programming4us
           
 
 
Windows Server

Windows Server 2003 : The Terminal Services Gateway (part 1)

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
11/22/2010 11:17:52 AM
Terminal Services Gateway helps administrators to enable remote users to access the corporate applications without a need to setup a VPN. Users with the RDC client can connect to internal network resources securely.

To achieve this, the RDP traffic is sent over a Secure Sockets Layer (SSL) Hypertext Transfer Protocol (HTTP) connection. Once the RDP-encapsulated traffic reaches the TS Gateway, TS Gateway strips the HTTPS headers and forwards the RDP traffic to terminal servers. Remote clients can access terminal servers or RemoteApp listed applications, or initiate a Remote Desktop session securely over the Internet.

In a conventional VPN network, the remote client runs an Internet Protocol Security (IPsec) VPN client. A secure IPSec session is established between the remote user terminating at the Firewall/VPN appliance or server. However, managing mobile user VPN for a large enterprise may be a cumbersome task due to managing and distributing security policies across the enterprise. Moreover, users are restricted to use the client with the VPN pre-installed and pre-configured. TS Gateway liberates users from device restrictions and can virtually access from any desktop, laptop from a trusted or untrusted network, and even from the mobile hand-held devices with RDP client. Apart from establishing a secure connection, administrators can granularly control which network resources need to be accessed by the remote users. HTTP and HTTPS are allowed by most corporate firewalls, therefore there is no need to open the RDP 3389 port on the firewall.

In addition to this, TS Gateway provides resource authorization policies for remote user terminal connections.

Figure 1 shows the scenario where different types of users establish a secure connection over HTTPS carrying RDP traffic.

Figure 1. TS Gateway Server Deployment Scenario

For large enterprises with a huge number of remote user sessions, TS Gateway can be deployed in a high-available load-balancing environment. Dedicated load-balances such as F5 FirePass controllers may be deployed with multiple TS Gateway servers to ensure continuous availability of remote user sessions. Figure 2 is an illustration of an environment with a dedicated hardware load balancer with two TS Gateway servers. HTTPS connections are load balanced between both of the TS Gateway servers. After HTTPS encapsulation is removed RDP traffic is passed to the terminal servers.

Figure 2. TS Gateway Server Deployment Scenario

TS Gateway configuration involves the following procedure:

1.
Install a SSL certificate (obtained through a trusted third party such as Verisign or create a self-signed certificate for the organization).

2.
Map the SSL certificate to the TS Gateway Server.

3.
Join the TS Gateway Server to an AD domain.

4.
Create a Connection Authorization Policy (CAP)

5.
Create a RAP.

Certificate Configuration

Configuring self-signed certificates involves two steps: installing and configuring the AD Certificate Services server role, and copying the certificate to the client computers (as the built-in Internet browsers only have trusted third-party certificates).

To create a self-signed certificate:

1.
Add the Active Directory Certificate Services server role (see Figure 3) through Server Manager (adding roles were explained earlier).
Figure 3. Windows 2008 Certificate Services


2.
Follow the wizard to add Enterprise, stand-alone, Root CA. This will install a server certificate.

To map a certificate to the TS Gateway Server:

1.
Click Start | Administrative Tools | Terminal Services, | TS Gateway Manager.

2.
Select the Server on the left pane, right-click and select Properties.

3.
Click on the SSL Certificate tab (see Figure 4).
Figure 4. Mapping a Certificate to TS Gateway Server


4.
Click on Select an existing certificate for SSL encryption (recommended), if not selected already by default.

5.
Click on Browse Certificates.

6.
Select the certificate on the Install Certificate screen and click Install.

7.
Click OK to complete the certificate association with TS Gateway server.

Terminal Service (TS) Gateway Manager

TS Gateway Manager is the snap-in console that helps you manage TS Gateway server (see Figure 5). With the TS Gateway Manager you can perform the following tasks:

  • Manage the TS Gateway Server

  • Configure a SSL certificate

  • Create CAPs

  • Create RAPs

  • Manage terminal services through CAP and RAP

  • Create a TS Gateway server farm

  • Add members to a TS Gateway server farm

  • Limit the maximum number of simultaneously allowed connections

  • Disable new connections

  • Enable auditing

  • Create a SSL bridge (HTTPS-HTTP bringing to terminate SSL requests and initiate new HTTP requests)

Figure 5. TS Gateway Server Manager
Other -----------------
- Windows Server 2008 : Disaster Scenario Troubleshooting
- Windows Server 2008 : Recovering from a Disaster - When Disasters Strike
- Windows Server 2008 : Ongoing Backup and Recovery Preparedness
- Windows Server 2003 : Restoring Active Directory
- Windows Server 2003 : Backing Up Active Directory
- Windows Server 2003 : Managing Schema Modifications
- Windows Server 2008 : Perform a Full Server Recovery of a Domain Controller by Using the Command Line
- Windows Server 2008 : Perform a Full Server Recovery of a Domain Controller by Using the Windows Interface
- Windows Server 2008 : Create Active Directory Objects
- Windows Server 2008 : Promote Servers as Domain Controllers
- Windows Server 2008 : Schedule Regular Full Server Backups of a Domain Controller by Using the Command Line
- Windows Server 2008 : Schedule Regular Full Server Backups of a Domain Controller by Using the Windows Interface
- Windows Server 2008 : Perform an Unscheduled Full Server Backup of a Domain Controller by Using the Command Line
- Windows Server 2008 : Perform an Unscheduled Full Server Backup of a Domain Controller by Using the Windows Interface
- Windows Server 2008 : Perform an Unscheduled Backup of Critical Volumes of a Domain Controller by Using the Command Line
- Windows Server 2008 : Perform an Unscheduled Backup of Critical Volumes of a Domain Controller by Using the Command Line
- Windows Server 2008 : Perform an Unscheduled Backup of Critical Volumes of a Domain Controller by Using the Windows Interface
- Windows Server 2008 : Install the Windows Server Backup Server Feature
- Windows Server 2008 : Work with Group Policy Modeling and Results
- Windows Server 2008 : Configure Group Policy Application Settings
 
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us