Multiple Gateway with Multiple Locations

Ctrl + k

Published 5 days ago

Hi,

at the beginning of this year we switched to RDM with selfhosted Devolutions Server as the Backend together with the PAM module. We appreciate RDm and it´s many integration options and protocols, so we don´t have to leave the "RDM universe" for daily tasks.
We managed to get most of the things properly but struggling to archieve the following:
We´ve set up a gateway farm at our headquarter in germany but now want to set up gateways at our branch office locations worldwide. How do we configure that the "nearest" gateway is used instead of always connecting to the headquarter for managing machines that are located in the branch offices?

Best regards
Florian

Gateway ruleset configuration in Devolutions Server | Devolutions Gateway | Devolutions Documentation

System requirements for Devolutions Server | Devolutions Gateway | Devolutions Documentation

All Comments (1)

Michel Audi

Published 4 days ago

Hi Florian,

Thank you for reaching out to our support team.

There is no single setting that auto-selects the closest of several gateways, but you can get the behaviour you are describing with two settings on each site's folder. First, assign that site's own gateway, or a farm of that site's gateways, under VPN/SSH/Gateway and let the entries inherit it, so a branch machine routes through its local gateway rather than the headquarter one. Second, set the Connect option to "Connect if unable to ping/port scan" rather than "Always connect."

With that mode, Remote Desktop Manager tests whether the target responds before opening anything. A user on the branch network reaches the machine directly and no gateway is used at all, while a user who cannot reach it directly has the connection opened through that site's gateway. Branch machines end up served by their local gateway, or by a direct connection on site, and never by the headquarter gateway. Keep each farm to gateways from a single location, since a farm spreads sessions across its members by weight rather than by proximity.

For this to work, each branch gateway has to be reachable on its HTTP(S) and TCP ports, 7171 and 8181 by default, from wherever the sessions are launched, since Remote Desktop Manager connects to the gateway directly and not through Devolutions Server. The gateway only accepts inbound traffic, while Devolutions Server stays the backend your clients connect to and must be able to reach each gateway for health checks and configuration. The full port and connectivity breakdown is here: https://docs.devolutions.net/gateway/overview/system-requirements/system-requirements-dvls/
If you also want each gateway locked to its own network and audience, you can attach a Gateway ruleset to it and allow or deny connections by IP, subnet, range, or domain, and by user, group, or vault. Details here: https://docs.devolutions.net/gateway/getting-started/devolutions-server/gateway-ruleset-configuration-in-devolutions-server/
Best regards,

Michel Audi

Closed