We are right in the middle of most organizations supporting a work-from-home stance for the majority of their employees due to the COVID-19 pandemic. Many organizations may have had to scramble to get something put together quickly to support their remote workforce if they didn’t already have something in place. Providing a digital workspace for remote workers may have been a challenge.
Now, the pandemic has turned into a longer-term situation requiring organizations, including your own, to support remote workers for a much longer period of time.
With this being said, many are shifting their focus, and potentially the solution they are using to empower remote workers to carry out their job responsibilities. In addition, solutions that may have been the easiest to stand up in phase 1 of the pandemic, may have compromised important objectives such as security.
Traditional solutions such as RDSH, VPN, and VDI are complicated to configure and support. Let’s take a look at a digital workspace solution that could quite possibly be the easiest solution available on the market to enable remote workers without compromising security and other features, while transforming your workforce. The solution is called Cameyo.
What is Cameyo?
Cameyo is an end-to-end virtual application delivery solution that allows simple and secure delivery of Windows and internal Web Apps to remote workers without the need for VPNs. VPNs can be problematic from a manageability, data exfiltration risk, and performance standpoint. Cameyo is a solution that helps to solve all three of these key requirements for remote workers and provide an easy way for organizations to create an effective digital workspace to empower productivity.
Using Cameyo, your business-critical apps are delivered via an HTML5-driven web browser session instead of relying on “expensive” network TCP/IP VPN tunnels. This helps to ensure that applications are delivered with a great user experience, even with remote worker’s low-bandwidth home network connections.
Cameyo is a cloud-native platform that allows having the flexibility to run your workloads from any type of environment. This includes any cloud environment, hybrid configurations, and on-premises.
How Does Cameyo Work?
Cameyo is a cloud-native virtual application delivery platform that is layered on top of Windows Server Remote Desktop Services (RDS) that allows providing your remote workers an easy as well as secure digital workspace. However, rather than having to struggle with the complexity of standing up remote desktop gateway servers and session hosts and the complexity and infrastructure that involves, Cameyo takes care of the heavy lifting and eliminates the need for you to configure the traditional RDS components.
Even though Cameyo operates on top of RDS functionality in Windows Server, it does not require RDP ports to be opened to your end users in the outside world.
How does it protect RDP?
RDP is an extremely dangerous protocol to have exposed to the Internet. When you enable RDP, you are enabling ports 3389, 3387, and 3392. Servers with RDP enabled are vulnerable to RDP brute-force attacks where hackers can use brute force login attempts to “guess” or “crack” passwords that may be weak or based on known dictionary values. The last thing you want to worry about with your digital workspace is the security of the solution for remote workers.
Cameyo uses what is referred to as RDP port shield technology that provides a dynamic firewall which addresses threats to RDP by closing those ports at the Windows firewall level. These ports are only dynamically opened based on the authenticated users when and if they are needed (such as for admins). The RDP port shield operates in real-time to white-list traffic bound for RDP when this type of connectivity is needed for administrators, etc.
Data Persistence (Session Sync)
Cameyo delivers applications to your remote workforce in what it calls a “Play” session. When the user disconnects, all remnants of the play are deleted. This means that Cameyo maintains a pristine Windows Server state. What about user data? How is this persisted? Cameyo carries out an interesting process to synchronize user data to the Google Cloud Storage bucket. This includes user’s profile directory and registry (HKCU) settings.
This helps to accomplish the best of both worlds with data persistence for the end user and security of the underlying server.
The process to install a new Cameyo server is straightforward. Login to your Cameyo dashboard and click the Create button next to the Servers section in the dashboard.
The next choice you have to make is to decide where you want to configure your Cameyo instance. There are two options for hosting:
- You can choose to have Cameyo hosted for you with Cameyo’s fully-hosted option, which runs on Google Cloud.
- You can choose to host Cameyo in your own cloud, either public or private.
Either click the Create now button for the fully-hosted option or the Get Started button for the self-hosted option.
For the purposes of showing how to install Cameyo, I am installing it on a self-hosted VMware vSphere virtual machine that I have running in my lab environment. For the self-hosted option, you can use any Windows Server installation that is Windows Server 2012 and newer.
It is impressive to see how simple the installation of the solution truly is – download and install the executable. No RDP Gateways, proxies, or RDSH server pools are required. After downloading the installation file PlaySever.exe, you simply run this executable to install the solution, following the prompts.
Running the PlayServer executable will run the Cameyo Server Setup. Run through the prompts with the setup which will not take long. You will need to configure the external port that will be used for connecting to the server inside your firewall as well as the external IP or DNS name that will be used. Once you have configured the external connectivity settings, the service should be ready to start deploying applications.
***Note*** The installer will inform you that when you install the Cameyo application, you will no longer be able to access your server via normal means. If you attempt to access the console or via RDP, you will not be able to. All interaction with the server will be performed through the Cameyo dashboard via the connect as admin option under Actions.
Now that Cameyo is up and running, how easy is it to install software and publish applications to the digital workspace for remote workers? Even though I am not well versed in the Cameyo solution, I found this to be extremely easy and intuitive. The first thing you need to do to start installing software is connect to your Cameyo server via the Connect as admin action.
One of the really nice things about the Cameyo solution is the HTML5 interface. This means that you can easily interact with the server to install software with an easy “drag and drop” interface.
To install software you want to publish, drag the software installation to the server (the window applet will already be open for you to do this when you login as admin), install and configure the software, and then publish the software so that end users can run the published application.
For the purposes of a test of installing software and publishing an application, I have downloaded the Notepad++ installation. The Cameyo interface simply lets you drag and drop the installation on the server. Once it is there, you can Show folder to run the installer. Install the program as you normally would otherwise.
Once the installation is finished, you can use the Publish your apps dialog box to place a check next to your software that you have finished installing.
After clicking Apply, you will see the message when the application has been successfully published. For me this took just a few seconds.
Now, if you go back to your Cameyo dashboard under Apps you should see your application published. After a quick check, I can now see the Notepad++ application ready to launch.
Under the Apps dashboard, you can configure several options for the published application. This includes configuring unauthenticated access, restrictions, maximum concurrency, and other options.
For end users to use the application, all you have to do is copy the link for the Play button for the application or copy and paste the link presented under the application name with the link icon to the left. The user will then simply use this link to launch the application. They can paste this in a browser session they already have open or via a shortcut you send to them.
Other Digital Workspace Features for Remote Workers
So far, I have only scratched the surface of the features and capabilities of Cameyo. You can tailor the environment as needed for your users and ensure they have data access across cloud environments. You can even connect your Dropbox, Google Drive, or cloud storage of choice for users to store documents and data in your organization’s cloud environments while connected to their Cameyo application sessions.
Cameyo provides a number of ways that end users can authenticate to Cameyo. If you are hosting your Cameyo server on-premises, you can tie in your server to your on-premises Active Directory infrastructure if you want. This will allow users to authenticate using their Windows users.
If you want to use an on-premises Active Directory server, you simply change the User profiles option for the server to Native Windows accounts and also set the application to “unauthenticated access”. This causes the application to then use the native Windows accounts for authentication.
You can also use cloud directory services such as Azure AD or any other cloud SSO provider. So, in terms of authentication there are a number of options including integration with G Suite and other SaaS environments for cloud storage, etc.
Wrapping Up and Overall Impressions
If you are looking at different options for efficiently and securely publishing your applications to remote workers and providing a powerful digital workspace, Cameyo should certainly be on your short list to trial. While many traditional remote work technologies require days or even weeks to configure and properly provision, Cameyo can have you up and running in minutes.
I found that it takes the complexity out of the IT admin’s job to configure a secure remote work environment. By publishing applications instead of entire desktops, you have a much more efficient solution for remote workers. Instead of getting 10 users on a server publishing full desktops, you might very well be able to serve 110 users by providing virtual application delivery from the same server.
Even though Cameyo makes use of Windows Server RDS, it takes the complexity out of configuring all the requirements that are generally needed for a successful and secure RDS deployment. No RDP ports are exposed to the outside world and your environment is a NoVPN solution, encrypted with SSL encryption.
Be sure to check out Cameyo for a free fully-featured trial version of the software so you can try it out yourself – Download it here.