# RDP gateway # RDP Gateway Docker Installation ## Introduction Soffid allows you to deploy a new docker container with the **RDP gateway**. The configuration is similar to the sync server configuration. ### Prerequisites The RDP Service is only released as a docker service. 1. Install docker ( [https://docs.docker.com/install/](https://docs.docker.com/install/) ) 2. Install Soffid PAM (store container and launcher container)

You can visit the [PAM Jump Server Installation page](https://bookstack.soffid.com/books/pam-install-config/page/pam-jump-server-installation) for more information about how to install PAM

3. Create a Docker network(\*), that network allows you to connect containers to the same bridge network to communicate: ``` sudo docker network create -d bridge NETWORKNAME ``` *\* You can use the same network defined in the Console and Sync Server installation to avoid visibility problems.* ## Installation The steps required to install RDP container are: ### 1. Create a user We need to create a user in the pam store container. To do this, we need to connect to the store container. ```shell sudo docker exec -it soffid-pam-store /bin/bash ``` Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter ```shell root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdptest launcher Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ root@soffid-pam-store:/# ``` As a result of the script, we receive the password for the created user. This password will be needed later when we create the container. ### 2. Create volume We need to create a volume that will be used by the docker container ```shell sudo docker volume create soffid-rdp ``` ### 3. Create a docker container Finally, we need to execute the command to create the rdp gateway container ```shell docker run \ --name soffid-rdp \ -e SOFFID_SERVER=https://iam-sync.soffidnet:1760 \ -e SOFFID_USER=admin \ -e SOFFID_PASS=changeit \ -e SOFFID_HOSTNAME=rdp-gateway \ -e STORE_SERVER=http://soffid-pam-store:8080 \ -e STORE_PASSWORD=/Dp77Kho5QB2vVKjNNGmXYLzVa6PoPWJ8p0E4O7EP++9/ZM+l3cieGKMRSgOnFCMc \ -e STORE_USER=proxyrdp \ -v soffid-rdp:/opt/soffid/iam-sync/conf \ --privileged \ --shm-size=1024m \ -p 3389:3389 \ --network=soffidnet.intenal \ soffid/pam-rdp:1.4.2 ``` ##### Environment Variables To create the new SSH container you need to set the following environment variables:
**Variable****Description****Example**
SOFFID\_SERVER Sync Server URL https://syncserver01.soffid.com:1760
SOFFID\_USER Soffid user to join the security domain admin
SOFFID\_PASSWORD Soffid user password changeit
SOFFID\_HOSTNAME The hostname used to access the ssh gateway ssh-gateway
STORE\_SERVER Store URL http://soffid.pat.pam:8082
STORE\_PASSWORD Password received when you created the user in the store container. \*\*\*\*\*\*\*\*\*\*\*\*
STORE\_USER Store user proxyrdp
# RDP Gateway Docker Compose Installation ## Introduction Soffid allows you to deploy a new docker container with the **RDP gateway**. The configuration is similar to the sync server configuration. ### Prerequisites The RDP Service is only released as a docker service. 1. Install docker ([https://docs.docker.com/install/](https://docs.docker.com/install/)) 2. Install docker compose ([https://docs.docker.com/compose/install/](https://docs.docker.com/compose/install/)) 3. Install Soffid PAM (store container and launcher container)

You can visit the [PAM Jump Server Installation page](https://bookstack.soffid.com/books/pam-install-config/page/pam-jump-server-installation-u6p) for more information about how to install PAM

## Installation The steps required to install RDP container are: ### 1. Create a user We need to create a user in the pam store container. To do this, we need to connect to the store container. ```shell sudo docker exec -it soffid-pam-store /bin/bash ``` Once, we are connected to the container, we need to run a script to create the user. This script has two parameters, the user name, and the role. We have to type launcher in the role parameter ```shell root@soffid-pam-store:/# /opt/soffid/tomee/bin/add-user.sh proxyrdp-user launcher Password: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ root@soffid-pam-store:/# ``` As a result of the script, we receive the password for the created user. This password will be needed later when we create the container. ### 2. Execute the YAML ```yaml version: '3.8' services: ssh-gateway: image: soffid/pam-rdp:1.4.47 environment: SOFFID_SERVER: https://syncserver01.soffid.com:1760 SOFFID_USER: admin SOFFID_PASS: admin123 SOFFID_HOSTNAME: rdp-gateway-2 STORE_SERVER: https://soffid-pam-store:8443 STORE_PASSWORD: c4ZRcmgemq3nMr1VQJCD1pJRhPbdX5hrmmrP6RX7zBE4HSs3RV3+cGwDdL1WaaqZ STORE_USER: proxyrdp ports: - "2222:22" networks: - network volumes: - rdp-gateway-data:/opt/soffid/iam-sync/conf networks: network: name: netcompose driver: bridge volumes: rdp-gateway-data: name: compose-rdp-gateway-data ``` Execute: ```shell sudo docker compose up -d ``` ##### Environment Variables To create the new SSH container you need to set the following environment variables:
**Variable****Description****Example**
SOFFID\_SERVER Sync Server URL https://syncserver01.soffid.com:1760
SOFFID\_USER Soffid user to join the security domain admin
SOFFID\_PASSWORD Soffid user password changeit
SOFFID\_HOSTNAME The hostname used to access the ssh gateway ssh-gateway
STORE\_SERVER Store URL http://soffid.pat.pam:8082
STORE\_PASSWORD Password received when you created the user in the store container. \*\*\*\*\*\*\*\*\*\*\*\*
STORE\_USER Store user proxyrdp
# RDP Gateway Connection ## Introduction We can establish a connection to the target system using the RDP remote access protocol. You can use a remote desktop client. ### How to connect You can establish the connection with the ssh gateway using a desktop client and then Soffid will ask you the parameters to connect: - **System name**: system to which you want to connect. - **Account name**: Soffid's account. - **Account system:** account to use to connect to the target system. [![image-1650883256715.png](https://bookstack.soffid.com/uploads/images/gallery/2022-04/scaled-1680-/image-1650883256715.png)](https://bookstack.soffid.com/uploads/images/gallery/2022-04/image-1650883256715.png) [![image-1650880075277.png](https://bookstack.soffid.com/uploads/images/gallery/2022-04/scaled-1680-/image-1650880075277.png)](https://bookstack.soffid.com/uploads/images/gallery/2022-04/image-1650880075277.png) --- [*https://es.wikipedia.org/wiki/Remote\_Desktop\_Protocol*](https://es.wikipedia.org/wiki/Remote_Desktop_Protocol)