I'm looking for some suggestions on the best route here enabling access to an on-premise legacy application for remote workers.
Currently, we use the following:
- Remote Desktop Services - Typical deployment (gateway/web/broker/hosts)
- The entire RDS setup is only available to local devices (or VPN connected) - No WAN access
- Users connect to the corp dmz with a sonicwall vpn, with the profile pushed out by intune
- The remote apps are published into their start menu, through the control panel "remoteApps and Desktop Connections"
While this solution works, it has issues:
- VPN Dropouts happen, uses think it is a RDS issue.
- If the users local network is on the same subnet as our DMZ it's an issue.
- (sometimes) many authentication prompts (vpn, RDWeb, then App itself)
I started looking at migrating to the HTML5 Web Client + Azure App Proxy. It seems that...
- Remove the need for the VPN or complexities along with it
- Reduce the number of authentication prompts users get
- Keep the RDS deployment inside our LAN/DMZ
However - For the less tech savvy end-users, it offers a less native experience since the apps are not in their start menu. In browser apps also make it harder to multi task between local apps and other browser apps.
Question: Is it possible to publish "RemoteApps" to users, while using Azure App Proxy? Is there any other suggestion on using the AppProxy to reduce the need for VPN clients while keeping the RDS experience native?