Access servers only through management zone


our company plans to make the management of server accesible only from one specific network zone. At the moment we are accessing different management services like RDP or SSH directly from our office network.

My only idea to archive this policy is to setup a remote desktop server in the management zone and publish some applications like mstsc or putty to the other users over published web apps.

Has somebody other or better ideas, like specific rdp/ssh gateways? The solution should simply as possible for the users.