# RdpBroker A high-performance RDP connection broker written in C for Kubernetes environments. RdpBroker provides centralized authentication via Samba AD and intelligent RDP connection forwarding to multiple target machines. ## Overview RdpBroker acts as an RDP gateway that: - Presents users with an RDP login screen - Authenticates credentials against a Samba Active Directory server - Displays a list of available RDP targets - Forwards connections to selected targets - Monitors active sessions and user activity ## Architecture ``` User RDP Client ↓ RdpBroker (Kubernetes Pod) ↓ ┌──────────────────────────┐ │ Authentication Layer │ │ (Samba AD) │ └──────────────────────────┘ ↓ ┌──────────────────────────┐ │ Target Selection UI │ │ (from targets.yaml) │ └──────────────────────────┘ ↓ ┌──────────────────────────┐ │ RDP Connection Forward │ │ to Target Machine │ └──────────────────────────┘ ``` ## Features - **Centralized Authentication**: Validates user credentials against Samba AD - **Dynamic Target Management**: Configure available RDP targets via YAML - **Connection Forwarding**: Transparent RDP proxy to backend targets - **Session Monitoring**: Track active connections and user activity - **Kubernetes Native**: Designed to run in containerized environments - **High Performance**: Written in C for minimal latency ## Project Structure ``` RdpBroker/ ├── src/ # Source code │ ├── main.c # Application entry point │ ├── rdp_server.c # RDP server implementation │ ├── auth.c # Samba AD authentication │ ├── session_manager.c # Session tracking and monitoring │ ├── config.c # Configuration parser │ ├── rdp_broker.h # Main header file │ ├── Makefile # Build configuration │ └── Dockerfile # Container image definition ├── chart/ # Helm chart for Kubernetes deployment │ └── rdpbroker/ │ ├── Chart.yaml │ ├── values.yaml │ └── templates/ │ ├── deployment.yaml │ ├── service.yaml │ ├── configmap.yaml │ └── secret.yaml ├── docs/ # Additional documentation │ └── deployment.md ├── targets.yaml # RDP target configuration └── README.md # This file ``` ## Prerequisites ### Build Requirements - GCC compiler - Make - FreeRDP development libraries - libyaml development libraries - libldap development libraries (for Samba AD) - Docker (for containerization) ### Runtime Requirements - Kubernetes cluster (1.20+) - Helm 3.x - Samba AD server (accessible from cluster) - Network access to RDP target machines ## Configuration ### targets.yaml Define your RDP targets in `targets.yaml`: ```yaml targets: - name: "Windows Server 01" host: "192.168.1.10" port: 3389 description: "Production Web Server" - name: "Windows Server 02" host: "192.168.1.11" port: 3389 description: "Database Server" - name: "Development Desktop" host: "dev-machine.local" port: 3389 description: "Developer Workstation" ``` ### Environment Variables Configure the application via environment variables: - `SAMBA_AD_SERVER`: Samba AD server hostname/IP (required) - `SAMBA_AD_PORT`: LDAP port (default: 389) - `SAMBA_AD_BASE_DN`: Base DN for user searches (e.g., `DC=example,DC=com`) - `RDP_LISTEN_PORT`: Port to listen for incoming RDP connections (default: 3389) - `TARGETS_CONFIG_PATH`: Path to targets.yaml (default: `/etc/rdpbroker/targets.yaml`) - `LOG_LEVEL`: Logging verbosity (DEBUG, INFO, WARN, ERROR) ## Building ### Local Build ```bash cd src/ make ``` ### Docker Build ```bash cd src/ docker build -t rdpbroker:latest . ``` ## Deployment ### Using Helm 1. Configure your values: ```bash cd chart/rdpbroker cp values.yaml my-values.yaml # Edit my-values.yaml with your configuration ``` 2. Install the chart: ```bash helm install rdpbroker ./chart/rdpbroker -f my-values.yaml ``` 3. Verify deployment: ```bash kubectl get pods -l app=rdpbroker kubectl logs -f deployment/rdpbroker ``` ### Manual Deployment See `docs/deployment.md` for manual Kubernetes deployment instructions. ## Usage 1. **Connect via RDP Client**: ```bash # Get the service endpoint kubectl get svc rdpbroker # Connect using any RDP client xfreerdp /v::3389 /u:yourusername ``` 2. **Login**: Enter your Samba AD credentials 3. **Select Target**: Choose from the list of available RDP machines 4. **Session**: Your RDP session is forwarded to the selected target ## Monitoring View active sessions and user activity: ```bash # Check logs kubectl logs -f deployment/rdpbroker # View metrics (if configured) kubectl exec -it deployment/rdpbroker -- cat /var/log/rdpbroker/sessions.log ``` ## Security Considerations - Use TLS/SSL for RDP connections in production - Store Samba AD credentials securely (use Kubernetes Secrets) - Implement network policies to restrict access - Regular security audits of target configurations - Enable audit logging for compliance ## Troubleshooting ### Connection Issues - Verify network connectivity to Samba AD server - Check firewall rules for RDP ports - Validate credentials in Samba AD ### Target Access - Ensure target machines are accessible from Kubernetes pods - Verify targets.yaml configuration - Check target machine RDP service status ### Performance - Monitor CPU/memory usage in Kubernetes - Adjust resource limits in Helm values - Check network latency to targets ## Contributing Contributions are welcome! Please: 1. Fork the repository 2. Create a feature branch 3. Make your changes 4. Submit a pull request ## License This project is licensed under the MIT License. ## Support For issues and questions: - Check the documentation in `docs/` - Review logs for error messages - Open an issue on the project repository ## Roadmap - [ ] TLS/SSL support for encrypted RDP - [ ] Web-based management interface - [ ] Load balancing across multiple targets - [ ] Session recording and playback - [ ] Multi-factor authentication - [ ] Role-based access control (RBAC) - [ ] Metrics and Prometheus integration