Creating an RDP server

Note

• A server object can be linked to only one anonymous account.
• A server object can be linked to only one forward account.
• Fudo Enterprise allows authenticating against RDP server with Kerberos.

1. Click + icon in the main menu next to the Servers tab, or

Select Management > Servers and then click + Add server.

2. Enter server’s unique name.

3. Select Blocked option to disable access to server after it’s created.
4. Optionally, click the Description checkbox and provide a text that will help identifying this server object.

5. In the Permissions section, add users allowed to manage this object.

6. In the Settings section on the list of available protocols select RDP .

Warning

After server’s definition is saved, protocol’s field is uneditable.

7. Select the TLS enabled to connect to monitored server over TLS.

   • Check the NLA enabled option for additional security.

   Note

   Security mode must match the security mode setting in the RDP listener configuration. The NLA enabled option within a server corresponds to the Enhanced RDP Security (TLS) option within the listener.

   • Select Legacy ciphers option to allow negotiating older encryption algorithms (DSA(1024), RSA(1024)) when establishing connections.

8. Check the Inform about existing connection option to have the users informed that other users are connected to the server, they are trying to connect to.

9. From the Bind address drop-down list, select Fudo Enterprise IP address used for communicating with this server.

Note

• The Bind address drop-down list elements are IP address defined in the Network configuration menu (Network interfaces configuration) or labeled IP addresses (Labeled IP addresses).
• In case of cluster configuration, select a labeled IP address from the Bind address drop-down list and make sure that other nodes have IP addresses assigned to this label. For more information refer to the Labeled IP addresses topic.

10. In the Destination section select Host, IPv4 or IPv6. Enter server’s IP address.

Note

Depending on selected option, default values for the Mask and Port fields are filled out automatically. This way the Fudo Enterprise system detects server as one with unique address. In order to set up address for entire subnet, provide a dedicated value for the Address and the Mask fields.

• If the TLS enabled was checked, in the Server verification section select one of the following options:Server certificate or CA certificate and provide respective certificate data. Select None to disable server verification.
• Otherwise, provide server key.

12. Click Save or Save and close.

Related topics:

• Pools
• Data model
• System initiation
• Users
• Listeners
• Safes
• Accounts