[notepad0x90]

This is cool. If it adds session recording and SSO auth support, it can be used as an RDP jumphost.

I've used Azure bastion to do just this, you auth to the azure portal using whatever authentication regime is configured for your tenant, then you rdp into virtual machines from your browser using the local vm login. it handles things like files and clipboards great. But it also supports console sessions in the browser.

I haven't used it with windows/rdp (if it even is supported), but in GCP, their in-browser SSH is the best I've seen so far.

Even for Linux, I've found xrdp to be better than alternatives at times.

The main problem I see this solving (one of many) is the decoupling of the management interface for virtual machines and servers from their service interfaces. not having your web server's management services on the same IP/domain/interface as the http server is a big improvement. Lots of security screw-ups happen because of this entanglement.

[hdgvhicv]

I use apache guacamole for this with our OIDC proxy for this purpose

[notepad0x90]

I've used it before, setting it up wasn't pleasant with the whole java/tomcat thing, and it kept having severe vulnerabilities.

[MaKey]

FYI, Azure Bastion is based on Apache Guacamole. You're paying them for not having to manage your own instance.

[notepad0x90]

That tracks, that's all Azure is there to do in the end. If it was easy to manage it myself, I'd do it, and I'd still need to pay them for a VM to host it on, along with traffic costs. But bastion isn't cheap, so something to consider for sure.