Oracle over RemoteApp

This chapter contains an example configuration, to monitor Oracle database connections over RempteApp. In this scenario, the user connects the the RemoteApp server over RDP. Login credentials are checked in the Active Directory and forwarded to the target server. Connection is established in the proxy mode.

../../_images/overview.png

Prerequisites

  • RDS environment deployed and configured on Windows Server 2016/2012/2012 R2,
  • SQL Developer application added to a RDS collection,
../../_images/remoteapp_rds_collection.png
  • Active Directory service for user authentication,
  • Users in Active Directory must be allowed to log in to the RDS server.

Configuration

../../_images/data_modeling1.png

Adding a server

Server is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.

  1. Select Management > Servers.
  2. Click Add.
  1. Provide essential configuration parameters:
Parameter Value
General  
Name RemoteApp server
Blocked fail
Protocol RDP
Security Enhanced RDP Security (TLS) + NLA
Description fail
   
Permissions  
Granted users fail
   
Destination host  
Address 10.0.150.153
Port 3389
Bind address Any
  1. Click i to download the target server’s public key.
  2. Click Save.

Adding a user

User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login and domain combination, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.

  1. Select Management > Users.
  2. Click Add.
  1. Provide essential user information:
Parameter Value
General  
Login john_smith
Blocked fail
Account validity Indefinite
Role user
Preferred language English
Safes default settings
Full name John Smith
Email john@smith.com
Organization fail
Phone fail
AD Domain fail
LDAP Base fail
   
Permissions  
Granted users fail
   
Authentication  
Authentication failures fail
Enforce static password complexity fail
Type External authentication
External authentication source Active directory 10.0.150.152:389
  1. Click Save.

Adding a listener

Listener determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.

  1. Select Management > Listeners.
  2. Click Add.
  1. Provide essential configuration parameters:
Parameter Value
General  
Name RemoteApp-listener
Blocked fail
Protocol RDP
Security Enhanced RDP Security (TLS) + NLA
Announcement fail
   
Permissions  
Granted users fail
   
Connection  
Mode proxy
Local address 10.0.150.151
Port 10025
External address fail
  1. Click i to generate the proxy server’s private key or i to upload the .PEM file private key definition.
  2. Click Save.

Adding an account

Account defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.

  1. Select Management > Accounts.
  2. Click Add.
  1. Provide essential configuration parameters:
Parameter Value
General  
Name RemoteApp-account
Blocked fail
Type forward
Session recording all
OCR sessions ok
OCR Language English
Delete session data after 61 days
   
Permissions  
Granted users fail
   
Server  
Server RemoteApp_server
   
Credentials  
Replace secret with fail
Forward domain ok
  1. Click Save.

Defining a safe

Safe directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.

  1. Select Management > Safes.
  2. Click Add.
  1. Provide essential configuration parameters:
Parameter Value
General  
Name RemoteApp-safe
Blocked fail
Notifications fail
Login reason fail
Require approval fail
Policies fail
Users john_smith
   
Protocol functionality  
RDP ok
SSH fail
VNC fail
   
Accounts  
RemoteApp-account RemoteApp-listener
  1. Click Save.

Changing registry entries on the RDS domain controller

  1. Log in, with administrator privileges, onto the server running the RDS service.
  2. Start the system registry editor.
  3. Browse registry to find the key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminalServerCentralPublishedResourcesPublishedFarmscollectiononeApplicationssqldeveloper
  4. In the RDPFileContent parameter, find the full address:s: and change its value to the IP address and port number of the previously configured listener, i.e. full address:s:192.168.3.100:10025

Establishing connection

  1. Launch the web browser on a client system, navigate to the RDS domain controller application portal and log in.
../../_images/remoteapp_portal_login.png
  1. Click the SQL Developer icon, to download the RemoteApp configuration file.
../../_images/remoteapp_portal.png
  1. Double-click the configuration file.
../../_images/remoteapp_click_config_file.png
  1. Click Connect, to establish connection.
../../_images/remoteapp_connect.png
  1. Provide login credentials.
  2. Accept the certificate and proceed with establishing the connection.
../../_images/remoteapp_confirm_connect.png ../../_images/remoteapp_started.png

Viewing user session

  1. Open a web browser and navigate to Fudo’s administration panel.
  2. Enter login credentials.
  1. Select Management > Sessions.
  2. Find John Smith’s session and click i.
../../_images/remoteapp_ongoing.png ../../_images/remoteapp_player.png

Related topics: