Portal access (APM) allows user access internal resources such as servers and computers via Remote Desktop (RDP). There are 3 options to to configure the destination host when configuring the RDP resource:
- Hostname
- IP Address
- User defined
Problem
Hostname and IP address are a fixed destination. In case you need different destinations based on the logged user, you would have to create plenty of resources.
User defined asks for the destination when the user opens the resource. It allows dynamic destination but forces the user to set the IP or hostname each time.
So, could it be possible to set a dynamic destination that is opened automatically for each user?
Yes, by setting the relationship between user and destination host in the LDAP or active directory and making F5 BigIP use it in the resource.
Solution
This is an example solution for an Active Directory based scenario.
Use an LDAP attribute to set the destination hostname
I chose an extensionAttribute to feed the active directory with the destination hosts.
(you can use AdsiEdit to test it or powershell to massively set the variable you want)
Configure access policy to fetch the attribute
Edit the AD Query in your access policy and add the attribute configured in the previous step.
After applying the changes, log to the portal and check in the Active Sessions section that the variable is being loaded:
Configure RDP resource with the dynamic destination
This is what does the trick: Set the destination in the RDP resource as a variable of the loaded value from the active directory. For this example, this is the variable:
%{session.ad.last.attr.extensionAttribute1}
And that’s all. You can test the result!