Articles on: Secure RDP

Best Practices Guide for TruGrid Secure RDP

Best Practices Guide for TruGrid Secure RDP



TruGrid recommends the following practices in order to enjoy the best RDP experience.

For best user experience, TruGrid recommends using TruGrid Windows or Mac Connector instead of the Web Connector. See here for details.

Directory Services

TruGrid requires either Microsoft Active Directory or Azure Active Directory (now Entra ID)
TruGrid also supports a hybrid setup using both Microsoft Active Directory and Azure Active Directory with Azure AD Connect (Entra Connect)


TruGrid Sentry & RDP / RDS Host Placement & Sizing

Make sure that TruGrid Sentry Agent servers are on the same network as the RDP hosts that users are connecting to. Here are the TruGrid Sentry host sizing requirements.
If TruGrid Sentry servers and RDP hosts cannot be on the same network, install TruGrid SecureConnect on the RDP hosts. Here is the guide on how to setup TruGrid SecureConnect
Make sure that RDP / RDS hosts are properly sized for RAM, CPU, and Disk IOS. Please review this guide from Microsoft on tuning RDP host.


Internet Latency & Bandwidth Planning

The network hosting TruGrid Sentry and RDP / RDS hosts must have the best possible bandwidth; but most especially the lowest latency possible. End users enjoy the best experience when internet latency for the RDP connection is very low.
Review this planning guide for RDP bandwidth and latency


Antivirus, Firewall, and IPS / IDS Whitelisting

To avoid inteference caused by aggressive AV, EDRs, firewall filters, and IPS / IDS, TruGrid recommends the following:
For TruGrid Sentry servers:
Configure your AV / EDR to whitelist the C:\Program Files\TruGrid\Sentry folder
Configure your AV / EDR to whitelist the these two processes C:\Program Files\TruGrid\Sentry\TruGrid Sentry.exe and C:\Program Files\TruGrid\Sentry\TruGrid Sentry Health Monitor.exe
For TruGrid SecureConnect:
Configure your AV / EDR to whitelist the C:\Program Files\TruGrid\Secure Connect folder
Configure your AV / EDR to whitelist this processes TruGrid.SecureConnect.exe
For firewall web filters / IPS / IDS and EDR, allow outbound access to TruGrid IPs.


RDP Session Optimization

There are many RDP settings that can be configured in order to enjoy the best RDP experience:
Use the TruGrid RDP Settings feature of TruGrid Windows Connector to optimize RDP sessions
Or use Active Directory GPO to optimize RDP Sessions
NOTE: Many of the detailed recommendations from Microsoft here can be implemented via step 1 or 2 of this section.

The benefit of using TruGrid RDP Settings feature is that it is agnostic of Active Directory and enforces the RDP policies settings at the end user endpoint, regardless of which RDP host they connect to. For example, if a company provides access to RDP hosts within an office, a datacenter, and cloud locations such as Azure, AWS, etc., policies configured using TruGrid RDP Settings will apply when connecting to these various hybrid locations. Whereas, with Active Directory GPO, all of the hybrid sites have to be connected to the same AD, or the policies have to be applied for each AD environment. Moreover, TruGrid RDP Settings apply to environments using TruGrid SecureConnect, with no connection to Active Directory.

Sentry & SecureConnect Versions

TruGrid regularly updates the TruGrid Sentry and SecureConnect software to add new features, enhance security, and improve performance. For TruGrid Sentry, TruGrid will notify ADMINS when new versions are available so that they can update to the latest version. TruGrid will also notify ADMINS when we will automatically update TruGrid Sentry when required for enhanced security and compliance with our cloud platform. TruGrid recommends that ADMINS allow TruGrid to automatically update their Sentry instances when notified.
TruGrid automatically updates TruGrid SecureConnect installations

Please contact TruGrid Customer Care via CHAT for questions, recommendations, and for assistance.

Updated on: 19/06/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!