Wayk Bastion: Secure Remote Access Gateway for Managed Environments
Wayk Bastion is a self-hosted remote access gateway built by Devolutions, designed to securely manage and broker remote desktop connections across networks — especially where direct access is restricted by firewalls, NAT, or VPN boundaries. It’s essentially a jump server with tight access control, auditability, and strong encryption.
Unlike typical remote desktop tools, Wayk Bastion acts as a central broker — no need to expose endpoints or rely on peer-to-peer connections. It’s aimed at organizations that need remote access with traceability.
Key Capabilities
Feature | Description |
Remote session brokering | Manages secure RDP and Wayk connections through the Bastion server. |
Role-based access control (RBAC) | Fine-grained permissions for users, groups, and session actions. |
Audit logging | Tracks all remote sessions with metadata (who, when, how long). |
Encrypted communications | Uses TLS and mutual authentication between components. |
Directory integration | Supports Active Directory for centralized user control. |
Multi-platform agent | Remote hosts run the Wayk agent (Windows, macOS, Linux). |
Web-based interface | Admins and users manage connections via browser. |
Gateway isolation | No need to expose internal machines directly to the internet. |
When It Makes Sense
– MSPs and IT teams managing multiple remote sites
– Internal helpdesks that need secure access to isolated subnets
– Environments requiring audit trails for compliance (e.g., ISO 27001, HIPAA)
– Replacing ad hoc RDP with managed, logged remote control
– Reducing reliance on external tools like AnyDesk or TeamViewer
Setup Overview
1. System Requirements
– Windows Server (recommended)
– .NET Core Runtime
– SSL certificate for HTTPS interface
2. Install Wayk Bastion
Download from Devolutions: https://wayk.devolutions.net
Install on a server in your DMZ or secure subnet.
3. Deploy Wayk Agents
Install lightweight agents on endpoints that need to be accessed remotely.
4. Configure Users and Roles
Set up groups, RBAC rules, and directory bindings.
5. Access the web console
Use browser to log in and request, initiate, or approve sessions.
6. Start remote sessions
Users can launch sessions via browser or desktop client; Bastion handles routing.
Constraints and Considerations
– Free tier is limited — often capped on users or connections
– Requires infrastructure ownership — can’t use in SaaS-only environments
– Agents must be deployed manually (no auto-discovery)
– Not a replacement for full remote monitoring or endpoint management tools
– Strong Windows focus, though Linux agents are available
Why It’s a Smart Alternative
Wayk Bastion fills the gap between simple desktop sharing tools and heavy-duty PAM solutions. It provides secure remote access with centralized control, making it suitable for businesses that need visibility and restrictions around remote sessions — without adopting a full-blown enterprise security suite.
For IT teams tasked with managing machines outside their direct reach, but still under policy, it’s a practical and traceable option.