The Scenario-A provides access to cloud lab environment via windows Remote Desktop protocol (RDP) access to a jump server from where we can access the cloud labs. We use higher tcp port range excluding 1023 (well known) ports and translate the standard TCP port 3389 to a higher range randomized port number for access.
Also, the RDP access is associated with a username and a strong password authorized using LDAP Server.
The firewall will handle the NAT for Jump server and we use a dedicated VLAN or network for JUMP server not shared by another CloudMyLab customer.
All the inbound RDP requests will be inspected by firewall and being checked for any illegitimate connections and if found any then it will be dropped by firewall.
The Scenario-B provides access to CloudMyLab environment via web-rdp which uses SSL connection.
The firewall will handle the NAT for WEB RDP service and we use a dedicated VLAN or network for web RDP service not shared by another CloudMyLab customer.
All the inbound WEB RDP requests will be inspected by firewall and being checked for any illegitimate connections and if found any then it will be dropped by firewall.
The Scenario-C provides access to CloudMyLab environment over CiscoAnyConnect VPNClient.
In this scenario CloudMyLab firewall will terminate the VPN connection and inspect the connection.
For monitoring and user access/accounting, we use Paessler PRTG to monitor and log the network events activity and Cisco Identity Services Engine for Authentication Authorization and Accounting.