The Agilicus AnyX Desktop feature marries the simplicity and security of single sign-on, Zero Trust, and multi-factor authentication with a resource that is graphical in nature. It is ideal for both embedded systems as well as remote productivity applications.
You have two different choices for how to enable a desktop resource for your users, the tried-and-true Virtual Network Computing (VNC) and the Windows desktop-oriented Microsoft Remote Desktop Protocol. Which one is the best for your application and users?
Executive Summary
Agilicus AnyX VNC is best for you if:
- You have a shared machine
- You need multiple users to access the device at the same time
- You want to use it from any device, including tablets
- Your use pattern is short sessions checking something which is always running
- Your device only supports VNC (e.g. embedded device)
- You need some users to have a read-only session
- You have no local users on devices
Agilicus AnyX Microsoft Remote Desktop Connection is best for you if:
- Your use case is relatively long productivity-oriented sessions
- You need to share a printer or device
- You have a single-user pattern
- Your application stops and is logged out when the user does
Detailed Considerations: VNC
One of the main concerns people have with VNC is its poor security model. A single user, no encryption, an 8-character 3DES-encrypted password. It is intrinsically unsafe to use… except when coupled with Agilicus AnyX.
AnyX allows you to keep the VNC server hidden in a secure enclave. It provides a single-sign-on, multi-factor, passwordless authentication, with strong per-user authorization (including read-only mode).
The HTML5 web-first Agilicus AnyX Profile allows any user, on any device, to have instant seamless access. Have a contractor with a tablet on a cellular connection?
One of the unique aspects of the Agilicus AnyX VNC Desktop is ‘password stuffing’. This allows you to ensure no one (except you!) knows the VNC password. Users supply their Azure Active Directory or Google Workplace credentials and are instantly using the resource. Security facilitates efficiency, rather than reduces it.
The unique ‘read-only’ vs ‘read-write’ password allows for the ability to create two roles, perfect for use with Agilicus Group & Role-based access control.
The Agilicus Connector can be paired with the VNC on a 1:1 basis (meaning no network access is possible), or, via other network segmentation techniques, can finely control and micro-segment as needed.
And, more importantly, no inbound access, no firewall hole, and a perfect audit trail.
VNC is the best solution for your team if:
- You need access to embedded devices without local users
- You have infrequent, short usage patterns
- You don’t need shared printers, USB devices
- You don’t have control of the users’ device
Detailed Considerations: Microsoft Remote Connect
Microsoft’s Remote Desktop Protocol is tightly coupled with the Microsoft Windows ecosystem. It provides excellent performance even on low-bandwidth network connections. Because it is geared around non-shared desktop usage, it is best used when you have single-user applications and pairs nicely with a local-desktop native client.
The Agilicus AnyX Desktop integration implements a Zero Trust Remote Desktop Gateway to create a seamless single-sign-on (with optional multi-factor) to a machine running remotely with Remote Desktop. It can be launched directly through the Agilicus Profile, or, from the ‘start’ menu of your operating system. Native clients can directly connect without a VNC or proxy owing to the unique nature of the Desktop Gateway.
Encryption is end-to-end from the user’s desktop to the end server. Owing to this, password stuffing is not possible. In common implementations, the user will ‘sign in’ with the local identity.
Remote Desktop is the best solution for your team if:
- You run productivity applications such as ERP, word processor
- You may want to locally print or share storage
- You have relatively long sessions
- Your sessions tend to be from desktop-style computers
Regardless of which method you use, the basics apply:
- Requests flow “May I please have permission for”
- Multi-Factor: “I have, I am, I know”
- Unified authentication: your team, and your partners’ teams, all with single-sign-on
- Precise authorization: user A can do B to C at this time
- Seamless access: no VPN to bring up, no overlapping IP or split horizon
Conclusion
In conclusion, the Agilicus AnyX Desktop feature offers a powerful combination of simplicity, security, and graphical capabilities through single-sign-on, Zero Trust, and Multi-Factor Authentication. This feature caters to a wide range of needs, including embedded systems and remote productivity applications. When it comes to enabling a Desktop resource for users, there are two viable options: Virtual Network Computing (VNC) and Microsoft Remote Desktop Protocol (RDP). Choosing the best option for your application and users depends on various factors.
It is important to carefully assess the specific requirements and considerations of your use case to make an informed decision. By evaluating the strengths and weaknesses of both VNC and RDP, you can determine which protocol aligns better with your application’s needs, user preferences, and security requirements. Ultimately, selecting the most suitable approach will help provide an optimal user experience and enhance productivity while maintaining a high level of security.