Azure Cloud AVD

Hello,

Thank you for the details. I’ve forwarded your question to our development team to validate the best approach for this type of Azure Cloud AVD → RDP → SSH workflow.

I’ll get back to you as soon as I have their recommendations.

Best regards,

Hello

Fundamentally, I don't think what you ask for is possible but your scenario is a bit unclear to me.

Are you doing all the access to the RDP server(s) through your browser, or does it launch a native session somehow? Either way this is tricky: RDM has some loose support for connecting to AVD desktops and apps but it doesn't work very well and is likely to be deprecated completely. Microsoft has never allowed or enabled third-parties to integrate with AVD, we have some workarounds using Remote Desktop Client (the Windows Store RDP client from Microsoft), but it's based on being able to use their .msi installer which they themselves are deprecating. Like I said - this is all on Microsoft, they've never enabled or expressed any interest in allowing third parties to integrate with AVD.

Next you talk about jumping SSH via an RDP machine; but maybe I'm misunderstanding. If it's truly just an RDP server, it doesn't make much sense to try and tunnel SSH over RDP (while the reverse - RDP over SSH - is pretty common).

It sounds to me that you want something like Azure Bastion. RDM does have first class support for Azure Bastion, although AzureAD authentication is not currently available for SSH (we are working on it at the moment, however). Azure Bastion is quite expensive but there are alternatives (Apache Guacamole, our own Devolutions Gateway with standalone web interface), however that would obviously require some manual setup rather than the one-click deployment of a Bastion on top of an existing Azure infrastructure.

Please, let me know if I've misunderstood something, or if you have further questions or comments.

Kind regards,

Hello

Fundamentally, I don't think what you ask for is possible but your scenario is a bit unclear to me.

Are you doing all the access to the RDP server(s) through your browser, or does it launch a native session somehow? Either way this is tricky: RDM has some loose support for connecting to AVD desktops and apps but it doesn't work very well and is likely to be deprecated completely. Microsoft has never allowed or enabled third-parties to integrate with AVD, we have some workarounds using Remote Desktop Client (the Windows Store RDP client from Microsoft), but it's based on being able to use their .msi installer which they themselves are deprecating. Like I said - this is all on Microsoft, they've never enabled or expressed any interest in allowing third parties to integrate with AVD.

Next you talk about jumping SSH via an RDP machine; but maybe I'm misunderstanding. If it's truly just an RDP server, it doesn't make much sense to try and tunnel SSH over RDP (while the reverse - RDP over SSH - is pretty common).

It sounds to me that you want something like Azure Bastion. RDM does have first class support for Azure Bastion, although AzureAD authentication is not currently available for SSH (we are working on it at the moment, however). Azure Bastion is quite expensive but there are alternatives (Apache Guacamole, our own Devolutions Gateway with standalone web interface), however that would obviously require some manual setup rather than the one-click deployment of a Bastion on top of an existing Azure infrastructure.

Please, let me know if I've misunderstood something, or if you have further questions or comments.

Kind regards,

@Richard Markiewicz
Sorry it took a bit to find some time to get to this.
I do not have control over what connections or setup they use on their side. They used to use citrix workspace but has now moved to Windows Cloud.
Windows Cloud can be accessed 2 wasys that I am aware of:

1. launched via browser (https://windows.cloud.microsoft/#/apps) and logging into it with MS account (which they have created one for me)
2. launched via "Windows App" https://apps.microsoft.com/detail/9n1f85v9t8bn?hl=en-GB&gl=CA and again logging into it with MS account.

Within this cloud portal they have setup access to 3x Windows Servers via RDP and 4x different Web Applications that I can use.
If I use 1 of the 3 RDP servers I open winsshterm to gain ssh access to all their Linux servers that I need access to.

So I am looking for a way bring it all into Devolutions RDM instead.
Somehow tunnel through windows.cloud.microsoft and one of the RDM so I can open an ssh session to one of the linux servers (instead of manually connecting through the first two, then manually opening winsshterm and connecting).

I dont know if they have bastian or if that is something they need to setup or if its just something I can use to connect to this type of system.

Hello

I doubt there's a way to achieve what you want.

When you connect to an AVD you're really going through a Remote Desktop Gateway. What you need is to be able to install and run an SSH server on those RDP machines, but you won't have network access (they're not directly addressable like that, and even if they were, surely whatever port you needed to use is not open). There's nothing that can be reconfigured client side to make this work as you'd like it to. All you have is RDP.

Azure Bastion is a product directly designed to solve these kind of issues, but if your client was using an Azure Bastion I doubt they've have created this setup in the first place. The main problem with Azure Bastion - despite it being another piece of infrastructure to deal with - is that it's quite expensive. Apache Guacamole or our own Devolutions Gateway would solve this problem for you, but again, it's another piece of infrastructure to run and that would be up to your client. Maybe you can convince them that your job would be much easier with a proper setup here!

I will give one answer that's a bit out of left-field and I haven't tried it myself, This project allows you to tunnel TCP through a file server. Since you have RDP, if file sharing / drive redirection is allowed, it seems like it would be possible to tunnel an SSH connection via RDP file sharing to the final Linux system. It's a bit of a crazy idea but it might work. I would urge you extreme caution if you try something like that, since it's clearly subverting the provided setup and could easily be seen as a security risk.

Please, let me know if you have some questions or something isn't clear

Kind regards,