookstack.soffid.com/uploads/images/gallery/2022-04/scaled-1680-/image-1650883256715.png)](https://bookstack.soffid.com/uploads/images/gallery/2022-04/image-1650883256715.png)

[![image-1650880075277.png](https://bookstack.soffid.com/uploads/images/gallery/2022-04/scaled-1680-/image-1650880075277.png)](https://bookstack.soffid.com/uploads/images/gallery/2022-04/image-1650880075277.png)


---

[*https://es.wikipedia.org/wiki/Remote\_Desktop\_Protocol*](https://es.wikipedia.org/wiki/Remote_Desktop_Protocol)