Skip to content

Zero Trust Access for RDS Remote Applications

The 12Port Access Broker supports Zero Trust Access with full session recording capabilities for a wide range of client-side applications ("fat clients") published via Remote Desktop Services (RDS) as Remote Applications. These applications are hosted on a Windows Server jump host, enabling secure, credential-free access to sensitive systems.

Access is tightly controlled through role-based permissions or approval workflows, and all interactive sessions are recorded and monitored, including keystroke activity. This ensures a secure and auditable environment that aligns with Zero Trust security principles.

Use Cases

Zero Trust Access for RDS Remote Applications is applicable in various enterprise scenarios, including:

  • Database Development: SQL developers accessing databases for schema modifications using tools such as Microsoft SQL Server Management Studio, MySQL Workbench, or Oracle SQL Developer.
  • Data Analysis: Data scientists using MS Excel or Tableau clients to perform analytics on remote databases.
  • System Administration: IBM i administrators connecting to target systems via TN5250 terminal emulation.
  • Web Access: Portal managers or financial analysts using web browsers to access cloud-based portals via shared company accounts.
  • Digital Marketing: Social media managers accessing social platforms using corporate credentials.

In all of these cases, users do not possess or see the target credentials. Sessions are fully recorded, including user interactions (e.g., keystrokes), and access is governed through role-based permissions or approval workflows.

How It Works

The following steps outline the typical interaction flow between the user and the 12Port Access Broker when launching a Zero Trust session using a published RDS Remote Application:

  1. Session Initiation: The user requests a session for a specific Remote Application published on the RDS jump server.
  2. Session Establishment: The Access Broker initiates a connection to the RDS server.
  3. Input Blocking: User input is temporarily disabled to prevent premature interaction.
  4. Application Launch: The specified Remote Application is started on the RDS host.
  5. Credential Injection: The Access Broker programmatically populates authentication fields required to connect to the destination system.
  6. Authentication: The connection to the destination is authenticated without exposing credentials to the user.
  7. User Interaction Enabled: Once authentication is complete, the user regains control and can interact with the Remote Application within a monitored session.

12Port’s Zero Trust Access solution for RDS Remote Applications enables secure, credential-free, and fully recorded access to published applications. By isolating credentials, enforcing session control, and maintaining auditability, this approach strengthens security for enterprise environments relying on fat-client access models.

Continue to the Configuration page for setup instructions and system requirements.