CirrocumulusI there any support for HTML5 for RDP connnections behind F5 without using a client? Or even possible with a client?
The use case is to have a webtop with a link to establish an RDP connection but we would like to have it via HTML5 embedded.
Looking at the following artcile it indicate it is not supported can someone confirm?
https://my.f5.com/manage/s/article/K08943176#link_06_05
EmployeeAs far as I know, we haven't officially evaluated Microsoft's new native HTML5 RDP client. It's likely possible to make it work with APM, but some protocol (auth, SSO, etc) and security reviews are needed:
https://learn.microsoft.com/en-us/answers/questions/1275851/rdweb-and-html5-client
CirrocumulusIt is registered (Bug ID 578545) [RFE] Support RDP HTML5 client on APM Webtop no ETA yet however by implementing this you would also solve this bug Bug ID 969097: Native RDP Route Domain and SNAT Selection not applying SNAT settings
https://cdn.f5.com/product/bugtracker/ID969097.html
The use case is very simple an easy to use web based RDP access and based on the role defined in access profile assign the correct SNAT IP address. Please have this implemented.
EmployeeThanks for the additional detail. 969097 is difficult from an architecture standpoint. That 578545 issue was a request to evaluate 3rd party HTML5 clients like Guacamole and Hobsoft, but since Microsoft now have a native HTML webclient it's probably best to focus on theirs.
After looking at it for a while, it seems like the only L4-ish solution (because of 969097) is to use a data group to hold a list of SNAT selectors and an irule (or maybe an LTM policy), and probably an extra vip, which is a way overload of extra configuration.
An L7 solution *that does support SSO* might be to use SAML IDP-chaining with Azure or a local SAML SSO chained from whatever you currently logon with in the same way that CyberArk (no affiliation) provides a nice configuration guide on here:
https://docs.cyberark.com/identity/latest/en/Content/Applications/certified-apps/RDWeb_SSO.htm
NOTE: I just stumbled on that from a google search for something like "webclient html5 microsoft saml" and have not tested it at all. They do have an impressive number of nice generic-SAML-ish integration articles!
BIG-IP APM does support these SAML-SSO-intercept and IdP-Chaining use cases that should allow you to both behave as and offer SSO for your users.