Oracle over RemoteApp¶
This chapter contains an example configuration, to monitor Oracle database connections over RempteApp. In this scenario, the user connects the the RemoteApp server over RDP. Login credentials are checked in the Active Directory and forwarded to the target server. Connection is established in the proxy mode.
Prerequisites¶
- RDS environment deployed and configured on Windows Server 2016/2012/2012 R2,
- SQL Developer application added to a RDS collection,
- Active Directory service for user authentication,
- Users in Active Directory must be allowed to log in to the RDS server.
Configuration¶
Adding a server
is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.
- Select > .
- Click .
- Provide essential configuration parameters:
Parameter | Value |
---|---|
General | |
Name | RemoteApp server |
Blocked | |
Protocol | RDP |
Security | Enhanced RDP Security (TLS) + NLA |
Description | |
Permissions | |
Granted users | |
Destination host | |
Address | 10.0.150.153 |
Port | 3389 |
Bind address | Any |
- Click i to download the target server’s public key.
- Click .
Adding a user
User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login and domain combination, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.
- Select > .
- Click .
- Provide essential user information:
Parameter | Value |
---|---|
General | |
Login | john_smith |
Blocked | |
Account validity | Indefinite |
Role | user |
Preferred language | English |
Safes | default settings |
Full name | John Smith |
john@smith.com |
|
Organization | |
Phone | |
AD Domain | |
LDAP Base | |
Permissions | |
Granted users | |
Authentication | |
Authentication failures | |
Enforce static password complexity | |
Type | External authentication |
External authentication source | Active directory 10.0.150.152:389 |
- Click .
Adding a listener
determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.
- Select > .
- Click .
- Provide essential configuration parameters:
Parameter | Value |
---|---|
General | |
Name | RemoteApp-listener |
Blocked | |
Protocol | RDP |
Security | Enhanced RDP Security (TLS) + NLA |
Announcement | |
Permissions | |
Granted users | |
Connection | |
Mode | proxy |
Local address | 10.0.150.151 |
Port | 10025 |
External address |
- Click i to generate the proxy server’s private key or i to upload the .PEM file private key definition.
- Click .
Adding an account
defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.
- Select > .
- Click .
- Provide essential configuration parameters:
Parameter | Value |
---|---|
General | |
Name | RemoteApp-account |
Blocked | |
Type | forward |
Session recording | all |
OCR sessions | |
OCR Language | English |
Delete session data after | 61 days |
Permissions | |
Granted users | |
Server | |
Server | RemoteApp_server |
Credentials | |
Replace secret with | |
Forward domain |
- Click .
Defining a safe
directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.
- Select > .
- Click .
- Provide essential configuration parameters:
Parameter | Value |
---|---|
General | |
Name | RemoteApp-safe |
Blocked | |
Notifications | |
Login reason | |
Require approval | |
Policies | |
Users | john_smith |
Protocol functionality | |
RDP | |
SSH | |
VNC | |
Accounts | |
RemoteApp-account |
RemoteApp-listener |
- Click .
Changing registry entries on the RDS domain controller¶
- Log in, with administrator privileges, onto the server running the RDS service.
- Start the system registry editor.
- Browse registry to find the key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminalServerCentralPublishedResourcesPublishedFarmscollectiononeApplicationssqldeveloper
- In the RDPFileContent parameter, find the full address:s: and change its value to the IP address and port number of the previously configured listener, i.e.
full address:s:192.168.3.100:10025
Establishing connection¶
- Launch the web browser on a client system, navigate to the RDS domain controller application portal and log in.
- Click the SQL Developer icon, to download the RemoteApp configuration file.
- Double-click the configuration file.
- Click , to establish connection.
- Provide login credentials.
- Accept the certificate and proceed with establishing the connection.
Viewing user session¶
- Open a web browser and navigate to Fudo’s administration panel.
- Enter login credentials.
- Select > .
- Find John Smith’s session and click i.
Related topics: