Articles on: Secure RDP

TruGrid Secure RDP - Local Awareness

TruGrid Secure RDP - Local Awareness


Local Awareness is a new feature of TruGrid SecureRDP that is designed to optimize connection routing for users located on the same local network as their target RDP hosts.

When enabled, TruGrid SecureRDP intelligently determines if a direct local connection can be made, bypassing cloud relay routing when appropriate. This improves session performance while preserving all authentication and policy controls.


This feature is currently available per request. It is currently supported on Windows Desktop and Web Connectors.Please contact TruGrid via CHAT to request that this feature be enabled for your environment.


How It Works

After login, when a user initiates a SecureRDP session via the TruGrid Desktop or Web Connector, the following logic applies:

  1. Certificate Discovery - At the onset of the RDP connection, the TruGrid Connector checks for a valid security certificate matching the target hostname
  2. Intelligent Routing - If a valid certificate is found, TruGrid Connector makes a direct connection to the target RDP host. Otherwise, the TruGrid Connector connects to via the closest TruGrid Relay


Advantages

  • Reduced Latency:

Local routing eliminates WAN transit and Azure relay hops, resulting in faster session startup and improved responsiveness.

  • Optimized Bandwidth:

Local Awareness minimizes external network usage for on-site users.

  • Automatic Fallback:

Users do not need to manually choose routing options - TruGrid automatically detects and applies the most efficient connection path.

  • No Configuration Overhead:

Once enabled for the environment, the feature requires no user or host-side configuration changes.


Limitations and Considerations


  • Analytics Visibility:

At the time of this writing, when Local Awareness is used, TruGrid Analytics will not display session metrics or connection telemetry for that session. This is because traffic remains within the local network and does not traverse the TruGrid Cloud. This will be resolved in the future.

  • Security Boundary:

Transport path may be local; session authorization and MFA validation are still enforced by TruGrid.

  • Certificate Requirement:

For the feature to function correctly, the target machine must have a valid certificate associated with its hostname and accessible via the local network.

  • Network Scope:

Local Awareness only applies when the TruGrid Connector and the target host are within the same subnet or discoverable network range.


Updated on: 13/11/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!