In an environment where the connector has multiple network interfaces (NICs) with multiple subnets, there are differences in the way RDP or SSH clients and target computers interact with the connector to determine the appropriate IP address to use for the remote session.
Local Windows-based clients using the Remote Access Kit Local Client Launcher — If you are using a local Windows-based client with the Remote Access Kit, the local client launcher application sends all the IP addresses from the NICs simultaneously to the client. The client then uses the first successful IP address it receives from the local client launcher to open its SSH or RDP connection. The Remote Access Kit local client launcher helps to resolve all of the IP addresses available to determine the most appropriate IP address to use for the connection. As illustrated in the diagram below, if you have a connector with multiple network interfaces and Client 1 is a local Windows-based client that uses the Remote Access Kit local client launcher, the local client launcher resolves the IP addresses from NIC 1 and NIC 2 simultaneously. If Client 1 needs to open a remote connection to a target, it has access to both network interfaces and uses the first successful IP address connection returned to start the SSH/RDP session. For information about how to download and install the Remote Access Kit software package that includes the local client launcher, see Selecting user preferences.
Local Windows-based clients without the Remote Access Kit — The Remote Access Kit local client launcher is an optional application. If you are not using the Windows-based client with the Remote Access Kit Local Client Launcher, the client tries to connect to each IP address one at a time. This single-track process can delay a successful IP address connection. The client must also be able to resolve the connector’s fully-qualified domain name (FQDN) using your DNS server. If the DNS server returns multiple connector IP addresses to the RDP or SSH client, the local client—such as PuTTY or MSTSC—determines whether the connection is a single-track or multiple track process. In this environment, the local client resolves the connection to the fully-qualified domain name (FQDN) of the connector that it should use. As illustrated in the diagram below, if Client 1 does not use the Remote Access Kit Local Client Launcher and needs to open a remote connection to a target, it tries to connect using the IP address from NIC 1 first. If the attempt to connect to the NIC 1 IP address is not successful, then the client tries to connect using the IP address from NIC 2.
Direct connections from target systems — You can configure Centrify PAS to connect directly to target systems from the connector for RDP or SSH sessions. Configuring a direct connection requires that you have at least one NIC that can communicate with the target system. For information about how to configure a direct connection from the target system to the connector, see Selecting the connectors to use Alternatively, you can map system subnets to specific connectors. For information about how to configure specific subnets for a connector, see Mapping system subnets to connectors.
Note: To use native SSH/RDP with a single NIC or multiple NICs, the connector must have at least one NIC that can connect to the client or target system.