RdpBroker

A high-performance RDP connection broker written in C for Kubernetes environments. RdpBroker provides centralized authentication via Samba AD and intelligent RDP connection forwarding to multiple target machines.

Overview

RdpBroker acts as an RDP gateway that:

• Presents users with an RDP login screen
• Authenticates credentials against a Samba Active Directory server
• Displays a list of available RDP targets
• Forwards connections to selected targets
• Monitors active sessions and user activity

Architecture

User RDP Client
      ↓
RdpBroker (Kubernetes Pod)
      ↓
   ┌──────────────────────────┐
   │  Authentication Layer    │
   │  (Samba AD)             │
   └──────────────────────────┘
      ↓
   ┌──────────────────────────┐
   │  Target Selection UI     │
   │  (from targets.yaml)    │
   └──────────────────────────┘
      ↓
   ┌──────────────────────────┐
   │  RDP Connection Forward  │
   │  to Target Machine      │
   └──────────────────────────┘

Features

• Centralized Authentication: Validates user credentials against Samba AD
• Dynamic Target Management: Configure available RDP targets via YAML
• Connection Forwarding: Transparent RDP proxy to backend targets
• Session Monitoring: Track active connections and user activity
• Kubernetes Native: Designed to run in containerized environments
• High Performance: Written in C for minimal latency

Project Structure

RdpBroker/
├── src/                    # Source code
│   ├── main.c             # Application entry point
│   ├── rdp_server.c       # RDP server implementation
│   ├── auth.c             # Samba AD authentication
│   ├── session_manager.c  # Session tracking and monitoring
│   ├── config.c           # Configuration parser
│   ├── rdp_broker.h       # Main header file
│   ├── Makefile           # Build configuration
│   └── Dockerfile         # Container image definition
├── chart/                  # Helm chart for Kubernetes deployment
│   └── rdpbroker/
│       ├── Chart.yaml
│       ├── values.yaml
│       └── templates/
│           ├── deployment.yaml
│           ├── service.yaml
│           ├── configmap.yaml
│           └── secret.yaml
├── docs/                   # Additional documentation
│   └── deployment.md
├── targets.yaml           # RDP target configuration
└── README.md              # This file

Prerequisites

Build Requirements

• GCC compiler
• Make
• FreeRDP development libraries
• libyaml development libraries
• libldap development libraries (for Samba AD)
• Docker (for containerization)

Runtime Requirements

• Kubernetes cluster (1.20+)
• Helm 3.x
• Samba AD server (accessible from cluster)
• Network access to RDP target machines

Configuration

targets.yaml

Define your RDP targets in targets.yaml:

targets:
  - name: "Windows Server 01"
    host: "192.168.1.10"
    port: 3389
    description: "Production Web Server"
  
  - name: "Windows Server 02"
    host: "192.168.1.11"
    port: 3389
    description: "Database Server"
  
  - name: "Development Desktop"
    host: "dev-machine.local"
    port: 3389
    description: "Developer Workstation"

Environment Variables

Configure the application via environment variables:

• SAMBA_AD_SERVER: Samba AD server hostname/IP (required)
• SAMBA_AD_PORT: LDAP port (default: 389)
• SAMBA_AD_BASE_DN: Base DN for user searches (e.g., DC=example,DC=com)
• RDP_LISTEN_PORT: Port to listen for incoming RDP connections (default: 3389)
• TARGETS_CONFIG_PATH: Path to targets.yaml (default: /etc/rdpbroker/targets.yaml)
• LOG_LEVEL: Logging verbosity (DEBUG, INFO, WARN, ERROR)

Building

Local Build

cd src/
make

Docker Build

cd src/
docker build -t rdpbroker:latest .

Deployment

Using Helm

1. Configure your values:

cd chart/rdpbroker
cp values.yaml my-values.yaml
# Edit my-values.yaml with your configuration

2. Install the chart:

helm install rdpbroker ./chart/rdpbroker -f my-values.yaml

3. Verify deployment:

kubectl get pods -l app=rdpbroker
kubectl logs -f deployment/rdpbroker

Manual Deployment

See docs/deployment.md for manual Kubernetes deployment instructions.

Usage

1. Connect via RDP Client:

   # Get the service endpoint
   kubectl get svc rdpbroker
   
   # Connect using any RDP client
   xfreerdp /v:<SERVICE_IP>:3389 /u:yourusername
   

2. Login: Enter your Samba AD credentials

3. Select Target: Choose from the list of available RDP machines

4. Session: Your RDP session is forwarded to the selected target

Monitoring

View active sessions and user activity:

# Check logs
kubectl logs -f deployment/rdpbroker

# View metrics (if configured)
kubectl exec -it deployment/rdpbroker -- cat /var/log/rdpbroker/sessions.log

Security Considerations

• Use TLS/SSL for RDP connections in production
• Store Samba AD credentials securely (use Kubernetes Secrets)
• Implement network policies to restrict access
• Regular security audits of target configurations
• Enable audit logging for compliance

Troubleshooting

Connection Issues

• Verify network connectivity to Samba AD server
• Check firewall rules for RDP ports
• Validate credentials in Samba AD

Target Access

• Ensure target machines are accessible from Kubernetes pods
• Verify targets.yaml configuration
• Check target machine RDP service status

Performance

• Monitor CPU/memory usage in Kubernetes
• Adjust resource limits in Helm values
• Check network latency to targets

Contributing

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Submit a pull request

License

This project is licensed under the MIT License.

Support

For issues and questions:

• Check the documentation in docs/
• Review logs for error messages
• Open an issue on the project repository

Roadmap

• TLS/SSL support for encrypted RDP
• Web-based management interface
• Load balancing across multiple targets
• Session recording and playback
• Multi-factor authentication
• Role-based access control (RBAC)
• Metrics and Prometheus integration