Forum Discussion

Marvin's avatar
Marvin
Icon for Cirrocumulus rankCirrocumulus
Jun 24, 2024

HTML5 support for RDP

I there any support for HTML5 for RDP connnections behind F5 without using a client? Or even possible with a client?

 

The use case is to have a webtop with a link to establish an RDP connection but we would like to have it via HTML5 embedded.

 

Looking at the following  artcile it indicate it is not supported can someone confirm?

 

https://my.f5.com/manage/s/article/K08943176#link_06_05

 

 

    • Marvin's avatar
      Marvin
      Icon for Cirrocumulus rankCirrocumulus

      It is registered (Bug ID 578545) [RFE] Support RDP HTML5 client on APM Webtop no ETA yet however by implementing this you would also solve this bug Bug ID 969097: Native RDP Route Domain and SNAT Selection not applying SNAT settings

      https://cdn.f5.com/product/bugtracker/ID969097.html

      The use case is very simple an easy to use web based RDP access and based on the role defined in access profile assign the correct SNAT IP address. Please have this implemented.

      • Lucas_Thompson's avatar
        Lucas_Thompson
        Icon for Employee rankEmployee

        Thanks for the additional detail. 969097 is difficult from an architecture standpoint. That 578545 issue was a request to evaluate 3rd party HTML5 clients like Guacamole and Hobsoft, but since Microsoft now have a native HTML webclient it's probably best to focus on theirs.

        After looking at it for a while, it seems like the only L4-ish solution (because of 969097) is to use a data group to hold a list of SNAT selectors and an irule (or maybe an LTM policy), and probably an extra vip, which is a way overload of extra configuration.

        An L7 solution *that does support SSO* might be to use SAML IDP-chaining with Azure or a local SAML SSO chained from whatever you currently logon with in the same way that CyberArk (no affiliation) provides a nice configuration guide on here:

        https://docs.cyberark.com/identity/latest/en/Content/Applications/certified-apps/RDWeb_SSO.htm

        NOTE: I just stumbled on that from a google search for something like "webclient html5 microsoft saml" and have not tested it at all. They do have an impressive number of nice generic-SAML-ish integration articles!

        BIG-IP APM does support these SAML-SSO-intercept and IdP-Chaining use cases that should allow you to both behave as and offer SSO for your users.

  • Marvin - if your issue was resolved please consider Mark As Solution to help other community members find help faster/easier.

    Thanks,

    Lief