If you run machines in a cloud or in a restriced environment where direct ssh is a security risk it could be a good way forward to use a HTML5 based solution. Guacamole is such an solution. It is a clientless remote access system. It is just required to install Tomcat to run the web application and a proxy deamon. The solution can connect to SSH (including key authentication), Windows RDP and VNC. As authentication backend they offer LDAP, Mysql and a file based solution.
I’m using Guacamole in multiple environments with an Apache in front for SSL. The tomcat is only available on localhost which improves the security. Furthermore it is possible to develop additional authentication providers. Based on that it should be possible to in corporate Guacamole in the single sign on solution which is available in most of the large companies.