Feedback
Here’s some feedback now that browser-based RDP is out of Enterprise beta and into public beta.
I have been using browser-based SSH to access some of my devices and it’s nice and fast. So I had some high hopes for the browser-based RDP.
For comparison, I currently have a Guamamole Docker instance which gives me browser-based access to all my Windows machines.
Problems I found with browser-based RDP:
- It needs a lot more configuration than SSH, including defining target and DNS records, while SSH needs only to define application and tunnel.
- Direct access requires a complex URL or access via Launcher, while browser-based SSH can access directly via sub-domain name only
- It’s very slow compared to the Guacamole Docker solution, and I mean tens of seconds for any screen refresh, while Guacamole just feels like native
- It doesn’t seem to accept email logins on Microsoft Accounts (@hotmail or @live) which most Windows consumer now use, while Guacamole seems to work just fine.
In case you are trying it, remember to add a response header rule to set a CSP that allows at least the following, otherwise the page may not load correctly or login fields will be blocked:
connect-src 'self' data: wss://rdp.zero-trust-apps.cfdata.org;
3 Likes
Hi there!
Thank you, as always, for your continued interest in Cloudflare’s products. I’ve forwarded your feedback to the Zero Trust team.
I will expand a bit
. Testing today, speed seems much better
. Using a @hotmail address to login:
- Enter username and password on Cloudflare Access screen
- It seems to authenticate, because if I enter an incorrect combination it comes back with “Credentials were rejected”
- If I enter the correct credentials it goes to the RDP server screen but stops with “The username or password is incorrect”, at which point I can click OK, and I see the Windows login screen. I can then enter my username/password and login ok.
Note that on 3 the Windows login screen shows the username as “name” instead of “[email protected]” so I guess Cloudflare Access is validating the username/password as passed on step 2, but when it comes to actual login it is dropping the “@hotmail.com” part.
Try simplifying access by using Cloudflare’s Access App Launcher and refining DNS settings with clear subdomain routes. To boost speed, ensure the server location is close to your users and allocate sufficient resources. For Microsoft Account login issues, consider using local Windows accounts or enterprise domain logins for now. Also, double-check your Content Security Policy with the suggested connect-src rule to ensure smooth page and login functionality.